Description
UAF in nftables when nft_set_lookup_global triggered after handling named and anonymous sets in batch requests.
net/sched: sch_qfq component can be exploited if in qfq_change_agg function happens qfq_enqueue overhead.
net/sched: sch_hfsc UAF.
use-after-free in sch_qfq network scheduler.
use after free in nvmet_tcp_free_crypto in NVMe.
inactive elements in nft_pipapo_walk.
out-of-bounds write in qfq_change_class function.
nf_tables: stack-out-of-bounds-read in nft_byteorder_eval().
IGB driver inadequate buffer size for frames larger than MTU.
ktls overwrites readonly memory pages when using function splice with a ktls socket as destination.
nfp: use-after-free in area_cache_get().
vmwgfx: NULL pointer dereference in vmw_cmd_dx_define_query.
Gather Data Sampling (GDS) side channel vulnerability.
null-ptr-deref vulnerabilities in sl_tx_timeout in drivers/net/slip.
fbcon: out-of-sync arrays in fbcon_mode_deleted due to wrong con2fb_map assignment.
use-after-free in l2cap_sock_release in net/bluetooth/l2cap_sock.c.