CVE-2025-54629

Race condition issue occurring in the physical page import process of the memory management module. Impact: Successful exploitation of this vulnerability may affect service integrity...

CVE-2023-35685

In DevmemIntMapPages of devicememserver.c, there is a possible physical page uaf due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2023-35685

In DevmemIntMapPages of devicememserver.c, there is a possible physical page uaf due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2024-50066 mm/mremap: fix move_normal_pmd/retract_page_tables race

In the Linux kernel, the following vulnerability has been resolved: mm/mremap: fix movenormalpmd/retractpagetables race In mremap, movepagetables looks at the type of the PMD entry and the specified address range to figure out by which method the next chunk of page table entries should be moved. ...

CVE-2024-46782

CVE-2024-46782 affects Linux kernel’s ila subsystem (net/ipv6/ila/ila_xlat.c, ila_nf_input) where a use-after-free occurs: ila_xlat_exit_net() frees the rhashtable and then nf_unregister_net_hooks() is called. The issue is the hook removal should occur before freeing resources; the fix reorders a...

CVE-2024-35896

In the Linux kernel, the following vulnerability has been resolved: netfilter: validate user input for expected length I got multiple syzbot reports showing old bugs exposed by BPF after commit 20f2505fb436 "bpf: Try to avoid kzalloc in cgroup/s,getsockopt" setsockopt @optlen argument should be...

CVE-2024-26983

CVE-2024-26983 is a Linux kernel issue about freeing xbc memory in bootconfig. The root cause was memblock_free() being used during xbc_exit() when memory may have already been handed to the buddy allocator, causing use-after-free (UAF) on certain architectures (e.g., CONFIG_ARCH_KEEP_MEMBLOCK di...

CVE-2024-26608 ksmbd: fix global oob in ksmbd_nl_policy

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix global oob in ksmbdnlpolicy Similar to a reported issue check the commit b33fb5b801c6 "net: qualcomm: rmnet: fix global oob in rmnetpolicy", my local fuzzer finds another global out-of-bounds read for policy...

CVE-2024-26597

In the Linux kernel, the following vulnerability has been resolved: net: qualcomm: rmnet: fix global oob in rmnetpolicy The variable rmnetlinkops assign a bigger maxtype which leads to a global out-of-bounds read when parsing the netlink attributes. See bug trace below:...

CVE-2018-18281

Since Linux kernel version 3.2, the mremap syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate removes entries from the pagetables of a task that is in the middle of mremap, a stale TLB entry can remain for a short time that permits access to a physical pag...

A vulnerability exists in the implementation of the mremap() system call in the Linux operating system, which allows an attacker to gain access to the physical page.

The vulnerability in the implementation of the mremap system call in the Linux operating system exists due to insufficient checking of input data. Exploiting this vulnerability can allow an attacker to gain access to the physical page...

CVE-2018-18281

Since Linux kernel version 3.2, the mremap syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate removes entries from the pagetables of a task that is in the middle of mremap, a stale TLB entry can remain for a short time that permits access to a physical pag...