CVE-2024-38327 IBM Analytics Content Hub information disclosure

IBM Analytics Content Hub 2.0, 2.1, 2.2, and 2.3 is vulnerable to information exposure and further attacks due to an exposed JavaScript source map which could assist an attacker to read and debug JavaScript used in the application's API...

CVE-2024-38327

CVE-2024-38327 affects IBM Analytics Content Hub (versions 2.0–2.3). Affected component is the exposed JavaScript source map, which can enable information disclosure and potentially aid attacks by reading/debugging the API’s JavaScript. The reported impact is information exposure with potential f...

AZL-64889 CVE-2025-38333 affecting package kernel 6.6.126.1-1

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to bail out in getnewsegment ------------ cut here ------------ WARNING: CPU: 3 PID: 579 at fs/f2fs/segment.c:2832 newcurseg+0x5e8/0x6dc pc : newcurseg+0x5e8/0x6dc Call trace: newcurseg+0x5e8/0x6dc...

UBUNTU-CVE-2025-38341

In the Linux kernel, the following vulnerability has been resolved: eth: fbnic: avoid double free when failing to DMA-map FW msg The semantics are that caller of fbnicmbxmapmsg retains the ownership of the message on error. All existing callers dutifully free the page...

CVE-2025-38341 eth: fbnic: avoid double free when failing to DMA-map FW msg

In the Linux kernel, the following vulnerability has been resolved: eth: fbnic: avoid double free when failing to DMA-map FW msg The semantics are that caller of fbnicmbxmapmsg retains the ownership of the message on error. All existing callers dutifully free the page...

CVE-2025-38341 eth: fbnic: avoid double free when failing to DMA-map FW msg

In the Linux kernel, the following vulnerability has been resolved: eth: fbnic: avoid double free when failing to DMA-map FW msg The semantics are that caller of fbnicmbxmapmsg retains the ownership of the message on error. All existing callers dutifully free the page...

PT-2025-29055

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The Linux kernel contains a flaw within the get new segment function in the f2fs filesystem. The function may detect an inconsistent status between free segment map and free section ma...

Security Bulletin: IBM Analytics Content Hub is affected by security vulnerabilities

Summary There are vulnerabilities in multiple Open Source Software OSS components consumed by IBM Analytics Content Hub. Additionally, IBM Analytics Content Hub is vulnerable to Unrestricted File Upload, Information Disclosure, Java Source Map and Verbose Messaging vulnerabilities. This Security...

kernel: xsk: fix OOB map writes when deleting elements

In the Linux kernel, the following vulnerability has been resolved: xsk: fix OOB map writes when deleting elements Jordy says: " In the xskmapdeleteelem function an unsigned integer map-maxentries is compared with a user-controlled signed integer k. Due to implicit type conversion, a large unsign...

CVE-2025-38247 userns and mnt_idmap leak in open_tree_attr(2)

In the Linux kernel, the following vulnerability has been resolved: userns and mntidmap leak in opentreeattr2 Once wantmountsetattr has returned a positive, it does require finishmountkattr to release -mntuserns. Failing domountsetattr does not change that. As the result, we can end up leaking...

CVE-2025-38247

CVE-2025-38247 concerns the Linux kernel: a leak of user namespaces and possibly mnt_idmap in open_tree_attr(2) due to not releasing ->mnt_userns after a positive result from want_mount_setattr(). The root cause is that finish_mount_kattr() must release the namespace, and if do_mount_setattr()...

PT-2025-29095 · Ibm · Ibm Analytics Content Hub

Name of the Vulnerable Software and Affected Versions: IBM Analytics Content Hub versions 2.0 through 2.3 Description: IBM Analytics Content Hub is susceptible to information disclosure and potential further attacks due to an exposed JavaScript source map. This exposure could allow an attacker to...

kernel: xsk: fix OOB map writes when deleting elements

In the Linux kernel, the following vulnerability has been resolved: xsk: fix OOB map writes when deleting elements Jordy says: " In the xskmapdeleteelem function an unsigned integer map-maxentries is compared with a user-controlled signed integer k. Due to implicit type conversion, a large unsign...

kernel: bpf: fix OOB devmap writes when deleting elements

In the Linux kernel, the following vulnerability has been resolved: bpf: fix OOB devmap writes when deleting elements Jordy reported issue against XSKMAP which also applies to DEVMAP - the index used for accessing map entry, due to being a signed integer, causes the OOB writes. Fix is simple as...

kernel: xsk: fix OOB map writes when deleting elements

In the Linux kernel, the following vulnerability has been resolved: xsk: fix OOB map writes when deleting elements Jordy says: " In the xskmapdeleteelem function an unsigned integer map-maxentries is compared with a user-controlled signed integer k. Due to implicit type conversion, a large unsign...

The vulnerability in the bloom_filter.c and bloom_filter_map.c components of the Linux operating system’s kernel allows a hacker to cause a service failure.

The vulnerability in the bloomfilter.c and bloomfiltermap.c components of the Linux operating system is related to errors during resource release. Exploiting this vulnerability can allow an attacker to cause a service failure...

DEBIAN-CVE-2025-53603

In Alinto SOPE SOGo 2.0.2 through 5.12.2, sope-core/NGExtensions/NGHashMap.m allows a NULL pointer dereference and SOGo crash via a request in which a parameter in the query string is a duplicate of a parameter in the POST body...

SUSE CVE-2025-38202

In the Linux kernel, the following vulnerability has been resolved: bpf: Check rcureadlocktraceheld in bpfmaplookuppercpuelem bpfmaplookuppercpuelem helper is also available for sleepable bpf program. When BPF JIT is disabled or under 32-bit host, bpfmaplookuppercpuelem will not be inlined. Using...

AZL-64698 CVE-2025-38202 affecting package kernel for versions less than 6.6.96.1-1

In the Linux kernel, the following vulnerability has been resolved: bpf: Check rcureadlocktraceheld in bpfmaplookuppercpuelem bpfmaplookuppercpuelem helper is also available for sleepable bpf program. When BPF JIT is disabled or under 32-bit host, bpfmaplookuppercpuelem will not be inlined. Using...

DEBIAN-CVE-2025-38202

In the Linux kernel, the following vulnerability has been resolved: bpf: Check rcureadlocktraceheld in bpfmaplookuppercpuelem bpfmaplookuppercpuelem helper is also available for sleepable bpf program. When BPF JIT is disabled or under 32-bit host, bpfmaplookuppercpuelem will not be inlined. Using...