28 matches found
CVE-2024-56718
In the Linux kernel, the following vulnerability has been resolved: net/smc: protect link down work from execute after lgr freed link down work may be scheduled before lgr freed but execute after lgr freed, which may result in crash. So it is need to hold a reference before shedule link down work...
CVE-2024-56729 smb: Initialize cfid->tcon before performing network ops
In the Linux kernel, the following vulnerability has been resolved: smb: Initialize cfid-tcon before performing network ops Avoid leaking a tcon ref when a lease break races with opening the cached directory. Processing the leak break might take a reference to the tcon in cacheddirleasebreak and...
CVE-2024-56718 net/smc: protect link down work from execute after lgr freed
In the Linux kernel, the following vulnerability has been resolved: net/smc: protect link down work from execute after lgr freed link down work may be scheduled before lgr freed but execute after lgr freed, which may result in crash. So it is need to hold a reference before shedule link down work...
CVE-2024-56592
CVE-2024-56592 (Linux kernel) relates to BPF hash table management for maps. The vulnerability arises when a map element is freed while holding a bucket lock, triggering a lockdep warning due to bpf_map_fd_put_ptr() calling bpf_map_free_id() which acquires map_idr_lock. The fix defers free_htab_e...
CVE-2024-56581
CVE-2024-56581 affects the Linux kernel’s Btrfs code. The issue is a use-after-free in btrfs_ref_tree_mod() after inserting a new ref entry into a block entry’s rb-tree when an unexpected action (BTRFS_DROP_DELAYED_REF) is encountered. The error path freed the ref entry without removing it from t...
DEBIAN-CVE-2023-52730
In the Linux kernel, the following vulnerability has been resolved: mmc: sdio: fix possible resource leaks in some error paths If sdioaddfunc or sdioinitfunc fails, sdioremovefunc can not release the resources, because the sdio function is not presented in these two cases, it won't call ofnodeput...
GSD-2022-1007108 bpf: Fix reference state management for synchronous callbacks
bpf: Fix reference state management for synchronous callbacks This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.75 by commit...
Apple macOSiOS - Kernel Double Free due to IOSurfaceRootUserClient not Respecting MIG Ownership Rules
Apple macOSiOS - Kernel Double Free due to IOSurfaceRootUserClient not Respecting MIG Ownership Rules I have previously detailed the lifetime management paradigms in MIG in the writeups for: CVE-2016-7612 https://bugs.chromium.org/p/project-zero/issues/detail?id=926 and CVE-2016-7633...