CVE-2023-53986 mips: bmips: BCM6358: disable RAC flush for TP1

In the Linux kernel, the following vulnerability has been resolved: mips: bmips: BCM6358: disable RAC flush for TP1 RAC flush causes kernel panics on BCM6358 with EHCI/OHCI when booting from TP1: 3.881739 usb 1-1: new high-speed USB device number 2 using ehci-platform 3.895011 Reserved instructio...

CLSA-2025-1766567499 Fix CVE(s): CVE-2020-1472

SECURITY UPDATE: elevation of privilege vulnerability - debian/patches/CVE-2020-1472.patch: fix vulnerability when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol MS-NRPC - CVE-2020-1472...

firmware: stratix10-svc: fix bug in saving controller data

...

PT-2025-53182

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains an issue within the CAN Controller Area Network subsystem, specifically in the isotp bind function. A missing check allows bindings with address families other...

PT-2025-53024

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw related to the Advanced Programmable Interrupt Controller APIC. The APIC supports legacy APIC xAPIC and Extended APIC x2APIC modes. A new feature allows...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an uninstall interrupt that may cause a null pointer dereference when the DPU controller is not used or was...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from premature initialization of the GPIO controller, which could lead to a race condition...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the rtl8xxxu driver not properly handling C2H messages, which could lead to a memory leak...

PT-2025-53215

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel’s DRM/MSM subsystem where a null pointer dereference can occur during IRQ uninstallation. This happens when early initialization errors occur on platfor...

📄 HP ProCurve SNAC Domain Controller Shell Upload

This proof of concept exploits a PHP code injection vulnerability in the HP ProCurve SNAC Domain Controller. ============================================================================================================================================= | Title : HP ProCurve SNAC Domain Controller P...

PT-2025-52995

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel's Bluetooth implementation within the hci conn component. Specifically, the hci connect sco and hci connect cis functions were returning NULL when a lin...

PT-2025-53135

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The mmc add host function may return an error. Ignoring this return value can lead to a memory leak because memory allocated in mmc alloc host is not freed. This can cause a kernel crash...

📄 Crafty Controller 4.6.1 Remote Code Execution / Server-Side Template Injection

Crafty Controller version 4.6.1 allows authenticated remote attackers to execute arbitrary system commands on the target server through server-side template injection the webhook configuration feature...

UBUNTU-CVE-2025-68328

In the Linux kernel, the following vulnerability has been resolved: firmware: stratix10-svc: fix bug in saving controller data Fix the incorrect usage of platformsetdrvdata and devsetdrvdata. They both are of the same data and overrides each other. This resulted in the rmmod of the svc driver to...

CVE-2025-68334

The CVE-2025-68334 entry describes a Linux kernel issue in platform/x86/amd/pmc related to Van Gogh SoC support. The root cause is a missing handler for the Xbox Ally/Van Gogh-like suspend path, which prevents proper S3/S0ix transitions and leads to the AMD GPU driver crash during resume due to a...

CVE-2025-68334 platform/x86/amd/pmc: Add support for Van Gogh SoC

In the Linux kernel, the following vulnerability has been resolved: platform/x86/amd/pmc: Add support for Van Gogh SoC The ROG Xbox Ally non-X SoC features a similar architecture to the Steam Deck. While the Steam Deck supports S3 s2idle causes a crash, this support was dropped by the Xbox Ally...

CVE-2025-68328

CVE-2025-68328 relates to the Linux kernel Stratix10 SVC firmware: a bug in saving controller data caused by incorrect use of platform_set_drvdata and dev_set_drvdata, which can result in rmmod failing and a kernel panic during kthread_stop and fifo free. The issue has been addressed in the SUSE/...

kernel: can: j1939: implement NETDEV_UNREGISTER notification handler

A flaw was discovered in the J1939 protocol implementation in the Linux kernel. The NETDEVUNREGISTER notification handler was missing for undoing changes performed by j1939skbind. As a result, an extra reference remains on the j1939priv structure when unregistering a network device, preventing it...

PT-2025-52688

Name of the Vulnerable Software and Affected Versions youlai-boot version 2.21.1 Description The software contains an authorization bypass due to incorrect access control. The importUsers function within the SysUserController.java component does not verify the permissions of the current user. Thi...

CVE-2025-66736

youlai-boot V2.21.1 is vulnerable to Incorrect Access Control. The importUsers function in SysUserController.java does not perform a permission check on the current user's identity, which may allow regular users to import user data into the database, resulting in an authorization bypass...