CVE-2025-40226

In the Linux kernel, the following vulnerability has been resolved: firmware: armscmi: Account for failed debug initialization When the SCMI debug subsystem fails to initialize, the related debug root will be missing, and the underlying descriptor will be NULL. Handle this fault condition in the...

UBUNTU-CVE-2025-40226

In the Linux kernel, the following vulnerability has been resolved: firmware: armscmi: Account for failed debug initialization When the SCMI debug subsystem fails to initialize, the related debug root will be missing, and the underlying descriptor will be NULL. Handle this fault condition in the...

CVE-2025-40263 Input: cros_ec_keyb - fix an invalid memory access

In the Linux kernel, the following vulnerability has been resolved: Input: croseckeyb - fix an invalid memory access If croseckeybregistermatrix isn't called due to buttonsswitchesonly in croseckeybprobe, ckdev-idev remains NULL. An invalid memory access is observed in croseckeybprocess when...

CVE-2025-40235 btrfs: directly free partially initialized fs_info in btrfs_check_leaked_roots()

In the Linux kernel, the following vulnerability has been resolved: btrfs: directly free partially initialized fsinfo in btrfscheckleakedroots If fsinfo-supercopy or fsinfo-superforcommit allocated failed in btrfsgettreesubvol, then no need to call btrfsfreefsinfo. Otherwise btrfscheckleakedroots...

CVE-2025-40234 platform/x86: alienware-wmi-wmax: Fix NULL pointer dereference in sleep handlers

In the Linux kernel, the following vulnerability has been resolved: platform/x86: alienware-wmi-wmax: Fix NULL pointer dereference in sleep handlers Devices without the AWCC interface don't initialize awcc. Add a check before dereferencing it in sleep handlers...

CVE-2025-40226

CVE-2025-40226: In the Linux kernel, the SCMI firmware debug subsystem may fail to initialize, leaving the debug root missing and the descriptor NULL. The fix adds fault handling in SCMI debug helpers that maintain metrics counters to cope with a NULL descriptor when initialization fails.

EUVD-2025-201233

In the Linux kernel, the following vulnerability has been resolved: firmware: armscmi: Account for failed debug initialization When the SCMI debug subsystem fails to initialize, the related debug root will be missing, and the underlying descriptor will be NULL. Handle this fault condition in the...

CVE-2025-40226 firmware: arm_scmi: Account for failed debug initialization

In the Linux kernel, the following vulnerability has been resolved: firmware: armscmi: Account for failed debug initialization When the SCMI debug subsystem fails to initialize, the related debug root will be missing, and the underlying descriptor will be NULL. Handle this fault condition in the...

CVE-2025-40226

In the Linux kernel, the following vulnerability has been resolved: firmware: armscmi: Account for failed debug initialization When the SCMI debug subsystem fails to initialize, the related debug root will be missing, and the underlying descriptor will be NULL. Handle this fault condition in the...

CVE-2025-40226 firmware: arm_scmi: Account for failed debug initialization

In the Linux kernel, the following vulnerability has been resolved: firmware: armscmi: Account for failed debug initialization When the SCMI debug subsystem fails to initialize, the related debug root will be missing, and the underlying descriptor will be NULL. Handle this fault condition in the...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from an unhandled debugging initialization failure that could lead to a null pointer dereference...

Fedora 43 : unbound (2025-90281e4554)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-90281e4554 advisory. Update to 1.24.2 rhbz2417261 - Additional fix for CVE-2025-11411 https://nlnetlabs.nl/projects/unbound/download/unbound-1-24-2 ---- Do not always initialize...

CLSA-2025-1764696522 libssh: Fix of 2 CVEs

CVE-2025-5372: fix inconsistent return value interpretation in sshkdf function to prevent uninitialized key buffers leading to SSH session compromise - CVE-2025-5987: fix missing error detection in ChaCha20 initialization that could leave cipher context partially uninitialized...

Insecure Default Initialization of Resource

Overview @modelcontextprotocol/sdk is a Model Context Protocol implementation for TypeScript Affected versions of this package are vulnerable to Insecure Default Initialization of Resource via the StreamableHTTPServerTransport or SSEServerTransport process when enableDnsRebindingProtection is not...

CLSA-2025-1764677738 lasso: Fix of CVE-2025-47151

CVE-2025-47151: fix type confusion vulnerability in the lassonodeimplinitfromxml functionality...

CVE-2025-65502

Null pointer dereference in addcacerts in Cesanta Mongoose before 7.2 allows remote attackers to cause a denial of service via TLS initialization where SSLCTXgetcertstore returns NULL...

SUSE-SU-2025:4301-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP6 RT kernel was updated to fix various security issues The following security issues were fixed: - CVE-2025-38008: mm/pagealloc: fix race condition in unaccepted memory handling bsc1244939. - CVE-2025-38539: trace/fgraph: Fix the warning caused by missing unregister...

ROS-20251128-07

Vulnerability of the vhostnewmsg function in the drivers/vhost/vhost.c module of the vhost driver of the Linux kernel is related to incorrect initialization of memory for messages transferred between guests. Linux kernel is related to incorrect memory initialization for messages transferred betwe...

SUSE-SU-2025:4272-1 Security update for gnutls

This update for gnutls fixes the following issues: - CVE-2025-9820: Fixed buffer overflow in gnutlspkcs11tokeninit. bsc1254132...

Security update for gnutls

This update for gnutls fixes the following issues: CVE-2025-9820: Fixed buffer overflow in gnutlspkcs11tokeninit. bsc1254132 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the comman...