3215 matches found
CVE-2022-49059
In the Linux kernel, the following vulnerability has been resolved: nfc: nci: add flushworkqueue to prevent uaf Our detector found a concurrent use-after-free bug when detaching an NCI device. The main reason for this bug is the unexpected scheduling between the used delayed mechanism timer and...
UBUNTU-CVE-2022-49059
In the Linux kernel, the following vulnerability has been resolved: nfc: nci: add flushworkqueue to prevent uaf Our detector found a concurrent use-after-free bug when detaching an NCI device. The main reason for this bug is the unexpected scheduling between the used delayed mechanism timer and...
UBUNTU-CVE-2022-49149
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix call timer start racing with call destruction The rxrpccall struct has a timer used to handle various timed events relating to a call. This timer can get started from the packet input routines that are run in softirq...
CVE-2024-13113 Countdown Timer for Elementor < 1.3.7 - Contributor+ Stored XSS
The Countdown Timer for Elementor WordPress plugin before 1.3.7 does not sanitise and escape some parameters when outputting them on the page, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks...
CVE-2024-13113 Countdown Timer for Elementor < 1.3.7 - Contributor+ Stored XSS
The Countdown Timer for Elementor WordPress plugin before 1.3.7 does not sanitise and escape some parameters when outputting them on the page, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks...
CVE-2022-49555
The CVE-2022-49555 issue affects the Linux kernel’s Bluetooth hci_qca path. The root cause is use of del_timer() before freeing a timer, risking timer-list corruption; the fix applies del_timer_sync() before freeing and adjusts wake_retrans_timer/work queue destruction by moving the workqueue des...
CVE-2022-49555 Bluetooth: hci_qca: Use del_timer_sync() before freeing
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hciqca: Use deltimersync before freeing While looking at a crash report on a timer list being corrupted, which usually happens when a timer is freed while still active. This is commonly triggered by code calling deltim...
CVE-2022-49555 Bluetooth: hci_qca: Use del_timer_sync() before freeing
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hciqca: Use deltimersync before freeing While looking at a crash report on a timer list being corrupted, which usually happens when a timer is freed while still active. This is commonly triggered by code calling deltim...
CVE-2022-49555
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hciqca: Use deltimersync before freeing While looking at a crash report on a timer list being corrupted, which usually happens when a timer is freed while still active. This is commonly triggered by code calling deltim...
CVE-2022-49430
The CVE-2022-49430 entry affects the Linux kernel in the gpio_keys controller. The issue arises from canceling a delayed work handle when the gpio_keys module unloads and an interrupt pin is used instead of GPIO; the module initializes delayed work only for GPIO-backed paths and not for interrupt...
CVE-2022-49430 Input: gpio-keys - cancel delayed work only in case of GPIO
In the Linux kernel, the following vulnerability has been resolved: Input: gpio-keys - cancel delayed work only in case of GPIO gpiokeys module can either accept gpios or interrupts. The module initializes delayed work in case of gpios only and is only used if debounce timer is not used, so make...
CVE-2022-49387 watchdog: rzg2l_wdt: Fix 32bit overflow issue
In the Linux kernel, the following vulnerability has been resolved: watchdog: rzg2lwdt: Fix 32bit overflow issue The value of timercycleus can be 0 due to 32bit overflow. For eg:- If we assign the counter value "0xfff" for computing maxval. This patch fixes this issue by appending ULL to 1024, so...
CVE-2022-49387 watchdog: rzg2l_wdt: Fix 32bit overflow issue
In the Linux kernel, the following vulnerability has been resolved: watchdog: rzg2lwdt: Fix 32bit overflow issue The value of timercycleus can be 0 due to 32bit overflow. For eg:- If we assign the counter value "0xfff" for computing maxval. This patch fixes this issue by appending ULL to 1024, so...
CVE-2022-49387 watchdog: rzg2l_wdt: Fix 32bit overflow issue
In the Linux kernel, the following vulnerability has been resolved: watchdog: rzg2lwdt: Fix 32bit overflow issue The value of timercycleus can be 0 due to 32bit overflow. For eg:- If we assign the counter value "0xfff" for computing maxval. This patch fixes this issue by appending ULL to 1024, so...
CVE-2022-49387
In the Linux kernel, the following vulnerability has been resolved: watchdog: rzg2lwdt: Fix 32bit overflow issue The value of timercycleus can be 0 due to 32bit overflow. For eg:- If we assign the counter value "0xfff" for computing maxval. This patch fixes this issue by appending ULL to 1024, so...
CVE-2022-49315 drivers: staging: rtl8192e: Fix deadlock in rtllib_beacons_stop()
In the Linux kernel, the following vulnerability has been resolved: drivers: staging: rtl8192e: Fix deadlock in rtllibbeaconsstop There is a deadlock in rtllibbeaconsstop, which is shown below: Thread 1 | Thread 2 | rtllibsendbeacon rtllibbeaconsstop | modtimer spinlockirqsave //1 | wait a time...
CVE-2022-49315 drivers: staging: rtl8192e: Fix deadlock in rtllib_beacons_stop()
In the Linux kernel, the following vulnerability has been resolved: drivers: staging: rtl8192e: Fix deadlock in rtllibbeaconsstop There is a deadlock in rtllibbeaconsstop, which is shown below: Thread 1 | Thread 2 | rtllibsendbeacon rtllibbeaconsstop | modtimer spinlockirqsave //1 | wait a time...
CVE-2022-49315
CVE-2022-49315 concerns a deadlock in the Linux kernel, specifically in the staging driver rtl8192e (rtllib_beacons_stop). The issue arises when rtllib_beacons_stop() holds ieee->beacon_lock while calling del_timer_sync(), while the timer handler (rtllib_send_beacon_cb) needs the same lock, ca...
CVE-2022-49313 drivers: usb: host: Fix deadlock in oxu_bus_suspend()
In the Linux kernel, the following vulnerability has been resolved: drivers: usb: host: Fix deadlock in oxubussuspend There is a deadlock in oxubussuspend, which is shown below: Thread 1 | Thread 2 | timeraction oxubussuspend | modtimer spinlockirq //1 | wait a time ... | oxuwatchdog deltimersync...
CVE-2022-49313 drivers: usb: host: Fix deadlock in oxu_bus_suspend()
In the Linux kernel, the following vulnerability has been resolved: drivers: usb: host: Fix deadlock in oxubussuspend There is a deadlock in oxubussuspend, which is shown below: Thread 1 | Thread 2 | timeraction oxubussuspend | modtimer spinlockirq //1 | wait a time ... | oxuwatchdog deltimersync...