Common Weakness Enumeration

CWE-835

Allowed

Loop with Unreachable Exit Condition ('Infinite Loop')

Abstraction: Base · Status: Incomplete

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

1052 vulnerabilities reference this CWE, most recent first.

GHSA-QQWV-FWGC-V6CP

Vulnerability from github – Published: 2025-08-22 18:31 – Updated: 2025-11-26 18:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

arm64: dts: qcom: qcs615: fix a crash issue caused by infinite loop for Coresight

An infinite loop has been created by the Coresight devices. When only a source device is enabled, the coresight_find_activated_sysfs_sink function is recursively invoked in an attempt to locate an active sink device, ultimately leading to a stack overflow and system crash. Therefore, disable the replicator1 to break the infinite loop and prevent a potential stack overflow.

replicator1_out -> funnel_swao_in6 -> tmc_etf_swao_in -> tmc_etf_swao_out | | replicator1_in replicator_swao_in | | replicator0_out1 replicator_swao_out0 | | replicator0_in funnel_in1_in3 | | tmc_etf_out <- tmc_etf_in <- funnel_merg_out <- funnel_merg_in1 <- funnel_in1_out

[call trace] dump_backtrace+0x9c/0x128 show_stack+0x20/0x38 dump_stack_lvl+0x48/0x60 dump_stack+0x18/0x28 panic+0x340/0x3b0 nmi_panic+0x94/0xa0 panic_bad_stack+0x114/0x138 handle_bad_stack+0x34/0xb8 __bad_stack+0x78/0x80 coresight_find_activated_sysfs_sink+0x28/0xa0 [coresight] coresight_find_activated_sysfs_sink+0x5c/0xa0 [coresight] coresight_find_activated_sysfs_sink+0x5c/0xa0 [coresight] coresight_find_activated_sysfs_sink+0x5c/0xa0 [coresight] coresight_find_activated_sysfs_sink+0x5c/0xa0 [coresight] ... coresight_find_activated_sysfs_sink+0x5c/0xa0 [coresight] coresight_enable_sysfs+0x80/0x2a0 [coresight]

side effect after the change: Only trace data originating from AOSS can reach the ETF_SWAO and EUD sinks.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-38649"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-08-22T16:15:39Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: dts: qcom: qcs615: fix a crash issue caused by infinite loop for Coresight\n\nAn infinite loop has been created by the Coresight devices. When only a\nsource device is enabled, the coresight_find_activated_sysfs_sink function\nis recursively invoked in an attempt to locate an active sink device,\nultimately leading to a stack overflow and system crash. Therefore, disable\nthe replicator1 to break the infinite loop and prevent a potential stack\noverflow.\n\nreplicator1_out   -\u003e   funnel_swao_in6   -\u003e   tmc_etf_swao_in   -\u003e  tmc_etf_swao_out\n     |                                                                     |\nreplicator1_in                                                     replicator_swao_in\n     |                                                                     |\nreplicator0_out1                                                   replicator_swao_out0\n     |                                                                     |\nreplicator0_in                                                     funnel_in1_in3\n     |                                                                     |\ntmc_etf_out \u003c- tmc_etf_in \u003c- funnel_merg_out \u003c- funnel_merg_in1 \u003c- funnel_in1_out\n\n[call trace]\n   dump_backtrace+0x9c/0x128\n   show_stack+0x20/0x38\n   dump_stack_lvl+0x48/0x60\n   dump_stack+0x18/0x28\n   panic+0x340/0x3b0\n   nmi_panic+0x94/0xa0\n   panic_bad_stack+0x114/0x138\n   handle_bad_stack+0x34/0xb8\n   __bad_stack+0x78/0x80\n   coresight_find_activated_sysfs_sink+0x28/0xa0 [coresight]\n   coresight_find_activated_sysfs_sink+0x5c/0xa0 [coresight]\n   coresight_find_activated_sysfs_sink+0x5c/0xa0 [coresight]\n   coresight_find_activated_sysfs_sink+0x5c/0xa0 [coresight]\n   coresight_find_activated_sysfs_sink+0x5c/0xa0 [coresight]\n   ...\n   coresight_find_activated_sysfs_sink+0x5c/0xa0 [coresight]\n   coresight_enable_sysfs+0x80/0x2a0 [coresight]\n\nside effect after the change:\nOnly trace data originating from AOSS can reach the ETF_SWAO and EUD sinks.",
  "id": "GHSA-qqwv-fwgc-v6cp",
  "modified": "2025-11-26T18:31:01Z",
  "published": "2025-08-22T18:31:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38649"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a9aaadcb0a6ce0c19616c46525112bc947c6f2b1"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/bd4f35786d5f0798cc1f8c187a81a7c998e6c58f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/fbe5be7893b8c7f58c999a26839cd30bc07654c6"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QR43-43PM-FWH2

