kernel: block, bfq: fix waker_bfqq UAF after bfq_split_bfqq()

In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix wakerbfqq UAF after bfqsplitbfqq Our syzkaller report a following UAF for v6.6: BUG: KASAN: slab-use-after-free in bfqinitrq+0x175d/0x17a0 block/bfq-iosched.c:6958 Read of size 8 at addr ffff8881b57147d8 by task...

MAL-2025-35047 Malicious code in test-mlw2-ceded-cooed-stewy-waker (npm)

The package test-mlw2-ceded-cooed-stewy-waker was found to contain malicious code...

MAL-2025-36599 Malicious code in test-mlw2-waker-kranz (npm)

The package test-mlw2-waker-kranz was found to contain malicious code...

Malicious code in test-mlw2-waker-kranz (npm)

The package test-mlw2-waker-kranz was found to contain malicious code...

Malicious code in test-mlw2-ceded-cooed-stewy-waker (npm)

The package test-mlw2-ceded-cooed-stewy-waker was found to contain malicious code...

SUSE CVE-2025-38393

In the Linux kernel, the following vulnerability has been resolved: NFSv4/pNFS: Fix a race to wake on NFSLAYOUTDRAIN We found a few different systems hung up in writeback waiting on the same page lock, and one task waiting on the NFSLAYOUTDRAIN bit in pnfsupdatelayout, however the pnfslayouthdr's...

block, bfq: fix waker_bfqq UAF after bfq_split_bfqq()

...

SUSE CVE-2025-21631

In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix wakerbfqq UAF after bfqsplitbfqq Our syzkaller report a following UAF for v6.6: BUG: KASAN: slab-use-after-free in bfqinitrq+0x175d/0x17a0 block/bfq-iosched.c:6958 Read of size 8 at addr ffff8881b57147d8 by task...

SUSE CVE-2024-49854

In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix uaf for accessing wakerbfqq after splitting After commit 42c306ed7233 "block, bfq: don't break merge chain in bfqsplitbfqq", if the current procress is the last holder of bfqq, the bfqq can be freed after...

AZL-50850 CVE-2024-49854 affecting package kernel for versions less than 6.6.56.1-5

In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix uaf for accessing wakerbfqq after splitting After commit 42c306ed7233 "block, bfq: don't break merge chain in bfqsplitbfqq", if the current procress is the last holder of bfqq, the bfqq can be freed after...

DEBIAN-CVE-2024-49854

In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix uaf for accessing wakerbfqq after splitting After commit 42c306ed7233 "block, bfq: don't break merge chain in bfqsplitbfqq", if the current procress is the last holder of bfqq, the bfqq can be freed after...

UBUNTU-CVE-2024-49854

In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix uaf for accessing wakerbfqq after splitting After commit 42c306ed7233 "block, bfq: don't break merge chain in bfqsplitbfqq", if the current procress is the last holder of bfqq, the bfqq can be freed after...

kernel: NFSv4/pNFS: Fix a race to wake on NFS_LAYOUT_DRAIN

In the Linux kernel, the following vulnerability has been resolved: NFSv4/pNFS: Fix a race to wake on NFSLAYOUTDRAIN We found a few different systems hung up in writeback waiting on the same page lock, and one task waiting on the NFSLAYOUTDRAIN bit in pnfsupdatelayout, however the pnfslayouthdr's...

futures_task::noop_waker_ref can segfault due to dereferencing a NULL pointer

Affected versions of the crate used a UnsafeCell in thread-local storage to return a noop waker reference, assuming that the reference would never be returned from another thread. This resulted in a segmentation fault crash if Waker::wakebyref was called on a waker returned from another thread du...

GHSA-P9M5-3HJ7-CP5R futures_task::noop_waker_ref can segfault due to dereferencing a NULL pointer

Affected versions of the crate used a UnsafeCell in thread-local storage to return a noop waker reference, assuming that the reference would never be returned from another thread. This resulted in a segmentation fault crash if Waker::wakebyref was called on a waker returned from another thread du...

futures_task::waker may cause a use-after-free if used on a type that isn't 'static

Affected versions of the crate did not properly implement a 'static lifetime bound on the waker function. This resulted in a use-after-free if Waker::wake is called after original data had been dropped. The flaw was corrected by adding 'static lifetime bound to the data waker takes...

GHSA-R93V-9P5Q-VHPF futures_task::waker may cause a use-after-free if used on a type that isn't 'static

Affected versions of the crate did not properly implement a 'static lifetime bound on the waker function. This resulted in a use-after-free if Waker::wake is called after original data had been dropped. The flaw was corrected by adding 'static lifetime bound to the data waker takes...

CVE-2020-35907

An issue was discovered in the futures-task crate before 0.3.5 for Rust. futurestask::noopwakerref allows a NULL pointer dereference...

CVE-2020-35906

An issue was discovered in the futures-task crate before 0.3.6 for Rust. futurestask::waker may cause a use-after-free in a non-static type situation...

Rust Code Issues Vulnerabilities

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A code issue vulnerability exists in Rust futures-task crate before 0.3.5, which stems from a noop waker ref that allows null pointer dereferencing...