1000 matches found
kernel: md: fix mddev uaf while iterating all_mddevs list
A flaw was discovered in the Linux kernel’s MD multiple device subsystem during iteration over the allmddevs list in functions such as mdnotifyreboot and mdexit. The code used listforeachentrysafe, but released locks before completing reference counting, allowing concurrent deletion and freeing o...
CVE-2025-38235
In the Linux kernel, the following vulnerability has been resolved: HID: appletb-kbd: fix "appletbbacklight" backlight device reference counting During appletbkbdprobe, probe attempts to get the backlight device by name. When this happens backlightdevicegetbyname looks for a device in the backlig...
CVE-2025-38235 HID: appletb-kbd: fix "appletb_backlight" backlight device reference counting
In the Linux kernel, the following vulnerability has been resolved: HID: appletb-kbd: fix "appletbbacklight" backlight device reference counting During appletbkbdprobe, probe attempts to get the backlight device by name. When this happens backlightdevicegetbyname looks for a device in the backlig...
CVE-2025-38235
CVE-2025-38235: Linux kernel fix for appletb_kbd backlight reference counting leak. backlight_device_get_by_name increments ref count for android backlight named "appletb_backlight" and it is not released, causing a reference leak. The fix decrements the reference count on removal via put_device ...
CVE-2025-38235
In the Linux kernel, the following vulnerability has been resolved: HID: appletb-kbd: fix "appletbbacklight" backlight device reference counting During appletbkbdprobe, probe attempts to get the backlight device by name. When this happens backlightdevicegetbyname looks for a device in the backlig...
CVE-2025-38235 HID: appletb-kbd: fix "appletb_backlight" backlight device reference counting
In the Linux kernel, the following vulnerability has been resolved: HID: appletb-kbd: fix "appletbbacklight" backlight device reference counting During appletbkbdprobe, probe attempts to get the backlight device by name. When this happens backlightdevicegetbyname looks for a device in the backlig...
AZL-64743 CVE-2025-38180 affecting package kernel for versions less than 6.6.96.1-1
In the Linux kernel, the following vulnerability has been resolved: net: atm: fix /proc/net/atm/lec handling /proc/net/atm/lec must ensure safety against devlec changes. It appears it had devput calls without prior devhold, leading to imbalance and UAF...
DEBIAN-CVE-2025-38180
In the Linux kernel, the following vulnerability has been resolved: net: atm: fix /proc/net/atm/lec handling /proc/net/atm/lec must ensure safety against devlec changes. It appears it had devput calls without prior devhold, leading to imbalance and UAF...
UBUNTU-CVE-2025-38180
In the Linux kernel, the following vulnerability has been resolved: net: atm: fix /proc/net/atm/lec handling /proc/net/atm/lec must ensure safety against devlec changes. It appears it had devput calls without prior devhold, leading to imbalance and UAF...
CVE-2025-38180 net: atm: fix /proc/net/atm/lec handling
In the Linux kernel, the following vulnerability has been resolved: net: atm: fix /proc/net/atm/lec handling /proc/net/atm/lec must ensure safety against devlec changes. It appears it had devput calls without prior devhold, leading to imbalance and UAF...
Use After Free
Overview Affected versions of this package are vulnerable to Use After Free via std::atomicint in reference counting process. An attacker can execute arbitrary code or cause a denial of service by overflowing the reference count and triggering access to memory after it has been freed. Remediation...
CVE-2025-52886
Poppler is a PDF rendering library. Versions prior to 25.06.0 use std::atomicint for reference counting. Because std::atomicint is only 32 bits, it is possible to overflow the reference count and trigger a use-after-free. Version 25.06.0 patches the issue...
DEBIAN-CVE-2025-52886
Poppler is a PDF rendering library. Versions prior to 25.06.0 use std::atomicint for reference counting. Because std::atomicint is only 32 bits, it is possible to overflow the reference count and trigger a use-after-free. Version 25.06.0 patches the issue...
UBUNTU-CVE-2025-52886
Poppler is a PDF rendering library. Versions prior to 25.06.0 use std::atomicint for reference counting. Because std::atomicint is only 32 bits, it is possible to overflow the reference count and trigger a use-after-free. Version 25.06.0 patches the issue...
CVE-2025-52886 Poppler Use After Free Vulnerability
Poppler is a PDF rendering library. Versions prior to 25.06.0 use std::atomicint for reference counting. Because std::atomicint is only 32 bits, it is possible to overflow the reference count and trigger a use-after-free. Version 25.06.0 patches the issue...
CVE-2025-52886 Poppler Use After Free Vulnerability
Poppler is a PDF rendering library. Versions prior to 25.06.0 use std::atomicint for reference counting. Because std::atomicint is only 32 bits, it is possible to overflow the reference count and trigger a use-after-free. Version 25.06.0 patches the issue...
CVE-2025-52886
CVE-2025-52886 – Poppler : In Poppler versions prior to 25.06.0, reference counting uses 32-bit std::atomic_int, which can overflow and cause a use-after-free. The issue is fixed in version 25.06.0 (upgrade to >=25.06.0). No exploitation details are provided beyond that, and the documents do n...
CVE-2025-52886
Poppler is a PDF rendering library. Versions prior to 25.06.0 use std::atomicint for reference counting. Because std::atomicint is only 32 bits, it is possible to overflow the reference count and trigger a use-after-free. Version 25.06.0 patches the issue...
CVE-2025-52886 Poppler Use After Free Vulnerability
Poppler is a PDF rendering library. Versions prior to 25.06.0 use std::atomicint for reference counting. Because std::atomicint is only 32 bits, it is possible to overflow the reference count and trigger a use-after-free. Version 25.06.0 patches the issue...
kernel: scsi: libfc: Fix use after free in fc_exch_abts_resp()
A vulnerability was found in the Linux kernel's SCSI libfc library in the fcexchabtsresp function, which can lead to a use-after-free scenario. This issue can occur because the function calls fcexchrelease, which decrements a reference count stored in the ep object and then frees the object once...