7 matches found
CVE-2024-53097
CVE-2024-53097 affects the Linux kernel mm/krealloc path. Connected sources confirm a patch for mm: krealloc: Fix MTE false alarm in __do_krealloc, addressing a false KASAN/MTE slab-out-of-bounds error triggered when zeroing spare memory in __do_krealloc. Root cause: memory tagging mismatch due t...
CVE-2024-49864
CVE-2024-49864 (Linux kernel, rxrpc) : A race existed between rxrpc_open_socket() creating the UDP socket and the I/O thread that handles it, allowing a UDP packet to arrive at rxrpc_encap_rcv() before the I/O thread exists, which could cause an oops when waking the not-yet-created thread. The qu...
CVE-2024-53207
CVE-2024-53207 affects the Linux kernel Bluetooth subsystem (MGMT) and fixes a potential deadlock caused by hci_cmd_sync_dequeue, which could lead to hung tasks (e.g., kworker stuck at high load). The connected unpatched document provides an example traceback showing a deadlock scenario but does ...
CVE-2025-38124
CVE-2025-38124 affects the Linux kernel UDP GSO fraglist handling. The vulnerability arises when a frag_list GSO skb has part of its payload pulled into head_skb, causing the frag_list SKBs to lose their expected geometry and triggering a failure in skb_segment. The description specifies the inva...
CVE-2024-50097
CVE-2024-50097 is resolved in OpenSUSE kernel-devel-longterm-6.12.11-1.1 on GA media. The issue in the Linux kernel’s fec driver could panics when saving PTP state if PTP is unsupported; the fix guards fec_ptp_save_state behind a PTP-support check, preventing the unconditional state save. Technic...
CVE-2024-53186
The CVE-2024-53186 detail describes a Linux kernel race in ksmbd SMB request handling that can cause a use-after-free (UAF). Specifically, ksmbd_conn_handler_loop() waits for conn->r_count to reach zero, while handle_ksmbd_work() decrements r_count and may free conn via ksmbd_conn_free(). Afte...
CVE-2026-53293
CVE-2026-53293 : In the Linux kernel’s AMDGPU driver, the AMDGPU_INFO_READ_MMR_REG path had multiple issues: an incorrect order between the reset semaphore and the mm_lock (e.g., copy_to_user was called while holding the lock), memory allocation while holding the reset semaphore (risking deadlock...