7 matches found
CVE-2025-21631
CVE-2025-21631 is a Linux kernel UAF issue in the bfq I/O scheduler. The vulnerability arises from a use-after-free involving waker_bfqq after bfq_split_bfqq, leading to slab-use-after-free in bfq_init_rq as shown by the KASAN report. Affected code paths include bfq-iosched.c: bfq_init_rq/bfq_ins...
CVE-2024-53097
CVE-2024-53097 affects the Linux kernel mm/krealloc path. Connected sources confirm a patch for mm: krealloc: Fix MTE false alarm in __do_krealloc, addressing a false KASAN/MTE slab-out-of-bounds error triggered when zeroing spare memory in __do_krealloc. Root cause: memory tagging mismatch due t...
CVE-2024-53042
CVE-2024-53042 affects the Linux kernel’s ipv4/ip_tunnel code. The issue arises from paths where ip_tunnel_init_flow() is invoked without holding the RCU read lock, triggering a suspicious RCU usage warning. The fix uses l3mdev_master_upper_ifindex_by_index() to acquire the RCU read lock before c...
CVE-2024-50249
Mode C: Concrete details found. The CVE-2024-50249 issue in the Linux kernel arises from a lock-ordering problem in the CPPC/ACPI code: sugov_update_shared acquires a raw_spinlock while cpc_write holds a regular spinlock on cpc_ptr->rmw_lock, potentially causing a deadlock. The remediation is ...
CVE-2025-22050
The CVE-2025-22050 entry concerns the Linux kernel USB networking path. A race between usb_submit_urb and __usbnet_queue_skb occurs due to a missing usbnet_going_away check in usb_submit_urb, while __usbnet_queue_skb performs this validation. This can let a URB proceed while the corresponding SKB...
CVE-2025-39806
CVE-2025-39806 refers to a slab-out-of-bounds access in the Linux kernel HID multitouch path, specifically in mt_report_fixup(). An attacker could trigger this when a HID report descriptor is smaller than 607 bytes; mt_report_fixup() patches at offset 607 without validating descriptor length, lea...
CVE-2026-43145
The CVE-2026-43145 issue is in the Linux kernel remoteproc imx_rproc driver. The function imx_rproc_elf_find_loaded_rsc_table() could incorrectly report a loaded resource table when the firmware provided no resource table, because it returning priv->rsc_table even if rproc->table_ptr was NU...