Alexey Khoroshilov

Researcher fromLinux Verification Center
#14242of 53,635
18.8Total CVSS
Vulnerabilities · 3
Medium
2
High
1
PT-2024-7322
5.5
2024-02-11
Linux · Linux Kernel · CVE-2024-26722
Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified) Description: The issue is related to a deadlock in the `rt5645 jack detect work()` function, where the `rt5645->jd mutex` is left locked forever, potentially leading to a deadlock when `rt5645 jack detect work()` is called for the second time. This may allow an attacker to cause a denial of service. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2022-7475
5.5
2022-03-05
Linux · Linux Kernel · CVE-2022-48863
**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to the `dsp pipeline build()` function in the mISDN component of the Linux kernel. It involves the allocation of a `dup` pointer by `kstrdup(cfg)`, which is then updated by `strsep(&dup, "|")`. As a result, when `kfree(dup)` is called, the `dup` variable contains NULL, leading to a memory leak. This could potentially allow an attacker to cause a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2022-7428
7.8
2022-02-16
Linux · Linux Kernel · CVE-2022-48783
**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to a use-after-free vulnerability in the `gswip remove()` function of the Lantiq / Intel GSWIP driver in the Linux kernel. This vulnerability is associated with the reuse of previously freed memory. Exploitation of this issue may allow an attacker to impact the confidentiality, integrity, and availability of protected information. The vulnerability is located in the `drivers/net/dsa/lantiq gswip.c` module. Technical details about exploitation include the incorrect order of operations, specifically that `of node put(priv->ds->slave mii bus->dev.of node)` should be done before `mdiobus free(priv->ds->slave mii bus)`. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.