kernel: watch_queue: Actually free the watch

In the Linux kernel, the following vulnerability has been resolved: watchqueue: Actually free the watch freewatch does everything barring actually freeing the watch object. Fix this by adding the missing kfree. kmemleak produces a report something like the following. Note that as an address can b...

kernel: ext4: Fix function prototype mismatch for ext4_feat_ktype

In the Linux kernel, the following vulnerability has been resolved: ext4: Fix function prototype mismatch for ext4featktype With clang's kernel control flow integrity kCFI, CONFIGCFICLANG, indirect call targets are validated against the expected function pointer prototype to make sure the call...

Important: kernel-livepatch-6.1.27-43.48

Issue Overview: In the Linux kernel through 6.2.7, fs/ntfs3/inode.c has an invalid kfree because it does not validate MFT flags before replaying logs. CVE-2022-48425 In the Linux kernel through 6.3.1, a use-after-free in Netfilter nftables when processing batch requests can be abused to perform...

Important: kernel-livepatch-6.1.25-37.47

Issue Overview: In the Linux kernel through 6.2.7, fs/ntfs3/inode.c has an invalid kfree because it does not validate MFT flags before replaying logs. CVE-2022-48425 In the Linux kernel through 6.3.1, a use-after-free in Netfilter nftables when processing batch requests can be abused to perform...

Important: kernel-livepatch-6.1.23-36.46

Issue Overview: In the Linux kernel through 6.2.7, fs/ntfs3/inode.c has an invalid kfree because it does not validate MFT flags before replaying logs. CVE-2022-48425 An out-of-bounds memory access flaw was found in the Linux kernel's XFS file system in how a user restores an XFS image after failu...

Important: kernel

Issue Overview: In the Linux kernel through 6.2.7, fs/ntfs3/inode.c has an invalid kfree because it does not validate MFT flags before replaying logs. CVE-2022-48425 Affected Packages: kernel Issue Correction: Run dnf update kernel --releasever 2023.0.20230614 or dnf update --advisory...

CVE-2022-48425

In the Linux kernel through 6.2.7, fs/ntfs3/inode.c has an invalid kfree because it does not validate MFT flags before replaying logs...

CVE-2022-48425

In the Linux kernel through 6.2.7, fs/ntfs3/inode.c has an invalid kfree because it does not validate MFT flags before replaying logs...

CVE-2022-48425

In the Linux kernel through 6.2.7, fs/ntfs3/inode.c has an invalid kfree because it does not validate MFT flags before replaying logs...

CVE-2022-48425

In the Linux kernel through 6.2.7, fs/ntfs3/inode.c has an invalid kfree because it does not validate MFT flags before replaying logs...

CVE-2022-48425

In the Linux kernel through 6.2.7, fs/ntfs3/inode.c has an invalid kfree because it does not validate MFT flags before replaying logs...

In the Linux kernel before 5.17 an error path in dwc3_qcom_acpi_register_core in drivers/usb/dwc3/dwc3-qcom.c lacks certain platform_device_put and kfree calls.

...

PT-2023-33128 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.13 Description: The issue is related to a problem in the xen/netback component where kfree skb is called with interrupts disabled. The actual impact and potential for attack have not been proven yet...

PT-2023-33436 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v4.14.302 Description: The issue is related to a potential security vulnerability in the xen/netback component. It involves calling kfree skb with interrupts disabled, which may have security implications. The...

PT-2023-33361 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions 5.4.168 through 5.4.226 Description: The issue is related to a problem in the xen/netback component where kfree skb is called with interrupts disabled. The actual impact and potential for attack have not been proven yet...

GSD-2022-1001505 kernel/resource: fix kfree() of bootmem memory again

kernel/resource: fix kfree of bootmem memory again This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.16.19 by commit...

Microsoft Azure Sphere Kernel pwm_ioctl_apply_state kfree() code execution vulnerability

Summary A code execution vulnerability exists in the kernel pwmioctlapplystate functionality of Microsoft Azure Sphere 21.01. A specially crafted ioctl can lead to arbitrary kfree. An attacker can issue an ioctl to trigger this vulnerability. Tested Versions Microsoft Azure Sphere 21.01 Product...

RHEL 8 : kernel (RHSA-2021:0765)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0765 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: bad kfree in auditfilter.c may...

Important: Red Hat Security Advisory: kpatch-patch security update

An update is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

SUSE SLES15 Security Update : kernel (SUSE-SU-2021:0438-1)

The SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2021-3348: Fixed a use-after-free in nbdaddsocket that could be triggered by local attackers with access to the nbd device via an I/O request at a certain point...