23 matches found
Astra Linux - уязвимость в linux-5.10, linux
In the Linux kernel, the following vulnerability has been resolved: PNP: The memory leak caused by the name of devices being allocated dynamically has been fixed in pnpallocdev. After the commit 1fa5ae857bb1 “Driver core: get rid of struct device’s busid string array”, the name of devices is now...
CVE-2024-50229 nilfs2: fix potential deadlock with newly created symlinks
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix potential deadlock with newly created symlinks Syzbot reported that pagesymlink, called by nilfssymlink, triggers memory reclamation involving the filesystem layer, which can result in circular lock dependencies among...
CVE-2022-48806
The CVE-2022-48806 issue is confirmed in the Linux kernel under ee1004 EEPROM reads. The root cause was that ee1004_eeprom_read() could read more than the i2c block data limit because i2c_smbus_read_i2c_block_data_or_emulated() uses an unsigned 8-bit length; if the requested read spanned a 256-by...
Null pointer dereference
In the Linux kernel, the following vulnerability has been resolved: thermal: core: Fix NULL pointer dereference in zone registration error path If deviceregister in thermalzonedeviceregisterwithtrips returns an error, the tz variable is set to NULL and subsequently dereferenced in kfreetz-tzp...
GSD-2023-1000807 ipc: fix memory leak in init_mqueue_fs()
ipc: fix memory leak in initmqueuefs This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.16 by commit 86273624a68d07f129dc182b8394f487ed4de484,...
GSD-2023-1000465 staging: media: tegra-video: fix device_node use after free
staging: media: tegra-video: fix devicenode use after free This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.18 by commit...
GSD-2022-1007821 arm64: entry: avoid kprobe recursion
arm64: entry: avoid kprobe recursion This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.8 by commit db66629d43b2d12cb43b004a4ca6be1d03228e97, ...
GSD-2022-1007362 KVM: arm64: vgic: Fix exit condition in scan_its_table()
KVM: arm64: vgic: Fix exit condition in scanitstable This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.221 by commit...
GSD-2022-1006811 iio: Use per-device lockdep class for mlock
iio: Use per-device lockdep class for mlock This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.3 by commit...
GSD-2022-1006810 usb: gadget: f_fs: stricter integer overflow checks
usb: gadget: ffs: stricter integer overflow checks This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.3 by commit...
GSD-2022-1004493 usb: gadget: lpc32xx_udc: Fix refcount leak in lpc32xx_udc_probe
usb: gadget: lpc32xxudc: Fix refcount leak in lpc32xxudcprobe This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.49 by commit...
GSD-2022-1003784 regulator: pfuze100: Fix refcount leak in pfuze_parse_regulators_dt
regulator: pfuze100: Fix refcount leak in pfuzeparseregulatorsdt This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.198 by commit...
GSD-2022-1001812 remoteproc: qcom_q6v5_mss: Fix some leaks in q6v5_alloc_memory_region
remoteproc: qcomq6v5mss: Fix some leaks in q6v5allocmemoryregion This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.33 by commit...
GSD-2022-1001652 net: usb: aqc111: Fix out-of-bounds accesses in RX fixup
net: usb: aqc111: Fix out-of-bounds accesses in RX fixup This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.35 by commit...
GSD-2022-1001555 bpf: Fix UAF due to race between btf_try_get_module and load_module
bpf: Fix UAF due to race between btftrygetmodule and loadmodule This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.16.19 by commit...
GSD-2022-1001079 net/mlx5e: TC, Hold sample_attr on stack instead of pointer
net/mlx5e: TC, Hold sampleattr on stack instead of pointer This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.17.3 by commit...
Exploit for Missing Initialization of Resource in Linux Linux_Kernel
CVE-2022-29968 Proof-of-concept exploit for CVE-2022-29968 un...
GSD-2021-1001930 comedi: vmk80xx: fix transfer-buffer overflows
comedi: vmk80xx: fix transfer-buffer overflows This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.4.292 by commit...
UVI-2021-1001921 isdn: mISDN: Fix sleeping function called from invalid context
isdn: mISDN: Fix sleeping function called from invalid context This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.4.290 by commit...
vReliable Datagram Sockets (RDS) rds_page_copy_user Privilege Escalation Exploit
This Metasploit module exploits a vulnerability in the rdspagecopyuser function in net/rds/page.c RDS in Linux kernel versions 2.6.30 to 2.6.36-rc8 to execute code as root CVE-2010-3904. This module has been tested successfully on Fedora 13 i686 kernel version 2.6.33.3-85.fc13.i686.PAE and Ubuntu...