CVE-2025-40330 bnxt_en: Shutdown FW DMA in bnxt_shutdown()

In the Linux kernel, the following vulnerability has been resolved: bnxten: Shutdown FW DMA in bnxtshutdown The netifclose call in bnxtshutdown only stops packet DMA. There may be FW DMA for trace logging recently added that will continue. If we kexec to a new kernel, the DMA will corrupt memory ...

CVE-2025-40330 bnxt_en: Shutdown FW DMA in bnxt_shutdown()

In the Linux kernel, the following vulnerability has been resolved: bnxten: Shutdown FW DMA in bnxtshutdown The netifclose call in bnxtshutdown only stops packet DMA. There may be FW DMA for trace logging recently added that will continue. If we kexec to a new kernel, the DMA will corrupt memory ...

EUVD-2022-55709

In the Linux kernel, the following vulnerability has been resolved: RISC-V: Make port I/O string accessors actually work Fix port I/O string accessors such as insb', outsb', etc. which use the physical PCI port I/O address rather than the corresponding memory mapping to get at the requested...

CVE-2022-50647

In the Linux kernel, the following vulnerability has been resolved: RISC-V: Make port I/O string accessors actually work Fix port I/O string accessors such as insb', outsb', etc. which use the physical PCI port I/O address rather than the corresponding memory mapping to get at the requested...

DEBIAN-CVE-2022-50647

In the Linux kernel, the following vulnerability has been resolved: RISC-V: Make port I/O string accessors actually work Fix port I/O string accessors such as insb', outsb', etc. which use the physical PCI port I/O address rather than the corresponding memory mapping to get at the requested...

PCI-SIG PCI Express Integrity and Data Encryption 安全漏洞

PCI-SIG PCI Express Integrity and Data Encryption is a data encryption software from PCI-SIG, USA. A security vulnerability exists in PCI-SIG PCI Express Integrity and Data Encryption that stems from insufficient guidance for label reuse after a completion timeout, which could result in multiple...

PT-2025-50219

An issue was discovered in the PCI Express PCIe Integrity and Data Encryption IDE specification, where insufficient guidance on re-keying and stream flushing during device rebinding may allow stale write transactions from a previous security context to be processed in a new one. This can lead to...

PT-2025-49783

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw where Firmware FW DMA may continue during shutdown, even after packet DMA has been stopped. This occurs because the netif close call within the bnxt...

PT-2025-50217

Name of the Vulnerable Software and Affected Versions PCI Express PCIe Integrity and Data Encryption IDE specification affected versions not specified Description The PCI Express PCIe Integrity and Data Encryption IDE specification contains insufficient guidance regarding Transaction Layer Packet...

PCI-SIG PCI Express Integrity and Data Encryption 安全漏洞

PCI-SIG PCI Express Integrity and Data Encryption is a data encryption software from PCI-SIG, USA. A security vulnerability exists in PCI-SIG PCI Express Integrity and Data Encryption that stems from insufficient re-keying and stream refresh guidance during device rebinding, which could result in...

PT-2025-49627

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.0.0-rc2-00283-g10d4879f9ef0-dirty Description The Linux kernel had an issue where port I/O string accessors, such as insb and outsb, did not function correctly. These accessors used the physical PCI port I/O...

PCI-SIG PCI Express Integrity and Data Encryption 安全漏洞

PCI-SIG PCI Express Integrity and Data Encryption is a data encryption software from PCI-SIG, USA. A security vulnerability exists in PCI-SIG PCI Express Integrity and Data Encryption that stems from insufficient guidance on packet ordering and label uniqueness at the transaction layer, which cou...

Vulnerabilities identified in PCIe Integrity and Data Encryption (IDE) protocol specification

Overview PCI Express Integrity and Data Encryption PCIe IDE, introduced in the PCIe 6.0 standard, provides link-level encryption and integrity protection for data transferred across PCIe connections. Several issues were identified in the IDE specification that could allow an attacker with local...

Intel® Xeon® 6 Processors with P-cores with Intel® TDX Connect Advisory

Summary: Potential security vulnerabilities for the Intel® Xeon® 6 Processors with P-cores with Intel® Trust Domain Extensions Connect Intel® TDX Connect may allow information disclosure or escalation of privilege. Intel is releasing guidance to address these potential vulnerabilities...

EUVD-2025-201549

Malicious code in express-my-error-handler npm...

Malicious code in express-my-error-handler (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a0f2d01a1484943569d365369896d46ee7229516152d056b0403048a740e7bcc The package express-my-error-handler was found to contain malicious code. Source: ghsa-malware...

MAL-2025-192350 Malicious code in express-my-error-handler (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a0f2d01a1484943569d365369896d46ee7229516152d056b0403048a740e7bcc The package express-my-error-handler was found to contain malicious code. Source: ghsa-malware...

CVE-2025-11379

The WebP Express plugin for WordPress is vulnerable to information exposure via config files in all versions up to, and including, 0.25.9. This is due to the plugin not properly randomizing the name of the config file to prevent direct access on NGINX. This makes it possible for unauthenticated...

CVE-2025-40219

In the Linux kernel, the following vulnerability has been resolved: PCI/IOV: Fix race between SR-IOV enable/disable and hotplug Commit 05703271c3cd "PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV" tried to fix a race between the VF removal inside sriovdelvfs and concurrent...

CVE-2025-11379

The WebP Express plugin for WordPress is vulnerable to information exposure via config files in all versions up to, and including, 0.25.9. This is due to the plugin not properly randomizing the name of the config file to prevent direct access on NGINX. This makes it possible for unauthenticated...