247 matches found
CVE-2023-54106 net/mlx5: fix potential memory leak in mlx5e_init_rep_rx
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: fix potential memory leak in mlx5einitreprx The memory pointed to by the priv-rxres pointer is not freed in the error path of mlx5einitreprx, which can lead to a memory leak. Fix by freeing the memory in the error path,...
CVE-2023-54065
Summary: CVE-2023-54065 is a Linux kernel vulnerability in the Realtek DSA driver. The issue arises from a faulty probe path that sets priv->chip_data to (void *)priv + sizeof(*priv) and assumes sufficient trailing space. Only the realtek-smi path allocated this chip_data space; realtek-mdio d...
CVE-2023-54015
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Devcom, fix error flow in mlx5devcomregisterdevice In case devcom allocation is failed, mlx5 is always freeing the priv. However, this priv might have been allocated by a different thread, and freeing it might lead to...
CVE-2023-54015
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Devcom, fix error flow in mlx5devcomregisterdevice In case devcom allocation is failed, mlx5 is always freeing the priv. However, this priv might have been allocated by a different thread, and freeing it might lead to...
UBUNTU-CVE-2023-54015
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Devcom, fix error flow in mlx5devcomregisterdevice In case devcom allocation is failed, mlx5 is always freeing the priv. However, this priv might have been allocated by a different thread, and freeing it might lead to...
CVE-2023-54015
CVE-2023-54015: In the Linux kernel, the mlx5_devcom_register_device allocation flow could cause a use-after-free. If devcom allocation fails, the code frees priv, but priv might belong to another thread, risking use-after-free. The fix frees priv only when it was allocated by the running thread,...
CVE-2023-54015 net/mlx5: Devcom, fix error flow in mlx5_devcom_register_device
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Devcom, fix error flow in mlx5devcomregisterdevice In case devcom allocation is failed, mlx5 is always freeing the priv. However, this priv might have been allocated by a different thread, and freeing it might lead to...
PT-2025-52972
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the net/mlx5 component, specifically in the mlx5 devcom register device function. A use-after-free condition can occur if devcom allocation fails,...
PT-2025-53063
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel’s networking component related to Realtek DSA drivers. Specifically, the issue involves an out-of-bounds access within the probe function when setting t...
CVE-2025-14489
RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of RealDefense SUPERAntiSpyware. An attacker must first obtain the ability to execute low-privileged code on...
EUVD-2022-55746
In the Linux kernel, the following vulnerability has been resolved: hwrng: geode - Fix PCI device refcount leak foreachpcidev is implemented by pcigetdevice. The comment of pcigetdevice says that it will increase the reference count for the returned pcidev and also decrease the reference count fo...
CVE-2022-50659
In the Linux kernel, the following vulnerability has been resolved: hwrng: geode - Fix PCI device refcount leak foreachpcidev is implemented by pcigetdevice. The comment of pcigetdevice says that it will increase the reference count for the returned pcidev and also decrease the reference count fo...
UBUNTU-CVE-2022-50659
In the Linux kernel, the following vulnerability has been resolved: hwrng: geode - Fix PCI device refcount leak foreachpcidev is implemented by pcigetdevice. The comment of pcigetdevice says that it will increase the reference count for the returned pcidev and also decrease the reference count fo...
CVE-2022-50659 hwrng: geode - Fix PCI device refcount leak
In the Linux kernel, the following vulnerability has been resolved: hwrng: geode - Fix PCI device refcount leak foreachpcidev is implemented by pcigetdevice. The comment of pcigetdevice says that it will increase the reference count for the returned pcidev and also decrease the reference count fo...
CVE-2022-50626
In the Linux kernel, the following vulnerability has been resolved: media: dvb-usb: fix memory leak in dvbusbadapterinit Syzbot reports a memory leak in "dvbusbadapterinit". The leak is due to not accounting for and freeing current iteration's adapter-priv in case of an error. Currently if an err...
CVE-2025-40262
In the Linux kernel, the following vulnerability has been resolved: Input: imxsckey - fix memory corruption on unload This is supposed to be "priv" but we accidentally pass "&priv" which is an address in the stack and so it will lead to memory corruption when the imxsckeyaction function is called...
CVE-2025-40262
In CVE-2025-40262, the Linux kernel is affected by a memory corruption issue in the imx_sc_key flow. The root cause is passing an address (&priv) of a stack variable instead of the intended priv in imx_sc_key_action(), leading to memory corruption on unload. The description indicates the fix is t...
CVE-2025-40262 Input: imx_sc_key - fix memory corruption on unload
In the Linux kernel, the following vulnerability has been resolved: Input: imxsckey - fix memory corruption on unload This is supposed to be "priv" but we accidentally pass "&priv" which is an address in the stack and so it will lead to memory corruption when the imxsckeyaction function is called...
EUVD-2025-201195
In the Linux kernel, the following vulnerability has been resolved: Input: imxsckey - fix memory corruption on unload This is supposed to be "priv" but we accidentally pass "&priv" which is an address in the stack and so it will lead to memory corruption when the imxsckeyaction function is called...
CVE-2025-8693
A post-authentication command injection vulnerability in the "priv" parameter of Zyxel DX3300-T0 firmware version 5.50ABVY.6.3C0 and earlier could allow an authenticated attacker to execute operating system OS commands on an affected device...