164 matches found
CVE-2025-68617
CVE-2025-68617 – FluidSynth: A race condition during unloading of a DLS file can trigger a heap-based use-after-free in FluidSynth versions 2.5.0 to before 2.5.2. If a DLS unload is concurrent with synthesizer destruction or if samples from the unloaded DLS are used by active voices, freed memory...
CVE-2025-68617 Use after free in fluidsynth
FluidSynth is a software synthesizer based on the SoundFont 2 specifications. From versions 2.5.0 to before 2.5.2, a race condition during unloading of a DLS file can trigger a heap-based use-after-free. A concurrently running thread may be pending to unload a DLS file, leading to use of freed...
PT-2025-52858
Name of the Vulnerable Software and Affected Versions FluidSynth versions 2.5.0 through 2.5.1 Description FluidSynth, a software synthesizer based on the SoundFont 2 specifications, contains a flaw. A race condition during the unloading of a DLS file can lead to a heap-based use-after-free. This...
fluidsynth -- Use after free when using DLS files
The fluidsynth authors report: A race condition during unloading of a DLS file can trigger a heap-based use-after-free. A concurrently running thread may be pending to unload a DLS file, leading to use of freed memory, if the synthesizer is being concurrently destroyed, or samples of the unloaded...
CVE-2025-61664
A vulnerability in the GRUB2 bootloader has been identified in the normal module. This flaw, a memory Use After Free issue, occurs because the normalexit command is not properly unregistered when its related module is unloaded. An attacker can exploit this condition by invoking the command after...
Astra Linux – Vulnerability found in Linux 6.12, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: EDAC/skxcommon: Fixed the general protection fault. After loading i10nmedac which automatically loads skxedaccommon, if only i10nmedac is unloaded, then reloading it and performing error injection testing may cause a general...
EUVD-2022-54997
In the Linux kernel, the following vulnerability has been resolved: ptp: unregister virtual clocks when unregistering physical clock. When unregistering a physical clock which has some virtual clocks, unregister the virtual clocks with it. This fixes the following oops, which can be triggered by...
EUVD-2010-4012
Malware in sbrugna...
EUVD-2025-5161
Malicious code in bioql PyPI...
EUVD-2024-24108
Malicious code in bioql PyPI...
EUVD-2025-22664
Malicious code in bioql PyPI...
EUVD-2025-2646
Malicious code in bioql PyPI...
EUVD-2022-54486
Malicious code in bioql PyPI...
EUVD-2024-53193
Malicious code in bioql PyPI...
CVE-2023-53514 gpu: host1x: Fix memory leak of device names
In the Linux kernel, the following vulnerability has been resolved: gpu: host1x: Fix memory leak of device names The device names allocated by devsetname need be freed before module unloading, but they can not be freed because the kobject's refcount which was set in deviceinitialize has not be...
UBUNTU-CVE-2022-50378
In the Linux kernel, the following vulnerability has been resolved: drm/meson: reorder driver deinit sequence to fix use-after-free bug Unloading the driver triggers the following KASAN warning: +0.006275 ============================================================= +0.000029 BUG: KASAN:...
PT-2025-38326
Name of the Vulnerable Software and Affected Versions Linux kernel versions 5.19.0-rc6 and earlier Description A use-after-free bug exists in the Linux kernel's drm/meson driver. Specifically, the driver deinitialization sequence was improperly ordered, leading to a use-after-free condition when...
SUSE CVE-2025-39833
In the Linux kernel, the following vulnerability has been resolved: mISDN: hfcpci: Fix warning when deleting uninitialized timer With CONFIGDEBUGOBJECTSTIMERS unloading hfcpci module leads to the following splat: 250.215892 ODEBUG: assertinit not available active state 0 object: ffffffffc01a3dc0...
AZL-67416 CVE-2025-39833 affecting package kernel 6.6.126.1-1
In the Linux kernel, the following vulnerability has been resolved: mISDN: hfcpci: Fix warning when deleting uninitialized timer With CONFIGDEBUGOBJECTSTIMERS unloading hfcpci module leads to the following splat: 250.215892 ODEBUG: assertinit not available active state 0 object: ffffffffc01a3dc0...
CVE-2023-53291 rcu/rcuscale: Stop kfree_scale_thread thread(s) after unloading rcuscale
In the Linux kernel, the following vulnerability has been resolved: rcu/rcuscale: Stop kfreescalethread threads after unloading rcuscale Running the 'kfreercutest' test case 1 results in a splat 2. The root cause is the kfreescalethread threads continue running after unloading the rcuscale module...