PT-2026-26127

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains an issue in the F2FS filesystem related to an inconsistency in the IS CHECKPOINTED flag. This occurs due to concurrent atomic commit and checkpoint writes...

CVE-2025-67729

LMDeploy prior to v0.11.1 is affected by an insecure deserialization vulnerability in torch.load() called without weights_only=True when loading model checkpoint files (.bin/.pt). This can allow an attacker to execute arbitrary code on the victim's machine. The issue is patched in v0.11.1. Affect...

CVE-2025-67729 lmdeploy vulnerable to Arbitrary Code Execution via Insecure Deserialization in torch.load()

LMDeploy is a toolkit for compressing, deploying, and serving LLMs. Prior to version 0.11.1, an insecure deserialization vulnerability exists in lmdeploy where torch.load is called without the weightsonly=True parameter when loading model checkpoint files. This allows an attacker to execute...

lmdeploy vulnerable to Arbitrary Code Execution via Insecure Deserialization in torch.load()

Summary An insecure deserialization vulnerability exists in lmdeploy where torch.load is called without the weightsonly=True parameter when loading model checkpoint files. This allows an attacker to execute arbitrary code on the victim's machine when they load a malicious .bin or .pt model file...

lmdeploy 代码问题漏洞

lmdeploy is an InternLM open source toolkit for compressing, deploying and servicing LLM. A code issue vulnerability exists in versions of lmdeploy prior to 0.11.1 that stems from loading model checkpoint files without using the weightsonly parameter, which could lead to an attacker executing...

SUSE CVE-2023-54151

In the Linux kernel, the following vulnerability has been resolved: f2fs: Fix system crash due to lack of free space in LFS When f2fs tries to checkpoint during foreground gc in LFS mode, system crash occurs due to lack of free space if the amount of dirty node and dentry pages generated by data...

CVE-2025-13706

Tencent PatrickStar mergecheckpoint Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent PatrickStar. User interaction is required to exploit this vulnerability in that the...

CVE-2025-13708

Tencent NeuralNLP-NeuralClassifier loadcheckpoint Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent NeuralNLP-NeuralClassifier. User interaction is required to exploit th...

CVE-2025-14927

A flaw was found in the Hugging Face Transformers library. The convertconfig function fails to validate a user-supplied string before using it to execute Python code. An attacker can exploit this flaw by providing a malicious SEW-D model checkpoint, causing arbitrary code execution in the context...

CVE-2025-14924

A flaw was found in the Hugging Face Transformers library. The parsing of checkpoints fails to validate user-supplied data, causing a deserialization of untrusted data. An attacker can exploit this issue by providing a malicious megatrongpt2 model, resulting in arbitrary code execution in the...

CVE-2025-14922

A flaw was found in Hugging Face Diffusers. This vulnerability allows remote attackers to execute arbitrary code on affected installations. Exploitation requires user interaction, where a target must visit a malicious page or open a malicious file. The issue stems from improper validation of...

EUVD-2023-60294

In the Linux kernel, the following vulnerability has been resolved: f2fs: Fix system crash due to lack of free space in LFS When f2fs tries to checkpoint during foreground gc in LFS mode, system crash occurs due to lack of free space if the amount of dirty node and dentry pages generated by data...

CVE-2023-54151

In the Linux kernel, the following vulnerability has been resolved: f2fs: Fix system crash due to lack of free space in LFS When f2fs tries to checkpoint during foreground gc in LFS mode, system crash occurs due to lack of free space if the amount of dirty node and dentry pages generated by data...

CVE-2023-54151

In the Linux kernel, the following vulnerability has been resolved: f2fs: Fix system crash due to lack of free space in LFS When f2fs tries to checkpoint during foreground gc in LFS mode, system crash occurs due to lack of free space if the amount of dirty node and dentry pages generated by data...

CVE-2023-54151

The CVE-2023-54151 entries describe a Linux kernel vulnerability in f2fs where a system crash could occur during foreground garbage collection in LFS mode if free space is exhausted during data migration/checkpoint. The issue arises when the number of dirty node/dentry pages exceeds available spa...

CVE-2023-54151 f2fs: Fix system crash due to lack of free space in LFS

In the Linux kernel, the following vulnerability has been resolved: f2fs: Fix system crash due to lack of free space in LFS When f2fs tries to checkpoint during foreground gc in LFS mode, system crash occurs due to lack of free space if the amount of dirty node and dentry pages generated by data...

CVE-2023-54124

CVE-2023-54124 relates to the Linux kernel f2fs subsystem. The issue occurs during unmount when cp_error is set: f2fs_wait_on_all_pages() may stop waiting for all F2FS_WB_CP_DATA pages to be writebacked, leaving fsync_node_num non-zero and triggering a kernel BUG in fs/f2fs/super.c:1627. The docu...

EUVD-2025-204969

Tencent TFace restorecheckpoint Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent TFace. User interaction is required to exploit this vulnerability in that the target mus...

EUVD-2025-204972

Tencent NeuralNLP-NeuralClassifier loadcheckpoint Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent NeuralNLP-NeuralClassifier. User interaction is required to exploit th...

PT-2025-53228

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the f2fs filesystem. When f2fs attempts to checkpoint during foreground garbage collection gc in Log-structured filesystem LFS mode, a system cras...