15 matches found
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: The initialization of the dangling pointer that occurs in vsk-trans has been addressed. During loopback communication, a dangling pointer can be created in vsk-trans, which may lead to a Use-After-Free condition. Th...
Astra Linux - уязвимость в linux-6.1
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check null-initialized variables WHAT & HOW drrtiming and subvppipe are initialized to null and they are not always assigned new values. It is necessary to check for null before dereferencing. This fixes 2...
PT-2026-2540
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel related to memory management within the vidtv driver. Specifically, local pointers are not initialized to NULL after memory ownership is transferred...
EUVD-2025-203729
In the Linux kernel, the following vulnerability has been resolved: gpiolib: fix invalid pointer access in debugfs If the memory allocation in gpiolibseqstart fails, the s-private field remains uninitialized and is later dereferenced without checking in gpiolibseqstop. Initialize s-private to NUL...
CVE-2025-68167
CVE-2025-68167 affects the Linux kernel gpiolib in debugfs. The root cause is a failure path in gpiolib_seq_start() where s->private is left uninitialized if kzalloc() fails, and is later dereferenced in gpiolib_seq_stop() without a null check. The fix initializes s->private to NULL before ...
CVE-2025-68167 gpiolib: fix invalid pointer access in debugfs
In the Linux kernel, the following vulnerability has been resolved: gpiolib: fix invalid pointer access in debugfs If the memory allocation in gpiolibseqstart fails, the s-private field remains uninitialized and is later dereferenced without checking in gpiolibseqstop. Initialize s-private to NUL...
Siemens SCALANCE and RUGGEDCOM Devices Improper Input Validation (CVE-2024-53103)
hvsock: Initializing vsk-trans to NULL to prevent a dangling pointer When hvs is released, there is a possibility that vsk-trans may not be initialized to NULL, which could lead to a dangling pointer. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot...
drm/amd/display: Check null-initialized variables
...
DEBIAN-CVE-2024-53103
In the Linux kernel, the following vulnerability has been resolved: hvsock: Initializing vsk-trans to NULL to prevent a dangling pointer When hvs is released, there is a possibility that vsk-trans may not be initialized to NULL, which could lead to a dangling pointer. This issue is resolved by...
CVE-2024-53103 hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer
In the Linux kernel, the following vulnerability has been resolved: hvsock: Initializing vsk-trans to NULL to prevent a dangling pointer When hvs is released, there is a possibility that vsk-trans may not be initialized to NULL, which could lead to a dangling pointer. This issue is resolved by...
UBUNTU-CVE-2024-50152
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix possible double free in smb2setea Clang static checkerscan-build warning: fs/smb/client/smb2ops.c:1304:2: Attempt to free released memory. 1304 | kfreeea; | ^ There is a double free in such case: 'ea is initializ...
UBUNTU-CVE-2024-26799
In the Linux kernel, the following vulnerability has been resolved: ASoC: qcom: Fix uninitialized pointer dmactl In the case where lpassgetdmactlhandle is called and the driver id daiid is invalid the pointer dmactl is not being assigned a value, and dmactl contains a garbage value since it has n...
PT-2024-9839 · Linux +1 · Linux Kernel +1
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to an uninitialized pointer dmactl in the lpass get dmactl handle function of the Linux kernel's ASoC qcom component. When the driver id dai id is invalid, the...
CVE-2020-5408
CVE-2020-5408 (IBM) affects IBM Sterling Connect:Direct Web Services. A fixed null initialization vector in CBC mode for the queryable text encryptor may allow a dictionary attack to derive unencrypted values, exposing sensitive information. Remediation is via upgrading to supported fixes: IBM St...
UBUNTU-CVE-2019-8912
In the Linux kernel through 4.20.11, afalgrelease in crypto/afalg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free in sockfssetattr...