226 matches found
CVE-2025-37999 fs/erofs/fileio: call erofs_onlinefolio_split() after bio_add_folio()
In the Linux kernel, the following vulnerability has been resolved: fs/erofs/fileio: call erofsonlinefoliosplit after bioaddfolio If bioaddfolio fails because it is full, erofsfileioscanfolio needs to submit the I/O request via erofsfileiorqsubmit and allocate a new I/O request with an empty stru...
CVE-2023-21120
In multiple functions of cdmengine.cpp, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID:...
CVE-2021-22906
Nextcloud End-to-End Encryption before 1.5.3, 1.6.3 and 1.7.1 suffers from a denial of service vulnerability due to permitting any authenticated users to lock files of other users...
CVE-2020-8867
This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of OPC Foundation UA .NET Standard 1.04.358.30. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of sessions. The issue results fr...
CVE-2019-15513
An issue was discovered in OpenWrt libuci aka Library for the Unified Configuration Interface before 15.05.1 as used on Motorola CX2L MWR04L 1.01 and C1 MWR03 1.01 devices. /tmp/.uci/network locking is mishandled after reception of a long SetWanSettings command, leading to a device hang...
CVE-2019-14091
Double free issue in NPU due to lack of resource locking mechanism to avoid race condition in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9607, QCS405, Rennell, Saipan, SC8180X, SDX55, SM8150, SM8250,...
libsemanage bug fix update
An update is available for libsemanage. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The libsemanage library provides an API for the manipulation of SELinux...
SUSE CVE-2022-49931
In the Linux kernel, the following vulnerability has been resolved: IB/hfi1: Correctly move list in scdisable Commit 13bac861952a "IB/hfi1: Fix abba locking issue with scdisable" incorrectly tries to move a list from one list head to another. The result is a kernel crash. The crash is triggered...
CVE-2023-53109
CVE-2023-53109 : Linux kernel vulnerability in net: tunnels where IP tunnels may update dev->needed_headroom in the xmit path, causing a data race (KCSAN) in ip_tunnel_xmit and related paths. The patch annotates lockless accesses to dev->needed_headroom for three tunnels’ xmit paths and als...
CVE-2022-49931 IB/hfi1: Correctly move list in sc_disable()
In the Linux kernel, the following vulnerability has been resolved: IB/hfi1: Correctly move list in scdisable Commit 13bac861952a "IB/hfi1: Fix abba locking issue with scdisable" incorrectly tries to move a list from one list head to another. The result is a kernel crash. The crash is triggered...
PT-2025-23158
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A vulnerability in the Linux kernel has been identified, related to the erofs file system. The issue arises when bio add folio fails due to being full, and erofs fileio scan folio retrie...
CVE-2025-21986
In the Linux kernel, the following vulnerability has been resolved: net: switchdev: Convert blocking notification chain to a raw one A blocking notification chain uses a read-write semaphore to protect the integrity of the chain. The semaphore is acquired for writing when adding / removing...
CVE-2025-21986
CVE-2025-21986 affects the Linux kernel net: switchdev notification path. The root cause is a blocking notification chain that uses a read-write semaphore to protect the chain, which allows recursive notifications to cause the semaphore to be acquired twice for reading. In certain bridge/offload ...
CVE-2023-53022 net: enetc: avoid deadlock in enetc_tx_onestep_tstamp()
In the Linux kernel, the following vulnerability has been resolved: net: enetc: avoid deadlock in enetctxonesteptstamp This lockdep splat says it better than I could: ================================ WARNING: inconsistent lock state 6.2.0-rc2-07010-ga9b9500ffaac-dirty 967 Not tainted...
The vulnerability of the mlx5e_arfs_enable() function in the drivers/net/ethernet/mellanox/mlx5/core/en_arfs.c file of the Linux kernel allows a hacker to cause a service failure.
The vulnerability of the mlx5earfsenable function in the drivers/net/ethernet/mellanox/mlx5/core/enarfs.c file of the Linux kernel is related to insufficient resource locking. Exploiting this vulnerability could allow an attacker to cause a service failure...
CVE-2025-24035
Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network...
Linux Distros Unpatched Vulnerability : CVE-2024-54460
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: Bluetooth: iso: Fix circular lock in isolistenbis This fixes the circular locking dependenc...
Linux Distros Unpatched Vulnerability : CVE-2024-48875
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: btrfs: don't take devreplace rwsem on task already holding it Running fstests btrfs/011 wit...
Linux Distros Unpatched Vulnerability : CVE-2024-49943
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: drm/xe/gucsubmit: add missing locking in wedgedfini Any non-wedged queue can have a zero...
Linux Distros Unpatched Vulnerability : CVE-2024-58071
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - team: prevent adding a device which is already a team device lower Prevent adding a device which is already a team device lower, e.g. adding veth0 if vlan1 was...