Vulnerabilities > Linux > Linux Kernel > 5.4.291
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-12-29 | CVE-2024-56712 | Memory Leak vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: udmabuf: fix memory leak on last export_udmabuf() error path In export_udmabuf(), if dma_buf_fd() fails because the FD table is full, a dma_buf owning the udmabuf has already been created; but the error handling in udmabuf_create() will tear down the udmabuf without doing anything about the containing dma_buf. This leaves a dma_buf in memory that contains a dangling pointer; though that doesn't seem to lead to anything bad except a memory leak. Fix it by moving the dma_buf_fd() call out of export_udmabuf() so that we can give it different error handling. Note that the shape of this code changed a lot in commit 5e72b2b41a21 ("udmabuf: convert udmabuf driver to use folios"); but the memory leak seems to have existed since the introduction of udmabuf. | 5.5 |
| 2024-10-29 | CVE-2024-50086 | Use After Free vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix user-after-free from session log off There is racy issue between smb2 session log off and smb2 session setup. It will cause user-after-free from session log off. This add session_lock when setting SMB2_SESSION_EXPIRED and referece count to session struct not to free session while it is being used. | 7.0 |
| 2024-09-18 | CVE-2024-46742 | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: smb/server: fix potential null-ptr-deref of lease_ctx_info in smb2_open() null-ptr-deref will occur when (req_op_level == SMB2_OPLOCK_LEVEL_LEASE) and parse_lease_state() return NULL. Fix this by check if 'lease_ctx_info' is NULL. Additionally, remove the redundant parentheses in parse_durable_handle_context(). | 5.5 |
| 2024-09-18 | CVE-2024-46774 | Out-of-bounds Write vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas() Smatch warns: arch/powerpc/kernel/rtas.c:1932 __do_sys_rtas() warn: potential spectre issue 'args.args' [r] (local cap) The 'nargs' and 'nret' locals come directly from a user-supplied buffer and are used as indexes into a small stack-based array and as inputs to copy_to_user() after they are subject to bounds checks. Use array_index_nospec() after the bounds checks to clamp these values for speculative execution. | 7.1 |
| 2023-06-12 | CVE-2023-3159 | Use After Free vulnerability in Linux Kernel A use after free issue was discovered in driver/firewire in outbound_phy_packet_callback in the Linux Kernel. | 6.7 |
| 2023-05-08 | CVE-2023-2513 | Use After Free vulnerability in multiple products A use-after-free vulnerability was found in the Linux kernel's ext4 filesystem in the way it handled the extra inode size for extended attributes. | 6.7 |
| 2023-04-20 | CVE-2023-2194 | Out-of-bounds Write vulnerability in multiple products An out-of-bounds write vulnerability was found in the Linux kernel's SLIMpro I2C device driver. | 6.7 |
| 2022-12-18 | CVE-2022-47518 | Out-of-bounds Write vulnerability in multiple products An issue was discovered in the Linux kernel before 6.0.11. | 7.8 |
| 2022-12-18 | CVE-2022-47519 | Out-of-bounds Write vulnerability in multiple products An issue was discovered in the Linux kernel before 6.0.11. | 7.8 |
| 2022-12-18 | CVE-2022-47520 | Out-of-bounds Read vulnerability in multiple products An issue was discovered in the Linux kernel before 6.0.11. | 7.1 |