CVE-2025-10148

curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the specification says. Instead it used a fixed mask that persisted and was used throughout the entire connection. A predictable mask pattern allows for a malicious server to induce traffic between the two...

CVE-2025-10148

curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the specification says. Instead it used a fixed mask that persisted and was used throughout the entire connection. A predictable mask pattern allows for a malicious server to induce traffic between the two...

SUSE SLES12 Security Update : curl (SUSE-SU-2025:03173-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03173-1 advisory. - CVE-2025-9086: bug in path comparison logic when processing cookies can lead to out-of-bounds read in heap buffer bsc1249191. -...

Curl 8.11.0 < 8.16.0 Predictable WebSocket Mask (CVE-2025-10148)

The version of Curl installed on the remote host is 8.11.0 prior to 8.16.0. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-10148 advisory. - curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the specification says. Instead it...

CVE-2025-39742

In the Linux kernel, the following vulnerability has been resolved: RDMA: hfi1: fix possible divide-by-zero in findhwthreadmask The function divides number of online CPUs by numcoresiblings, and later checks the divider by zero. This implies a possibility to get and divide-by-zero runtime error...

DEBIAN-CVE-2025-39742

In the Linux kernel, the following vulnerability has been resolved: RDMA: hfi1: fix possible divide-by-zero in findhwthreadmask The function divides number of online CPUs by numcoresiblings, and later checks the divider by zero. This implies a possibility to get and divide-by-zero runtime error...

UBUNTU-CVE-2025-39742

In the Linux kernel, the following vulnerability has been resolved: RDMA: hfi1: fix possible divide-by-zero in findhwthreadmask The function divides number of online CPUs by numcoresiblings, and later checks the divider by zero. This implies a possibility to get and divide-by-zero runtime error...

UBUNTU-CVE-2025-39784

In the Linux kernel, the following vulnerability has been resolved: PCI: Fix link speed calculation on retrain failure When pciefailedlinkretrain fails to retrain, it tries to revert to the previous link speed. However it calculates that speed from the Link Control 2 register without masking out...

CVE-2025-39784 PCI: Fix link speed calculation on retrain failure

In the Linux kernel, the following vulnerability has been resolved: PCI: Fix link speed calculation on retrain failure When pciefailedlinkretrain fails to retrain, it tries to revert to the previous link speed. However it calculates that speed from the Link Control 2 register without masking out...

CVE-2025-39784

CVE-2025-39784 is a Linux kernel PCIe issue resolved by masking non-speed bits in PCIE_LNKCTL2_TLS2SPEED() (and PCIE_LNKCAP_SLS2SPEED()) when retraining a PCIe link. The bug caused incorrect speed values to be interpreted from the Link Control 2 register, producing PCI_SPEED_UNKNOWN (0xff) and tr...

CVE-2025-39742

CVE-2025-39742 - RDMA: hfi1 divide-by-zero in find_hw_thread_mask() (Linux kernel) Affects: Linux kernel RDMA hfi1 path; vulnerability arises from dividing the number of online CPUs by num_core_siblings, followed by a zero-division check. Root cause: division performed before validating the divis...

CVE-2025-39742 RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask()

In the Linux kernel, the following vulnerability has been resolved: RDMA: hfi1: fix possible divide-by-zero in findhwthreadmask The function divides number of online CPUs by numcoresiblings, and later checks the divider by zero. This implies a possibility to get and divide-by-zero runtime error...

Security update for curl

This update for curl fixes the following issues: CVE-2025-9086: bug in path comparison logic when processing cookies can lead to out-of-bounds read in heap buffer bsc1249191. CVE-2025-10148: predictable websocket mask can lead to proxy cache poisoning by malicious server bsc1249348. Patch...

SUSE-SU-2025:03173-1 Security update for curl

This update for curl fixes the following issues: - CVE-2025-9086: bug in path comparison logic when processing cookies can lead to out-of-bounds read in heap buffer bsc1249191. - CVE-2025-10148: predictable websocket mask can lead to proxy cache poisoning by malicious server bsc1249348...

predictable WebSocket mask

...

PT-2025-37241

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A flaw exists in the Linux kernel related to PCI link speed calculation during retrain failures. Specifically, when pcie failed link retrain fails to retrain a link, it attempts to...

CURL-CVE-2025-10148 predictable WebSocket mask

curl's WebSocket code did not update the 32-bit mask pattern for each new outgoing frame as the specification says. Instead it used a fixed mask that persisted and was used throughout the entire connection. A predictable mask pattern allows for a malicious server to induce traffic between the two...

predictable WebSocket mask

curl's WebSocket code did not update the 32-bit mask pattern for each new outgoing frame as the specification says. Instead it used a fixed mask that persisted and was used throughout the entire connection. A predictable mask pattern allows for a malicious server to induce traffic between the two...

wifi: ath11k: fix sleeping-in-atomic in ath11k_mac_op_set_bitrate_mask()

...

SUSE CVE-2025-39732

In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fix sleeping-in-atomic in ath11kmacopsetbitratemask ath11kmacdisablepeerfixedrate is passed as the iterator to ieee80211iteratestationsatomic. Note in this case the iterator is required to be atomic, however...