Vulnerabilities > Use After Free
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-05 | CVE-2024-50124 | Use After Free vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ISO: Fix UAF on iso_sock_timeout conn->sk maybe have been unlinked/freed while waiting for iso_conn_lock so this checks if the conn->sk is still valid by checking if it part of iso_sk_list. | 7.8 |
| 2024-11-05 | CVE-2024-50125 | Use After Free vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SCO: Fix UAF on sco_sock_timeout conn->sk maybe have been unlinked/freed while waiting for sco_conn_lock so this checks if the conn->sk is still valid by checking if it part of sco_sk_list. | 7.8 |
| 2024-11-05 | CVE-2024-50126 | Use After Free vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: net: sched: use RCU read-side critical section in taprio_dump() Fix possible use-after-free in 'taprio_dump()' by adding RCU read-side critical section there. | 7.8 |
| 2024-11-05 | CVE-2024-50127 | Use After Free vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: net: sched: fix use-after-free in taprio_change() In 'taprio_change()', 'admin' pointer may become dangling due to sched switch / removal caused by 'advance_sched()', and critical section protected by 'q->current_entry_lock' is too small to prevent from such a scenario (which causes use-after-free detected by KASAN). | 7.8 |
| 2024-11-05 | CVE-2024-50130 | Use After Free vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: netfilter: bpf: must hold reference on net namespace BUG: KASAN: slab-use-after-free in __nf_unregister_net_hook+0x640/0x6b0 Read of size 8 at addr ffff8880106fe400 by task repro/72= bpf_nf_link_release+0xda/0x1e0 bpf_link_free+0x139/0x2d0 bpf_link_release+0x68/0x80 __fput+0x414/0xb60 Eric says: It seems that bpf was able to defer the __nf_unregister_net_hook() after exit()/close() time. Perhaps a netns reference is missing, because the netns has been dismantled/freed already. bpf_nf_link_attach() does : link->net = net; But I do not see a reference being taken on net. Add such a reference and release it after hook unreg. Note that I was unable to get syzbot reproducer to work, so I do not know if this resolves this splat. | 7.8 |
| 2024-11-04 | CVE-2024-33029 | Use After Free vulnerability in Qualcomm products Memory corruption while handling the PDR in driver for getting the remote heap maps. | 6.7 |
| 2024-11-04 | CVE-2024-33033 | Use After Free vulnerability in Qualcomm products Memory corruption while processing IOCTL calls to unmap the buffers. | 7.8 |
| 2024-11-04 | CVE-2024-33068 | Use After Free vulnerability in Qualcomm products Transient DOS while parsing fragments of MBSSID IE from beacon frame. | 6.5 |
| 2024-11-04 | CVE-2024-38415 | Use After Free vulnerability in Qualcomm products Memory corruption while handling session errors from firmware. | 7.8 |
| 2024-11-04 | CVE-2024-38419 | Use After Free vulnerability in Qualcomm products Memory corruption while invoking IOCTL calls from the use-space for HGSL memory node. | 7.8 |