161 matches found
CVE-2022-48754
In the Linux kernel, the following vulnerability has been resolved: phylib: fix potential use-after-free Commit bafbdd527d56 "phylib: Add device reset GPIO support" added call to phydeviceresetphydev after the putdevice call in phydetach. The comment before the putdevice call says that the phydev...
CVE-2021-47472
REJECTED CVE A memory leak bug was identified in the Linux kernel's net: mdiobus module. When deviceregister fails during mdiobusregister, the reference count is not decremented via putdevice, resulting in unreferenced memory allocations and subsequent leaks...
CVE-2021-47472
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
CVE-2021-47472
CVE-2021-47472 is rejected/not used as per the Initial Description.
CVE-2023-52840
In the Linux kernel, the following vulnerability has been resolved: Input: synaptics-rmi4 - fix use after free in rmiunregisterfunction The putdevice calls rmireleasefunction which frees "fn" so the dereference on the next line "fn-numofirqs" is a use after free. Move the putdevice to the end to...
UBUNTU-CVE-2023-52730
In the Linux kernel, the following vulnerability has been resolved: mmc: sdio: fix possible resource leaks in some error paths If sdioaddfunc or sdioinitfunc fails, sdioremovefunc can not release the resources, because the sdio function is not presented in these two cases, it won't call ofnodeput...
CVE-2023-52840 Input: synaptics-rmi4 - fix use after free in rmi_unregister_function()
In the Linux kernel, the following vulnerability has been resolved: Input: synaptics-rmi4 - fix use after free in rmiunregisterfunction The putdevice calls rmireleasefunction which frees "fn" so the dereference on the next line "fn-numofirqs" is a use after free. Move the putdevice to the end to...
CVE-2023-52840 Input: synaptics-rmi4 - fix use after free in rmi_unregister_function()
In the Linux kernel, the following vulnerability has been resolved: Input: synaptics-rmi4 - fix use after free in rmiunregisterfunction The putdevice calls rmireleasefunction which frees "fn" so the dereference on the next line "fn-numofirqs" is a use after free. Move the putdevice to the end to...
CVE-2023-52730 mmc: sdio: fix possible resource leaks in some error paths
In the Linux kernel, the following vulnerability has been resolved: mmc: sdio: fix possible resource leaks in some error paths If sdioaddfunc or sdioinitfunc fails, sdioremovefunc can not release the resources, because the sdio function is not presented in these two cases, it won't call ofnodeput...
CVE-2023-52730 mmc: sdio: fix possible resource leaks in some error paths
In the Linux kernel, the following vulnerability has been resolved: mmc: sdio: fix possible resource leaks in some error paths If sdioaddfunc or sdioinitfunc fails, sdioremovefunc can not release the resources, because the sdio function is not presented in these two cases, it won't call ofnodeput...
CVE-2023-52730 mmc: sdio: fix possible resource leaks in some error paths
In the Linux kernel, the following vulnerability has been resolved: mmc: sdio: fix possible resource leaks in some error paths If sdioaddfunc or sdioinitfunc fails, sdioremovefunc can not release the resources, because the sdio function is not presented in these two cases, it won't call ofnodeput...
CVE-2021-47258
In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fix error handling of scsihostalloc After device is initialized via deviceinitialize, or its name is set via devsetname, the device has to be freed via putdevice. Otherwise device name will be leaked because it is...
CVE-2021-47337
In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fix bad pointer dereference when ehandler kthread is invalid Commit 66a834d09293 "scsi: core: Fix error handling of scsihostalloc" changed the allocation logic to call putdevice to perform host cleanup with the...
CVE-2021-47416 phy: mdio: fix memory leak
In the Linux kernel, the following vulnerability has been resolved: phy: mdio: fix memory leak Syzbot reported memory leak in MDIO bus interface, the problem was in wrong state logic. MDIOBUSALLOCATED indicates 2 states: 1. Bus is only allocated 2. Bus allocated and mdiobusregister fails, but...
CVE-2021-47361 mcb: fix error handling in mcb_alloc_bus()
In the Linux kernel, the following vulnerability has been resolved: mcb: fix error handling in mcballocbus There are two bugs: 1 If idasimpleget fails then this code calls putdevicecarrier but we haven't yet called getdevicecarrier and probably that leads to a use after free. 2 After...
CVE-2021-47361 mcb: fix error handling in mcb_alloc_bus()
In the Linux kernel, the following vulnerability has been resolved: mcb: fix error handling in mcballocbus There are two bugs: 1 If idasimpleget fails then this code calls putdevicecarrier but we haven't yet called getdevicecarrier and probably that leads to a use after free. 2 After...
CVE-2021-47337
The CVE-2021-47337 issue is in the Linux kernel SCSI core path: when an error arises during scsi_host_alloc() and the error-handling ehandler thread fails to spawn, shost->ehandler may be set to ERR_PTR(-ENOMEM) and scsi_host_dev_release() would call kthread_stop() on a NULL/invalid pointer, r...
CVE-2021-47258 scsi: core: Fix error handling of scsi_host_alloc()
In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fix error handling of scsihostalloc After device is initialized via deviceinitialize, or its name is set via devsetname, the device has to be freed via putdevice. Otherwise device name will be leaked because it is...
CVE-2021-47258 scsi: core: Fix error handling of scsi_host_alloc()
In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fix error handling of scsihostalloc After device is initialized via deviceinitialize, or its name is set via devsetname, the device has to be freed via putdevice. Otherwise device name will be leaked because it is...
DEBIAN-CVE-2023-52697
In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: sofsdwrtsdcajackcommon: ctx-headsetcodecdev = NULL sofsdwrtsdcajackexit are used by different codecs, and some of them use the same dai name. For example, rt712 and rt713 both use "rt712-sdca-aif1" and...