68528 matches found
CVE-2025-39842
In the Linux kernel, the following vulnerability has been resolved: ocfs2: prevent release journal inode after journal shutdown Before calling ocfs2deleteosb, ocfs2journalshutdown has already been executed in ocfs2dismountvolume, so osb-journal must be NULL. Therefore, the following calltrace wil...
CVE-2025-39844
In the Linux kernel, the following vulnerability has been resolved: mm: move page table sync declarations to linux/pgtable.h During our internal testing, we started observing intermittent boot failures when the machine uses 4-level paging and has a large amount of persistent memory: BUG: unable t...
CVE-2025-39843
In the Linux kernel, the following vulnerability has been resolved: mm: slub: avoid wake up kswapd in settrackprepare settrackprepare can incur lock recursion. The issue is that it is called from hrtimerstartrangens holding the percpuhrtimerbasesn.lock, but when enabled CONFIGDEBUGOBJECTSTIMERS,...
CVE-2025-39845
In the Linux kernel, the following vulnerability has been resolved: x86/mm/64: define ARCHPAGETABLESYNCMASK and archsynckernelmappings Define ARCHPAGETABLESYNCMASK and archsynckernelmappings to ensure page tables are properly synchronized when calling pdpopulatekernel. For 5-level paging,...
CVE-2025-39839
In the Linux kernel, the following vulnerability has been resolved: batman-adv: fix OOB read/write in network-coding decode batadvncskbdecodepacket trusts codedlen and checks only against skb-len. XOR starts at sizeofstruct batadvunicastpacket, reducing payload headroom, and the source skb length...
CVE-2025-39865
In the Linux kernel, the following vulnerability has been resolved: tee: fix NULL pointer dereference in teeshmput teeshmput have NULL pointer dereference: opteedisableshmcache -- shm = regpairtoptr...;//shm maybe return NULL teeshmfreeshm; -- teeshmputshm;//crash Add check in teeshmput to fix it...
CVE-2025-39857
In the Linux kernel, the following vulnerability has been resolved: net/smc: fix one NULL pointer dereference in smcibissgneedsync BUG: kernel NULL pointer dereference, address: 00000000000002ec PGD 0 P4D 0 Oops: Oops: 0000 1 SMP PTI CPU: 28 UID: 0 PID: 343 Comm: kworker/28:1 Kdump: loaded Tainte...
CVE-2025-39840
In the Linux kernel, the following vulnerability has been resolved: audit: fix out-of-bounds read in auditcomparednamepath When a watch on dir=/ is combined with an fsnotify event for a single-character name directly under / e.g., creating /a, an out-of-bounds read can occur in...
CVE-2025-39854
In the Linux kernel, the following vulnerability has been resolved: ice: fix NULL access of tx-inuse in icelltsintr Recent versions of the E810 firmware have support for an extra interrupt to handle report of the "low latency" Tx timestamps coming from the specialized low latency firmware...
CVE-2025-39862
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7915: fix list corruption after hardware restart Since stations are recreated from scratch, all lists that wcids are added to must be cleared before calling ieee80211restarthw. Set wcid-sta = 0 for each wcid entry i...
CVE-2025-39852
In the Linux kernel, the following vulnerability has been resolved: net/tcp: Fix socket memory leak in TCP-AO failure handling for IPv6 When tcpaocopyallmatching fails in tcpv6synrecvsock it just exits the function. This ends up causing a memory-leak: unreferenced object 0xffff0000281a8200 size...
CVE-2025-39860
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix use-after-free in l2capsockcleanuplisten syzbot reported the splat below without a repro. In the splat, a single thread calling btacceptdequeue freed sk and touched it after that. The root cause would be the racy...
CVE-2025-39863
In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: fix use-after-free when rescheduling brcmfbtcoexinfo work The brcmfbtcoexdetach only shuts down the btcoex timer, if the flag timeron is false. However, the brcmfbtcoextimerfunc, which runs as timer handler, sets...
CVE-2025-39856
In the Linux kernel, the following vulnerability has been resolved: net: ethernet: ti: am65-cpsw-nuss: Fix null pointer dereference for ndev In the TX completion packet stage of TI SoCs with CPSW2G instance, which has single external ethernet port, ndev is accessed without being initialized if no...
CVE-2025-39841
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix buffer free/clear order in deferred receive path Fix a use-after-free window by correcting the buffer release sequence in the deferred receive path. The code freed the RQ buffer first and only then cleared the...
CVE-2025-39848
In the Linux kernel, the following vulnerability has been resolved: ax25: properly unshare skbs in ax25kissrcv Bernard Pidoux reported a regression apparently caused by commit c353e8983e0d "net: introduce per netns packet chains". skb-dev becomes NULL and we crash in netifreceiveskbcore. Before...
