Vulnerabilities > Linux > Linux Kernel > 6.1.16
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-02-20 | CVE-2023-52438 | Use After Free vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: binder: fix use-after-free in shinker's callback The mmap read lock is used during the shrinker's callback, which means that using alloc->vma pointer isn't safe as it can race with munmap(). As of commit dd2283f2605e ("mm: mmap: zap pages with read mmap_sem in munmap") the mmap lock is downgraded after the vma has been isolated. I was able to reproduce this issue by manually adding some delays and triggering page reclaiming through the shrinker's debug sysfs. | 7.8 |
2024-02-20 | CVE-2023-52439 | Double Free vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: uio: Fix use-after-free in uio_open core-1 core-2 ------------------------------------------------------- uio_unregister_device uio_open idev = idr_find() device_unregister(&idev->dev) put_device(&idev->dev) uio_device_release get_device(&idev->dev) kfree(idev) uio_free_minor(minor) uio_release put_device(&idev->dev) kfree(idev) ------------------------------------------------------- In the core-1 uio_unregister_device(), the device_unregister will kfree idev when the idev->dev kobject ref is 1. | 7.8 |
2024-02-20 | CVE-2024-26581 | Unspecified vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_rbtree: skip end interval element from gc rbtree lazy gc on insert might collect an end interval element that has been just added in this transactions, skip end interval elements that are not yet active. | 7.8 |
2024-02-12 | CVE-2023-52429 | Improper Check for Unusual or Exceptional Conditions vulnerability in multiple products dm_table_create in drivers/md/dm-table.c in the Linux kernel through 6.7.4 can attempt to (in alloc_targets) allocate more than INT_MAX bytes, and crash, because of a missing check for struct dm_ioctl.target_count. | 5.5 |
2024-02-12 | CVE-2024-25739 | Improper Check for Unusual or Exceptional Conditions vulnerability in Linux Kernel create_empty_lvol in drivers/mtd/ubi/vtbl.c in the Linux kernel through 6.7.4 can attempt to allocate zero bytes, and crash, because of a missing check for ubi->leb_size. | 5.5 |
2024-02-12 | CVE-2024-25740 | Memory Leak vulnerability in Linux Kernel A memory leak flaw was found in the UBI driver in drivers/mtd/ubi/attach.c in the Linux kernel through 6.7.4 for UBI_IOCATT, because kobj->name is not released. | 5.5 |
2024-02-05 | CVE-2024-22386 | NULL Pointer Dereference vulnerability in Linux Kernel A race condition was found in the Linux kernel's drm/exynos device driver in exynos_drm_crtc_atomic_disable() function. | 4.7 |
2024-02-05 | CVE-2024-23196 | NULL Pointer Dereference vulnerability in Linux Kernel A race condition was found in the Linux kernel's sound/hda device driver in snd_hdac_regmap_sync() function. | 4.7 |
2024-02-05 | CVE-2024-24855 | NULL Pointer Dereference vulnerability in Linux Kernel A race condition was found in the Linux kernel's scsi device driver in lpfc_unregister_fcf_rescan() function. | 4.7 |
2024-02-05 | CVE-2024-24857 | Integer Overflow or Wraparound vulnerability in Linux Kernel A race condition was found in the Linux kernel's net/bluetooth device driver in conn_info_{min,max}_age_set() function. | 6.8 |