Vulnerability from github – Published: 2024-10-21 21:30 – Updated: 2024-11-01 18:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

ASoC: Intel: soc-acpi-intel-rpl-match: add missing empty item

There is no links_num in struct snd_soc_acpi_mach {}, and we test !link->num_adr as a condition to end the loop in hda_sdw_machine_select(). So an empty item in struct snd_soc_acpi_link_adr array is required.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-50011"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-21T19:15:04Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: Intel: soc-acpi-intel-rpl-match: add missing empty item\n\nThere is no links_num in struct snd_soc_acpi_mach {}, and we test\n!link-\u003enum_adr as a condition to end the loop in hda_sdw_machine_select().\nSo an empty item in struct snd_soc_acpi_link_adr array is required.",
  "id": "GHSA-qr43-43pm-fwh2",
  "modified": "2024-11-01T18:31:27Z",
  "published": "2024-10-21T21:30:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50011"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5afc29ba44fdd1bcbad4e07246c395d946301580"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/aa3109ee91fe09e696274e6ac44813df8d13678f"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QRM9-MHJR-QFM7

Vulnerability from github – Published: 2022-05-24 19:16 – Updated: 2022-05-24 19:16
VLAI
Details

An issue was discovered in MediaWiki through 1.36.2. A parser function related to loop control allowed for an infinite loop (and php-fpm hang) within the Loops extension because egLoopsCountLimit is mishandled. This could lead to memory exhaustion.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-42040"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-10-06T21:15:00Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in MediaWiki through 1.36.2. A parser function related to loop control allowed for an infinite loop (and php-fpm hang) within the Loops extension because egLoopsCountLimit is mishandled. This could lead to memory exhaustion.",
  "id": "GHSA-qrm9-mhjr-qfm7",
  "modified": "2022-05-24T19:16:38Z",
  "published": "2022-05-24T19:16:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42040"
    },
    {
      "type": "WEB",
      "url": "https://gerrit.wikimedia.org/r/q/I0caf6f129f94612b5bcf406a171aa5ffedea1f80"
    },
    {
      "type": "WEB",
      "url": "https://phabricator.wikimedia.org/T287347"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-QRRC-56F8-GW3J

Vulnerability from github – Published: 2025-01-11 15:30 – Updated: 2025-09-23 18:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

bpf: Prevent tailcall infinite loop caused by freplace

There is a potential infinite loop issue that can occur when using a combination of tail calls and freplace.

In an upcoming selftest, the attach target for entry_freplace of tailcall_freplace.c is subprog_tc of tc_bpf2bpf.c, while the tail call in entry_freplace leads to entry_tc. This results in an infinite loop:

entry_tc -> subprog_tc -> entry_freplace --tailcall-> entry_tc.

The problem arises because the tail_call_cnt in entry_freplace resets to zero each time entry_freplace is executed, causing the tail call mechanism to never terminate, eventually leading to a kernel panic.

To fix this issue, the solution is twofold:

  1. Prevent updating a program extended by an freplace program to a prog_array map.
  2. Prevent extending a program that is already part of a prog_array map with an freplace program.

