Filtered by vendor Linux Subscriptions
Filtered by product Acrn Subscriptions
Total 9 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-38612 1 Linux 2 Acrn, Linux Kernel 2024-12-19 9.8 Critical
In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: fix invalid unregister error path The error path of seg6_init() is wrong in case CONFIG_IPV6_SEG6_LWTUNNEL is not defined. In that case if seg6_hmac_init() fails, the genl_unregister_family() isn't called. This issue exist since commit 46738b1317e1 ("ipv6: sr: add option to control lwtunnel support"), and commit 5559cea2d5aa ("ipv6: sr: fix possible use-after-free and null-ptr-deref") replaced unregister_pernet_subsys() with genl_unregister_family() in this error path.
CVE-2024-38573 2 Linux, Redhat 4 Acrn, Linux Kernel, Enterprise Linux and 1 more 2024-12-19 7.5 High
In the Linux kernel, the following vulnerability has been resolved: cppc_cpufreq: Fix possible null pointer dereference cppc_cpufreq_get_rate() and hisi_cppc_cpufreq_get_rate() can be called from different places with various parameters. So cpufreq_cpu_get() can return null as 'policy' in some circumstances. Fix this bug by adding null return check. Found by Linux Verification Center (linuxtesting.org) with SVACE.
CVE-2021-36148 1 Linux 1 Acrn 2024-11-21 7.8 High
An issue was discovered in ACRN before 2.5. dmar_free_irte in hypervisor/arch/x86/vtd.c allows an irte_alloc_bitmap buffer overflow.
CVE-2021-36147 1 Linux 1 Acrn 2024-11-21 7.5 High
An issue was discovered in ACRN before 2.5. It allows a devicemodel/hw/pci/virtio/virtio_net.c virtio_net_ping_rxq NULL pointer dereference for vq->used.
CVE-2021-36146 1 Linux 1 Acrn 2024-11-21 7.5 High
ACRN before 2.5 has a devicemodel/hw/pci/xhci.c NULL Pointer Dereference for a trb pointer.
CVE-2021-36145 1 Linux 1 Acrn 2024-11-21 7.5 High
The Device Model in ACRN through 2.5 has a devicemodel/core/mem.c use-after-free for a freed rb_entry.
CVE-2021-36144 1 Linux 1 Acrn 2024-11-21 7.5 High
The polling timer handler in ACRN before 2.5 has a use-after-free for a freed virtio device, related to devicemodel/hw/pci/virtio/*.c.
CVE-2021-36143 1 Linux 1 Acrn 2024-11-21 7.5 High
ACRN before 2.5 has a hw/pci/virtio/virtio.c vq_endchains NULL Pointer Dereference.
CVE-2019-18844 1 Linux 1 Acrn 2024-11-21 7.5 High
The Device Model in ACRN before 2019w25.5-140000p relies on assert calls in devicemodel/hw/pci/core.c and devicemodel/include/pci_core.h (instead of other mechanisms for propagating error information or diagnostic information), which might allow attackers to cause a denial of service (assertion failure) within pci core. This is fixed in 1.2. 6199e653418e is a mitigation for pre-1.1 versions, whereas 2b3dedfb9ba1 is a mitigation for 1.1.