Huawei EulerOS: Security Advisory for elfutils (EulerOS-SA-2025-1444)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for elfutils (EulerOS-SA-2025-1473)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: Vulnerability in commons-compress affects IBM Integrated Analytics System (Sailfish) [CVE-2024-25710, CVE-2024-26308]

Summary The commons-compress package is used by IBM Integrated Analytics System . IBM Integrated Analytics System has addressed the applicable CVECVE-2024-25710, CVE-2024-26308. Vulnerability Details CVEID:CVE-2024-25710 DESCRIPTION: Loop with Unreachable Exit Condition 'Infinite Loop'...

commons-compress: Denial of service caused by an infinite loop for a corrupted DUMP file

A loop with an unreachable exit condition Infinite Loop vulnerability was found in Apache Common Compress. This issue can lead to a denial of service...

Unspecified Vulnerability in RT-Labs P-Net

RT-Labs P-Net is an open source PROFINET protocol stack from RT-Labs that enables standard communication between industrial devices and PROFINET controllers. A security vulnerability exists in RT-Labs P-Net version 1.0.1 and prior versions, which stems from an unchecked loop condition that can be...

Alibaba Cloud Linux 3 : 0019: libarchive (ALINUX3-SA-2022:0019)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2022:0019 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2019-1000019: libarchive version commi...

Alibaba Cloud Linux 3 : 0263: perl-Convert-ASN1 (ALINUX3-SA-2024:0263)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2024:0263 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2013-7488: perl-Convert-ASN1 aka the...

Alibaba Cloud Linux 3 : 0083: unbound (ALINUX3-SA-2021:0083)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2021:0083 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2020-12662: Unbound before 1.10.1 has...

Alibaba Cloud Linux 3 : 0205: container-tools:rhel8 (ALINUX3-SA-2024:0205)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2024:0205 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2024-24783: Verifying a certificate...

golang: net: malformed DNS message can cause infinite loop

A flaw was found in the net package of the Go stdlib. When a malformed DNS message is received as a response to a query, the Lookup functions within the net package can get stuck in an infinite loop. This issue can lead to resource exhaustion and denial of service DoS conditions...

kernel: exfat: fix the infinite loop in exfat_readdir()

In the Linux kernel, the following vulnerability has been resolved: exfat: fix the infinite loop in exfatreaddir If the file system is corrupted so that a cluster is linked to itself in the cluster chain, and there is an unused directory entry in the cluster, 'dentry' will not be incremented,...

kernel: mm: vmscan: account for free pages to prevent infinite Loop in throttle_direct_reclaim()

In the Linux kernel, the following vulnerability has been resolved: mm: vmscan: account for free pages to prevent infinite Loop in throttledirectreclaim The task sometimes continues looping in throttledirectreclaim because allowdirectreclaimpgdat keeps returning false. 0 ffff80002cb6f8d0 switchto...

kernel: ext4: fix infinite loop when replaying fast_commit

In the Linux kernel, the following vulnerability has been resolved: ext4: fix infinite loop when replaying fastcommit When doing fastcommit replay an infinite loop may occur due to an uninitialized extentstatus struct. ext4extdetermineinserthole does not detect the replay and calls...

kernel: block: fix integer overflow in BLKSECDISCARD

In the Linux kernel, the following vulnerability has been resolved: block: fix integer overflow in BLKSECDISCARD I independently rediscovered commit 22d24a544b0d49bbcbd61c8c0eaf77d3c9297155 block: fix overflow in blkioctldiscard but for secure erase. Same problem: uint64t r2 = 512,...

kernel: wifi: iwlwifi: mvm: fix 6 GHz scan construction

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: fix 6 GHz scan construction If more than 255 colocated APs exist for the set of all APs found during 2.4/5 GHz scanning, then the 6 GHz scan construction will loop forever since the loop variable has type u8,...

kernel: filemap: Fix bounds checking in filemap_read()

In the Linux kernel, the following vulnerability has been resolved: filemap: Fix bounds checking in filemapread If the caller supplies an iocb-kipos value that is close to the filesystem upper limit, and an iterator with a count that causes us to overflow that limit, then filemapread enters an...

CVE-2025-37859

In the Linux kernel, the following vulnerability has been resolved: pagepool: avoid infinite loop to schedule delayed worker We noticed the kworker in pagepoolreleaseretry was waken up repeatedly and infinitely in production because of the buggy driver causing the inflight less than 0 and warning...

CVE-2025-32399

An Unchecked Input for Loop Condition in RT-Labs P-Net version 1.0.1 or earlier allows an attacker to cause IO devices that use the library to enter an infinite loop by sending a malicious RPC packet...

CVE-2025-37859 page_pool: avoid infinite loop to schedule delayed worker

In the Linux kernel, the following vulnerability has been resolved: pagepool: avoid infinite loop to schedule delayed worker We noticed the kworker in pagepoolreleaseretry was waken up repeatedly and infinitely in production because of the buggy driver causing the inflight less than 0 and warning...

CVE-2025-37859 page_pool: avoid infinite loop to schedule delayed worker

In the Linux kernel, the following vulnerability has been resolved: pagepool: avoid infinite loop to schedule delayed worker We noticed the kworker in pagepoolreleaseretry was waken up repeatedly and infinitely in production because of the buggy driver causing the inflight less than 0 and warning...