954 matches found
CVE-2022-49407
CVE-2022-49407 concerns the Linux kernel, in the dlm subsystem, where an invalid read could occur when mis-casting between plock_op and plock_xop structures during lock/file operations. The root cause was a misplacement of a field (the callback) that allowed an unsafe cast, enabling a read of fie...
CVE-2022-49407 dlm: fix plock invalid read
In the Linux kernel, the following vulnerability has been resolved: dlm: fix plock invalid read This patch fixes an invalid read showed by KASAN. A unlock will allocate a "struct plockop" and a followed sendop will append it to a global sendlist data structure. In some cases a followed devread...
CVE-2022-49407
In the Linux kernel, the following vulnerability has been resolved: dlm: fix plock invalid read This patch fixes an invalid read showed by KASAN. A unlock will allocate a "struct plockop" and a followed sendop will append it to a global sendlist data structure. In some cases a followed devread...
CVE-2022-49397 phy: qcom-qmp: fix struct clk leak on probe errors
In the Linux kernel, the following vulnerability has been resolved: phy: qcom-qmp: fix struct clk leak on probe errors Make sure to release the pipe clock reference in case of a late probe error e.g. probe deferral...
CVE-2022-49397
In the Linux kernel, the following vulnerability has been resolved: phy: qcom-qmp: fix struct clk leak on probe errors Make sure to release the pipe clock reference in case of a late probe error e.g. probe deferral...
CVE-2022-49320
The CVE-2022-49320 entry concerns the Linux kernel dmaengine for ZynqMP DMA. The root cause is an overflow risk in zynqmp_dma_alloc/free_chan_resources where 32-bit operands are used in size calculations (2 * chan->desc_size * ZYNQMP_DMA_NUM_DESCS). The fix changes the desc_size data type to s...
CVE-2022-49221
In the Linux kernel, the following vulnerability has been resolved: drm/msm/dp: populate connector of struct dppanel DP CTS test case 4.2.2.6 has valid edid with bad checksum on purpose and expect DP source return correct checksum. During drm edid read, correct edid checksum is calculated and...
CVE-2022-49076 RDMA/hfi1: Fix use-after-free bug for mm struct
In the Linux kernel, the following vulnerability has been resolved: RDMA/hfi1: Fix use-after-free bug for mm struct Under certain conditions, such as MPIAbort, the hfi1 cleanup code may represent the last reference held on the task mm. hfi1mmurbunregister then drops the last reference and the mm ...
CVE-2022-49076 RDMA/hfi1: Fix use-after-free bug for mm struct
In the Linux kernel, the following vulnerability has been resolved: RDMA/hfi1: Fix use-after-free bug for mm struct Under certain conditions, such as MPIAbort, the hfi1 cleanup code may represent the last reference held on the task mm. hfi1mmurbunregister then drops the last reference and the mm ...
CVE-2022-49076
CVE-2022-49076 concerns the Linux kernel RDMA/hfi1 subsystem. The issue is a use-after-free in the mm struct lifecycle: under certain conditions (e.g., MPI_Abort), hfi1_mmu_rb_unregister() may drop the last reference to a task mm, freeing it before its final use in hfi1_release_user_pages. This c...
CVE-2022-49076
In the Linux kernel, the following vulnerability has been resolved: RDMA/hfi1: Fix use-after-free bug for mm struct Under certain conditions, such as MPIAbort, the hfi1 cleanup code may represent the last reference held on the task mm. hfi1mmurbunregister then drops the last reference and the mm ...
Linux io_uring Use-After-Free
The Linux kernel suffers from a use-after-free of struct ioevfd because ioeventfddosignal frees an object when the refcount reaches zero without waiting for the required grace period. Summary UAF of struct ioevfd because ioeventfddosignal frees an object when the refcount reaches zero without...
CVE-2025-24904
libsignal-service-rs is a Rust version of the libsignal-service-java library which implements the core functionality to communicate with Signal servers. Prior to commit 82d70f6720e762898f34ae76b0894b0297d9b2f8, plaintext content envelopes could be injected by a server or a malicious client, and m...
PT-2025-7541
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to the version that includes the fix for this issue Description A memory corruption issue exists due to incorrect handling of control transfer buffer sizes in the usb: cdc-acm module. When the first fragment is...
CVE-2025-24904
libsignal-service-rs is a Rust version of the libsignal-service-java library which implements the core functionality to communicate with Signal servers. Prior to commit 82d70f6720e762898f34ae76b0894b0297d9b2f8, plaintext content envelopes could be injected by a server or a malicious client, and m...
CVE-2025-24904
CVE-2025-24904 affects libsignal-service-rs, a Rust port of libsignal-service-java. Before commit 82d70f6720e762898f34ae76b0894b0297d9b2f8, plaintext content envelopes could be injected by a server or malicious client, potentially bypassing end-to-end encryption and authentication. The fix is in ...
DEBIAN-CVE-2024-57945
In the Linux kernel, the following vulnerability has been resolved: riscv: mm: Fix the out of bound issue of vmemmap address In sparse vmemmap model, the virtual address of vmemmap is calculated as: struct page VMEMMAPSTART - physrambase PAGESHIFT. And the struct page's va can be calculated with ...
CVE-2024-57945
CVE-2024-57945 (Linux kernel, riscv): In the sparse vmemmap model, an out-of-bounds virtual address could be computed for struct page if the first page in the phys_ram_base section does not have the expected PFN, causing VA to fall below VMEMMAP_START (and PCI_IO_END) during page initialization. ...
CVE-2024-57905
In the Linux kernel, the following vulnerability has been resolved: iio: adc: ti-ads1119: fix information leak in triggered buffer The 'scan' local struct is used to push data to user space from a triggered buffer, but it has a hole between the sample unsigned int and the timestamp. This hole is...
SUSE CVE-2024-57909
In the Linux kernel, the following vulnerability has been resolved: iio: light: bh1745: fix information leak in triggered buffer The 'scan' local struct is used to push data to user space from a triggered buffer, but it does not set values for inactive channels, as it only uses...