954 matches found
CVE-2025-21919
In the Linux kernel, the following vulnerability has been resolved: sched/fair: Fix potential memory corruption in childcfsrqonlist childcfsrqonlist attempts to convert a 'prev' pointer to a cfsrq. This 'prev' pointer can originate from struct rq's leafcfsrqlist, making the conversion invalid and...
CVE-2025-21959
In the Linux kernel, the following vulnerability has been resolved: netfilter: nfconncount: Fully initialize struct nfconncounttuple in inserttree Since commit b36e4523d4d5 "netfilter: nfconncount: fix garbage collection confirm race", cpu and jiffies32 were introduced to the struct...
CVE-2025-21959 netfilter: nf_conncount: Fully initialize struct nf_conncount_tuple in insert_tree()
In the Linux kernel, the following vulnerability has been resolved: netfilter: nfconncount: Fully initialize struct nfconncounttuple in inserttree Since commit b36e4523d4d5 "netfilter: nfconncount: fix garbage collection confirm race", cpu and jiffies32 were introduced to the struct...
CVE-2025-21953
In the Linux kernel, the following vulnerability has been resolved: net: mana: cleanup mana struct after debugfsremove When on a MANA VM hibernation is triggered, as part of hibernatesnapshot, managdsuspend and managdresume are called. If during this managdresume, a failure occurs with HWC...
CVE-2025-21939
CVE-2025-21939 concerns the Linux kernel drm/xe/hmm path. The vulnerability stems from pnfs obtained via hmm_range_fault() referencing pages without holding the notifier lock, risking dereferencing struct page pointers and dirty/accessed marks. The fix builds the sg-table manually and maintains t...
CVE-2025-21919 sched/fair: Fix potential memory corruption in child_cfs_rq_on_list
In the Linux kernel, the following vulnerability has been resolved: sched/fair: Fix potential memory corruption in childcfsrqonlist childcfsrqonlist attempts to convert a 'prev' pointer to a cfsrq. This 'prev' pointer can originate from struct rq's leafcfsrqlist, making the conversion invalid and...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from nfconncount not fully initializing a struct member...
SUSE CVE-2023-52940
In the Linux kernel, the following vulnerability has been resolved: mm: multi-gen LRU: fix crash during cgroup migration lrugenmigratemm assumes lrugenaddmm runs prior to itself. This isn't true for the following scenario: CPU 1 CPU 2 clone cgroupcanfork cgroupprocswrite cgrouppostfork tasklock...
CVE-2023-53010
In the Linux kernel, the following vulnerability has been resolved: bnxt: Do not read past the end of test names Test names were being concatenated based on a offset beyond the end of the first name, which tripped the buffer overflow detection logic: detected buffer overflow in strnlen ... Call...
CVE-2023-53010 bnxt: Do not read past the end of test names
In the Linux kernel, the following vulnerability has been resolved: bnxt: Do not read past the end of test names Test names were being concatenated based on a offset beyond the end of the first name, which tripped the buffer overflow detection logic: detected buffer overflow in strnlen ... Call...
CVE-2023-53010 bnxt: Do not read past the end of test names
In the Linux kernel, the following vulnerability has been resolved: bnxt: Do not read past the end of test names Test names were being concatenated based on a offset beyond the end of the first name, which tripped the buffer overflow detection logic: detected buffer overflow in strnlen ... Call...
CVE-2023-53010
The CVE-2023-53010 vulnerability concerns the bnxt Ethernet driver in the Linux kernel. A buffer overread could occur from reading past the end of test names due to concatenation across an offset beyond the end of the first name, triggering the buffer overflow detection logic. The root cause was ...
CVE-2023-52973 vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF
In the Linux kernel, the following vulnerability has been resolved: vcscreen: move load of struct vcdata pointer in vcsread to avoid UAF After a call to consoleunlock in vcsread the vcdata struct can be freed by vcdeallocate. Because of that, the struct vcdata pointer load must be done at the top...
CVE-2023-52973 vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF
In the Linux kernel, the following vulnerability has been resolved: vcscreen: move load of struct vcdata pointer in vcsread to avoid UAF After a call to consoleunlock in vcsread the vcdata struct can be freed by vcdeallocate. Because of that, the struct vcdata pointer load must be done at the top...
CVE-2023-52973
In the Linux kernel, the following vulnerability has been resolved: vcscreen: move load of struct vcdata pointer in vcsread to avoid UAF After a call to consoleunlock in vcsread the vcdata struct can be freed by vcdeallocate. Because of that, the struct vcdata pointer load must be done at the top...
Linux DRM Race Condition / Use-After-Free
Linux has an issue where drmfileupdatepid calls getpid too late, which creates a race condition that can lead to use-after-free of a struct pid. I am sending this to security@ and to the drm-misc maintainers - based on...
Linux 5.6 Cred Refcount Overflow
Linux 5.6 suffers from a cred refcount overflow at approximately 39 gigs of memory usage via iouring. see also my related prior bug reports about overflowing refcounts with lots of RAM usage: https://crbug.com/project-zero/809: BPF program refcount, with 32GiB RAM...
CVE-2025-21856
In the Linux kernel, the following vulnerability has been resolved: s390/ism: add release function for struct device According to devicerelease in /drivers/base/core.c, a device without a release function is a broken device and must be fixed. The current code directly frees the device after calli...
CVE-2025-21856
In the Linux kernel, the following vulnerability has been resolved: s390/ism: add release function for struct device According to devicerelease in /drivers/base/core.c, a device without a release function is a broken device and must be fixed. The current code directly frees the device after calli...
UBUNTU-CVE-2025-21856
In the Linux kernel, the following vulnerability has been resolved: s390/ism: add release function for struct device According to devicerelease in /drivers/base/core.c, a device without a release function is a broken device and must be fixed. The current code directly frees the device after calli...