CVE-2025-39837
In the Linux kernel, the following vulnerability has been resolved: platform/x86: asus-wmi: Fix racy registrations asuswmiregisterdriver may be called from multiple drivers concurrently, which can lead to the racy list operations, eventually corrupting the memory and hitting Oops on some ASUS...
CVE-2025-39864
In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: fix use-after-free in cmpbss Following bssfree quirk introduced in commit 776b3580178f "cfg80211: track hidden SSID networks properly", adjust cfg80211updateknownbss to free the last beacon frame elements only if...
CVE-2025-39849
In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: sme: cap SSID length in cfg80211connectresult If the ssid-datalen is more than IEEE80211MAXSSIDLEN 32 it would lead to memory corruption so add some bounds checking...
CVE-2025-39853
In the Linux kernel, the following vulnerability has been resolved: i40e: Fix potential invalid access when MAC list is empty listfirstentry never returns NULL - if the list is empty, it still returns a pointer to an invalid object, leading to potential invalid memory access when dereferenced. Fi...
CVE-2025-39866
In the Linux kernel, the following vulnerability has been resolved: fs: writeback: fix use-after-free in markinodedirty An use-after-free issue occurred when markinodedirty get the bdiwriteback that was in the progress of switching. CPU: 1 PID: 562 Comm: systemd-random- Not tainted...
CVE-2025-39858
In the Linux kernel, the following vulnerability has been resolved: eth: mlx4: Fix ISERR vs NULL check bug in mlx4encreaterxring Replace NULL check with ISERR check after calling pagepoolcreate since this function returns error pointers ERRPTR. Using NULL check could lead to invalid pointer...
CVE-2025-39851
In the Linux kernel, the following vulnerability has been resolved: vxlan: Fix NPD when refreshing an FDB entry with a nexthop object VXLAN FDB entries can point to either a remote destination or an FDB nexthop group. The latter is usually used in EVPN deployments where learning is disabled...
CVE-2025-39861
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: vhci: Prevent use-after-free by removing debugfs files early Move the creation of debugfs files into a dedicated function, and ensure they are explicitly removed during vhcirelease, before associated data structures ar...
CVE-2025-9906
The Keras Model.loadmodel method can be exploited to achieve arbitrary code execution, even with safemode=True. One can create a specially crafted .keras model archive that, when loaded via Model.loadmodel, will trigger arbitrary code to be executed. This is achieved by crafting a special...
CVE-2025-9905
The Keras Model.loadmodel method can be exploited to achieve arbitrary code execution, even with safemode=True. One can create a specially crafted .h5/.hdf5 model archive that, when loaded via Model.loadmodel, will trigger arbitrary code to be executed. This is achieved by crafting a special...
CVE-2025-59692
PureVPN client applications on Linux through September 2025 mishandle firewalling. They flush the system's existing iptables rules and apply default ACCEPT policies when connecting to a VPN server. This removes firewall rules that may have been configured manually or by other software e.g., UFW,...
CVE-2025-59691
PureVPN client applications on Linux through September 2025 allow IPv6 traffic to leak outside the VPN tunnel upon network events such as Wi-Fi reconnect or system resume. In the CLI client, the VPN auto-reconnects and claims to be connected, but IPv6 traffic is no longer routed or blocked. In th...
CVE-2025-47906
If the PATH environment variable contains paths which are executables rather than just directories, passing certain strings to LookPath "", ".", and "..", can result in the binaries listed in the PATH being unexpectedly returned...
CVE-2023-53420
In the Linux kernel, the following vulnerability has been resolved: ntfs: Fix panic about slab-out-of-bounds caused by ntfslistxattr Here is a BUG report from syzbot: BUG: KASAN: slab-out-of-bounds in ntfslistea fs/ntfs3/xattr.c:191 inline BUG: KASAN: slab-out-of-bounds in ntfslistxattr+0x401/0x5...
CVE-2023-53440
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix sysfs interface lifetime The current nilfs2 sysfs support has issues with the timing of creation and deletion of sysfs entries, potentially leading to null pointer dereferences, use-after-free, and lockdep warnings...
CVE-2022-50406
In the Linux kernel, the following vulnerability has been resolved: iomap: iomap: fix memory corruption when recording errors during writeback Every now and then I see this crash on arm64: Unable to handle kernel NULL pointer dereference at virtual address 00000000000000f8 Buffer I/O error on dev...
CVE-2023-53435
In the Linux kernel, the following vulnerability has been resolved: cassini: Fix a memory leak in the error handling path of casinitone cassaturnfirmwareinit allocates some memory using vmalloc. This memory is freed in the .remove function but not it the error handling path of the probe. Add the...
