Lucene search
K

380 matches found

Cvelist
Cvelist
added 2024/08/22 1:33 a.m.18 views

CVE-2022-48924 thermal: int340x: fix memory leak in int3400_notify()

In the Linux kernel, the following vulnerability has been resolved: thermal: int340x: fix memory leak in int3400notify It is easy to hit the below memory leaks in my TigerLake platform: unreferenced object 0xffff927c8b91dbc0 size 32: comm "kworker/0:2", pid 112, jiffies 4294893323 age 83.604s hex...

0.0021EPSS
Exploits0References7
Cvelist
Cvelist
added 2024/08/22 1:32 a.m.29 views

CVE-2022-48914 xen/netfront: destroy queues before real_num_tx_queues is zeroed

In the Linux kernel, the following vulnerability has been resolved: xen/netfront: destroy queues before realnumtxqueues is zeroed xennetdestroyqueues relies on info-netdev-realnumtxqueues to delete queues. Since d7dac083414eb5bb99a6d2ed53dc2c1b405224e5 "net-sysfs: update the queue counts in the...

0.00215EPSS
Exploits0References6
Debian CVE
Debian CVE
added 2024/08/22 1:32 a.m.19 views

CVE-2022-48914

In the Linux kernel, the following vulnerability has been resolved: xen/netfront: destroy queues before realnumtxqueues is zeroed xennetdestroyqueues relies on info-netdev-realnumtxqueues to delete queues. Since d7dac083414eb5bb99a6d2ed53dc2c1b405224e5 "net-sysfs: update the queue counts in the...

5.5CVSS5.2AI score0.00215EPSS
Exploits0
Debian CVE
Debian CVE
added 2024/08/17 9:21 a.m.25 views

CVE-2024-43834

In the Linux kernel, the following vulnerability has been resolved: xdp: fix invalid wait context of pagepooldestroy If the driver uses a page pool, it creates a page pool with pagepoolcreate. The reference count of page pool is 1 as default. A page pool will be destroyed only when a reference...

5.5CVSS5.4AI score0.00247EPSS
Exploits0
OSV
OSV
added 2024/07/30 8:15 a.m.7 views

AZL-47344 CVE-2024-42158 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: s390/pkey: Use kfreesensitive to fix Coccinelle warnings Replace memzeroexplicit and kfree with kfreesensitive to fix warnings reported by Coccinelle: WARNING opportunity for kfreesensitive/kvfreesensitive line 1506 WARNING...

4.1CVSS5.8AI score0.00187EPSS
Exploits0References1
OSV
OSV
added 2024/07/30 8:15 a.m.5 views

UBUNTU-CVE-2024-42158

In the Linux kernel, the following vulnerability has been resolved: s390/pkey: Use kfreesensitive to fix Coccinelle warnings Replace memzeroexplicit and kfree with kfreesensitive to fix warnings reported by Coccinelle: WARNING opportunity for kfreesensitive/kvfreesensitive line 1506 WARNING...

4.1CVSS5.8AI score0.00187EPSS
Exploits0References22
CVE
CVE
added 2024/07/30 7:47 a.m.182 views

CVE-2024-42158

CVE-2024-42158 concerns the Linux kernel s390/pkey code where memory cleanup was updated to use kfree_sensitive() instead of memzero_explicit() and kfree() to address Coccinelle warnings. The connected sources explicitly state the fix involves replacing those calls with kfree_sensitive() to align...

4.1CVSS6.7AI score0.00187EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2024/07/30 7:47 a.m.12 views

CVE-2024-42158 s390/pkey: Use kfree_sensitive() to fix Coccinelle warnings

In the Linux kernel, the following vulnerability has been resolved: s390/pkey: Use kfreesensitive to fix Coccinelle warnings Replace memzeroexplicit and kfree with kfreesensitive to fix warnings reported by Coccinelle: WARNING opportunity for kfreesensitive/kvfreesensitive line 1506 WARNING...

4.1CVSS6AI score0.00187EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/07/30 12:0 a.m.7 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a warning reported by Coccinelle in the s390/pkey module when using memzeroexplicit and kfree, which should ...

