CVE-2023-53332 genirq/ipi: Fix NULL pointer deref in irq_data_get_affinity_mask()

In the Linux kernel, the following vulnerability has been resolved: genirq/ipi: Fix NULL pointer deref in irqdatagetaffinitymask If ipisendmask|single is called with an invalid interrupt number, all the local variables there will be NULL. ipisendverify which is invoked from these functions does...

CVE-2023-53332 genirq/ipi: Fix NULL pointer deref in irq_data_get_affinity_mask()

In the Linux kernel, the following vulnerability has been resolved: genirq/ipi: Fix NULL pointer deref in irqdatagetaffinitymask If ipisendmask|single is called with an invalid interrupt number, all the local variables there will be NULL. ipisendverify which is invoked from these functions does...

CVE-2023-53332 genirq/ipi: Fix NULL pointer deref in irq_data_get_affinity_mask()

In the Linux kernel, the following vulnerability has been resolved: genirq/ipi: Fix NULL pointer deref in irqdatagetaffinitymask If ipisendmask|single is called with an invalid interrupt number, all the local variables there will be NULL. ipisendverify which is invoked from these functions does...

CVE-2023-53332

CVE-2023-53332: In the Linux kernel, a missing NULL pointer check in ipi_send_verify() can allow NULL dereference in irq_data_get_affinity_mask() when ipi_send_{mask|single}() is called with an invalid interrupt number, causing a kernel oops. The fix adds the NULL pointer check in ipi_send_verify...

CVE-2023-53304

CVE-2023-53304 concerns the Linux kernel netfilter nft_set_rbtree code. The advisory describes three concrete issues resolved by patching: 1) a lazy garbage-collection on insert that may fail to release the other half of an interval, impacting interval timing expiration walks; 2) incorrect use of...

EulerOS 2.0 SP13 : kernel (EulerOS-SA-2025-2134)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : x86/fpu: KVM: Set the base guest FPU uABI size to sizeofstruct kvmxsave.CVE-2022-49557 A cross-privilege Spectre v2 vulnerability allows attackers...

Linux Distros Unpatched Vulnerability : CVE-2025-10148

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the specification says. Instead it used a fixed mask that persisted...

RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask()

...

CVE-2025-10148

curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the specification says. Instead it used a fixed mask that persisted and was used throughout the entire connection. A predictable mask pattern allows for a malicious server to induce traffic between the two...

DEBIAN-CVE-2025-10148

curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the specification says. Instead it used a fixed mask that persisted and was used throughout the entire connection. A predictable mask pattern allows for a malicious server to induce traffic between the two...

AZL-67082 CVE-2025-10148 affecting package curl for versions less than 8.11.1-4

curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the specification says. Instead it used a fixed mask that persisted and was used throughout the entire connection. A predictable mask pattern allows for a malicious server to induce traffic between the two...

ALPINE-CVE-2025-10148

curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the specification says. Instead it used a fixed mask that persisted and was used throughout the entire connection. A predictable mask pattern allows for a malicious server to induce traffic between the two...

CVE-2025-10148

curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the specification says. Instead it used a fixed mask that persisted and was used throughout the entire connection. A predictable mask pattern allows for a malicious server to induce traffic between the two...

AZL-67272 CVE-2025-10148 affecting package curl for versions less than 8.8.0-7

curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the specification says. Instead it used a fixed mask that persisted and was used throughout the entire connection. A predictable mask pattern allows for a malicious server to induce traffic between the two...

UBUNTU-CVE-2025-10148

curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the specification says. Instead it used a fixed mask that persisted and was used throughout the entire connection. A predictable mask pattern allows for a malicious server to induce traffic between the two...

Generation of Predictable Numbers or Identifiers

Overview curl is a command line tool and library for transferring data with URL syntax, supporting DICT, FILE, FTP, FTPS, GOPHER, GOPHERS, HTTP, HTTPS, IMAP, IMAPS, LDAP, LDAPS, MQTT, POP3, POP3S, RTMP, RTMPS, RTSP, SCP, SFTP, SMB, SMBS, SMTP, SMTPS, TELNET and TFTP. libcurl offers a myriad of...

Generation of Predictable Numbers or Identifiers

Overview Affected versions of this package are vulnerable to Generation of Predictable Numbers or Identifiers via the websocket component due to using a fixed 32 bit mask that persisted and was used throughout the entire connection instead of updating it for each new outgoing frame as the...

CVE-2025-10148

curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the specification says. Instead it used a fixed mask that persisted and was used throughout the entire connection. A predictable mask pattern allows for a malicious server to induce traffic between the two...

CVE-2025-10148 predictable WebSocket mask

curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the specification says. Instead it used a fixed mask that persisted and was used throughout the entire connection. A predictable mask pattern allows for a malicious server to induce traffic between the two...

CVE-2025-10148 predictable WebSocket mask

curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the specification says. Instead it used a fixed mask that persisted and was used throughout the entire connection. A predictable mask pattern allows for a malicious server to induce traffic between the two...