380 matches found
CVE-2022-48924 thermal: int340x: fix memory leak in int3400_notify()
In the Linux kernel, the following vulnerability has been resolved: thermal: int340x: fix memory leak in int3400notify It is easy to hit the below memory leaks in my TigerLake platform: unreferenced object 0xffff927c8b91dbc0 size 32: comm "kworker/0:2", pid 112, jiffies 4294893323 age 83.604s hex...
CVE-2022-48914 xen/netfront: destroy queues before real_num_tx_queues is zeroed
In the Linux kernel, the following vulnerability has been resolved: xen/netfront: destroy queues before realnumtxqueues is zeroed xennetdestroyqueues relies on info-netdev-realnumtxqueues to delete queues. Since d7dac083414eb5bb99a6d2ed53dc2c1b405224e5 "net-sysfs: update the queue counts in the...
CVE-2022-48914
In the Linux kernel, the following vulnerability has been resolved: xen/netfront: destroy queues before realnumtxqueues is zeroed xennetdestroyqueues relies on info-netdev-realnumtxqueues to delete queues. Since d7dac083414eb5bb99a6d2ed53dc2c1b405224e5 "net-sysfs: update the queue counts in the...
CVE-2024-43834
In the Linux kernel, the following vulnerability has been resolved: xdp: fix invalid wait context of pagepooldestroy If the driver uses a page pool, it creates a page pool with pagepoolcreate. The reference count of page pool is 1 as default. A page pool will be destroyed only when a reference...
AZL-47344 CVE-2024-42158 affecting package kernel 5.15.200.1-1
In the Linux kernel, the following vulnerability has been resolved: s390/pkey: Use kfreesensitive to fix Coccinelle warnings Replace memzeroexplicit and kfree with kfreesensitive to fix warnings reported by Coccinelle: WARNING opportunity for kfreesensitive/kvfreesensitive line 1506 WARNING...
UBUNTU-CVE-2024-42158
In the Linux kernel, the following vulnerability has been resolved: s390/pkey: Use kfreesensitive to fix Coccinelle warnings Replace memzeroexplicit and kfree with kfreesensitive to fix warnings reported by Coccinelle: WARNING opportunity for kfreesensitive/kvfreesensitive line 1506 WARNING...
CVE-2024-42158
CVE-2024-42158 concerns the Linux kernel s390/pkey code where memory cleanup was updated to use kfree_sensitive() instead of memzero_explicit() and kfree() to address Coccinelle warnings. The connected sources explicitly state the fix involves replacing those calls with kfree_sensitive() to align...
CVE-2024-42158 s390/pkey: Use kfree_sensitive() to fix Coccinelle warnings
In the Linux kernel, the following vulnerability has been resolved: s390/pkey: Use kfreesensitive to fix Coccinelle warnings Replace memzeroexplicit and kfree with kfreesensitive to fix warnings reported by Coccinelle: WARNING opportunity for kfreesensitive/kvfreesensitive line 1506 WARNING...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a warning reported by Coccinelle in the s390/pkey module when using memzeroexplicit and kfree, which should ...
CVE-2024-41087 ata: libata-core: Fix double free on error
In the Linux kernel, the following vulnerability has been resolved: ata: libata-core: Fix double free on error If e.g. the ataportalloc call in atahostalloc fails, we will jump to the errout label, which will call devresreleasegroup. devresreleasegroup will trigger a call to atahostrelease...
CVE-2024-41087 ata: libata-core: Fix double free on error
In the Linux kernel, the following vulnerability has been resolved: ata: libata-core: Fix double free on error If e.g. the ataportalloc call in atahostalloc fails, we will jump to the errout label, which will call devresreleasegroup. devresreleasegroup will trigger a call to atahostrelease...
CVE-2024-41070 KVM: PPC: Book3S HV: Prevent UAF in kvm_spapr_tce_attach_iommu_group()
In the Linux kernel, the following vulnerability has been resolved: KVM: PPC: Book3S HV: Prevent UAF in kvmspaprtceattachiommugroup Al reported a possible use-after-free UAF in kvmspaprtceattachiommugroup. It looks up stt from tablefd, but then continues to use it after doing fdput on the returne...
CVE-2024-41058 cachefiles: fix slab-use-after-free in fscache_withdraw_volume()
In the Linux kernel, the following vulnerability has been resolved: cachefiles: fix slab-use-after-free in fscachewithdrawvolume We got the following issue in our fault injection stress test: ================================================================== BUG: KASAN: slab-use-after-free in...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from kfreehost being called twice in the error handling path, leading to a double release problem...
CVE-2022-48863
A vulnerability was found in the dsppipelinebuild function in the Linux kernel's mISDN driver, which can cause a memory leak when the function allocates memory with kstrdup and subsequently modifies the pointer with strsep, leading to a scenario where kfree is called on a NULL pointer. Mitigation...
CVE-2024-39495 greybus: Fix use-after-free bug in gb_interface_release due to race condition.
In the Linux kernel, the following vulnerability has been resolved: greybus: Fix use-after-free bug in gbinterfacerelease due to race condition. In gbinterfacecreate, &intf-modeswitchcompletion is bound with gbinterfacemodeswitchwork. Then it will be started by gbinterfacerequestmodeswitch. Here ...
CVE-2024-39478
In the Linux kernel, the following vulnerability has been resolved: crypto: starfive - Do not free stack buffer RSA text data uses variable length buffer allocated in software stack. Calling kfree on it causes undefined behaviour in subsequent operations...
UBUNTU-CVE-2024-39478
In the Linux kernel, the following vulnerability has been resolved: crypto: starfive - Do not free stack buffer RSA text data uses variable length buffer allocated in software stack. Calling kfree on it causes undefined behaviour in subsequent operations...
CVE-2024-39478 crypto: starfive - Do not free stack buffer
In the Linux kernel, the following vulnerability has been resolved: crypto: starfive - Do not free stack buffer RSA text data uses variable length buffer allocated in software stack. Calling kfree on it causes undefined behaviour in subsequent operations...
CVE-2024-39478
The CVE-2024-39478 vulnerability affects the Linux kernel crypto: starfive code path, where RSA text data uses a variable-length buffer allocated on the software stack. Calling kfree on that buffer can cause undefined behavior in subsequent operations, due to freeing a stack-allocated buffer. The...