This ensures that:

  • If a program or its subprogram has been extended by an freplace program, it can no longer be updated to a prog_array map.
  • If a program has been added to a prog_array map, neither it nor its subprograms can be extended by an freplace program.

Moreover, an extension program should not be tailcalled. As such, return -EINVAL if the program has a type of BPF_PROG_TYPE_EXT when adding it to a prog_array map.

Additionally, fix a minor code style issue by replacing eight spaces with a tab for proper formatting.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-47794"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-11T13:15:22Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Prevent tailcall infinite loop caused by freplace\n\nThere is a potential infinite loop issue that can occur when using a\ncombination of tail calls and freplace.\n\nIn an upcoming selftest, the attach target for entry_freplace of\ntailcall_freplace.c is subprog_tc of tc_bpf2bpf.c, while the tail call in\nentry_freplace leads to entry_tc. This results in an infinite loop:\n\nentry_tc -\u003e subprog_tc -\u003e entry_freplace --tailcall-\u003e entry_tc.\n\nThe problem arises because the tail_call_cnt in entry_freplace resets to\nzero each time entry_freplace is executed, causing the tail call mechanism\nto never terminate, eventually leading to a kernel panic.\n\nTo fix this issue, the solution is twofold:\n\n1. Prevent updating a program extended by an freplace program to a\n   prog_array map.\n2. Prevent extending a program that is already part of a prog_array map\n   with an freplace program.\n\nThis ensures that:\n\n* If a program or its subprogram has been extended by an freplace program,\n  it can no longer be updated to a prog_array map.\n* If a program has been added to a prog_array map, neither it nor its\n  subprograms can be extended by an freplace program.\n\nMoreover, an extension program should not be tailcalled. As such, return\n-EINVAL if the program has a type of BPF_PROG_TYPE_EXT when adding it to a\nprog_array map.\n\nAdditionally, fix a minor code style issue by replacing eight spaces with a\ntab for proper formatting.",
  "id": "GHSA-qrrc-56f8-gw3j",
  "modified": "2025-09-23T18:30:20Z",
  "published": "2025-01-11T15:30:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47794"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/987aa730bad3e1ef66d9f30182294daa78f6387d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d6083f040d5d8f8d748462c77e90547097df936e"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QVH5-3XV2-RF6P

Vulnerability from github – Published: 2022-05-13 01:53 – Updated: 2022-05-13 01:53
VLAI
Details

The xz_decomp function in xzlib.c in libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-9251"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-04-04T02:29:00Z",
    "severity": "MODERATE"
  },
  "details": "The xz_decomp function in xzlib.c in libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035.",
  "id": "GHSA-qvh5-3xv2-rf6p",
  "modified": "2022-05-13T01:53:53Z",
  "published": "2022-05-13T01:53:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-9251"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.gnome.org/show_bug.cgi?id=794914"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QVJ7-29H2-6R54

Vulnerability from github – Published: 2025-01-15 15:31 – Updated: 2025-11-03 21:32
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

mm: vmscan: account for free pages to prevent infinite Loop in throttle_direct_reclaim()

The task sometimes continues looping in throttle_direct_reclaim() because allow_direct_reclaim(pgdat) keeps returning false.

#0 [ffff80002cb6f8d0] __switch_to at ffff8000080095ac #1 [ffff80002cb6f900] __schedule at ffff800008abbd1c #2 [ffff80002cb6f990] schedule at ffff800008abc50c #3 [ffff80002cb6f9b0] throttle_direct_reclaim at ffff800008273550 #4 [ffff80002cb6fa20] try_to_free_pages at ffff800008277b68 #5 [ffff80002cb6fae0] __alloc_pages_nodemask at ffff8000082c4660 #6 [ffff80002cb6fc50] alloc_pages_vma at ffff8000082e4a98 #7 [ffff80002cb6fca0] do_anonymous_page at ffff80000829f5a8 #8 [ffff80002cb6fce0] __handle_mm_fault at ffff8000082a5974 #9 [ffff80002cb6fd90] handle_mm_fault at ffff8000082a5bd4

