CVE-2025-38011

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: csa unmap use uninterruptible lock After process exit to unmap csa and free GPU vm, if signal is accepted and then waiting to take vm lock is interrupted and return, it causes memory leaking and below warning backtrac...

Security Bulletin: IBM Integration Bus for z/OS is vulnerable to memory leaking, segmentation fault or heap-use-after-free due to Eclipse Mosquitto (CVE-2024-8376)

Summary IBM Integration Bus for z/OS is vulnerable to memory leaking, segmentation fault or heap-use-after-free due to Eclipse Mosquitto. Vulnerability Details CVEID:CVE-2024-8376 DESCRIPTION: In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve memory leaking, segmentation fault o...

Linux Distros Unpatched Vulnerability : CVE-2024-8376

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve memory leaking, segmentation fault or heap-use-after-free by sending specific sequences of...

Linux Distros Unpatched Vulnerability : CVE-2022-49263

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: brcmfmac: pcie: Release firmwares in the brcmfpciesetup error path This avoids leaking memor...

[BSA-120] Security Update for mosquitto

Philippe Coval uploaded new packages for mosquitto which fixed the following security problems: CVE-2024-8376 In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve memory leaking, segmentation fault or heap-use-after-free by sending specific sequences of "CONNECT", "DISCONNECT",...

CVE-2024-8376

A flaw was found in Eclipse Mosquitto. A remote attacker may be able to trigger memory leakage, segmentation fault, or a heap-use-after-free condition by sending specific sequences of "CONNECT", "DISCONNECT", "SUBSCRIBE", "UNSUBSCRIBE", and "PUBLISH" packets...

CVE-2024-8376

In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve memory leaking, segmentation fault or heap-use-after-free by sending specific sequences of "CONNECT", "DISCONNECT", "SUBSCRIBE", "UNSUBSCRIBE" and "PUBLISH" packets...

CVE-2024-8376

In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve memory leaking, segmentation fault or heap-use-after-free by sending specific sequences of "CONNECT", "DISCONNECT", "SUBSCRIBE", "UNSUBSCRIBE" and "PUBLISH" packets...

CVE-2024-8376

In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve memory leaking, segmentation fault or heap-use-after-free by sending specific sequences of "CONNECT", "DISCONNECT", "SUBSCRIBE", "UNSUBSCRIBE" and "PUBLISH" packets...

CVE-2024-8376

In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve memory leaking, segmentation fault or heap-use-after-free by sending specific sequences of "CONNECT", "DISCONNECT", "SUBSCRIBE", "UNSUBSCRIBE" and "PUBLISH" packets...

CVE-2024-8376

CVE-2024-8376 affects Eclipse Mosquitto up to version 2.0.18a, where an attacker can trigger memory leaking, segmentation fault or heap-use-after-free by sending crafted sequences of MQTT packets (CONNECT, DISCONNECT, SUBSCRIBE, UNSUBSCRIBE, PUBLISH). Public documents consistently cite these symp...

CVE-2024-38391

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

CVE-2024-38391

In the Linux kernel, the following vulnerability has been resolved: cxl/region: Fix cxlrpmem leaks Before this error path, cxlrpmem pointed to a kzalloc memory, free it to avoid this memory leaking...

CentOS 7 : kernel (RHSA-2024:1249)

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1249 advisory. - There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2capcore.c's l2capconnect and l2capleconnectreq functions which may all...

CVE-2021-47103

A use-after-free vulnerability was found in the TCP IP protocol in the Linux Kernel, where a delete operation of the RCU-protected pointer is supposed to clear the pointer before the callrcu/synchronizercu guarding the actual memory freeing. This flaw allows a local attacker to crash the system o...

CVE-2021-34121

An Out of Bounds flaw was discovered in htmodoc 1.9.12 in function parsetree in toc.cxx, this possibly leads to memory layout information leaking in the data. This might be used in a chain of vulnerability in order to reach code execution...

CVE-2021-40732

XMP Toolkit version 2020.1 and earlier is affected by a null pointer dereference vulnerability that could result in leaking data from certain memory locations and causing a local denial of service in the context of the current user. User interaction is required to exploit this vulnerability in th...

CVE-2021-3548

A flaw was found in dmg2img through 20170502. dmg2img did not validate the size of the read buffer during memcpy inside the main function. This possibly leads to memory layout information leaking in the data. This might be used in a chain of vulnerability in order to reach code execution...

CVE-2021-3548

A flaw was found in dmg2img through 20170502. dmg2img did not validate the size of the read buffer during memcpy inside the main function. This possibly leads to memory layout information leaking in the data. This might be used in a chain of vulnerability in order to reach code execution...

Linux 5.6 IORING_OP_MADVISE Race Condition

Linux 5.6 has an issue with IORINGOPMADVISE racing with coredumping. Linux 5.6: IORINGOPMADVISE races with coredumping Last year, I noticed that core dumping iterates over current-mm's VMA list without proper locking, under the assumption that the VMA list can not be modified externally. This...