12 matches found
CVE-2025-68214
Summary (CVE-2025-68214): The Linux kernel timer subsystem had a race between timer_shutdown_sync() and timer_expire() that could trigger a WARN_ON_ONCE when a timer’s function pointer was cleared to NULL while the timer was still running. The root cause: timer_shutdown_sync() could detach the ti...
CVE-2023-4134
A use-after-free vulnerability was found in the cyttsp4core driver in the Linux kernel. This issue occurs in the device cleanup routine due to a possible rearming of the watchdogtimer from the workqueue. This could allow a local user to crash the system, causing a denial of service...
CVE-2024-44962
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btnxpuart: Shutdown timer and prevent rearming when driver unloading When unload the btnxpuart driver, its associated timer will be deleted. If the timer happens to be modified at this moment, it leads to the kernel ca...
CVE-2024-44962
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btnxpuart: Shutdown timer and prevent rearming when driver unloading When unload the btnxpuart driver, its associated timer will be deleted. If the timer happens to be modified at this moment, it leads to the kernel ca...
CVE-2024-44962
The CVE affects the Linux kernel Bluetooth btnxpuart driver. Root cause: when unloading btnxpuart, a timer is not reliably shut down, so if the timer is modified during unload it may fire and invoke the timer callback after the driver is gone, causing a kernel panic. The fix is to replace del_tim...
CVE-2024-38630
In the Linux kernel, the following vulnerability has been resolved: watchdog: cpu5wdt.c: Fix use-after-free bug caused by cpu5wdttrigger When the cpu5wdt module is removing, the origin code uses deltimer to de-activate the timer. If the timer handler is running, deltimer could not stop it and wil...
CVE-2024-35887
In the Linux kernel, the following vulnerability has been resolved: ax25: fix use-after-free bugs caused by ax25dsdeltimer When the ax25 device is detaching, the ax25devdevicedown calls ax25dsdeltimer to cleanup the slavetimer. When the timer handler is running, the ax25dsdeltimer that calls...
CVE-2024-35887
In the Linux kernel, the following vulnerability has been resolved: ax25: fix use-after-free bugs caused by ax25dsdeltimer When the ax25 device is detaching, the ax25devdevicedown calls ax25dsdeltimer to cleanup the slavetimer. When the timer handler is running, the ax25dsdeltimer that calls...
CVE-2024-35887 ax25: fix use-after-free bugs caused by ax25_ds_del_timer
In the Linux kernel, the following vulnerability has been resolved: ax25: fix use-after-free bugs caused by ax25dsdeltimer When the ax25 device is detaching, the ax25devdevicedown calls ax25dsdeltimer to cleanup the slavetimer. When the timer handler is running, the ax25dsdeltimer that calls...
CVE-2024-35887 ax25: fix use-after-free bugs caused by ax25_ds_del_timer
In the Linux kernel, the following vulnerability has been resolved: ax25: fix use-after-free bugs caused by ax25dsdeltimer When the ax25 device is detaching, the ax25devdevicedown calls ax25dsdeltimer to cleanup the slavetimer. When the timer handler is running, the ax25dsdeltimer that calls...
CVE-2023-52629
CVE-2023-52629 – Linux kernel use-after-free fixed Root cause: in switch_drv_remove(), the worker (flush_work) could be rescheduled by switch_timer, causing a use-after-free when the code frees psw after timer or worker cleanup. Consequence: a potentially exploitable use-after-free condition with...
CVE-2023-4134
A use-after-free vulnerability was found in the cyttsp4core driver in the Linux kernel. This issue occurs in the device cleanup routine due to a possible rearming of the watchdogtimer from the workqueue. This could allow a local user to crash the system, causing a denial of service...