296,213
Total vulnerabilities in the database
In the Linux kernel, the following vulnerability has been resolved:
EDAC/qcom: Do not pass llcc_driv_data as edac_device_ctl_info's pvt_info
The memory for llcc_driv_data is allocated by the LLCC driver. But when it is passed as the private driver info to the EDAC core, it will get freed during the qcom_edac driver release. So when the qcom_edac driver gets probed again, it will try to use the freed data leading to the use-after-free bug.
Hence, do not pass llcc_driv_data as pvt_info but rather reference it using the platform_data pointer in the qcom_edac driver.
| Software | From | Fixed in |
|---|---|---|
| linux / linux_kernel | 6.2-rc1 | 6.2-rc1.x |
| linux / linux_kernel | 6.2-rc2 | 6.2-rc2.x |
| linux / linux_kernel | 6.2-rc3 | 6.2-rc3.x |
| linux / linux_kernel | 6.2-rc4 | 6.2-rc4.x |
| linux / linux_kernel | 6.2-rc5 | 6.2-rc5.x |
| linux / linux_kernel | 5.11 | 5.15.91 |
| linux / linux_kernel | 4.20 | 5.4.231 |
| linux / linux_kernel | 5.5 | 5.10.166 |
| linux / linux_kernel | 5.16 | 6.1.9 |