At this point, the pgdat contains the following two zones:

    NODE: 4  ZONE: 0  ADDR: ffff00817fffe540  NAME: "DMA32"
      SIZE: 20480  MIN/LOW/HIGH: 11/28/45
      VM_STAT:
            NR_FREE_PAGES: 359
    NR_ZONE_INACTIVE_ANON: 18813
      NR_ZONE_ACTIVE_ANON: 0
    NR_ZONE_INACTIVE_FILE: 50
      NR_ZONE_ACTIVE_FILE: 0
      NR_ZONE_UNEVICTABLE: 0
    NR_ZONE_WRITE_PENDING: 0
                 NR_MLOCK: 0
                NR_BOUNCE: 0
               NR_ZSPAGES: 0
        NR_FREE_CMA_PAGES: 0

    NODE: 4  ZONE: 1  ADDR: ffff00817fffec00  NAME: "Normal"
      SIZE: 8454144  PRESENT: 98304  MIN/LOW/HIGH: 68/166/264
      VM_STAT:
            NR_FREE_PAGES: 146
    NR_ZONE_INACTIVE_ANON: 94668
      NR_ZONE_ACTIVE_ANON: 3
    NR_ZONE_INACTIVE_FILE: 735
      NR_ZONE_ACTIVE_FILE: 78
      NR_ZONE_UNEVICTABLE: 0
    NR_ZONE_WRITE_PENDING: 0
                 NR_MLOCK: 0
                NR_BOUNCE: 0
               NR_ZSPAGES: 0
        NR_FREE_CMA_PAGES: 0

In allow_direct_reclaim(), while processing ZONE_DMA32, the sum of inactive/active file-backed pages calculated in zone_reclaimable_pages() based on the result of zone_page_state_snapshot() is zero.

Additionally, since this system lacks swap, the calculation of inactive/ active anonymous pages is skipped.

    crash> p nr_swap_pages
    nr_swap_pages = $1937 = {
      counter = 0
    }

As a result, ZONE_DMA32 is deemed unreclaimable and skipped, moving on to the processing of the next zone, ZONE_NORMAL, despite ZONE_DMA32 having free pages significantly exceeding the high watermark.

The problem is that the pgdat->kswapd_failures hasn't been incremented.

    crash> px ((struct pglist_data *) 0xffff00817fffe540)->kswapd_failures
    $1935 = 0x0

This is because the node deemed balanced. The node balancing logic in balance_pgdat() evaluates all zones collectively. If one or more zones (e.g., ZONE_DMA32) have enough free pages to meet their watermarks, the entire node is deemed balanced. This causes balance_pgdat() to exit early before incrementing the kswapd_failures, as it considers the overall memory state acceptable, even though some zones (like ZONE_NORMAL) remain under significant pressure.

The patch ensures that zone_reclaimable_pages() includes free pages (NR_FREE_PAGES) in its calculation when no other reclaimable pages are available (e.g., file-backed or anonymous pages). This change prevents zones like ZONE_DMA32, which have sufficient free pages, from being mistakenly deemed unreclaimable. By doing so, the patch ensures proper node balancing, avoids masking pressure on other zones like ZONE_NORMAL, and prevents infinite loops in throttle_direct_reclaim() caused by allow_direct_reclaim(pgdat) repeatedly returning false.

The kernel hangs due to a task stuck in throttle_direct_reclaim(), caused by a node being incorrectly deemed balanced despite pressure in certain zones, such as ZONE_NORMAL. This issue arises from zone_reclaimable_pages ---truncated---

