Linux Distros Unpatched Vulnerability : CVE-2025-40166

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/xe/guc: Check GuC running state before deregistering exec queue In normal operation, a registered exec queue is disabled and deregistered through the GuC, a...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-990757)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990757 advisory. In the Linux kernel, the following vulnerability has been resolved: nvmet: avoid potential UAF in nvmetreqcomplete An nvme target -queueresponse operation...

Linux Distros Unpatched Vulnerability : CVE-2025-40146

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - blk-mq: fix potential deadlock while nrrequests grown Allocate and free schedtags while queue is freezed can deadlock1, this is a long term problem, hence...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-990812)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990812 advisory. In the Linux kernel, the following vulnerability has been resolved: ice: xsk: disable txq irq before flushing hw iceqpdis intends to stop a given queue pair that is ...

Linux Distros Unpatched Vulnerability : CVE-2025-40140

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: usb: Remove disruptive netifwakequeue in rtl8150setmulticast syzbot reported WARNING in rtl8150startxmit/usbsubmiturb. This is the sequence of events that...

kernel: block: fix uaf for flush rq while iterating tags

In the Linux kernel, the following vulnerability has been resolved: block: fix uaf for flush rq while iterating tags blkmqclearflushrqmapping is not called during scsi probe, by checking blkqueueinitdone. However, QUEUEFLAGINITDONE is cleared in delgendisk by commit aec89dc5d421 "block: keep...

kernel: virtio/vsock: Fix accept_queue memory leak

In the Linux kernel, the following vulnerability has been resolved: virtio/vsock: Fix acceptqueue memory leak As the final stages of socket destruction may be delayed, it is possible that virtiotransportrecvlisten will be called after the acceptqueue has been flushed, but before the SOCKDONE flag...

kernel: ice: fix Tx scheduler error handling in XDP callback

In the Linux kernel, the following vulnerability has been resolved: ice: fix Tx scheduler error handling in XDP callback When the XDP program is loaded, the XDP callback adds new Tx queues. This means that the callback must update the Tx scheduler with the new queue number. In the event of a Tx...

kernel: io_uring/uring_cmd: unconditionally copy SQEs at prep time

No description is available for this CVE...

kernel: pfifo_tail_enqueue: Drop new packet when sch->limit == 0

In the Linux kernel, the following vulnerability has been resolved: pfifotailenqueue: Drop new packet when sch-limit == 0 Expected behaviour: In case we reach scheduler's limit, pfifotailenqueue will drop a packet in scheduler's queue and decrease scheduler's qlen by one. Then, pfifotailenqueue...

kernel: RDMA/rxe: Fix the qp flush warnings in req

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix the qp flush warnings in req When the qp is in error state, the status of WQEs in the queue should be set to error. Or else the following will appear. 920.617269 WARNING: CPU: 1 PID: 21 at...

kernel: afs: Fix lock recursion

In the Linux kernel, the following vulnerability has been resolved: afs: Fix lock recursion afswakeupasynccall can incur lock recursion. The problem is that it is called from AFRXRPC whilst holding the -notifylock, but it tries to take a ref on the afscall struct in order to pass it to a work que...

kernel: RDMA/mlx5: Fix a race for an ODP MR which leads to CQE with error

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix a race for an ODP MR which leads to CQE with error This patch addresses a race condition for an ODP MR that can result in a CQE with an error on the UMR QP. During the mlx5ibderegmr flow, the following sequence of...

kernel: netfs: Fix ceph copy to cache on write-begin

In the Linux kernel, the following vulnerability has been resolved: netfs: Fix ceph copy to cache on write-begin At the end of netfsunlockreadfolio in which folios are marked appropriately for copying to the cache either with by being marked dirty and having their private data set or by having...

kernel: io_uring/uring_cmd: unconditionally copy SQEs at prep time

No description is available for this CVE...

kernel: pfifo_tail_enqueue: Drop new packet when sch->limit == 0

In the Linux kernel, the following vulnerability has been resolved: pfifotailenqueue: Drop new packet when sch-limit == 0 Expected behaviour: In case we reach scheduler's limit, pfifotailenqueue will drop a packet in scheduler's queue and decrease scheduler's qlen by one. Then, pfifotailenqueue...

Important: kernel-livepatch-6.1.150-174.273

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net/sched: Fix backlog accounting in qdiscdequeueinternal CVE-2025-39677 In the Linux kernel, the following vulnerability has been resolved: dmaengine: qcom: bamdma: Fix DT error handling for num-channels/ees...

CVE-2025-63718

A SQL injection vulnerability exists in the SourceCodester PQMS Patient Queue Management System 1.0 in the apipatientschedule.php endpoint. The appointmentID parameter is not properly sanitized, allowing attackers to execute arbitrary SQL commands...

CVE-2025-63718

A SQL injection vulnerability exists in the SourceCodester PQMS Patient Queue Management System 1.0 in the apipatientschedule.php endpoint. The appointmentID parameter is not properly sanitized, allowing attackers to execute arbitrary SQL commands...

PT-2025-45480

Name of the Vulnerable Software and Affected Versions SourceCodester PQMS version 1.0 Description A SQL injection issue exists in the Patient Queue Management System. The api patient schedule.php endpoint is affected because the appointmentID parameter does not receive proper sanitization,...