CVE-2022-49287

CVE-2022-49287 concerns a Linux kernel refcount issue in tpm_chip handling that can trigger a use-after-free when interacting with TPM devices. The description details a sequence where a TPM command is written to /dev/tpmrm after unloading tpm_tis_spi, causing a refcount warning: refcount_t: addi...

CVE-2022-49287 tpm: fix reference counting for struct tpm_chip

In the Linux kernel, the following vulnerability has been resolved: tpm: fix reference counting for struct tpmchip The following sequence of operations results in a refcount warning: 1. Open device /dev/tpmrm. 2. Remove module tpmtisspi. 3. Write a TPM command to the file descriptor opened at ste...

CVE-2022-49287

In the Linux kernel, the following vulnerability has been resolved: tpm: fix reference counting for struct tpmchip The following sequence of operations results in a refcount warning: 1. Open device /dev/tpmrm. 2. Remove module tpmtisspi. 3. Write a TPM command to the file descriptor opened at ste...

CVE-2022-49212 mtd: rawnand: atmel: fix refcount issue in atmel_nand_controller_init

In the Linux kernel, the following vulnerability has been resolved: mtd: rawnand: atmel: fix refcount issue in atmelnandcontrollerinit The reference counting issue happens in several error handling paths on a refcounted object "nc-dmac". In these paths, the function simply returns the error code,...

CVE-2022-49159

CVE-2022-49159 affects the Linux kernel SCSI driver qla2xxx (SRB refcounting). The issue arises from a race between the timeout path and the normal completion path, where qla24xx_async_abort_cmd() could access a freed sp->qpair pointer, risking a kernel NULL pointer dereference. The documented...

CVE-2022-49159 scsi: qla2xxx: Implement ref count for SRB

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Implement ref count for SRB The timeout handler and the done function are racing. When qla2x00asynciocbtimeout starts to run it can be preempted by the normal response path via the firmware?. qla24xxasyncgpscspdone...

CVE-2021-47634 ubi: Fix race condition between ctrl_cdev_ioctl and ubi_cdev_ioctl

In the Linux kernel, the following vulnerability has been resolved: ubi: Fix race condition between ctrlcdevioctl and ubicdevioctl Hulk Robot reported a KASAN report about use-after-free: ================================================================== BUG: KASAN: use-after-free in...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the ASoC mediatek driver not properly handling device node reference counting in the...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from gic-v3 not properly handling node reference counting when populating PPI partitions, which could lead to a...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel suffers from a memory leak vulnerability that stems from apple-aic not handling node reference counting correctly during initialization, which can be exploited by ...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a reference counting issue in the atmelnandcontrollerinit function...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a race condition in the reference counting handling of SRBs in the qla2xxx driver, which could result in a...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from not properly handling node reference counting after FLOGI and PLOGI failures, which could lead to null point...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel has a security vulnerability that stems from a reference counting problem in the tpmchip structure...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fixed the issue where memory was freed after a session was logged off by the user. There is an issue with the interaction between SMB2 session logging out and SMB2 session setup. This issue causes memory to be freed after ...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: cachefiles: All requests are flushed after setting CACHEFILESDEAD. In ondemand mode, when the daemon is processing an open request, if the kernel marks the cache as CACHEFILESDEAD, the cachefilesdaemonwrite function will always...

The vulnerability of the udmabuf_vm_fault() function in the udmabuf driver (drivers/dma-buf/udmabuf.c) in Linux kernel allows a attacker to compromise data integrity or cause service failures.

The vulnerability of the udmabufvmfault function in the udmabuf driver drivers/dma-buf/udmabuf.c in Linux operating systems is related to a flaw in the counting of the number of references to pages stored in memory. Exploiting this vulnerability can allow an attacker to compromise data integrity ...

SUSE-SU-2025:0239-1 Security update for the Linux Kernel (Live Patch 45 for SLE 15 SP3)

This update for the Linux Kernel 5.3.18-15030059164 fixes several issues. The following security issues were fixed: - CVE-2024-36971: Fixed dstnegativeadvice race bsc1226324. - CVE-2024-50264: vsock/virtio: Initialization of the dangling pointer occurring in vsk-trans bsc1233712. - CVE-2022-48956...

CVE-2025-21655 io_uring/eventfd: ensure io_eventfd_signal() defers another RCU period

In the Linux kernel, the following vulnerability has been resolved: iouring/eventfd: ensure ioeventfdsignal defers another RCU period ioeventfddosignal is invoked from an RCU callback, but when dropping the reference to the ioevfd, it calls ioeventfdfree directly if the refcount drops to zero. Th...

UBUNTU-CVE-2025-21652

In the Linux kernel, the following vulnerability has been resolved: ipvlan: Fix use-after-free in ipvlangetiflink. syzbot presented an use-after-free report 0 regarding ipvlan and linkwatch. ipvlan does not hold a refcnt of the lower device unlike vlan and macvlan. If the linkwatch work is...