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-57884"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-15T13:15:12Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: vmscan: account for free pages to prevent infinite Loop in throttle_direct_reclaim()\n\nThe task sometimes continues looping in throttle_direct_reclaim() because\nallow_direct_reclaim(pgdat) keeps returning false.  \n\n #0 [ffff80002cb6f8d0] __switch_to at ffff8000080095ac\n #1 [ffff80002cb6f900] __schedule at ffff800008abbd1c\n #2 [ffff80002cb6f990] schedule at ffff800008abc50c\n #3 [ffff80002cb6f9b0] throttle_direct_reclaim at ffff800008273550\n #4 [ffff80002cb6fa20] try_to_free_pages at ffff800008277b68\n #5 [ffff80002cb6fae0] __alloc_pages_nodemask at ffff8000082c4660\n #6 [ffff80002cb6fc50] alloc_pages_vma at ffff8000082e4a98\n #7 [ffff80002cb6fca0] do_anonymous_page at ffff80000829f5a8\n #8 [ffff80002cb6fce0] __handle_mm_fault at ffff8000082a5974\n #9 [ffff80002cb6fd90] handle_mm_fault at ffff8000082a5bd4\n\nAt this point, the pgdat contains the following two zones:\n\n        NODE: 4  ZONE: 0  ADDR: ffff00817fffe540  NAME: \"DMA32\"\n          SIZE: 20480  MIN/LOW/HIGH: 11/28/45\n          VM_STAT:\n                NR_FREE_PAGES: 359\n        NR_ZONE_INACTIVE_ANON: 18813\n          NR_ZONE_ACTIVE_ANON: 0\n        NR_ZONE_INACTIVE_FILE: 50\n          NR_ZONE_ACTIVE_FILE: 0\n          NR_ZONE_UNEVICTABLE: 0\n        NR_ZONE_WRITE_PENDING: 0\n                     NR_MLOCK: 0\n                    NR_BOUNCE: 0\n                   NR_ZSPAGES: 0\n            NR_FREE_CMA_PAGES: 0\n\n        NODE: 4  ZONE: 1  ADDR: ffff00817fffec00  NAME: \"Normal\"\n          SIZE: 8454144  PRESENT: 98304  MIN/LOW/HIGH: 68/166/264\n          VM_STAT:\n                NR_FREE_PAGES: 146\n        NR_ZONE_INACTIVE_ANON: 94668\n          NR_ZONE_ACTIVE_ANON: 3\n        NR_ZONE_INACTIVE_FILE: 735\n          NR_ZONE_ACTIVE_FILE: 78\n          NR_ZONE_UNEVICTABLE: 0\n        NR_ZONE_WRITE_PENDING: 0\n                     NR_MLOCK: 0\n                    NR_BOUNCE: 0\n                   NR_ZSPAGES: 0\n            NR_FREE_CMA_PAGES: 0\n\nIn allow_direct_reclaim(), while processing ZONE_DMA32, the sum of\ninactive/active file-backed pages calculated in zone_reclaimable_pages()\nbased on the result of zone_page_state_snapshot() is zero.  \n\nAdditionally, since this system lacks swap, the calculation of inactive/\nactive anonymous pages is skipped.\n\n        crash\u003e p nr_swap_pages\n        nr_swap_pages = $1937 = {\n          counter = 0\n        }\n\nAs a result, ZONE_DMA32 is deemed unreclaimable and skipped, moving on to\nthe processing of the next zone, ZONE_NORMAL, despite ZONE_DMA32 having\nfree pages significantly exceeding the high watermark.\n\nThe problem is that the pgdat-\u003ekswapd_failures hasn\u0027t been incremented.\n\n        crash\u003e px ((struct pglist_data *) 0xffff00817fffe540)-\u003ekswapd_failures\n        $1935 = 0x0\n\nThis is because the node deemed balanced.  The node balancing logic in\nbalance_pgdat() evaluates all zones collectively.  If one or more zones\n(e.g., ZONE_DMA32) have enough free pages to meet their watermarks, the\nentire node is deemed balanced.  This causes balance_pgdat() to exit early\nbefore incrementing the kswapd_failures, as it considers the overall\nmemory state acceptable, even though some zones (like ZONE_NORMAL) remain\nunder significant pressure.\n\n\nThe patch ensures that zone_reclaimable_pages() includes free pages\n(NR_FREE_PAGES) in its calculation when no other reclaimable pages are\navailable (e.g., file-backed or anonymous pages).  This change prevents\nzones like ZONE_DMA32, which have sufficient free pages, from being\nmistakenly deemed unreclaimable.  By doing so, the patch ensures proper\nnode balancing, avoids masking pressure on other zones like ZONE_NORMAL,\nand prevents infinite loops in throttle_direct_reclaim() caused by\nallow_direct_reclaim(pgdat) repeatedly returning false.\n\n\nThe kernel hangs due to a task stuck in throttle_direct_reclaim(), caused\nby a node being incorrectly deemed balanced despite pressure in certain\nzones, such as ZONE_NORMAL.  This issue arises from\nzone_reclaimable_pages\n---truncated---",
  "id": "GHSA-qvj7-29h2-6r54",
  "modified": "2025-11-03T21:32:11Z",
  "published": "2025-01-15T15:31:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-57884"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1ff2302e8aeac7f2eedb551d7a89617283b5c6b2"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/58d0d02dbc67438fc80223fdd7bbc49cf0733284"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/63eac98d6f0898229f515cb62fe4e4db2430e99c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/66cd37660ec34ec444fe42f2277330ae4a36bb19"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6aaced5abd32e2a57cd94fd64f824514d0361da8"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/bfb701192129803191c9cd6cdd1f82cd07f8de2c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d675fefbaec3815b3ae0af1bebd97f27df3a05c8"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QVJG-2VFM-53C7

