Lucene search
K

21 matches found

CVE
CVE
added 6 days ago8 views

CVE-2026-53160

Summary: CVE-2026-53160 in the Linux kernel’s fastrpc component describes a use-after-free race in fastrpc_map_create. The vulnerability arises because fastrpc_map_lookup exposed a raw pointer after releasing fl->lock, and the caller then used kref_get_unless_zero on that unprotected pointer, ...

7.8CVSS5.8AI score0.00125EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2026/05/27 12:0 a.m.8 views

CVE-2026-45964

SUNRPC: fix gssauth kref leak in gssallocmsg error path...

5.8AI score0.0016EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/01 2:14 p.m.6 views

CVE-2026-31769

In the Linux kernel, the following vulnerability has been resolved: gpib: fix use-after-free in IO ioctl handlers The IBRD, IBWRT, IBCMD, and IBWAIT ioctl handlers use a gpibdescriptor pointer after board-biggpibmutex has been released. A concurrent IBCLOSEDEV ioctl can free the descriptor via...

7.8CVSS5.7AI score0.00131EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/02/14 5:15 p.m.2 views

UBUNTU-CVE-2026-23192

In the Linux kernel, the following vulnerability has been resolved: linkwatch: use devput in callers to prevent UAF After linkwatchdodev calls devput to release the linkwatch reference, the device refcount may drop to 1. At this point, netdevruntodo can proceed since linkwatchsyncdev sees an empt...

7.8CVSS5.7AI score0.00125EPSS
Exploits0References5
CVE
CVE
added 2026/02/14 4:27 p.m.21 views

CVE-2026-23192

Summary (CVE-2026-23192) : This is a use-after-free in the Linux kernel’s linkwatch subsystem. When a network device is deleted while linkwatch events are pending, the device reference may be freed prematurely (in linkwatch_do_dev), allowing __linkwatch_run_queue to access a freed device. The fix...

7.8CVSS5.3AI score0.00125EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2025/12/09 1:29 a.m.2 views

CVE-2022-50672 mailbox: zynq-ipi: fix error handling while device_register() fails

In the Linux kernel, the following vulnerability has been resolved: mailbox: zynq-ipi: fix error handling while deviceregister fails If deviceregister fails, it has two issues: 1. The name allocated by devsetname is leaked. 2. The parent of device is not NULL, deviceunregister is called in...

6.3AI score0.00206EPSS
Exploits0References9
Cvelist
Cvelist
added 2025/10/22 1:23 p.m.8 views

CVE-2022-50576 serial: pch: Fix PCI device refcount leak in pch_request_dma()

In the Linux kernel, the following vulnerability has been resolved: serial: pch: Fix PCI device refcount leak in pchrequestdma As comment of pcigetslot says, it returns a pcidevice with its refcount increased. The caller must decrement the reference count by calling pcidevput. Since 'dmadev' is...

0.00227EPSS
Exploits0References9
Microsoft CVE
Microsoft CVE
added 2025/09/06 8:5 a.m.2 views

drbd: add missing kref_get in handle_write_conflicts

...

7.8CVSS6.8AI score0.00157EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2024/11/05 5:10 p.m.10 views

CVE-2024-50130 netfilter: bpf: must hold reference on net namespace

In the Linux kernel, the following vulnerability has been resolved: netfilter: bpf: must hold reference on net namespace BUG: KASAN: slab-use-after-free in nfunregisternethook+0x640/0x6b0 Read of size 8 at addr ffff8880106fe400 by task repro/72= bpfnflinkrelease+0xda/0x1e0 bpflinkfree+0x139/0x2d0...

7AI score0.00231EPSS
Exploits0References3
OSV
OSV
added 2024/09/04 8:15 p.m.2 views

DEBIAN-CVE-2024-45007

In the Linux kernel, the following vulnerability has been resolved: char: xillybus: Don't destroy workqueue from work item running on it Triggered by a kref decrement, destroyworkqueue may be called from within a work item for destroying its own workqueue. This illegal situation is averted by...

