15 matches found
EUVD-2026-35414
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: use listdelrcu for netlink hooks nftnetdevunregisterhooks and nftunregisterflowtablenethooks need to use listdelrcu, this list can be walked by concurrent dumpers. Add a new helper and use it consistently...
PT-2026-47761
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the netfilter nf tables component where the functions nft netdev unregister hooks and nft unregister flowtable net hooks fail to use list del rcu. This is problematic...
PT-2026-27691
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel’s xsk module related to fragment node deletion. A buffer leak can occur because the list node field is reused for both the xskb pool list and the buffer...
CVE-2023-54165
In the Linux kernel, the following vulnerability has been resolved: zsmalloc: move LRU update from zsmapobject to zsmalloc Under memory pressure, we sometimes observe the following crash: 5694.832838 ------------ cut here ------------ 5694.842093 listdel corruption, ffff888014b6a448-next is...
CVE-2025-38619
In the Linux kernel, the following vulnerability has been resolved: media: ti: j721e-csi2rx: fix listdel corruption If ticsi2rxstartdma fails in ticsi2rxdmacallback, the buffer is marked done with VB2BUFSTATEERROR but is not removed from the DMA queue. This causes the same buffer to be retried in...
CVE-2025-38577
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid panic in f2fsevictinode As syzbot 1 reported as below: R10: 0000000000000100 R11: 0000000000000206 R12: 00007ffe17473450 R13: 00007f28b1c10854 R14: 000000000000dae5 R15: 00007ffe17474520 --- end trace...
CVE-2025-38577
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid panic in f2fsevictinode As syzbot 1 reported as below: R10: 0000000000000100 R11: 0000000000000206 R12: 00007ffe17473450 R13: 00007f28b1c10854 R14: 000000000000dae5 R15: 00007ffe17474520 --- end trace...
DEBIAN-CVE-2022-50034
In the Linux kernel, the following vulnerability has been resolved: usb: cdns3 fix use-after-free at workaround 2 BUG: KFENCE: use-after-free read in listdelentryvalid+0x10/0xac cdns3wa2removeoldrequest ... kfreeprivreq-request.buf; cdns3gadgetepfreerequest&privep-endpoint, &privreq-request;...
PT-2025-18555 · Linux +1 · Linux Kernel +1
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A crash was reported due to list del corruption in the Linux kernel's sctp module. The issue occurs when the last fragment of a message is dequeued from the out curr stream in sctp...
Vulnerabilities of EFI/unaccepted kernel components of the Linux operating system, allowing attackers to trigger a service failure
The vulnerability of the listdel function in efi/unaccepted kernel components of the Linux operating system is related to improper locking mechanisms. Exploiting this vulnerability could allow an attacker to trigger a service failure...
CVE-2024-46858 mptcp: pm: Fix uaf in __timer_delete_sync
In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: Fix uaf in timerdeletesync There are two paths to access mptcppmdeladdtimer, result in a race condition: CPU1 CPU2 ==== ==== netrxaction napipoll netlinksendmsg napipoll netlinkunicast processbacklog netlinkunicastkern...
CVE-2024-40925
Technical details beyond the initial description are not provided in the connected documents. No public exploit/affected-products details are listed here. Monitor for updates.
UBUNTU-CVE-2024-39485
In the Linux kernel, the following vulnerability has been resolved: media: v4l: async: Properly re-initialise notifier entry in unregister The notifierentry of a notifier is not re-initialised after unregistering the notifier. This leads to dangling pointers being left there so use listdelinit to...
In nf_tables_updtable if nf_tables_table_enable returns an error nft_trans_destroy is called to free the transaction object. nft_trans_destroy() calls list_del() but the transaction was never placed on a list -- the list head is all zeroes this results in a NULL pointer dereference.
...
GPAC 资源管理错误漏洞
GPAC is an open source multimedia framework. A resource management error vulnerability exists in GPAC, which stems from the gflistdel function in the product list.c file releasing memory multiple times. An attacker could cause a denial of service via this vulnerability...