fbdev: defio: Disconnect deferred I/O from the lifetime of struct fb_info

...

UBUNTU-CVE-2026-46065

In the Linux kernel, the following vulnerability has been resolved: fbdev: defio: Disconnect deferred I/O from the lifetime of struct fbinfo Hold state of deferred I/O in struct fbdeferrediostate. Allocate an instance as part of initializing deferred I/O and remove it only after the final mapping...

PT-2026-43971

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A lifetime bookkeeping error exists in the ucan driver within the CAN subsystem. USB drivers bind to USB interfaces, and device managed resources must have their lifetime tied to the...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: drm/msm/dp: fixed the issue with the lifetime of the aux-bus EP device. Device-managed resources allocated after the component binding process must be tied to the lifetime of the DRM device. Otherwise, these resources may not be...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: drm/vmwgfx: Fixed the lifetime of the bo cursor memory. Cleanup operations can be performed while the atomic update is still active. This means that the memory acquired during the atomic update does not need to be invalidated ...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: cxl/port: Fixed the issue where parentport was used after freeing it in cxldetachep. The cxldetachep function is called during the bottom-up removal process, when all CXL memory devices beneath a switch port have been removed...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010795)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010795 advisory. In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fhid: fix fhidg lifetime vs cdev The embedded struct cdev does not have its lifetime...

Siemens SIMATIC Devices Improper Control of a Resource Through its Lifetime (CVE-2024-57901)

afpacket: vlangetprotocoldgram vs MSGPEEK Blamed allowing a crash. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid503805; scriptversion"1.1";...

CVE-2022-50568

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fhid: fix fhidg lifetime vs cdev The embedded struct cdev does not have its lifetime correctly tied to the enclosing struct fhidg, so there is a use-after-free if /dev/hidgN is held open while the gadget is deleted...

CVE-2022-50360 drm/msm/dp: fix aux-bus EP lifetime

In the Linux kernel, the following vulnerability has been resolved: drm/msm/dp: fix aux-bus EP lifetime Device-managed resources allocated post component bind must be tied to the lifetime of the aggregate DRM device or they will not necessarily be released when binding of the aggregate device is...

CVE-2024-35810 drm/vmwgfx: Fix the lifetime of the bo cursor memory

In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix the lifetime of the bo cursor memory The cleanup can be dispatched while the atomic update is still active, which means that the memory acquired in the atomic update needs to not be invalidated by the cleanup. The...

CVE-2020-1897

A use-after-free is possible due to an error in lifetime management in the request adaptor when a malicious client invokes request error handling in a specific sequence. This issue affects versions of proxygen prior to v2020.05.18.00...

Design/Logic Flaw

A use-after-free is possible due to an error in lifetime management in the request adaptor when a malicious client invokes request error handling in a specific sequence. This issue affects versions of proxygen prior to v2020.05.18.00...

CVE-2020-1897

CVE-2020-1897 affects Facebook Proxygen (open‑source C++ HTTP libraries). The issue is a use‑after‑free caused by faulty lifetime management in the request adaptor when a malicious client triggers request error handling in a specific sequence. Affected versions are prior to Proxygen v2020.05.18.0...

Apple macOSiOS - Multiple Kernel Use-After-Frees due to Incorrect IOKit Object Lifetime Management in IOTimeSyncClockManagerUserClient

Apple macOSiOS - Multiple Kernel Use-After-Frees due to Incorrect IOKit Object Lifetime Management in IOTimeSyncClockManagerUserClient / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1377 IOTimeSyncClockManagerUserClient provides the userspace interface for the...

Apple macOS/iOS - Multiple Kernel Use-After-Frees due to Incorrect IOKit Object Lifetime Management in IOTimeSyncClockManagerUserClient

/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1377 IOTimeSyncClockManagerUserClient provides the userspace interface for the IOTimeSyncClockManager IOService. IOTimeSyncClockManagerUserClient overrides the IOUserClient::clientClose method but it treats it like a destructor...

macOS / iOS - Multiple Kernel Use-After-Frees due to Incorrect IOKit Object Lifetime Management in I

Exploit for multiple platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1377 IOTimeSyncClockManagerUserClient provides the userspace interface for the IOTimeSyncClockManager IOService. IOTimeSyncClockManagerUserClient overrides the...