30 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-31665
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - netfilter: nftct: fix use-after-free in timeout object destroy nftcttimeoutobjdestroy frees the timeout object with kfree immediately after nfctuntimeout, witho...
CVE-2026-31665 netfilter: nft_ct: fix use-after-free in timeout object destroy
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftct: fix use-after-free in timeout object destroy nftcttimeoutobjdestroy frees the timeout object with kfree immediately after nfctuntimeout, without waiting for an RCU grace period. Concurrent packet processing on...
CVE-2026-31665
CVE-2026-31665 affects the Linux kernel netfilter nf_conntrack timeout destruction. The issue is a use-after-free where nft_ct_timeout_obj_destroy() frees the timeout object with kfree() immediately after nf_ct_untimeout(), potentially leaving RCU-protected references active. The documented fix d...
CVE-2026-31665
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftct: fix use-after-free in timeout object destroy nftcttimeoutobjdestroy frees the timeout object with kfree immediately after nfctuntimeout, without waiting for an RCU grace period. Concurrent packet processing on...
kernel: drm/xe: Make dma-fences compliant with the safe access rules
In the Linux kernel, the following vulnerability has been resolved: drm/xe: Make dma-fences compliant with the safe access rules Xe can free some of the data pointed to by the dma-fences it exports. Most notably the timeline name can get freed if userspace closes the associated submit queue. At t...
kernel: Bluetooth: Fix potential use-after-free when clear keys
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix potential use-after-free when clear keys Similar to commit c5d2b6fa26b5 "Bluetooth: Fix use-after-free in hciremoveltk/hciremoveirk". We can not access k after kfreercu call...
SUSE CVE-2025-39978
In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: Fix potential use after free in otx2tcaddflow This code calls kfreercunewnode, rcu and then dereferences "newnode" and then dereferences it on the next line. Two lines later, we take a mutex so I don't think this is...
CVE-2025-39978 octeontx2-pf: Fix potential use after free in otx2_tc_add_flow()
In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: Fix potential use after free in otx2tcaddflow This code calls kfreercunewnode, rcu and then dereferences "newnode" and then dereferences it on the next line. Two lines later, we take a mutex so I don't think this is...
CVE-2025-39978
CVE-2025-39978 concerns the Linux kernel’s octeontx2-pf driver. The issue is a potential use-after-free in otx2_tc_add_flow(), where code frees a node with kfree_rcu(new_node, rcu) and then dereferences new_node on subsequent lines, after which a mutex is taken. The fix reorders operations so tha...
CVE-2023-53386
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix potential use-after-free when clear keys Similar to commit c5d2b6fa26b5 "Bluetooth: Fix use-after-free in hciremoveltk/hciremoveirk". We can not access k after kfreercu call. Mitigation To mitigate these...
CVE-2023-53386 Bluetooth: Fix potential use-after-free when clear keys
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix potential use-after-free when clear keys Similar to commit c5d2b6fa26b5 "Bluetooth: Fix use-after-free in hciremoveltk/hciremoveirk". We can not access k after kfreercu call...
CVE-2025-38703 drm/xe: Make dma-fences compliant with the safe access rules
In the Linux kernel, the following vulnerability has been resolved: drm/xe: Make dma-fences compliant with the safe access rules Xe can free some of the data pointed to by the dma-fences it exports. Most notably the timeline name can get freed if userspace closes the associated submit queue. At t...
SUSE CVE-2025-38453
In the Linux kernel, the following vulnerability has been resolved: iouring/msgring: ensure iokiocb freeing is deferred for RCU syzbot reports that defer/local taskwork adding via msgring can hit a request that has been freed: CPU: 1 UID: 0 PID: 19356 Comm: iou-wrk-19354 Not tainted...
CVE-2024-50212
In the Linux kernel, the following vulnerability has been resolved: lib: alloctagmoduleunload must wait for pending kfreercu calls Ben Greear reports following splat: ------------ cut here ------------ net/netfilter/nfnatcore.c:1114 module nfnat func:nfnatregisterfn has 256 allocated at module...
SUSE CVE-2024-50212
In the Linux kernel, the following vulnerability has been resolved: lib: alloctagmoduleunload must wait for pending kfreercu calls Ben Greear reports following splat: ------------ cut here ------------ net/netfilter/nfnatcore.c:1114 module nfnat func:nfnatregisterfn has 256 allocated at module...
CVE-2024-50212
In the Linux kernel, the following vulnerability has been resolved: lib: alloctagmoduleunload must wait for pending kfreercu calls Ben Greear reports following splat: ------------ cut here ------------ net/netfilter/nfnatcore.c:1114 module nfnat func:nfnatregisterfn has 256 allocated at module...
UBUNTU-CVE-2024-50212
In the Linux kernel, the following vulnerability has been resolved: lib: alloctagmoduleunload must wait for pending kfreercu calls Ben Greear reports following splat: ------------ cut here ------------ net/netfilter/nfnatcore.c:1114 module nfnat func:nfnatregisterfn has 256 allocated at module...
CVE-2024-50212 lib: alloc_tag_module_unload must wait for pending kfree_rcu calls
In the Linux kernel, the following vulnerability has been resolved: lib: alloctagmoduleunload must wait for pending kfreercu calls Ben Greear reports following splat: ------------ cut here ------------ net/netfilter/nfnatcore.c:1114 module nfnat func:nfnatregisterfn has 256 allocated at module...
CVE-2024-50212
In the Linux kernel, the following vulnerability has been resolved: lib: alloctagmoduleunload must wait for pending kfreercu calls Ben Greear reports following splat: ------------ cut here ------------ net/netfilter/nfnatcore.c:1114 module nfnat func:nfnatregisterfn has 256 allocated at module...
CVE-2024-50212 lib: alloc_tag_module_unload must wait for pending kfree_rcu calls
In the Linux kernel, the following vulnerability has been resolved: lib: alloctagmoduleunload must wait for pending kfreercu calls Ben Greear reports following splat: ------------ cut here ------------ net/netfilter/nfnatcore.c:1114 module nfnat func:nfnatregisterfn has 256 allocated at module...