Page 34 of 15500 results (0.043 seconds)

CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans During loopback communication, a dangling pointer can be created in vsk->trans, potentially leading to a Use-After-Free condition. • https://git.kernel.org/stable/c/06a8fc78367d070720af960dcecec917d3ae5f3b https://git.kernel.org/stable/c/5f092a4271f6dccf88fe0d132475a17b69ef71df https://git.kernel.org/stable/c/fd8ae346692a56b4437d626c5460c7104980f389 https://git.kernel.org/stable/c/eb1bdcb7dfc30b24495ee4c5533af0ed135cb5f1 https://git.kernel.org/stable/c/2a6a4e69f255b7aed17f93995691ab4f0d3c2203 https://git.kernel.org/stable/c/44d29897eafd0e1196453d3003a4d5e0b968eeab https://git.kernel.org/stable/c/b110196fec44fe966952004bd426967c2a8fd358 https://git.kernel.org/stable/c/5f970935d09934222fdef3d0e20c648ea • CWE-416: Use After Free •

CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix possible UAF in amdgpu_cs_pass1() Since the gang_size check is outside of chunk parsing loop, we need to reset i before we free the chunk data. Suggested by Ye Zhang (@VAR10CK) of Baidu Security. • https://git.kernel.org/stable/c/9a2393af1f35d1975204fc00035c64a1c792b278 https://git.kernel.org/stable/c/e08e9dd09809b16f8f8cee8c466841b33d24ed96 https://git.kernel.org/stable/c/90e065677e0362a777b9db97ea21d43a39211399 • CWE-416: Use After Free •

CVSS: -EPSS: 0%CPEs: 2EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: fork: only invoke khugepaged, ksm hooks if no error There is no reason to invoke these hooks early against an mm that is in an incomplete state. The change in commit d24062914837 ("fork: use __mt_dup() to duplicate maple tree in dup_mmap()") makes this more pertinent as we may be in a state where entries in the maple tree are not yet consistent. Their placement early in dup_mmap() only appears to have been meaningful for early error checking, and since functionally it'd require a very small allocation to fail (in practice 'too small to fail') that'd only occur in the most dire circumstances, meaning the fork would fail or be OOM'd in any case. Since both khugepaged and KSM tracking are there to provide optimisations to memory performance rather than critical functionality, it doesn't really matter all that much if, under such dire memory pressure, we fail to register an mm with these. As a result, we follow the example of commit d2081b2bf819 ("mm: khugepaged: make khugepaged_enter() void function") and make ksm_fork() a void function also. We only expose the mm to these functions once we are done with them and only if no error occurred in the fork operation. • https://git.kernel.org/stable/c/d2406291483775ecddaee929231a39c70c08fda2 https://git.kernel.org/stable/c/3b85aa0da8cd01173b9afd1f70080fbb9576c4b0 https://git.kernel.org/stable/c/985da552a98e27096444508ce5d853244019111f https://project-zero.issues.chromium.org/issues/373391951 •

CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix out-of-bounds write in trie_get_next_key() trie_get_next_key() allocates a node stack with size trie->max_prefixlen, while it writes (trie->max_prefixlen + 1) nodes to the stack when it has full paths from the root to leaves. • https://git.kernel.org/stable/c/b471f2f1de8b816f1e799b80aa92588f3566e4bd https://git.kernel.org/stable/c/e8494ac079814a53fbc2258d2743e720907488ed https://git.kernel.org/stable/c/91afbc0eb3c90258ae378ae3c6ead3d2371e926d https://git.kernel.org/stable/c/590976f921723d53ac199c01d5b7b73a94875e68 https://git.kernel.org/stable/c/86c8ebe02d8806dd8878d0063e8e185622ab6ea6 https://git.kernel.org/stable/c/a035df0b98df424559fd383e8e1a268f422ea2ba https://git.kernel.org/stable/c/90a6e0e1e151ef7a9282e78f54c3091de2dcc99c https://git.kernel.org/stable/c/c4b4f9a9ab82238cb158fa4fe61a8c0ae • CWE-787: Out-of-bounds Write •

CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: macsec: Fix use-after-free while sending the offloading packet KASAN reports the following UAF. • https://git.kernel.org/stable/c/0a28bfd4971fd570d1f3e4653b21415becefc92c https://git.kernel.org/stable/c/872932cf75cf859804370a265dd58118129386fa https://git.kernel.org/stable/c/9f5ae743dbe9a2458540a7d35fff0f990df025cf https://git.kernel.org/stable/c/4614640f1d5c93c22272117dc256e9940ccac8e8 https://git.kernel.org/stable/c/f1e54d11b210b53d418ff1476c6b58a2f434dfc0 • CWE-416: Use After Free •