1286 matches found
RustCrypto Utilities cmov: `thumbv6m-none-eabi` compiler emits non-constant time assembly when using `cmovnz`
Summary thumbv6m-none-eabi Cortex M0, M0+ and M1 compiler emits non-constant time assembly when using cmovnz portable version. I did not found any other target with the same behaviour but I did not go through all targets supported by Rust. Details It seems that, during mask computation, an LLVM...
GHSA-2GQC-6J2Q-83QP RustCrypto Utilities cmov: `thumbv6m-none-eabi` compiler emits non-constant time assembly when using `cmovnz`
Summary thumbv6m-none-eabi Cortex M0, M0+ and M1 compiler emits non-constant time assembly when using cmovnz portable version. I did not found any other target with the same behaviour but I did not go through all targets supported by Rust. Details It seems that, during mask computation, an LLVM...
CVE-2025-68780
A scheduling flaw was found in the Linux kernel's SCHEDDEADLINE implementation. The cpudlclear function can incorrectly set the freecpus bit for an offline CPU. This causes deadline tasks to be pushed to powered-down CPUs, where they cannot execute, resulting in task starvation for SCHEDDEADLINE...
SUSE CVE-2025-68780
In the Linux kernel, the following vulnerability has been resolved: sched/deadline: only set freecpus for online runqueues Commit 16b269436b72 "sched/deadline: Modify cpudl::freecpus to reflect rd-online" introduced the cpudlset/clearfreecpu functions to allow the cpudl::freecpus mask to be...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002230)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002230 advisory. fs/namespace.c in the Linux kernel through 3.16.1 does not properly restrict clearing MNTNODEV, MNTNOSUID, and MNTNOEXEC and changing MNTATIMEMASK during a remount o...
Tenda M3 /goform/setInternetLanInfo File Heap Buffer Overflow Vulnerability
Tenda M3 is a wireless controller AC from Tenda, which is aimed at scenarios such as hotel chains, low-star hotels and small and medium-sized businesses. Tenda M3 heap buffer overflow vulnerability exists, the vulnerability stems from the file / goform / setInternetLanInfo function...
CVE-2025-68780
In the Linux kernel, the following vulnerability has been resolved: sched/deadline: only set freecpus for online runqueues Commit 16b269436b72 "sched/deadline: Modify cpudl::freecpus to reflect rd-online" introduced the cpudlset/clearfreecpu functions to allow the cpudl::freecpus mask to be...
AZL-74495 CVE-2025-68780 affecting package kernel for versions less than 6.6.121.1-1
In the Linux kernel, the following vulnerability has been resolved: sched/deadline: only set freecpus for online runqueues Commit 16b269436b72 "sched/deadline: Modify cpudl::freecpus to reflect rd-online" introduced the cpudlset/clearfreecpu functions to allow the cpudl::freecpus mask to be...
CVE-2025-68780
In the Linux kernel, the following vulnerability has been resolved: sched/deadline: only set freecpus for online runqueues Commit 16b269436b72 "sched/deadline: Modify cpudl::freecpus to reflect rd-online" introduced the cpudlset/clearfreecpu functions to allow the cpudl::freecpus mask to be...
UBUNTU-CVE-2025-68780
In the Linux kernel, the following vulnerability has been resolved: sched/deadline: only set freecpus for online runqueues Commit 16b269436b72 "sched/deadline: Modify cpudl::freecpus to reflect rd-online" introduced the cpudlset/clearfreecpu functions to allow the cpudl::freecpus mask to be...
CVE-2025-68780
In the Linux kernel, the following vulnerability has been resolved: sched/deadline: only set freecpus for online runqueues Commit 16b269436b72 "sched/deadline: Modify cpudl::freecpus to reflect rd-online" introduced the cpudlset/clearfreecpu functions to allow the cpudl::freecpus mask to be...
CVE-2025-68780
The CVE-2025-68780 entry concerns the Linux kernel scheduler (sched/deadline). A bug in the deadline runqueue cpudl_free_cpus mask could mark a CPU as online when its runqueue was offline, potentially leaving a deadline task to the powered‑down CPU after migration or unplugging from the default r...
CVE-2025-68780 sched/deadline: only set free_cpus for online runqueues
In the Linux kernel, the following vulnerability has been resolved: sched/deadline: only set freecpus for online runqueues Commit 16b269436b72 "sched/deadline: Modify cpudl::freecpus to reflect rd-online" introduced the cpudlset/clearfreecpu functions to allow the cpudl::freecpus mask to be...
CVE-2025-68780 sched/deadline: only set free_cpus for online runqueues
In the Linux kernel, the following vulnerability has been resolved: sched/deadline: only set freecpus for online runqueues Commit 16b269436b72 "sched/deadline: Modify cpudl::freecpus to reflect rd-online" introduced the cpudlset/clearfreecpu functions to allow the cpudl::freecpus mask to be...
Astra Linux – Vulnerability found in Linux 6.12, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: net: usb: asixdevices: The PHY address mask in MDIO bus initialization was corrected. Syzbot reported a shift-out-of-bounds exception during MDIO bus initialization. The PHY address should be masked to 5 bits 0-31. Without this...
Astra Linux - уязвимость в linux-6.12
In the Linux kernel, the following vulnerability has been resolved: pagepool: Fix PPMAGICMASK to avoid crashing on some 32-bit arches Helge reported that the introduction of PPMAGICMASK let to crashes on boot on his 32-bit parisc machine. The cause of this is the mask is set too wide, so the...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: uiohvgeneric: Let userspace handle the interrupt mask. The logic for setting the interrupt mask by default in uiohvgeneric driver has been removed. The interrupt mask value should be completely controlled by the user space. If th...
CVE-2023-25124
Multiple buffer overflow vulnerabilities exist in the vtyshubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these...
CVE-2023-25103
Multiple buffer overflow vulnerabilities exist in the vtyshubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these...
CVE-2023-25112
Multiple buffer overflow vulnerabilities exist in the vtyshubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these...