563 matches found
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that originates from an unset error code in the mchpeicdomainalloc function in the mchp-eic interrupt controller driver, whi...
PT-2026-1254
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the Linux kernel’s irqchip/mchp-eic component where an out-of-bounds access can occur in the mchp eic domain alloc function. Specifically, if the irq domain translate...
AZL-72983 CVE-2025-68338 affecting package kernel 6.6.126.1-1
In the Linux kernel, the following vulnerability has been resolved: net: dsa: microchip: Don't free uninitialized kszirq If something goes wrong at setup, kszirqfree can be called on uninitialized kszirq for example when kszptpirqsetup fails. It leads to freeing uninitialized IRQ numbers and/or...
UBUNTU-CVE-2025-68338
In the Linux kernel, the following vulnerability has been resolved: net: dsa: microchip: Don't free uninitialized kszirq If something goes wrong at setup, kszirqfree can be called on uninitialized kszirq for example when kszptpirqsetup fails. It leads to freeing uninitialized IRQ numbers and/or...
CVE-2025-68338
In the Linux kernel, the following vulnerability has been resolved: net: dsa: microchip: Don't free uninitialized kszirq If something goes wrong at setup, kszirqfree can be called on uninitialized kszirq for example when kszptpirqsetup fails. It leads to freeing uninitialized IRQ numbers and/or...
CVE-2025-68338
In the Linux kernel, CVE-2025-68338 concerns the dsa: microchip path where, if setup fails, ksz_irq_free() may be called on an uninitialized ksz_irq, risking freeing uninitialized IRQ numbers and/or domains. The fix implemented is to iterate only over fully initialized ports in the error path usi...
CVE-2025-68338 net: dsa: microchip: Don't free uninitialized ksz_irq
In the Linux kernel, the following vulnerability has been resolved: net: dsa: microchip: Don't free uninitialized kszirq If something goes wrong at setup, kszirqfree can be called on uninitialized kszirq for example when kszptpirqsetup fails. It leads to freeing uninitialized IRQ numbers and/or...
CVE-2025-68338
In the Linux kernel, the following vulnerability has been resolved: net: dsa: microchip: Don't free uninitialized kszirq If something goes wrong at setup, kszirqfree can be called on uninitialized kszirq for example when kszptpirqsetup fails. It leads to freeing uninitialized IRQ numbers and/or...
Linux Distros Unpatched Vulnerability : CVE-2025-68338
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: dsa: microchip: Don't free uninitialized kszirq If something goes wrong at setup, kszirqfree can be called on uninitialized kszirq for example when...
PT-2025-52754
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel related to DSA Distributed Switch Architecture and Microchip network devices. Specifically, the ksz irq free function may be called on an uninitialized...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989161)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989161 advisory. In the Linux kernel, the following vulnerability has been resolved: net: dsa: microchip: Added the condition for scheduling kszmibreadwork When the ksz module is...
CVE-2025-47900
Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Microchip Time Provider 4100 allows OS Command Injection.This issue affects Time Provider 4100: before 2.5...
CVE-2025-47902
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Microchip Time Provider 4100 allows SQL Injection.This issue affects Time Provider 4100: before 2.5...
CVE-2025-47901
Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Microchip Time Provider 4100 allows OS Command Injection.This issue affects Time Provider 4100: before 2.5...
CVE-2025-47900
Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Microchip Time Provider 4100 allows OS Command Injection.This issue affects Time Provider 4100: before 2.5...
CVE-2025-47901
Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Microchip Time Provider 4100 allows OS Command Injection.This issue affects Time Provider 4100: before 2.5...
CVE-2025-47900
Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Microchip Time Provider 4100 allows OS Command Injection.This issue affects Time Provider 4100: before 2.5...
EUVD-2025-35090
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Microchip Time Provider 4100 allows SQL Injection.This issue affects Time Provider 4100: before 2.5...
CVE-2025-47902 SQL Injection in web resource
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Microchip Time Provider 4100 allows SQL Injection.This issue affects Time Provider 4100: before 2.5...
CVE-2025-47902
CVE-2025-47902 affects Microchip Time Provider 4100 (before 2.5). Root cause is improper neutralization of special elements in SQL commands, enabling SQL injection. The CVSS vectors indicate high impact: CVSS 3.1 (NETWORK attack, high confidentiality, integrity, availability impact) and CVSS 4.0 ...