Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a reference counting problem in the expect dump in ctnetlink, which could lead to a memory leak...

kernel: tipc: Fix use-after-free in tipc_conn_close()

In the Linux kernel, the following vulnerability has been resolved: tipc: Fix use-after-free in tipcconnclose. syzbot reported a null-ptr-deref in tipcconnclose during netns dismantle. 0 tipctopsrvstop iterates tipcnetnet-topsrv-connidr and calls tipcconnclose for each tipcconn. The problem is th...

nvme: apple: fix device reference counting

...

Kernel: aoe: improper reference count leads to use-after-free vulnerability

...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from ctnetlink not properly handling reference counting during table dumps, which could lead to a memory leak...

Reference counting in php_request_shutdown causes Use-After-Free

...

kernel: tipc: Fix use-after-free in tipc_conn_close()

In the Linux kernel, the following vulnerability has been resolved: tipc: Fix use-after-free in tipcconnclose. syzbot reported a null-ptr-deref in tipcconnclose during netns dismantle. 0 tipctopsrvstop iterates tipcnetnet-topsrv-connidr and calls tipcconnclose for each tipcconn. The problem is th...

AZL-73914 CVE-2024-58240 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: tls: separate no-async decryption request handling from async If we're not doing async, the handling is much simpler. There's no reference counting, we just need to wait for the completion to wake us up and return its result. We...

UBUNTU-CVE-2024-58240

In the Linux kernel, the following vulnerability has been resolved: tls: separate no-async decryption request handling from async If we're not doing async, the handling is much simpler. There's no reference counting, we just need to wait for the completion to wake us up and return its result. We...

CVE-2024-58240

CVE-2024-58240: In the Linux kernel TLS subsystem, the vulnerability concerns separation of no-async decryption request handling from async paths, which simplifies handling when not using async. The description states this change resolves an issue and references a prior fix that mitigated a race ...

CVE-2024-58240 tls: separate no-async decryption request handling from async

In the Linux kernel, the following vulnerability has been resolved: tls: separate no-async decryption request handling from async If we're not doing async, the handling is much simpler. There's no reference counting, we just need to wait for the completion to wake us up and return its result. We...

Astra Linux – Vulnerability in Poppler

Poppler is a PDF rendering library. Versions prior to 25.06.0 used std::atomicint for reference counting. Since std::atomicint is only 32 bits in size, it is possible for the reference count to overflow, leading to a use-after-free. Version 25.06.0 addresses this issue...

PT-2025-39138

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free UAF issue exists in the PSI Pressure Stall Information monitoring mechanism within the Linux kernel. The problem occurs when a file descriptor is accessed after it has...

UBUNTU-CVE-2025-38563

In the Linux kernel, the following vulnerability has been resolved: perf/core: Prevent VMA split of buffer mappings The perf mmap code is careful about mmap'ing the user page with the ringbuffer and additionally the auxiliary buffer, when the event supports it. Once the first mapping is...

CVE-2025-38563 perf/core: Prevent VMA split of buffer mappings

In the Linux kernel, the following vulnerability has been resolved: perf/core: Prevent VMA split of buffer mappings The perf mmap code is careful about mmap'ing the user page with the ringbuffer and additionally the auxiliary buffer, when the event supports it. Once the first mapping is...

kernel: padata: fix UAF in padata_reorder

A use-after-free vulnerability was found in the Linux kernel's padata subsystem, in the padatareorder function. Caused by improper synchronization controls, this vulnerability can occur when a reference-counted data structure pd is decremented in one thread, freeing it, while another thread still...

DEBIAN-CVE-2025-38550

In the Linux kernel, the following vulnerability has been resolved: ipv6: mcast: Delay put pmc-idev in mlddeldelrec pmc-idev is still used in ip6mcclearsrc, so as mldcleardelrec does, the reference should be put after ip6mcclearsrc return...

UBUNTU-CVE-2025-38550

In the Linux kernel, the following vulnerability has been resolved: ipv6: mcast: Delay put pmc-idev in mlddeldelrec pmc-idev is still used in ip6mcclearsrc, so as mldcleardelrec does, the reference should be put after ip6mcclearsrc return...

CVE-2025-38550

CVE-2025-38550 is a Linux kernel issue in ipv6 multicast handling. The root cause is delaying the release of the reference to pmc->idev in mld_del_delrec(), while pmc->idev is also used by ip6_mc_clear_src(). The fix (as stated) is to put the reference after ip6_mc_clear_src() returns. The ...

Linux Distros Unpatched Vulnerability : CVE-2023-4049

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Race conditions in reference counting code were found through code inspection. These could have resulted in potentially exploitable use-after-free...