5.5CVSS5.5AI score0.00223EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2024/06/22 4:9 a.m.2 views

SUSE CVE-2022-48753

In the Linux kernel, the following vulnerability has been resolved: block: fix memory leak in diskregisterindependentaccessranges kobjectinitandadd takes reference even when it fails. According to the doc of kobjectinitandadd If this function returns an error, kobjectput must be called to properl...

5.5CVSS6.1AI score0.00179EPSS
Exploits0References6
OSV
OSV
added 2024/06/19 2:15 p.m.8 views

UBUNTU-CVE-2024-38602

In the Linux kernel, the following vulnerability has been resolved: ax25: Fix reference count leak issues of ax25dev The ax25addrax25dev and ax25devdevicedown exist a reference count leak issue of the object "ax25dev". Memory leak issue in ax25addrax25dev: The reference count of the object...

5.5CVSS6.1AI score0.00212EPSS
Exploits0References27
Vulnrichment
Vulnrichment
added 2023/02/28 12:0 a.m.3 views

CVE-2023-22996

In the Linux kernel before 5.17.2, drivers/soc/qcom/qcomaoss.c does not release an offinddevicebynode reference after use, e.g., with putdevice...

5.3AI score0.00261EPSS
Exploits0References2
FreeBSD
FreeBSD
added 2022/11/21 12:0 a.m.37 views

py-tflite -- buffer overflow vulnerability

Thibaut Goetghebuer-Planchon reports: The reference kernel of the CONV3DTRANSPOSE TensorFlow Lite operator wrongly increments the dataptr when adding the bias to the result. Instead of dataptr += numchannels; it should be dataptr += outputnumchannels; as if the number of input channels is differe...

8.1CVSS7.4AI score0.00523EPSS
Exploits1References1
OSV
OSV
added 2022/04/14 4:15 p.m.3 views

CVE-2022-22195

An Improper Update of Reference Count vulnerability in the kernel of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to trigger a counter overflow, eventually causing a Denial of Service DoS. This issue affects Juniper Networks Junos OS Evolved: All versions...

7.5CVSS5.8AI score0.00986EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/04/14 12:0 a.m.3 views

Juniper Networks Junos OS Evolved 安全漏洞

Juniper Networks Junos OS Evolved is an updated version of Juniper Networks' Junos OS. A security vulnerability exists in Juniper Networks Junos OS Evolved, which is caused by a reference count update vulnerability in the Evolved kernel. An unauthenticated cyber attacker could cause a denial of...

7.8CVSS7.4AI score0.00986EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/04/06 12:0 a.m.7 views

PT-2022-6837 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux Kernel affected versions not specified Description: A flaw was found in the btrfs get root ref function in fs/btrfs/disk-io.c in the btrfs filesystem in the Linux Kernel due to a double decrement of the reference count. This issue may...

7.8CVSS6.6AI score0.01094EPSS
Exploits5References311
Exploit DB
Exploit DB
added 2016/12/22 12:0 a.m.65 views

Apple macOS < 10.12.2 / iOS < 10.2 - '_kernelrpc_mach_port_insert_right_trap' Kernel Reference Count Leak / Use-After-Free

/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=941 Proofs of Concept: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/40956.zip The previous ref count overflow bugs were all kinda slow because they were quite deep in kernel code, a lot of mach...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2016/12/22 12:0 a.m.35 views

Apple macOS 10.12.2 iOS 10.2 - _kernelrpc_mach_port_insert_right_trap Kernel Reference Count Leak Use-After-Free

Apple macOS 10.12.2 iOS 10.2 - kernelrpcmachportinsertrighttrap Kernel Reference Count Leak Use-After-Free / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=941 Proofs of Concept: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/40956.zip The...

0.4AI score
Exploits0
Positive Technologies
Positive Technologies
added 2014/09/09 12:0 a.m.4 views

PT-2014-3535 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 2.6.37 Description: The issue is related to the futex wait function in kernel/futex.c, which does not properly maintain a certain reference count during requeue operations. This can be exploited by local users t...

7.8CVSS6.9AI score0.05926EPSS
Exploits2References196
Rows per page
Query Builder