7 matches found
CVE-2024-39503
CVE-2024-39503 : Linux kernel netfilter ipset race in the list:set type (namespace cleanup vs. gc) has a confirmed fix. The issue was a race that could cause use-after-free by GC data being accessed after the set is destroyed. The patch changes destruction order: when destroying all sets, first r...
CVE-2024-26722
Technical details about CVE-2024-26722 (affected products, exact root cause, versions, impact, remediation) are not provided in the connected documents. Monitor for updated advisories for explicit fixes and affected platforms.
CVE-2024-26800
The CVE-2024-26800 entry concerns a Linux kernel TLS use-after-free in backlog decryption. Root cause: when crypto_aead_decrypt returns -EBUSY (not EINPROGRESS), tls_do_decryption waits for async decryptions, but if any completes with a failure, the code releases pages that may still be held by a...
CVE-2024-26792
CVE-2024-26792 : Linux kernel bug in btrfs snapshot creation can cause a double free of an anonymous device number. Root cause: during snapshot creation, anon_dev is allocated, later freed in nested calls, and if the transaction path fails, the same anon_dev may be freed again even if it has been...
CVE-2024-27411
CVE-2024-27411 relates to the Linux kernel nouveau driver (drm/nouveau). The vulnerability arises because two DMA buffers required for suspend/resume were deallocated after GPU init, which can cause kernel module errors and a system-wide rendering freeze on multi-GPU systems. The fix moves the de...
CVE-2024-46785
CVE-2024-46785 affects the Linux kernel, specifically an issue in eventfs relating to SRCU-protected lists. The root cause is a NULL pointer access in tracefs when ei_child can be set to LIST_POISON1 after removal in eventfs_remove_rec, leading to a crash/panic. The vulnerability materializes whe...
CVE-2026-31533
The CVE-2026-31533 entry concerns a Linux kernel net/tls use-after-free in tls_do_encryption() when crypto_aead_encrypt() returns -EBUSY. The underlying issue is double cleanup of encrypt_pending and the scatterlist entry due to distinct cleanup paths (async callback tls_encrypt_done() vs synchro...