Vulnerabilities > Linux > Linux Kernel > 6.7.7
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-04-01 | CVE-2024-26653 | Double Free vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: usb: misc: ljca: Fix double free in error handling path When auxiliary_device_add() returns error and then calls auxiliary_device_uninit(), callback function ljca_auxdev_release calls kfree(auxdev->dev.platform_data) to free the parameter data of the function ljca_new_client_device. | 7.8 |
| 2024-04-01 | CVE-2024-26654 | Use After Free vulnerability in multiple products In the Linux kernel, the following vulnerability has been resolved: ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs The dreamcastcard->timer could schedule the spu_dma_work and the spu_dma_work could also arm the dreamcastcard->timer. When the snd_pcm_substream is closing, the aica_channel will be deallocated. | 7.0 |
| 2024-03-27 | CVE-2024-26651 | Unspecified vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: sr9800: Add check for usbnet_get_endpoints Add check for usbnet_get_endpoints() and return the error if it fails in order to transfer the error. | 5.5 |
| 2024-03-21 | CVE-2024-26642 | In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: disallow anonymous set with timeout flag Anonymous sets are never used with timeout from userspace, reject this. Exception to this rule is NFT_SET_EVAL to ensure legacy meters still work. | 5.5 |
| 2024-03-21 | CVE-2024-26643 | Improper Locking vulnerability in multiple products In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout While the rhashtable set gc runs asynchronously, a race allows it to collect elements from anonymous sets with timeouts while it is being released from the commit path. Mingi Cho originally reported this issue in a different path in 6.1.x with a pipapo set with low timeouts which is not possible upstream since 7395dfacfff6 ("netfilter: nf_tables: use timestamp to check for set element timeout"). Fix this by setting on the dead flag for anonymous sets to skip async gc in this case. According to 08e4c8c5919f ("netfilter: nf_tables: mark newset as dead on transaction abort"), Florian plans to accelerate abort path by releasing objects via workqueue, therefore, this sets on the dead flag for abort path too. | 5.5 |
| 2024-03-13 | CVE-2024-26630 | Use After Free vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: mm: cachestat: fix folio read-after-free in cache walk In cachestat, we access the folio from the page cache's xarray to compute its page offset, and check for its dirty and writeback flags. | 7.1 |
| 2024-03-04 | CVE-2024-26622 | Use After Free vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: tomoyo: fix UAF write bug in tomoyo_write_control() Since tomoyo_write_control() updates head->write_buf when write() of long lines is requested, we need to fetch head->write_buf after head->io_sem is held. | 7.8 |
| 2024-02-11 | CVE-2024-1151 | Out-of-bounds Write vulnerability in multiple products A vulnerability was reported in the Open vSwitch sub-component in the Linux Kernel. | 5.5 |
| 2024-02-05 | CVE-2024-24857 | Integer Overflow or Wraparound vulnerability in multiple products A race condition was found in the Linux kernel's net/bluetooth device driver in conn_info_{min,max}_age_set() function. | 6.8 |
| 2024-02-05 | CVE-2024-24858 | Race Condition vulnerability in multiple products A race condition was found in the Linux kernel's net/bluetooth in {conn,adv}_{min,max}_interval_set() function. | 5.3 |