4.1CVSS6.3AI score0.00187EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/07/29 3:48 p.m.23 views

CVE-2024-41087 ata: libata-core: Fix double free on error

In the Linux kernel, the following vulnerability has been resolved: ata: libata-core: Fix double free on error If e.g. the ataportalloc call in atahostalloc fails, we will jump to the errout label, which will call devresreleasegroup. devresreleasegroup will trigger a call to atahostrelease...

0.00244EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2024/07/29 3:48 p.m.14 views

CVE-2024-41087 ata: libata-core: Fix double free on error

In the Linux kernel, the following vulnerability has been resolved: ata: libata-core: Fix double free on error If e.g. the ataportalloc call in atahostalloc fails, we will jump to the errout label, which will call devresreleasegroup. devresreleasegroup will trigger a call to atahostrelease...

6.5AI score0.00244EPSS
Exploits0References8
Cvelist
Cvelist
added 2024/07/29 2:57 p.m.26 views

CVE-2024-41070 KVM: PPC: Book3S HV: Prevent UAF in kvm_spapr_tce_attach_iommu_group()

In the Linux kernel, the following vulnerability has been resolved: KVM: PPC: Book3S HV: Prevent UAF in kvmspaprtceattachiommugroup Al reported a possible use-after-free UAF in kvmspaprtceattachiommugroup. It looks up stt from tablefd, but then continues to use it after doing fdput on the returne...

0.00225EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2024/07/29 2:57 p.m.23 views

CVE-2024-41058 cachefiles: fix slab-use-after-free in fscache_withdraw_volume()

In the Linux kernel, the following vulnerability has been resolved: cachefiles: fix slab-use-after-free in fscachewithdrawvolume We got the following issue in our fault injection stress test: ================================================================== BUG: KASAN: slab-use-after-free in...

7.1AI score0.00281EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/07/29 12:0 a.m.3 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from kfreehost being called twice in the error handling path, leading to a double release problem...

7.8CVSS6.6AI score0.00244EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2024/07/17 12:56 a.m.21 views

CVE-2022-48863

A vulnerability was found in the dsppipelinebuild function in the Linux kernel's mISDN driver, which can cause a memory leak when the function allocates memory with kstrdup and subsequently modifies the pointer with strsep, leading to a scenario where kfree is called on a NULL pointer. Mitigation...

5.5CVSS5.9AI score0.00247EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2024/07/12 12:20 p.m.15 views

CVE-2024-39495 greybus: Fix use-after-free bug in gb_interface_release due to race condition.

In the Linux kernel, the following vulnerability has been resolved: greybus: Fix use-after-free bug in gbinterfacerelease due to race condition. In gbinterfacecreate, &intf-modeswitchcompletion is bound with gbinterfacemodeswitchwork. Then it will be started by gbinterfacerequestmodeswitch. Here ...

7.2AI score0.00322EPSS
Exploits0References7
NVD
NVD
added 2024/07/05 7:15 a.m.20 views

CVE-2024-39478

In the Linux kernel, the following vulnerability has been resolved: crypto: starfive - Do not free stack buffer RSA text data uses variable length buffer allocated in software stack. Calling kfree on it causes undefined behaviour in subsequent operations...

5.5CVSS0.00184EPSS
Exploits0References2
OSV
OSV
added 2024/07/05 7:15 a.m.1 views

UBUNTU-CVE-2024-39478

In the Linux kernel, the following vulnerability has been resolved: crypto: starfive - Do not free stack buffer RSA text data uses variable length buffer allocated in software stack. Calling kfree on it causes undefined behaviour in subsequent operations...

5.5CVSS5.9AI score0.00184EPSS
Exploits0References12
Cvelist
Cvelist
added 2024/07/05 6:55 a.m.31 views

CVE-2024-39478 crypto: starfive - Do not free stack buffer

In the Linux kernel, the following vulnerability has been resolved: crypto: starfive - Do not free stack buffer RSA text data uses variable length buffer allocated in software stack. Calling kfree on it causes undefined behaviour in subsequent operations...

0.00184EPSS
Exploits0References2
CVE
CVE
added 2024/07/05 6:55 a.m.96 views

CVE-2024-39478

The CVE-2024-39478 vulnerability affects the Linux kernel crypto: starfive code path, where RSA text data uses a variable-length buffer allocated on the software stack. Calling kfree on that buffer can cause undefined behavior in subsequent operations, due to freeing a stack-allocated buffer. The...

5.5CVSS7.2AI score0.00184EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder