PT-2025-40227

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel's Bluetooth implementation where a race condition can occur during device suspension. Specifically, if hci unregister dev frees the hci dev object while...

kernel: firmware_loader: Fix use-after-free during unregister

In the Linux kernel, the following vulnerability has been resolved: firmwareloader: Fix use-after-free during unregister In the following code within firmwareuploadunregister, the call to deviceunregister could result in the devrelease function freeing the fwuploadpriv structure before it is...

USN-6009-1: Linux kernel (GCP) vulnerabilities

It was discovered that the System V IPC implementation in the Linux kernel did not properly handle large shared memory counts. A local attacker could use this to cause a denial of service memory exhaustion. CVE-2021-3669 It was discovered that a use-after-free vulnerability existed in the SGI GRU...

K42745412: Linux kernel vulnerability CVE-2020-25221

Security Advisory Description getgatepage in mm/gup.c in the Linux kernel 5.7.x and 5.8.x before 5.8.7 allows privilege escalation because of incorrect reference counting caused by gate page mishandling of the struct page that backs the vsyscall page. The result is a refcount underflow. This can ...

SUSE CVE-2017-8925

The omninetopen function in drivers/usb/serial/omninet.c in the Linux kernel before 4.10.4 allows local users to cause a denial of service tty exhaustion by leveraging reference count mishandling...

SUSE CVE-2017-12190

The biomapuseriov and biounmapuser functions in block/bio.c in the Linux kernel before 4.13.8 do unbalanced refcounting when a SCSI I/O vector has small consecutive buffers belonging to the same page. The bioaddpcpage function merges them into one, but the page reference is never dropped. This...

SUSE CVE-2017-17564

An issue was discovered in Xen through 4.9.x allowing guest OS users to cause a denial of service host OS crash or gain host OS privileges by leveraging incorrect error handling for reference counting in shadow mode...

SUSE CVE-2020-11935

It was discovered that aufs improperly managed inode reference counts in the vfsubdentryopen method. A local attacker could use this vulnerability to cause a denial of service attack...

SUSE CVE-2022-2526

A use-after-free vulnerability was found in systemd. This issue occurs due to the onstreamio function and dnsstreamcomplete function in 'resolved-dns-stream.c' not incrementing the reference counting for the DnsStream object. Therefore, other functions and callbacks called can dereference the...

SUSE CVE-2022-2928

In ISC DHCP 4.4.0 - 4.4.3, ISC DHCP 4.1-ESV-R1 - 4.1-ESV-R16-P1, when the function optioncodehashlookup is called from addoption, it increases the option's refcount field. However, there is not a corresponding call to optiondereference to decrement the refcount field. The function addoption is on...

SUSE CVE-2022-23034

A PV guest could DoS Xen while unmapping a grant To address XSA-380, reference counting was introduced for grant mappings for the case where a PV guest would have the IOMMU enabled. PV guests can request two forms of mappings. When both are in use for any individual mapping, unmapping of such a...

CVE-2023-0240

A logic error was found in the iouring subsystem of the Linux kernel. This issue occurs due to an incorrect assumption that the last iograbidentity call could not return false in the ioprepasyncwork function, leading to reference counting issues and a use-after-free issue. This could allow a loca...

CVE-2023-0240

There is a logic error in iouring's implementation which can be used to trigger a use-after-free vulnerability leading to privilege escalation. In the ioprepasyncwork function the assumption that the last iograbidentity call cannot return false is not true, and in this case the function will use...

PT-2025-13327

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A vulnerability in the Linux kernel has been resolved, related to the drm/i915 component. The issue concerned broken reference counting around the request object when GuC support was add...

GSD-2023-1000553 media: dvbdev: adopts refcnt to avoid UAF

media: dvbdev: adopts refcnt to avoid UAF This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.16 by commit...

USN-5793-4: Linux kernel (IBM) vulnerabilities

It was discovered that the iouring subsystem in the Linux kernel did not properly perform reference counting in some situations, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2022-3910 ...

USN-5793-3: Linux kernel vulnerabilities

It was discovered that the iouring subsystem in the Linux kernel did not properly perform reference counting in some situations, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2022-3910 ...

USN-5793-2: Linux kernel (Azure) vulnerabilities

It was discovered that the iouring subsystem in the Linux kernel did not properly perform reference counting in some situations, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2022-3910 ...

LSN-0090-1: Kernel Live Patch Security Notice

David Bouman discovered that the netfilter subsystem in the Linux kernel did not properly validate passed user register indices. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. CVE-2022-1015 David Bouman and Billy Jheng Bing Jhong discovered that a...

USN-5708-1: backport-iwlwifi-dkms vulnerabilities

Sönke Huster discovered that an integer overflow vulnerability existed in the WiFi driver stack in the Linux kernel, leading to a buffer overflow. A physically proximate attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2022-41674 Sönke Hust...