CVE-2026-45782

Cloud Hypervisor is a Virtual Machine Monitor for Cloud workloads. From version 21.0 to before version 51.2, a guest can cause a use-after-free in the cloud-hypervisor process by submitting two virtio-block descriptor chains that reuse the same headindex while asynchronous block I/O is enabled e....

[SECURITY] Fedora 44 Update: libre-4.8.1-1.fc44

Libre is a generic library for real-time communications with async I/O support. Features are a SIP stack RFC 3261, SDP, RTP and RTCP, SRTP and SRTCP Secure RTP, DNS client, STUN/TURN/ICE stack, BFCP, HTTP stack with client/server, Websockets, Jitter buffer, async I/O poll, epoll, select, kqueue,...

CVE-2026-45151

NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. In 0.24.8 and earlier, quicstreamrecv can dereference a null substream pointer when a substream is in reopen state. The code finishes the AIO with error but does not return before locking c-mtx...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-005062)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005062 advisory. In the Linux kernel, the following vulnerability has been resolved: usb: gadget: ffs: Fix race between aiocancel and AIO request complete FFS based applications can...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000805)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000805 advisory. Integer overflow in the aiosetupsinglevector function in fs/aio.c in the Linux kernel 4.0 allows local users to cause a denial of service or possibly have unspecifie...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000867)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000867 advisory. The filesystem implementation in the Linux kernel before 3.13 performs certain operations on lists of files with an inappropriate locking approach, which allows loca...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002276)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002276 advisory. The filesystem implementation in the Linux kernel before 3.13 performs certain operations on lists of files with an inappropriate locking approach, which allows loca...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002075)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002075 advisory. The filesystem implementation in the Linux kernel before 3.13 performs certain operations on lists of files with an inappropriate locking approach, which allows loca...

📄 Elementor Website Builder SQL Injection

Proof of concept exploit that demonstrates a remote SQL injection vulnerability in Elementor Website Builder versions prior 3.12.2. ============================================================================================================================================= | Title : Elementor...

DEBIAN-CVE-2025-40220

In the Linux kernel, the following vulnerability has been resolved: fuse: fix livelock in synchronous file put from fuseblk workers I observed a hang when running generic/323 against a fuseblk server. This test opens a file, initiates a lot of AIO writes to that file descriptor, and closes the fi...

CVE-2025-11307

The WP Go Maps formerly WP Google Maps WordPress plugin before 9.0.48 does not sanitize user input provided via an AJAX action, allowing unauthenticated users to store XSS payloads which are later retrieved from another AJAX call and output unescaped...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990582)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990582 advisory. In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix races between hole punching and AIO+DIO After commit ocfs2: return real error code in...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989966)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989966 advisory. In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix races between hole punching and AIO+DIO After commit ocfs2: return real error code in...

Siemens SIMATIC Devices Improper Handling of Structural Elements (CVE-2024-35815)

In the Linux kernel, the following vulnerability has been resolved: fs/aio: Check IOCBAIORW before the struct aiokiocb conversion The first kiocbsetcancelfn argument may point at a struct kiocb that is not embedded inside struct aiokiocb. With the current code, depending on the compiler, the...

DEBIAN-CVE-2023-53344

In the Linux kernel, the following vulnerability has been resolved: can: bcm: bcmtxsetup: fix KMSAN uninit-value in vfswrite Syzkaller reported the following issue: ===================================================== BUG: KMSAN: uninit-value in aiorwdone fs/aio.c:1520 inline BUG: KMSAN:...

Linux Distros Unpatched Vulnerability : CVE-2023-53111

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - loop: Fix use-after-free issues doreqfilebacked calls blkmqcompleterequest synchronously or asynchronously when using asynchronous I/O unless memory allocation...

SUSE CVE-2023-53111

In the Linux kernel, the following vulnerability has been resolved: loop: Fix use-after-free issues doreqfilebacked calls blkmqcompleterequest synchronously or asynchronously when using asynchronous I/O unless memory allocation fails. Hence, modify loophandlecmd such that it does not dereference...

CVE-2023-53111

In the Linux kernel, the following vulnerability has been resolved: loop: Fix use-after-free issues doreqfilebacked calls blkmqcompleterequest synchronously or asynchronously when using asynchronous I/O unless memory allocation fails. Hence, modify loophandlecmd such that it does not dereference...

UBUNTU-CVE-2023-53111

In the Linux kernel, the following vulnerability has been resolved: loop: Fix use-after-free issues doreqfilebacked calls blkmqcompleterequest synchronously or asynchronously when using asynchronous I/O unless memory allocation fails. Hence, modify loophandlecmd such that it does not dereference...

CVE-2025-21643

In the Linux kernel, the following vulnerability has been resolved: netfs: Fix kernel async DIO Netfslib needs to be able to handle kernel-initiated asynchronous DIO that is supplied with a biovec array. Currently, because of the async flag, this gets passed to netfsextractuseriter which throws a...