CVE-2025-40303

CVE-2025-40303 is a Linux kernel btrfs issue resolved by ensuring no dirty metadata is written back when the filesystem is in an error state. The root cause was that, after an error is detected, some metadata modifications remained in the btrie inode page cache and could be written back during ip...

Infinera MTC-9 安全漏洞

Infinera MTC-9 is a modular controller from Infinera USA. A security vulnerability exists in Infinera MTC-9 version R22.1.1.0275 through versions prior to R23.0, which stems from a misconfiguration of the SSH service that could result in the execution of arbitrary commands and access to file syst...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: crypto: essiv - Check ssize for decryption and in-place encryption CVE-2025-40019 In the Linux kernel, the following vulnerability has been resolved: mm/ksm: fix flag-dropping behavior in ksmmadvise CVE-2025-40040...

PT-2025-49481

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the CIFS implementation related to the TCP Server Info::hostname component. Specifically, the hostname may be updated during reconnect attempts,...

PT-2025-49452

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Network File System Daemon NFSD component of the Linux kernel. Specifically, a crash can occur within the nfsd4 read release function when tracing is enabled,...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from a failure to check the state of the read-only file system, which could lead to a null pointer dereference...

Ubuntu: Security Advisory (USN-7911-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2025-49453

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel’s Network File System Daemon NFSD does not properly handle requests for new time deleg FATTR4 attributes introduced in newer NFS specifications. Specifically, NFSv4...

CVE-2025-40289

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: hide VRAM sysfs attributes on GPUs without VRAM Otherwise accessing them can cause a crash...

CVE-2025-40287

In the Linux kernel, the following vulnerability has been resolved: exfat: fix improper check of dentry.stream.validsize We found an infinite loop bug in the exFAT file system that can lead to a Denial-of-Service DoS condition. When a dentry in an exFAT filesystem is malformed, the following syst...

CVE-2025-40273

In the Linux kernel, the following vulnerability has been resolved: NFSD: free copynotify stateid in nfs4freeolstateid Typically copynotify stateid is freed either when parent's stateid is being close/freed or in nfsd4laundromat if the stateid hasn't been used in a lease period. However, in case...

CVE-2025-40287

In the Linux kernel, the following vulnerability has been resolved: exfat: fix improper check of dentry.stream.validsize We found an infinite loop bug in the exFAT file system that can lead to a Denial-of-Service DoS condition. When a dentry in an exFAT filesystem is malformed, the following syst...

CVE-2025-40273

The CVE-2025-40273 issue is in the Linux kernel NFSD state handling: when an OPEN creates a parent stateid, followed by COPY_NOTIFY and a client reboot, previous state expiry could leave a copynotify stateid attached to a freed parent. The patch fixes this by freeing the associated copynotify sta...

ocfs2: clear extent cache after moving/defragmenting extents

...

hfs: fix KMSAN uninit-value issue in hfs_find_set_zero_bits()

...

gfs2: Fix unlikely race in gdlm_put_lock

...

SUSE CVE-2025-40220

In the Linux kernel, the following vulnerability has been resolved: fuse: fix livelock in synchronous file put from fuseblk workers I observed a hang when running generic/323 against a fuseblk server. This test opens a file, initiates a lot of AIO writes to that file descriptor, and closes the fi...

PT-2025-49374

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the NFS daemon NFSD related to the handling of copynotify stateids. Specifically, the issue arises when a client reboots after establishing an OPE...

CVE-2025-65878

The warehouse management system version 1.2 contains an arbitrary file read vulnerability. The endpoint /file/showImageByPath does not sanitize user-controlled path parameters. An attacker could exploit directory traversal to read arbitrary files on the server's file system. This could lead to th...

CVE-2025-40235

In the Linux kernel, the following vulnerability has been resolved: btrfs: directly free partially initialized fsinfo in btrfscheckleakedroots If fsinfo-supercopy or fsinfo-superforcommit allocated failed in btrfsgettreesubvol, then no need to call btrfsfreefsinfo. Otherwise btrfscheckleakedroots...