6 matches found
CVE-2024-50027
CVE-2024-50027 is a Linux kernel Use-After-Free vulnerability in the thermal subsystem (thermal: core) where the tzp object could be accessed after freeing it in thermal_zone_device_unregister(). Miracle/OS advisory notes the fix moves the Free tzp copy to after the removal completes, preventing ...
CVE-2025-37750
CVE-2025-37750: Linux kernel SMB client UAF in decryption with multichannel resolved. After commits f7025d861694 and b0abcd65ec54, multiple cifsd threads could access the AEAD crypto context simultaneously, causing a use-after-free during decryption. The issue triggered KASAN reports (gf128mul_4k...
CVE-2024-53185
CVE-2024-53185 : In the Linux kernel, the SMB client could dereference a NULL pointer in crypto_aead_setkey() when negotiating encryption over SMB2/SMB3, due to @server->cipher_type not being set for SMB3.02. The fix adds a check to smb3_crypto_aead_allocate() and ensures cipher_type is set fo...
CVE-2024-56561
Technical details about CVE-2024-56561 are not provided in the connected documents. The initial description contains the kernel fix details but no public-facing specifics (affected products, versions, impact, or remediation) beyond that. Monitor for updates.
CVE-2025-38488
CVE-2025-38488 affects the Linux kernel SMB client path (crypt_message) where async crypto could lead to use-after-free when hardware accelerators return -EINPROGRESS. The issue arose after CVE-2024-50047 fixed async handling for all operations but hardware offload could still complete asynchrono...
CVE-2026-43145
The CVE-2026-43145 issue is in the Linux kernel remoteproc imx_rproc driver. The function imx_rproc_elf_find_loaded_rsc_table() could incorrectly report a loaded resource table when the firmware provided no resource table, because it returning priv->rsc_table even if rproc->table_ptr was NU...