7 matches found
CVE-2024-50087
The connected Astra Linux advisory & the CVE entry describe a Linux kernel vulnerability in btrfs: read_alloc_one_name() may leave fscrypt_str.name uninitialized if kmalloc fails, so freeing fscrypt_str can access an uninitialized pointer. This is a local (L) issue with LOW initial access but HIG...
CVE-2024-50235
The CVE affects the Linux kernel wifi stack, specifically the cfg80211 path. The root cause is not clearing wdev->cqm_config on free during unregister, which enables a double-free if the same wdev/netdev is re-registered in another network namespace and destroyed later. The documented impact i...
CVE-2025-21979
CVE-2025-21979 affects the Linux kernel wifi stack (cfg80211). A wiphy_work can be queued as soon as the wiphy is allocated (wiphy_new_nm). If wiphy_free runs before the rdev::wiphy_work executes, the wiphy memory is freed and later accessed, leading to a use-after-free. The fix is to cancel the ...
CVE-2024-26752
CVE-2024-26752 affects the Linux kernel L2TP/IP6 path: a miscalculated ulen in l2tp_ip6_sendmsg (ulen = len + skb_queue_empty(...) ? transhdrlen : 0) due to operator precedence caused incorrect transport-header accounting, leading to corrupted packets on the wire. The fix adds parentheses to alig...
CVE-2024-50088
CVE-2024-50088 affects the Linux kernel’s Btrfs filesystem code. The issue is in add_inode_ref(), where a name struct is not initialized when declared; if read_one_inode() returns NULL for either parent or inode, name.name is freed during cleanup without being initialized. This uninitialized free...
CVE-2025-38382
CVE-2025-38382 corresponds to a Linux kernel (btrfs) issue fixed in the log replay extref iteration. The root cause was an uninitialized victim_name.len when we jump to the next loop iteration from __inode_add_ref() while processing extrefs, leading to invalid memory access. The fix initializes v...
CVE-2026-23025
CVE-2026-23025 : In the Linux kernel, drain_page_zone() could corrupt per-CPU pages (pcp) when an interrupt occurs and code path uses spin_lock(&pcp->lock) with SMP=n, because spin_trylock() may fail. The issue enables potential pcp structure corruption. The fix adds local wrappers that conver...