CVE-2025-43446

This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1. An app may be able to modify protected parts of the file system...

PT-2025-45062

Name of the Vulnerable Software and Affected Versions Cursor versions 1.7.44 and below Description Cursor, a code editor for programming with AI, has an issue where NTFS path quirks can be exploited by an attacker to bypass file protections and overwrite files that normally require user...

PT-2025-45373

Name of the Vulnerable Software and Affected Versions runc versions 1.0.0-rc3 through 1.2.7 runc versions 1.3.0-rc.1 through 1.3.2 runc versions 1.4.0-rc.1 through 1.4.0-rc.2 Description Insufficient checks when bind-mounting /dev/pts/$n to /dev/console inside a container allow an attacker to tri...

PT-2025-44880

Name of the Vulnerable Software and Affected Versions macOS versions prior to Sonoma 14.8.2 macOS versions prior to Sequoia 15.7.2 Description An application may be able to modify protected parts of the file system due to insufficient validation of symlinks. The issue was addressed with improved...

kernel security update

An update is available for kernel. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel packages contain the Linux kernel, the core of any Linux operating...

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: f2fs: fixed the issue where foreground garbage collection might be triggered during f2fsmapblocks in lfs mode. The issue occurs when the “mode=lfs” mount option is used; this can cause a system panic. ------------ Cut here...

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: gfs2: No more self-recovery. When a node withdraws from the system and it turns out that it is the only node with the filesystem mounted, gfs2 currently attempts to replay the local journal to restore the filesystem to a consiste...

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: sunrpc: Fixing client-side handling of TLS alerts A security exploit was discovered in NFS over TLS in tlsalertrecv. This issue arose due to the assumption that there was valid data within the iterator’s kvec field of the msghdr...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: nfsd: Initialize ssc before laundromatwork to prevent NULL dereference In nfs4statestartnet, laundromatwork may access nfsd4sscexpireumount through nfs4laundromat. If nfsd4ssc is not initialized, this can lead to a NULL pointer...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: jfs: validate AG parameters in dbMount to prevent crashes Validate dbagheight, dbagwidth, and dbagstart in dbMount to catch corrupted metadata early and avoid undefined behavior in dbAllocAG. Limits are derived from L2LPERCTL,...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerabilities have been resolved: NFS: Fixed the filehandle bounds checking in nfsfhtodentry. The function needs to check the minimum filehandle length before it can access the embedded filehandle...

USN-7835-4 linux-hwe-6.8 vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - x86 architecture; - ACPI drivers; - Ublk userspace block driver; -...

USN-7835-4: Linux kernel (HWE) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - x86 architecture; - ACPI drivers; - Ublk userspace block driver; -...

OESA-2025-2555 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: ext4: fix potential out of bound read in ext4fcreplayscan For scan loop must ensure that at least EXT4FCTAGBASELEN space. If remain space less than...

cifs: parse_dfs_referrals: prevent oob on malformed input

...

vfs: Don't leak disconnected dentries on umount

...

btrfs: do not assert we found block group item when creating free space tree

...

NFSD: Define a proc_layoutcommit for the FlexFiles layout type

...

SUSE CVE-2025-40087

In the Linux kernel, the following vulnerability has been resolved: NFSD: Define a proclayoutcommit for the FlexFiles layout type Avoid a crash if a pNFS client should happen to send a LAYOUTCOMMIT operation on a FlexFiles layout...

CVE-2025-54547

On affected platforms, if SSH session multiplexing was configured on the client side, SSH sessions e.g, scp, sftp multiplexed onto the same channel could perform file-system operations after a configured session timeout expired...