Vulnerability from github – Published: 2026-05-29 00:38 – Updated: 2026-05-29 00:38
VLAI
Details

A flaw was found in glib-networking. A remote attacker can exploit this vulnerability by presenting a specially crafted certificate chain to an application that uses glib-networking with the GnuTLS backend enabled and performs certificate verification. This crafted chain, which contains circular issuer relationships, can cause an infinite loop during certificate verification. The unbounded traversal consumes excessive CPU resources, leading to a denial of service for the affected process or worker.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-10028"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-28T23:16:44Z",
    "severity": "MODERATE"
  },
  "details": "A flaw was found in glib-networking. A remote attacker can exploit this vulnerability by presenting a specially crafted certificate chain to an application that uses glib-networking with the GnuTLS backend enabled and performs certificate verification. This crafted chain, which contains circular issuer relationships, can cause an infinite loop during certificate verification. The unbounded traversal consumes excessive CPU resources, leading to a denial of service for the affected process or worker.",
  "id": "GHSA-qvjg-2vfm-53c7",
  "modified": "2026-05-29T00:38:34Z",
  "published": "2026-05-29T00:38:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-10028"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2026-10028"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2465152"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.gnome.org/GNOME/glib-networking/-/work_items/231"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QW99-33WH-XP55

Vulnerability from github – Published: 2022-05-13 01:43 – Updated: 2025-04-20 03:46
VLAI
Details

read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-14933"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-09-30T01:29:00Z",
    "severity": "MODERATE"
  },
  "details": "read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file.",
  "id": "GHSA-qw99-33wh-xp55",
  "modified": "2025-04-20T03:46:06Z",
  "published": "2022-05-13T01:43:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14933"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201811-17"
    },
    {
      "type": "WEB",
      "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=22210"
    },
    {
      "type": "WEB",
      "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=30d0157a2ad64e64e5ff9fcc0dbe78a3e682f573"
    },
    {
      "type": "WEB",
      "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=33e0a9a056bd23e923b929a4f2ab049ade0b1c32"
    },
    {
      "type": "WEB",
      "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=30d0157a2ad64e64e5ff9fcc0dbe78a3e682f573"
    },
    {
      "type": "WEB",
      "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=33e0a9a056bd23e923b929a4f2ab049ade0b1c32"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/101203"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QX86-33WW-3474

Vulnerability from github – Published: 2023-11-01 12:30 – Updated: 2023-11-01 12:30
VLAI
Details

Improper file stream access in /desktop_app/file.ajax.php?action=uploadfile in Bitrix24 22.0.300 allows unauthenticated remote attackers to cause denial-of-service via a crafted "tmp_url".

