kernel: block, bfq: fix waker_bfqq UAF after bfq_split_bfqq()

In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix wakerbfqq UAF after bfqsplitbfqq Our syzkaller report a following UAF for v6.6: BUG: KASAN: slab-use-after-free in bfqinitrq+0x175d/0x17a0 block/bfq-iosched.c:6958 Read of size 8 at addr ffff8881b57147d8 by task...

Malicious code in test-mlw2-waker-kranz (npm)

The package test-mlw2-waker-kranz was found to contain malicious code...

Malicious code in test-mlw2-ceded-cooed-stewy-waker (npm)

The package test-mlw2-ceded-cooed-stewy-waker was found to contain malicious code...

MAL-2025-36599 Malicious code in test-mlw2-waker-kranz (npm)

The package test-mlw2-waker-kranz was found to contain malicious code...

MAL-2025-35047 Malicious code in test-mlw2-ceded-cooed-stewy-waker (npm)

The package test-mlw2-ceded-cooed-stewy-waker was found to contain malicious code...

SUSE CVE-2025-38393

In the Linux kernel, the following vulnerability has been resolved: NFSv4/pNFS: Fix a race to wake on NFSLAYOUTDRAIN We found a few different systems hung up in writeback waiting on the same page lock, and one task waiting on the NFSLAYOUTDRAIN bit in pnfsupdatelayout, however the pnfslayouthdr's...

block, bfq: fix waker_bfqq UAF after bfq_split_bfqq()

...

SUSE CVE-2025-21631

In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix wakerbfqq UAF after bfqsplitbfqq Our syzkaller report a following UAF for v6.6: BUG: KASAN: slab-use-after-free in bfqinitrq+0x175d/0x17a0 block/bfq-iosched.c:6958 Read of size 8 at addr ffff8881b57147d8 by task...

SUSE CVE-2024-49854

In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix uaf for accessing wakerbfqq after splitting After commit 42c306ed7233 "block, bfq: don't break merge chain in bfqsplitbfqq", if the current procress is the last holder of bfqq, the bfqq can be freed after...

AZL-50850 CVE-2024-49854 affecting package kernel for versions less than 6.6.56.1-5

In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix uaf for accessing wakerbfqq after splitting After commit 42c306ed7233 "block, bfq: don't break merge chain in bfqsplitbfqq", if the current procress is the last holder of bfqq, the bfqq can be freed after...

DEBIAN-CVE-2024-49854

In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix uaf for accessing wakerbfqq after splitting After commit 42c306ed7233 "block, bfq: don't break merge chain in bfqsplitbfqq", if the current procress is the last holder of bfqq, the bfqq can be freed after...

UBUNTU-CVE-2024-49854

In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix uaf for accessing wakerbfqq after splitting After commit 42c306ed7233 "block, bfq: don't break merge chain in bfqsplitbfqq", if the current procress is the last holder of bfqq, the bfqq can be freed after...

PT-2024-9953

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to the dm cache component of the Linux kernel, specifically with the flush work function. It may cause an unexpected WARN ON when cache creation fails due to the...

kernel: NFSv4/pNFS: Fix a race to wake on NFS_LAYOUT_DRAIN

In the Linux kernel, the following vulnerability has been resolved: NFSv4/pNFS: Fix a race to wake on NFSLAYOUTDRAIN We found a few different systems hung up in writeback waiting on the same page lock, and one task waiting on the NFSLAYOUTDRAIN bit in pnfsupdatelayout, however the pnfslayouthdr's...

futures_task::waker may cause a use-after-free if used on a type that isn't 'static

Affected versions of the crate did not properly implement a 'static lifetime bound on the waker function. This resulted in a use-after-free if Waker::wake is called after original data had been dropped. The flaw was corrected by adding 'static lifetime bound to the data waker takes...

futures_task::noop_waker_ref can segfault due to dereferencing a NULL pointer

Affected versions of the crate used a UnsafeCell in thread-local storage to return a noop waker reference, assuming that the reference would never be returned from another thread. This resulted in a segmentation fault crash if Waker::wakebyref was called on a waker returned from another thread du...

GHSA-R93V-9P5Q-VHPF futures_task::waker may cause a use-after-free if used on a type that isn't 'static

Affected versions of the crate did not properly implement a 'static lifetime bound on the waker function. This resulted in a use-after-free if Waker::wake is called after original data had been dropped. The flaw was corrected by adding 'static lifetime bound to the data waker takes...

GHSA-P9M5-3HJ7-CP5R futures_task::noop_waker_ref can segfault due to dereferencing a NULL pointer

Affected versions of the crate used a UnsafeCell in thread-local storage to return a noop waker reference, assuming that the reference would never be returned from another thread. This resulted in a segmentation fault crash if Waker::wakebyref was called on a waker returned from another thread du...

CVE-2020-35906

An issue was discovered in the futures-task crate before 0.3.6 for Rust. futurestask::waker may cause a use-after-free in a non-static type situation...

CVE-2020-35907

An issue was discovered in the futures-task crate before 0.3.5 for Rust. futurestask::noopwakerref allows a NULL pointer dereference...