79 matches found
CVE-2021-47555 net: vlan: fix underflow for the real_dev refcnt
In the Linux kernel, the following vulnerability has been resolved: net: vlan: fix underflow for the realdev refcnt Inject error before devholdrealdev in registervlandev, and execute the following testcase: ip link add dev dummy1 type dummy ip link add name dummy1.100 link dummy1 type vlan id 100...
CVE-2021-47532 drm/msm/devfreq: Fix OPP refcnt leak
In the Linux kernel, the following vulnerability has been resolved: drm/msm/devfreq: Fix OPP refcnt leak...
CVE-2021-47532 drm/msm/devfreq: Fix OPP refcnt leak
In the Linux kernel, the following vulnerability has been resolved: drm/msm/devfreq: Fix OPP refcnt leak...
CVE-2023-52854
In the Linux kernel, the following vulnerability has been resolved: padata: Fix refcnt handling in padatafreeshell In a high-load arm64 environment, the pcryptaead01 test in LTP can lead to system UAF Use-After-Free issues. Due to the lengthy analysis of the pcryptaead01 function call, I'll...
CVE-2021-47480
In the Linux kernel, the following vulnerability has been resolved: scsi: core: Put LLD module refcnt after SCSI device is released SCSI host release is triggered when SCSI device is freed. We have to make sure that the low-level device driver module won't be unloaded before SCSI host instance is...
CVE-2021-47480
In the Linux kernel, the following vulnerability has been resolved: scsi: core: Put LLD module refcnt after SCSI device is released SCSI host release is triggered when SCSI device is freed. We have to make sure that the low-level device driver module won't be unloaded before SCSI host instance is...
CVE-2023-52854
In the Linux kernel, the following vulnerability has been resolved: padata: Fix refcnt handling in padatafreeshell In a high-load arm64 environment, the pcryptaead01 test in LTP can lead to system UAF Use-After-Free issues. Due to the lengthy analysis of the pcryptaead01 function call, I'll...
CVE-2023-52854
In the Linux kernel, the following vulnerability has been resolved: padata: Fix refcnt handling in padatafreeshell In a high-load arm64 environment, the pcryptaead01 test in LTP can lead to system UAF Use-After-Free issues. Due to the lengthy analysis of the pcryptaead01 function call, I'll...
CVE-2023-52854 padata: Fix refcnt handling in padata_free_shell()
In the Linux kernel, the following vulnerability has been resolved: padata: Fix refcnt handling in padatafreeshell In a high-load arm64 environment, the pcryptaead01 test in LTP can lead to system UAF Use-After-Free issues. Due to the lengthy analysis of the pcryptaead01 function call, I'll...
CVE-2021-47222
In the Linux kernel, the following vulnerability has been resolved: net: bridge: fix vlan tunnel dst refcnt when egressing The egress tunnel code uses dstclone and directly sets the result which is wrong because the entry might have 0 refcnt or be already deleted, causing number of problems. It...
CVE-2021-47222
In the Linux kernel, the following vulnerability has been resolved: net: bridge: fix vlan tunnel dst refcnt when egressing The egress tunnel code uses dstclone and directly sets the result which is wrong because the entry might have 0 refcnt or be already deleted, causing number of problems. It...
CVE-2021-47222
In the Linux kernel, the following vulnerability has been resolved: net: bridge: fix vlan tunnel dst refcnt when egressing The egress tunnel code uses dstclone and directly sets the result which is wrong because the entry might have 0 refcnt or be already deleted, causing number of problems. It...
CVE-2021-47222 net: bridge: fix vlan tunnel dst refcnt when egressing
In the Linux kernel, the following vulnerability has been resolved: net: bridge: fix vlan tunnel dst refcnt when egressing The egress tunnel code uses dstclone and directly sets the result which is wrong because the entry might have 0 refcnt or be already deleted, causing number of problems. It...
CVE-2024-26864
In the Linux kernel, the following vulnerability has been resolved: tcp: Fix refcnt handling in inethashconnect. syzbot reported a warning in sknullsdelnodeinitrcu. The commit 66b60b0c8c4a "dccp/tcp: Unhash sk from ehash for tb2 alloc failure after checkestalblished." tried to fix an issue that a...
CVE-2024-26864
In the Linux kernel, the following vulnerability has been resolved: tcp: Fix refcnt handling in inethashconnect. syzbot reported a warning in sknullsdelnodeinitrcu. The commit 66b60b0c8c4a "dccp/tcp: Unhash sk from ehash for tb2 alloc failure after checkestalblished." tried to fix an issue that a...
CVE-2024-26864 tcp: Fix refcnt handling in __inet_hash_connect().
In the Linux kernel, the following vulnerability has been resolved: tcp: Fix refcnt handling in inethashconnect. syzbot reported a warning in sknullsdelnodeinitrcu. The commit 66b60b0c8c4a "dccp/tcp: Unhash sk from ehash for tb2 alloc failure after checkestalblished." tried to fix an issue that a...
CVE-2024-26864 tcp: Fix refcnt handling in __inet_hash_connect().
In the Linux kernel, the following vulnerability has been resolved: tcp: Fix refcnt handling in inethashconnect. syzbot reported a warning in sknullsdelnodeinitrcu. The commit 66b60b0c8c4a "dccp/tcp: Unhash sk from ehash for tb2 alloc failure after checkestalblished." tried to fix an issue that a...
CVE-2024-26864
In the Linux kernel, the following vulnerability has been resolved: tcp: Fix refcnt handling in inethashconnect. syzbot reported a warning in sknullsdelnodeinitrcu. The commit 66b60b0c8c4a "dccp/tcp: Unhash sk from ehash for tb2 alloc failure after checkestalblished." tried to fix an issue that a...
CVE-2024-26864 tcp: Fix refcnt handling in __inet_hash_connect().
In the Linux kernel, the following vulnerability has been resolved: tcp: Fix refcnt handling in inethashconnect. syzbot reported a warning in sknullsdelnodeinitrcu. The commit 66b60b0c8c4a "dccp/tcp: Unhash sk from ehash for tb2 alloc failure after checkestalblished." tried to fix an issue that a...
CVE-2024-26864
In CVE-2024-26864, the Linux kernel TCP path is affected by incorrect refcnt handling in __inet_hash_connect, tied to an issue reported by syzbot in sk_nulls_del_node_init_rcu. The referenced commit content explains that a prior fix intended to unhash sockets from ehash after tb2 allocation failu...