CVE-2022-50008 kprobes: don't call disarm_kprobe() for disabled kprobes

In the Linux kernel, the following vulnerability has been resolved: kprobes: don't call disarmkprobe for disabled kprobes The assumption in disablekprobe is wrong, and it could try to disarm an already disarmed kprobe and fire the WARNONCE below. 0 We can easily reproduce this issue. 1. Write 0 t...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an unset timeout flag, which could lead to an infinite loop...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: pagepool: Avoid infinite loops when scheduling delayed workers. We noticed that the kworker in pagepoolreleaseretry was waking up repeatedly and infinitely in production. This issue was caused by a buggy driver, which resulted in...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: netsched: hfsc: Address reentrant enqueue adding class to eltree twice Savino says: “We are writing to report that this recent patch 141d34391abbb315d68556b7c67ad97885407547 1 can be bypassed, and a UAF can still occur when HFSC ...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: exfat: Fixed the infinite loop in exfatreaddir. If the file system is corrupted in such a way that a cluster links itself to another cluster in the cluster chain, and there is an unused directory entry in the cluster, the variabl...

TencentOS Server 3: libxml2 (TSSA-2022:0018)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2022:0018 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

TencentOS Server 4: python-zipp (TSSA-2024:1069)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:1069 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

BIT-GITLAB-2025-0673 Loop with Unreachable Exit Condition ('Infinite Loop') in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 17.7 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2, allow an attacker to trigger an infinite redirect loop, potentially leading to a denial of service condition...

Security Bulletin: Multiple vulnerabilities affect IBM Db2® on Cloud Pak for Data, and Db2 Warehouse on Cloud Pak for Data

Summary IBM has released the below fix for IBM Db2® on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data in response to multiple vulnerabilities found in multiple components. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details...

CVE-2025-0673 Loop with Unreachable Exit Condition ('Infinite Loop') in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 17.7 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2, allow an attacker to trigger an infinite redirect loop, potentially leading to a denial of service condition...

CVE-2025-0673 Loop with Unreachable Exit Condition ('Infinite Loop') in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 17.7 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2, allow an attacker to trigger an infinite redirect loop, potentially leading to a denial of service condition...

CVE-2025-30145 GeoServer has an Infinite Loop Vulnerability in Jiffle process

GeoServer is an open source server that allows users to share and edit geospatial data. Malicious Jiffle scripts can be executed by GeoServer, either as a rendering transformation in WMS dynamic styles or as a WPS process, that can enter an infinite loop to trigger denial of service. This...

CVE-2025-30145 GeoServer has an Infinite Loop Vulnerability in Jiffle process

GeoServer is an open source server that allows users to share and edit geospatial data. Malicious Jiffle scripts can be executed by GeoServer, either as a rendering transformation in WMS dynamic styles or as a WPS process, that can enter an infinite loop to trigger denial of service. This...

BIT-MARIADB-MIN-2022-0778 Infinite loop in BN_mod_sqrt() reachable when parsing certificates

The BNmodsqrt function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a...

CVE-2025-5399

Due to a mistake in libcurl's WebSocket code, a malicious server can send a particularly crafted packet which makes libcurl get trapped in an endless busy-loop. There is no other way for the application to escape or exit this loop other than killing the thread/process. This might be used to DoS...

DEBIAN-CVE-2025-38001

In the Linux kernel, the following vulnerability has been resolved: netsched: hfsc: Address reentrant enqueue adding class to eltree twice Savino says: "We are writing to report that this recent patch 141d34391abbb315d68556b7c67ad97885407547 1 can be bypassed, and a UAF can still occur when HFSC ...

CVE-2025-38001 net_sched: hfsc: Address reentrant enqueue adding class to eltree twice

In the Linux kernel, the following vulnerability has been resolved: netsched: hfsc: Address reentrant enqueue adding class to eltree twice Savino says: "We are writing to report that this recent patch 141d34391abbb315d68556b7c67ad97885407547 1 can be bypassed, and a UAF can still occur when HFSC ...

CVE-2025-38001 net_sched: hfsc: Address reentrant enqueue adding class to eltree twice

In the Linux kernel, the following vulnerability has been resolved: netsched: hfsc: Address reentrant enqueue adding class to eltree twice Savino says: "We are writing to report that this recent patch 141d34391abbb315d68556b7c67ad97885407547 1 can be bypassed, and a UAF can still occur when HFSC ...

CVE-2025-38001

The CVE-2025-38001 issue is in the Linux kernel HFSC scheduler under net_sched. The vulnerability permits bypassing the patch in hfsc_enqueue (HFSC_RSC path) and allows inserting the same class twice into the eltree, which can lead to a UAF when HFSC is used with NETEM and may cause an infinite l...

[ASA-202506-2] curl: denial of service

Arch Linux Security Advisory ASA-202506-2 ========================================= Severity: Low Date : 2025-06-05 CVE-ID : CVE-2025-5399 Package : curl Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-2895 Summary ======= The package curl before version 8.14.1-1 i...