20 matches found
CVE-2026-45964
SUNRPC: fix gssauth kref leak in gssallocmsg error path...
CVE-2026-31769
In the Linux kernel, the following vulnerability has been resolved: gpib: fix use-after-free in IO ioctl handlers The IBRD, IBWRT, IBCMD, and IBWAIT ioctl handlers use a gpibdescriptor pointer after board-biggpibmutex has been released. A concurrent IBCLOSEDEV ioctl can free the descriptor via...
UBUNTU-CVE-2026-23192
In the Linux kernel, the following vulnerability has been resolved: linkwatch: use devput in callers to prevent UAF After linkwatchdodev calls devput to release the linkwatch reference, the device refcount may drop to 1. At this point, netdevruntodo can proceed since linkwatchsyncdev sees an empt...
CVE-2026-23192
Summary (CVE-2026-23192) : This is a use-after-free in the Linux kernel’s linkwatch subsystem. When a network device is deleted while linkwatch events are pending, the device reference may be freed prematurely (in linkwatch_do_dev), allowing __linkwatch_run_queue to access a freed device. The fix...
CVE-2022-50672 mailbox: zynq-ipi: fix error handling while device_register() fails
In the Linux kernel, the following vulnerability has been resolved: mailbox: zynq-ipi: fix error handling while deviceregister fails If deviceregister fails, it has two issues: 1. The name allocated by devsetname is leaked. 2. The parent of device is not NULL, deviceunregister is called in...
CVE-2022-50576 serial: pch: Fix PCI device refcount leak in pch_request_dma()
In the Linux kernel, the following vulnerability has been resolved: serial: pch: Fix PCI device refcount leak in pchrequestdma As comment of pcigetslot says, it returns a pcidevice with its refcount increased. The caller must decrement the reference count by calling pcidevput. Since 'dmadev' is...
drbd: add missing kref_get in handle_write_conflicts
...
CVE-2024-50130 netfilter: bpf: must hold reference on net namespace
In the Linux kernel, the following vulnerability has been resolved: netfilter: bpf: must hold reference on net namespace BUG: KASAN: slab-use-after-free in nfunregisternethook+0x640/0x6b0 Read of size 8 at addr ffff8880106fe400 by task repro/72= bpfnflinkrelease+0xda/0x1e0 bpflinkfree+0x139/0x2d0...
DEBIAN-CVE-2024-45007
In the Linux kernel, the following vulnerability has been resolved: char: xillybus: Don't destroy workqueue from work item running on it Triggered by a kref decrement, destroyworkqueue may be called from within a work item for destroying its own workqueue. This illegal situation is averted by...
SUSE CVE-2022-48753
In the Linux kernel, the following vulnerability has been resolved: block: fix memory leak in diskregisterindependentaccessranges kobjectinitandadd takes reference even when it fails. According to the doc of kobjectinitandadd If this function returns an error, kobjectput must be called to properl...
UBUNTU-CVE-2024-38602
In the Linux kernel, the following vulnerability has been resolved: ax25: Fix reference count leak issues of ax25dev The ax25addrax25dev and ax25devdevicedown exist a reference count leak issue of the object "ax25dev". Memory leak issue in ax25addrax25dev: The reference count of the object...
CVE-2023-22996
In the Linux kernel before 5.17.2, drivers/soc/qcom/qcomaoss.c does not release an offinddevicebynode reference after use, e.g., with putdevice...
py-tflite -- buffer overflow vulnerability
Thibaut Goetghebuer-Planchon reports: The reference kernel of the CONV3DTRANSPOSE TensorFlow Lite operator wrongly increments the dataptr when adding the bias to the result. Instead of dataptr += numchannels; it should be dataptr += outputnumchannels; as if the number of input channels is differe...
CVE-2022-22195
An Improper Update of Reference Count vulnerability in the kernel of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to trigger a counter overflow, eventually causing a Denial of Service DoS. This issue affects Juniper Networks Junos OS Evolved: All versions...
Juniper Networks Junos OS Evolved 安全漏洞
Juniper Networks Junos OS Evolved is an updated version of Juniper Networks' Junos OS. A security vulnerability exists in Juniper Networks Junos OS Evolved, which is caused by a reference count update vulnerability in the Evolved kernel. An unauthenticated cyber attacker could cause a denial of...
PT-2022-6837 · Linux +3 · Linux Kernel +3
Name of the Vulnerable Software and Affected Versions: Linux Kernel affected versions not specified Description: A flaw was found in the btrfs get root ref function in fs/btrfs/disk-io.c in the btrfs filesystem in the Linux Kernel due to a double decrement of the reference count. This issue may...
Apple macOS < 10.12.2 / iOS < 10.2 - '_kernelrpc_mach_port_insert_right_trap' Kernel Reference Count Leak / Use-After-Free
/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=941 Proofs of Concept: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/40956.zip The previous ref count overflow bugs were all kinda slow because they were quite deep in kernel code, a lot of mach...
Apple macOS 10.12.2 iOS 10.2 - _kernelrpc_mach_port_insert_right_trap Kernel Reference Count Leak Use-After-Free
Apple macOS 10.12.2 iOS 10.2 - kernelrpcmachportinsertrighttrap Kernel Reference Count Leak Use-After-Free / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=941 Proofs of Concept: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/40956.zip The...
PT-2014-3535 · Linux +2 · Linux Kernel +2
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 2.6.37 Description: The issue is related to the futex wait function in kernel/futex.c, which does not properly maintain a certain reference count during requeue operations. This can be exploited by local users t...
CVE-2013-4483
The ipcrcuputref function in ipc/util.c in the Linux kernel before 3.10 does not properly manage a reference count, which allows local users to cause a denial of service memory consumption or system crash via a crafted application...