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-1718"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-11-01T10:15:09Z",
    "severity": "HIGH"
  },
  "details": "\nImproper file stream access in /desktop_app/file.ajax.php?action=uploadfile in Bitrix24 22.0.300 allows unauthenticated remote attackers to cause denial-of-service via a crafted \"tmp_url\".\n\n\n\n\n\n",
  "id": "GHSA-qx86-33ww-3474",
  "modified": "2023-11-01T12:30:19Z",
  "published": "2023-11-01T12:30:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1718"
    },
    {
      "type": "WEB",
      "url": "https://starlabs.sg/advisories/23/23-1718"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QXMF-M5MX-7VX7

Vulnerability from github – Published: 2026-01-15 21:31 – Updated: 2026-01-15 21:31
VLAI
Details

A Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in the SIP application layer gateway (ALG) of Juniper Networks Junos OS on SRX Series and MX Series with MX-SPC3 or MS-MPC allows an unauthenticated network-based attacker sending specific SIP messages over TCP to crash the flow management process, leading to a Denial of Service (DoS).

On SRX Series, and MX Series with MX-SPC3 or MS-MPC service cards, receipt of multiple SIP messages causes the SIP headers to be parsed incorrectly, eventually causing a continuous loop and leading to a watchdog timer expiration, crashing the flowd process on SRX Series and MX Series with MX-SPC3, or mspmand process on MX Series with MS-MPC.

This issue only occurs over TCP. SIP messages sent over UDP cannot trigger this issue.

This issue affects Junos OS on SRX Series and MX Series with MX-SPC3 and MS-MPC:

  • all versions before 21.2R3-S10, 
  • from 21.4 before 21.4R3-S12, 
  • from 22.4 before 22.4R3-S8, 
  • from 23.2 before 23.2R2-S5, 
  • from 23.4 before 23.4R2-S6, 
  • from 24.2 before 24.2R2-S3, 
  • from 24.4 before 24.4R2-S1, 
  • from 25.2 before 25.2R1-S1, 25.2R2.
Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-21905"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-01-15T21:16:05Z",
    "severity": "HIGH"
  },
  "details": "A Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027) vulnerability in the SIP application layer gateway (ALG) of Juniper Networks Junos OS on SRX Series and MX Series with MX-SPC3 or MS-MPC allows an unauthenticated network-based attacker sending specific SIP messages over TCP to crash the flow management process, leading to a Denial of Service (DoS).\n\nOn SRX Series, and MX Series with MX-SPC3 or MS-MPC service cards, receipt of multiple SIP messages causes the SIP headers to be parsed incorrectly, eventually causing a continuous loop and leading to a watchdog timer expiration, crashing the flowd process on SRX Series and MX Series with MX-SPC3, or mspmand process on MX Series with MS-MPC.\n\nThis issue only occurs over TCP. SIP messages sent over UDP cannot trigger this issue.\n\nThis issue affects Junos OS on SRX Series and MX Series with MX-SPC3 and MS-MPC:\n\n\n\n  *  all versions before 21.2R3-S10,\u00a0\n  *  from 21.4 before 21.4R3-S12,\u00a0\n  *  from 22.4 before 22.4R3-S8,\u00a0\n  *  from 23.2 before 23.2R2-S5,\u00a0\n  *  from 23.4 before 23.4R2-S6,\u00a0\n  *  from 24.2 before 24.2R2-S3,\u00a0\n  *  from 24.4 before 24.4R2-S1,\u00a0\n  *  from 25.2 before 25.2R1-S1, 25.2R2.",
  "id": "GHSA-qxmf-m5mx-7vx7",
  "modified": "2026-01-15T21:31:48Z",
  "published": "2026-01-15T21:31:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21905"
    },
    {
      "type": "WEB",
      "url": "https://kb.juniper.net/JSA106004"
    },
    {
      "type": "WEB",
      "url": "https://supportportal.juniper.net/JSA106004"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:C/RE:M/U:Amber",
      "type": "CVSS_V4"
    }
  ]
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.