CVE-2022-50416
In the Linux kernel, the following vulnerability has been resolved: irqchip/wpcm450: Fix memory leak in wpcm450aicofinit If ofiomap failed, 'aic' should be freed before return. Otherwise there is a memory leak...
CVE-2023-53426
In the Linux kernel, the following vulnerability has been resolved: xsk: Fix xskdiag use-after-free error during socket cleanup Fix a use-after-free error that is possible if the xskdiag interface is used after the socket has been unbound from the device. This can happen either due to the socket...
CVE-2023-53439
In the Linux kernel, the following vulnerability has been resolved: net: skbpartialcsumset fix against transport header magic value skb-transportheader uses the special 0xFFFF value to mark if the transport header was set or not. We must prevent callers to accidentaly set skb-transportheader to...
CVE-2023-53419
In the Linux kernel, the following vulnerability has been resolved: rcu: Protect rcuprinttaskexpstall -exptasks access For kernels built with CONFIGPREEMPTRCU=y, the following scenario can result in a NULL-pointer dereference: CPU1 CPU2 rcupreemptdeferredqsirqrestore rcuprinttaskexpstall if...
CVE-2023-53422
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: fw: fix memory leak in debugfs Fix a memory leak that occurs when reading the fwinfo file all the way, since we return NULL indicating no more data, but don't free the status tracking object...
CVE-2022-50409
In the Linux kernel, the following vulnerability has been resolved: net: If sock is dead don't access sock's skwq in skstreamwaitmemory Fixes the below NULL pointer dereference: ... 14.471200 Call Trace: 14.471562 14.471882 lockacquire+0x245/0x2e0 14.472416 ? removewaitqueue+0x12/0x50 14.473014 ?...
CVE-2022-50418
In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: mhi: fix potential memory leak in ath11kmhiregister mhialloccontroller allocates a memory space for mhictrl. When gets some error, mhictrl should be freed with mhifreecontroller. But when ath11kmhireadaddrfromdt...
CVE-2022-50419
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisysfs: Fix attempting to call deviceadd multiple times deviceadd shall not be called multiple times as stated in its documentation: 'Do not call this routine or deviceregister more than once for any device structure...
CVE-2023-53436
In the Linux kernel, the following vulnerability has been resolved: scsi: snic: Fix possible memory leak if deviceadd fails If deviceadd returns error, the name allocated by devsetname needs be freed. As the comment of deviceadd says, putdevice should be used to give up the reference in the error...
CVE-2023-53431
In the Linux kernel, the following vulnerability has been resolved: scsi: ses: Handle enclosure with just a primary component gracefully This reverts commit 3fe97ff3d949 "scsi: ses: Don't attach if enclosure has no components" and introduces proper handling of case where there are no detected...
CVE-2023-53427
In the Linux kernel, the following vulnerability has been resolved: cifs: Fix warning and UAF when destroy the MR list If the MR allocate failed, the MR recovery work not initialized and list not cleared. Then will be warning and UAF when release the MR: WARNING: CPU: 4 PID: 824 at...
CVE-2023-53445
In the Linux kernel, the following vulnerability has been resolved: net: qrtr: Fix a refcount bug in qrtrrecvmsg Syzbot reported a bug as following: refcountt: addition on 0; use-after-free. ... RIP: 0010:refcountwarnsaturate+0x17c/0x1f0 lib/refcount.c:25 ... Call Trace: refcountadd...
CVE-2023-53437
In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Handle cameras with invalid descriptors If the source entity does not contain any pads, do not create a link...
CVE-2023-53438
In the Linux kernel, the following vulnerability has been resolved: x86/MCE: Always save CS register on AMD Zen IF Poison errors The Instruction Fetch IF units on current AMD Zen-based systems do not guarantee a synchronous MC is delivered for poison consumption errors. Therefore,...
CVE-2022-50407
In the Linux kernel, the following vulnerability has been resolved: crypto: hisilicon/qm - increase the memory of local variables Increase the buffer to prevent stack overflow by fuzz test. The maximum length of the qos configuration buffer is 256 bytes. Currently, the value of the 'val buffer' i...
CVE-2022-50404
In the Linux kernel, the following vulnerability has been resolved: fbdev: fbcon: release buffer when fbcondosetfont failed syzbot is reporting memory leak at fbcondosetfont 1, for commit a5a923038d70 "fbdev: fbcon: Properly revert changes when vcresize failed" missed that the buffer might be new...
CVE-2023-53429
In the Linux kernel, the following vulnerability has been resolved: btrfs: don't check PageError in extentwritepage extentwritepage currenly sets PageError whenever any error happens, and the also checks for PageError to decide if to call error handling. This leads to very unclear responsibility...