109 matches found
CVE-2022-50240 android: binder: stop saving a pointer to the VMA
In the Linux kernel, the following vulnerability has been resolved: android: binder: stop saving a pointer to the VMA Do not record a pointer to a VMA outside of the mmaplock for later use. This is unsafe and there are a number of failure paths after the recorded VMA pointer may be freed during...
CVE-2022-50240
CVE-2022-50240 concerns the Linux kernel Android binder subsystem. The issue arises from saving a pointer to a VMA outside of the mmap_lock, which could become stale or be freed, leading to fragile behavior in various failure paths. The documented fix changes the binder_alloc structure to record ...
PT-2025-37640
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.10.150-00001-gdc8dcf942daa Description A use-after-free UAF vulnerability exists within the binder component of the Linux kernel. The vulnerability occurs due to a race condition between binder update page rang...
PT-2025-37494
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.10.150-00001-gdc8dcf942daa Description A use-after-free UAF vulnerability exists within the binder component of the Linux kernel. The vulnerability occurs due to a race condition between binder update page rang...
Linux Distros Unpatched Vulnerability : CVE-2020-29369
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in mm/mmap.c in the Linux kernel before 5.7.11. There is a race condition between certain expand functions expanddownwards and...
Linux munmap() Race Condition / Use-After-Free
Linux munmap has a race condition with pagemapread that leads to a page use-after-free condition...
CVE-2022-22071
Possible use after free when process shell memory is freed using IOCTL munmap call and process initialization is in progress in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music...
SUSE CVE-2024-56765
In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries/vas: Add close callback in vasvmops struct The mapping VMA address is saved in VAS window struct when the paste address is mapped. This VMA address is used during migration to unmap the paste address if the window...
DEBIAN-CVE-2024-56765
In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries/vas: Add close callback in vasvmops struct The mapping VMA address is saved in VAS window struct when the paste address is mapped. This VMA address is used during migration to unmap the paste address if the window...
AZL-54126 CVE-2024-53109 affecting package kernel for versions less than 6.6.64.2-1
In the Linux kernel, the following vulnerability has been resolved: nommu: pass NULL argument to vmaiterprealloc When deleting a vma entry from a maple tree, it has to pass NULL to vmaiterprealloc in order to calculate internal state of the tree, but it passed a wrong argument. As a result, nommu...
CVE-2024-50223
In the Linux kernel, the following vulnerability has been resolved: sched/numa: Fix the potential null pointer dereference in tasknumawork When running stress-ng-vm-segv test, we found a null pointer dereference error in tasknumawork. Here is the backtrace: 323676.066985 Unable to handle kernel...
CVE-2024-50223 sched/numa: Fix the potential null pointer dereference in task_numa_work()
In the Linux kernel, the following vulnerability has been resolved: sched/numa: Fix the potential null pointer dereference in tasknumawork When running stress-ng-vm-segv test, we found a null pointer dereference error in tasknumawork. Here is the backtrace: 323676.066985 Unable to handle kernel...
UBUNTU-CVE-2024-46741
In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: Fix double free of 'buf' in error path smatch warning: drivers/misc/fastrpc.c:1926 fastrpcreqmmap error: double free of 'buf' In fastrpcreqmmap error path, the fastrpc buffer is freed in fastrpcreqmunmapimpl if unm...
CVE-2024-42317
In the Linux kernel, the following vulnerability has been resolved: mm/hugememory: avoid PMD-size page cache if needed xarray can't support arbitrary page cache size. the largest and supported page cache size is defined as MAXPAGECACHEORDER by commit 099d90642a71 "mm/filemap: make MAXPAGECACHEORD...
Qualcomm Multiple Chipsets Use-After-Free Vulnerability
Multiple Qualcomm chipsets contain a use-after-free vulnerability when process shell memory is freed using IOCTL munmap call and process initialization is in progress...
kernel: unmap_mapping_range() race with munmap() on VM_PFNMAP mappings leads to stale TLB entry
A flaw was found in include/asm-generic/tlb.h in the Linux kernel due to a race condition unmapmappingrange versus munmap. This issue allows a device driver to free a page while it still has stale TLB entries...
kernel: unmap_mapping_range() race with munmap() on VM_PFNMAP mappings leads to stale TLB entry
A flaw was found in include/asm-generic/tlb.h in the Linux kernel due to a race condition unmapmappingrange versus munmap. This issue allows a device driver to free a page while it still has stale TLB entries...
kernel: unmap_mapping_range() race with munmap() on VM_PFNMAP mappings leads to stale TLB entry
A flaw was found in include/asm-generic/tlb.h in the Linux kernel due to a race condition unmapmappingrange versus munmap. This issue allows a device driver to free a page while it still has stale TLB entries...
kernel: unmap_mapping_range() race with munmap() on VM_PFNMAP mappings leads to stale TLB entry
A flaw was found in include/asm-generic/tlb.h in the Linux kernel due to a race condition unmapmappingrange versus munmap. This issue allows a device driver to free a page while it still has stale TLB entries...
kernel: unmap_mapping_range() race with munmap() on VM_PFNMAP mappings leads to stale TLB entry
A flaw was found in include/asm-generic/tlb.h in the Linux kernel due to a race condition unmapmappingrange versus munmap. This issue allows a device driver to free a page while it still has stale TLB entries...