Page 3 of 3298 results (0.006 seconds)

CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0

18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: selinux: fix memleak in security_read_state_kernel() In this function, it directly returns the result of __security_read_policy without freeing the allocated memory in *data, cause memory leak issue, so free the memory if __security_read_policy failed. [PM: subject line tweak] In the Linux kernel, the following vulnerability has been resolved: selinux: fix memleak in security_read_state_kernel() In this function, it directly returns the res... • https://git.kernel.org/stable/c/c877c5217145bda8fd95f506bf42f8d981afa57d •

CVSS: 7.0EPSS: 0%CPEs: 8EXPL: 0

18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: selinux: Add boundary check in put_entry() Just like next_entry(), boundary check is necessary to prevent memory out-of-bound access. In the Linux kernel, the following vulnerability has been resolved: selinux: Add boundary check in put_entry() Just like next_entry(), boundary check is necessary to prevent memory out-of-bound access. • https://git.kernel.org/stable/c/2dabe6a872a5744865372eb30ea51e8ccd21305a • CWE-125: Out-of-bounds Read •

CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0

18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: jbd2: fix assertion 'jh->b_frozen_data == NULL' failure when journal aborted Following process will fail assertion 'jh->b_frozen_data == NULL' in jbd2_journal_dirty_metadata(): jbd2_journal_commit_transaction unlink(dir/a) jh->b_transaction = trans1 jh->b_jlist = BJ_Metadata journal->j_running_transaction = NULL trans1->t_state = T_COMMIT unlink(dir/b) handle->h_trans = trans2 do_get_write_access jh->b_modified = 0 jh->b_frozen_data = froze... • https://git.kernel.org/stable/c/470decc613ab2048b619a01028072d932d9086ee •

CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0

18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: powerpc/cell/axon_msi: Fix refcount leak in setup_msi_msg_address of_get_next_parent() returns a node pointer with refcount incremented, we should use of_node_put() on it when not need anymore. Add missing of_node_put() in the error path to avoid refcount leak. In the Linux kernel, the following vulnerability has been resolved: powerpc/cell/axon_msi: Fix refcount leak in setup_msi_msg_address of_get_next_parent() returns a node pointer with... • https://git.kernel.org/stable/c/ce21b3c9648ae55181787bf25ee00cf91dfd5c91 •

CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0

18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: powerpc/spufs: Fix refcount leak in spufs_init_isolated_loader of_find_node_by_path() returns remote device nodepointer with refcount incremented, we should use of_node_put() on it when done. Add missing of_node_put() to avoid refcount leak. In the Linux kernel, the following vulnerability has been resolved: powerpc/spufs: Fix refcount leak in spufs_init_isolated_loader of_find_node_by_path() returns remote device nodepointer with refcount ... • https://git.kernel.org/stable/c/0afacde3df4c9980f505d9afd7cb0058389732ca •

CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0

18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: video: fbdev: arkfb: Fix a divide-by-zero bug in ark_set_pixclock() Since the user can control the arguments of the ioctl() from the user space, under special arguments that may result in a divide-by-zero bug in: drivers/video/fbdev/arkfb.c:784: ark_set_pixclock(info, (hdiv * info->var.pixclock) / hmul); with hdiv=1, pixclock=1 and hmul=2 you end up with (1*1)/2 = (int) 0. and then in: drivers/video/fbdev/arkfb.c:504: rv = dac_set_freq(par-... • https://git.kernel.org/stable/c/681e14730c73cc2c71af282c001de6bc71c22f00 •

CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0

18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: video: fbdev: vt8623fb: Check the size of screen before memset_io() In the function vt8623fb_set_par(), the value of 'screen_size' is calculated by the user input. If the user provides the improper value, the value of 'screen_size' may larger than 'info->screen_size', which may cause the following bug: [ 583.339036] BUG: unable to handle page fault for address: ffffc90005000000 [ 583.339049] #PF: supervisor write access in kernel mode [ 583... • https://git.kernel.org/stable/c/558b7bd86c32978648cda5deb5c758d77ef0c165 •

CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0

18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: video: fbdev: arkfb: Check the size of screen before memset_io() In the function arkfb_set_par(), the value of 'screen_size' is calculated by the user input. If the user provides the improper value, the value of 'screen_size' may larger than 'info->screen_size', which may cause the following bug: [ 659.399066] BUG: unable to handle page fault for address: ffffc90003000000 [ 659.399077] #PF: supervisor write access in kernel mode [ 659.39907... • https://git.kernel.org/stable/c/681e14730c73cc2c71af282c001de6bc71c22f00 •

CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0

18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: video: fbdev: s3fb: Check the size of screen before memset_io() In the function s3fb_set_par(), the value of 'screen_size' is calculated by the user input. If the user provides the improper value, the value of 'screen_size' may larger than 'info->screen_size', which may cause the following bug: [ 54.083733] BUG: unable to handle page fault for address: ffffc90003000000 [ 54.083742] #PF: supervisor write access in kernel mode [ 54.083744] #P... • https://git.kernel.org/stable/c/a268422de8bf1b4c0cb97987b6c329c9f6a3da4b •

CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0

18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails When scpi probe fails, at any point, we need to ensure that the scpi_info is not set and will remain NULL until the probe succeeds. If it is not taken care, then it could result use-after-free as the value is exported via get_scpi_ops() and could refer to a memory allocated via devm_kzalloc() but freed when the probe fails. In the Linux kernel, the following vulnerabili... • https://git.kernel.org/stable/c/5aa558232edc30468d1f35108826dd5b3ffe978f •