90 matches found
CVE-2021-47134
In the Linux kernel, the following vulnerability has been resolved: efi/fdt: fix panic when no valid fdt found setuparch would invoke efiinit-efigetfdtparams. If no valid fdt found then initialbootparams will be null. So we should stop further fdt processing here. I encountered this issue on risc...
CVE-2021-46936
In the Linux kernel, the following vulnerability has been resolved: net: fix use-after-free in twtimerhandler A real world panic issue was found as follow in Linux 5.4. BUG: unable to handle page fault for address: ffffde49a863de28 PGD 7e6fe62067 P4D 7e6fe62067 PUD 7e6fe63067 PMD f51e064067 PTE 0...
CVE-2021-46936 net: fix use-after-free in tw_timer_handler
In the Linux kernel, the following vulnerability has been resolved: net: fix use-after-free in twtimerhandler A real world panic issue was found as follow in Linux 5.4. BUG: unable to handle page fault for address: ffffde49a863de28 PGD 7e6fe62067 P4D 7e6fe62067 PUD 7e6fe63067 PMD f51e064067 PTE 0...
CVE-2021-46936
CVE-2021-46936 affects the Linux kernel (net: fix use-after-free in tw_timer_handler). The flaw allowed use-after-free on net->mib.net_statistics when destroying a net namespace if inflight time-wait timers exist; it is triggered during path of timer handling and ip/mib teardown. The fix reloc...
PT-2025-26017 · Linux +1 · Linux Kernel +1
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A vulnerability in the Linux kernel has been resolved. The issue is related to the csdlock debug kernel-boot parameter, which is parsed by the early param function csdlock debug. If se...
CVE-2023-42805
quinn-proto is a state machine for the QUIC transport protocol. Prior to versions 0.9.5 and 0.10.5, receiving unknown QUIC frames in a QUIC packet could result in a panic. The problem has been fixed in 0.9.5 and 0.10.5 maintenance releases...
CVE-2023-3212
A NULL pointer dereference issue was found in the gfs2 file system in the Linux kernel. It occurs on corrupt gfs2 file systems when the evict code tries to reference the journal descriptor structure after it has been freed and set to NULL. A privileged local user could use this flaw to cause a...
SUSE CVE-2022-27536
Certificate.Verify in crypto/x509 in Go 1.18.x before 1.18.1 can be caused to panic on macOS when presented with certain malformed certificates. This allows a remote TLS server to cause a TLS client to panic...
SUSE-SU-2023:0229-1 Security update for the Linux Kernel (Live Patch 30 for SLE 15 SP2)
This update for the Linux Kernel 5.3.18-15020024129 fixes several issues. The following security issues were fixed: - CVE-2022-3424: Fixed use-after-free in grusetcontextoption, grufault and gruhandleusercallos that could lead to kernel panic bsc1204167. - CVE-2022-2602: Fixed a local privilege...
PT-2023-34826 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.90 Description: The issue is related to the f2fs component, where a panic can be avoided if the extent tree is not created. The actual impact and attack plausibility have not yet been proven...
PT-2023-33468 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.19 Description: The issue is related to a panic due to the wrong pageattr of im-image. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions prior to...
CVE-2023-22460 go-ipld-prime json codec may panic if asked to encode bytes
go-ipld-prime is an implementation of the InterPlanetary Linked Data IPLD spec interfaces, a batteries-included codec implementations of IPLD for CBOR and JSON, and tooling for basic operations on IPLD objects. Encoding data which contains a Bytes kind Node will pass a Bytes token to the JSON...
CVE-2022-2584 Panic when decoding invalid blocks in github.com/ipld/go-codec-dagpb
The dag-pb codec can panic when decoding invalid blocks...
PT-2022-36340 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.10.155 Description: A potential issue exists in the Linux Kernel, which may cause a panic on frag list with mixed head alloc types. The actual impact and attack plausibility have not yet been proven...
PT-2022-36612 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v4.9.334 Description: A potential issue exists in the Linux Kernel that could lead to a panic on frag list with mixed head alloc types. The actual impact and attack plausibility have not yet been proven...
PT-2022-36433 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.4.225 Description: A potential issue exists in the Linux Kernel, specifically related to the gso Generic Segmentation Offload functionality, where a panic can occur when dealing with a frag list that contains...
PT-2022-36056 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.9 Description: The issue is related to a potential panic on frag list with mixed head alloc types in the Linux Kernel. The actual impact and attack plausibility have not yet been proven. Recommendations: Fo...
PT-2022-36505 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v4.19.267 Description: The issue is related to a potential panic on frag list with mixed head alloc types in the Linux Kernel. The actual impact and attack plausibility have not yet been proven. Recommendations:...
PT-2022-36214 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.79 Description: A potential issue exists in the Linux Kernel, which may cause a panic on frag list with mixed head alloc types. The actual impact and attack plausibility have not yet been proven...
PT-2022-34084 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.10.137 Description: The issue is related to a potential panic in the dl cpu busy function due to an empty cs-cpus allowed. The actual impact and attack plausibility have not yet been proven. Recommendations:...