135 matches found
GSD-2022-1007048 ACPI: APEI: do not add task_work to kernel thread to avoid memory leak
ACPI: APEI: do not add taskwork to kernel thread to avoid memory leak This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.75 by commit...
PT-2022-35506 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.10.150 Description: A potential issue exists where a memory leak could occur due to the addition of task work to a kernel thread. The actual impact and attack plausibility have not yet been proven...
UVI-2021-1001746 xen/balloon: use a kernel thread instead a workqueue
xen/balloon: use a kernel thread instead a workqueue This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.14.9 by commit...
UVI-2021-1001665 xen/balloon: use a kernel thread instead a workqueue
xen/balloon: use a kernel thread instead a workqueue This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.70 by commit...
GSD-2021-1001608 xen/balloon: use a kernel thread instead a workqueue
xen/balloon: use a kernel thread instead a workqueue This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.150 by commit...
GSD-2021-1001571 xen/balloon: use a kernel thread instead a workqueue
xen/balloon: use a kernel thread instead a workqueue This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.19.209 by commit...
UVI-2021-1001571 xen/balloon: use a kernel thread instead a workqueue
xen/balloon: use a kernel thread instead a workqueue This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.19.209 by commit...
UVI-2021-1001543 xen/balloon: use a kernel thread instead a workqueue
xen/balloon: use a kernel thread instead a workqueue This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.14.249 by commit...
CVE-2021-28691
Guest triggered use-after-free in Linux xen-netback A malicious or buggy network PV frontend can force Linux netback to disable the interface and terminate the receive kernel thread associated with queue 0 in response to the frontend sending a malformed packet. Such kernel thread termination will...
CVE-2021-28691
Guest triggered use-after-free in Linux xen-netback A malicious or buggy network PV frontend can force Linux netback to disable the interface and terminate the receive kernel thread associated with queue 0 in response to the frontend sending a malformed packet. Such kernel thread termination will...
AZL-6537 CVE-2021-28691 affecting package kernel for versions less than 5.10.78.1-1
Guest triggered use-after-free in Linux xen-netback A malicious or buggy network PV frontend can force Linux netback to disable the interface and terminate the receive kernel thread associated with queue 0 in response to the frontend sending a malformed packet. Such kernel thread termination will...
CVE-2021-28691
Guest triggered use-after-free in Linux xen-netback A malicious or buggy network PV frontend can force Linux netback to disable the interface and terminate the receive kernel thread associated with queue 0 in response to the frontend sending a malformed packet. Such kernel thread termination will...
CVE-2021-28691
Guest triggered use-after-free in Linux xen-netback A malicious or buggy network PV frontend can force Linux netback to disable the interface and terminate the receive kernel thread associated with queue 0 in response to the frontend sending a malformed packet. Such kernel thread termination will...
CVE-2021-28691
Guest triggered use-after-free in Linux xen-netback A malicious or buggy network PV frontend can force Linux netback to disable the interface and terminate the receive kernel thread associated with queue 0 in response to the frontend sending a malformed packet. Such kernel thread termination will...
Guest triggered use-after-free in Linux xen-netback
ISSUE DESCRIPTION A malicious or buggy network PV frontend can force Linux netback to disable the interface and terminate the receive kernel thread associated with queue 0 in response to the frontend sending a malformed packet. Such kernel thread termination will lead to a use-after-free in Linux...
PT-2024-11163
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue is related to the xen-netback component in the Linux kernel, where a reference to the RX task thread needs to be taken to prevent the task from being freed if the thread return...
PT-2021-3379 · Linux +3 · Xen-Netback +3
Name of the Vulnerable Software and Affected Versions: Linux xen-netback affected versions not specified Description: A use-after-free issue exists in Linux xen-netback due to insufficient input validation. This can be triggered by a malicious or buggy network PV frontend sending a malformed...
CVE-2019-10580
When kernel thread unregistered listener, Use after free issue happened as the listener clients private data has been already freed in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in...
Design/Logic Flaw
When kernel thread unregistered listener, Use after free issue happened as the listener clients private data has been already freed in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in...
CVE-2019-10580
CVE-2019-10580 describes a local use-after-free in the Qualcomm Snapdragon kernel: when a listener is unregistered, the listener’s private data may already have been freed. Affected are Snapdragon Auto/Compute/Consumer IOT/Industrial IOT/Mobile/Voice & Music/Wearables platforms (listed in the des...