A memory corruption vulnerability exists in the Linux kernel's MSM display port driver that occurs when more than eight display bridges are connected, allowing local attackers with low privileges to corrupt kernel memory beyond a fixed-size array. The vulnerability affects Linux kernel versions up to 6.1-rc2 and requires local access to exploit, with no known active exploitation in the wild (not in KEV) and a very low EPSS score of 0.02% indicating minimal real-world exploitation likelihood.
In the Linux kernel, the following vulnerability has been resolved: fs: dlm: fix use after free in midcomms commit While working on processing dlm message in softirq context I experienced the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
In the Linux kernel, the following vulnerability has been resolved: blk-mq: use quiesced elevator switch when reinitializing queues The hctx's run_work may be racing with the elevator switch when. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
A race condition vulnerability exists in the Linux kernel's parisc architecture-specific firmware call pdc_iodc_print() that allows local attackers to cause buffer overflows and potentially execute arbitrary code. The vulnerability affects Linux kernel versions from 2.6.25 through versions before the patched releases, requiring local access with low privileges to exploit. With an EPSS score of only 0.01%, this vulnerability has very low exploitation likelihood in the wild despite its high CVSS score of 7.8.
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: call disconnect callback before deleting conn In hci_cs_disconnect, we do hci_conn_del even if disconnection. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.