20 matches found
Astra Linux - уязвимость в linux-5.10, linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: usbnet: Prevents “free active kevent” The root causes of this issue are as follows: 1. When probing the usbnet device and executing usbnetlinkchangedev, 0, 0, the kevent operation is placed in the global workqueue. However, th...
CVE-2022-49501 usbnet: Run unregister_netdev() before unbind() again
In the Linux kernel, the following vulnerability has been resolved: usbnet: Run unregisternetdev before unbind again Commit 2c9d6c2b871d "usbnet: run unbind before unregisternetdev" sought to fix a use-after-free on disconnect of USB Ethernet adapters. It turns out that a different fix is necessa...
CVE-2022-49501
In the Linux kernel, the following vulnerability has been resolved: usbnet: Run unregisternetdev before unbind again Commit 2c9d6c2b871d "usbnet: run unbind before unregisternetdev" sought to fix a use-after-free on disconnect of USB Ethernet adapters. It turns out that a different fix is necessa...
CVE-2022-49501 usbnet: Run unregister_netdev() before unbind() again
In the Linux kernel, the following vulnerability has been resolved: usbnet: Run unregisternetdev before unbind again Commit 2c9d6c2b871d "usbnet: run unbind before unregisternetdev" sought to fix a use-after-free on disconnect of USB Ethernet adapters. It turns out that a different fix is necessa...
CVE-2022-48914
In the Linux kernel, the following vulnerability has been resolved: xen/netfront: destroy queues before realnumtxqueues is zeroed xennetdestroyqueues relies on info-netdev-realnumtxqueues to delete queues. Since d7dac083414eb5bb99a6d2ed53dc2c1b405224e5 "net-sysfs: update the queue counts in the...
CVE-2022-48914
In the Linux kernel, the following vulnerability has been resolved: xen/netfront: destroy queues before realnumtxqueues is zeroed xennetdestroyqueues relies on info-netdev-realnumtxqueues to delete queues. Since d7dac083414eb5bb99a6d2ed53dc2c1b405224e5 "net-sysfs: update the queue counts in the...
CVE-2022-48914 xen/netfront: destroy queues before real_num_tx_queues is zeroed
In the Linux kernel, the following vulnerability has been resolved: xen/netfront: destroy queues before realnumtxqueues is zeroed xennetdestroyqueues relies on info-netdev-realnumtxqueues to delete queues. Since d7dac083414eb5bb99a6d2ed53dc2c1b405224e5 "net-sysfs: update the queue counts in the...
CVE-2022-48914 xen/netfront: destroy queues before real_num_tx_queues is zeroed
In the Linux kernel, the following vulnerability has been resolved: xen/netfront: destroy queues before realnumtxqueues is zeroed xennetdestroyqueues relies on info-netdev-realnumtxqueues to delete queues. Since d7dac083414eb5bb99a6d2ed53dc2c1b405224e5 "net-sysfs: update the queue counts in the...
CVE-2022-48914
In the Linux kernel, the following vulnerability has been resolved: xen/netfront: destroy queues before realnumtxqueues is zeroed xennetdestroyqueues relies on info-netdev-realnumtxqueues to delete queues. Since d7dac083414eb5bb99a6d2ed53dc2c1b405224e5 "net-sysfs: update the queue counts in the...
CVE-2021-47479 staging: rtl8712: fix use-after-free in rtl8712_dl_fw
In the Linux kernel, the following vulnerability has been resolved: staging: rtl8712: fix use-after-free in rtl8712dlfw Syzbot reported use-after-free in rtl8712dlfw. The problem was in race condition between r871xudevremove -ndoopen callback. It's easy to see from crash log, that driver accesses...
CVE-2021-47235 net: ethernet: fix potential use-after-free in ec_bhf_remove
In the Linux kernel, the following vulnerability has been resolved: net: ethernet: fix potential use-after-free in ecbhfremove static void ecbhfremovestruct pcidev dev ... struct ecbhfpriv priv = netdevprivnetdev; unregisternetdevnetdev; freenetdevnetdev; pciiounmapdev, priv-dmaio; pciiounmapdev,...
Race condition
In the Linux kernel, the following vulnerability has been resolved: hamradio: defer ax25 kfree after unregisternetdev There is a possible race condition use-after-free like below USE | FREE ax25sendmsg | ax25queuexmit | devqueuexmit | devqueuexmit | devxmitskb | schdirectxmit | ... xmitone |...
CVE-2021-47084
Removed by vendor...
CVE-2023-52509 ravb: Fix use-after-free issue in ravb_tx_timeout_work()
In the Linux kernel, the following vulnerability has been resolved: ravb: Fix use-after-free issue in ravbtxtimeoutwork The ravbstop should call cancelworksync. Otherwise, ravbtxtimeoutwork is possible to use the freed priv after ravbremove was called like below: CPU0 CPU1 ravbtxtimeout ravbremov...
CVE-2021-46970 bus: mhi: pci_generic: Remove WQ_MEM_RECLAIM flag from state workqueue
In the Linux kernel, the following vulnerability has been resolved: bus: mhi: pcigeneric: Remove WQMEMRECLAIM flag from state workqueue A recent change created a dedicated workqueue for the state-change work with WQHIGHPRI no strong reason for that and WQMEMRECLAIM flags, but the state-change wor...
GSD-2022-1003371 usbnet: Run unregister_netdev() before unbind() again
usbnet: Run unregisternetdev before unbind again This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.46 by commit...
GSD-2022-1003071 usbnet: Run unregister_netdev() before unbind() again
usbnet: Run unregisternetdev before unbind again This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.17.14 by commit...
Debian DLA-2843-1 : linux - LTS security update
The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2843 advisory. - Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a DCCP socket with an attached dccpshctxccid object as a listene...
SUSE: Security Advisory (SUSE-SU-2021:3806-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2021-37159
hsofreenetdevice in drivers/net/usb/hso.c in the Linux kernel through 5.13.4 calls unregisternetdev without checking for the NETREGREGISTERED state, leading to a use-after-free and a double free...