9063 matches found
CVE-2025-40177 accel/qaic: Fix bootlog initialization ordering
In the Linux kernel, the following vulnerability has been resolved: accel/qaic: Fix bootlog initialization ordering As soon as we queue MHI buffers to receive the bootlog from the device, we could be receiving data. Therefore all the resources needed to process that data need to be setup prior to...
CVE-2025-40177
In the Linux kernel, the following vulnerability has been resolved: accel/qaic: Fix bootlog initialization ordering As soon as we queue MHI buffers to receive the bootlog from the device, we could be receiving data. Therefore all the resources needed to process that data need to be setup prior to...
CVE-2025-40177
In the Linux kernel, CVE-2025-40177 relates to accel/qaic bootlog handling. The vulnerability arises from race conditions between probe() and incoming data when queueing MHI buffers to receive the bootlog; some resources were initialized after queuing, risking page faults if accessed. The fix reo...
CVE-2025-40177 accel/qaic: Fix bootlog initialization ordering
In the Linux kernel, the following vulnerability has been resolved: accel/qaic: Fix bootlog initialization ordering As soon as we queue MHI buffers to receive the bootlog from the device, we could be receiving data. Therefore all the resources needed to process that data need to be setup prior to...
CVE-2025-40147 blk-throttle: fix access race during throttle policy activation
In the Linux kernel, the following vulnerability has been resolved: blk-throttle: fix access race during throttle policy activation On repeated cold boots we occasionally hit a NULL pointer crash in blkshouldthrotl when throttling is consulted before the throttle policy is fully enabled for the...
CVE-2025-40127 hwrng: ks-sa - fix division by zero in ks_sa_rng_init
In the Linux kernel, the following vulnerability has been resolved: hwrng: ks-sa - fix division by zero in kssarnginit Fix division by zero in kssarnginit caused by missing clock pointer initialization. The clkgetrate call is performed on an uninitialized clk pointer, resulting in division by zer...
CVE-2025-40127 hwrng: ks-sa - fix division by zero in ks_sa_rng_init
In the Linux kernel, the following vulnerability has been resolved: hwrng: ks-sa - fix division by zero in kssarnginit Fix division by zero in kssarnginit caused by missing clock pointer initialization. The clkgetrate call is performed on an uninitialized clk pointer, resulting in division by zer...
CVE-2025-40127
CVE-2025-40127 – Linux kernel (hwrng: ks-sa-rng) Root cause: division by zero in ks_sa_rng_init caused by using clk_get_rate() on an uninitialized clk pointer. Impact: division by zero during delay value calculations within the hardware RNG initialization path. Technical detail: A clock is not pr...
CVE-2025-40127
In the Linux kernel, the following vulnerability has been resolved: hwrng: ks-sa - fix division by zero in kssarnginit Fix division by zero in kssarnginit caused by missing clock pointer initialization. The clkgetrate call is performed on an uninitialized clk pointer, resulting in division by zer...
CVE-2025-40119
CVE-2025-40119 affects the Linux kernel ext4 subsystem. The root cause is a potential null dereference in ext4_mb_init() where ext4_mb_avg_fragment_size_destroy() could be invoked with sbi->s_mb_avg_fragment_size uninitialized (e.g., groupinfo slab cache allocation failure), due to missing nul...
CVE-2025-40119
In the Linux kernel, the following vulnerability has been resolved: ext4: fix potential null deref in ext4mbinit In ext4mbinit, ext4mbavgfragmentsizedestroy may be called when sbi-smbavgfragmentsize remains uninitialized e.g., if groupinfo slab cache allocation fails. Since...
CVE-2025-64407 Apache OpenOffice: URL fetching can be used to exfiltrate arbitrary INI file values and environment variables
Apache OpenOffice documents can contain links. A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. Such links could also be used to transmit system information, such as environment variable...
kernel: pstore/ram: Check start of empty przs during init
An out of bounds array vulnerability exists in the linux kernel, such that a missing check on the start field of a PRZ persistent ram zone during initialization leads to damage to the availability and integrity of the system...
kernel: net: sched: sfb: fix null pointer access issue when sfb_init() fails
A null pointer dereference exists in the linux kernel, such that when sfbinit fails qdisc is NULL, and it will cause gpf issue, leading to damage to the availability of the system...
Malicious code in ophiuchus-nconf-init-relay (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6a2cf8d25782cf0be02795f39624b8174d2128655c12d53b293cb8fef2012c45 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
kernel: crypto: seqiv - Handle EBUSY correctly
In the Linux kernel, the following vulnerability has been resolved: crypto: seqiv - Handle EBUSY correctly As it is seqiv only handles the special return value of EINPROGERSS, which means that in all other cases it will free data related to the request. However, as the caller of seqiv may specify...
kernel: crypto: seqiv - Handle EBUSY correctly
In the Linux kernel, the following vulnerability has been resolved: crypto: seqiv - Handle EBUSY correctly As it is seqiv only handles the special return value of EINPROGERSS, which means that in all other cases it will free data related to the request. However, as the caller of seqiv may specify...
kernel: pstore/ram: Check start of empty przs during init
An out of bounds array vulnerability exists in the linux kernel, such that a missing check on the start field of a PRZ persistent ram zone during initialization leads to damage to the availability and integrity of the system...
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-990855)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990855 advisory. In the Linux kernel, the following vulnerability has been resolved: um: line: always fill errorout in setuponeline The pointer isn't initialized by callers, but I ha...
Linux Distros Unpatched Vulnerability : CVE-2025-40147
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - blk-throttle: fix access race during throttle policy activation On repeated cold boots we occasionally hit a NULL pointer crash in blkshouldthrotl when...