SUSE CVE-2025-12105

A flaw was found in the asynchronous message queue handling of the libsoup library, widely used by GNOME and WebKit-based applications to manage HTTP/2 communications. When network operations are aborted at specific timing intervals, an internal message queue item may be freed twice due to missin...

Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP7)

This update for the Linux Kernel 6.4.0-15070051 fixes several issues. The following security issues were fixed: CVE-2025-38678: netfilter: nftables: reject duplicate device on updates bsc1249534. CVE-2025-38499: cloneprivatemnt: make sure that caller has CAPSYSADMIN in the right userns bsc1248673...

Security Bulletin: IBM MQ Appliance is affected by open source vulnerabilities (CVE-2025-8058 and CVE-2025-7425)

Summary IBM MQ Appliance has addressed open source vulnerabilities. Vulnerability Details CVEID:CVE-2025-8058 DESCRIPTION: The regcomp function in the GNU C library version from 2.4 to 2.41 is subject to a double free if some previous allocation fails. It can be accomplished either by a malloc...

EUVD-2022-54586

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix queue selection for mesh/OCB interfaces When using iTXQ, the code assumes that there is only one vif queue for broadcast packets, using the BE queue. Allowing non-BE queue marking violates that assumption and...

AZL-72841 CVE-2025-12105 affecting package libsoup for versions less than 3.4.4-11

A flaw was found in the asynchronous message queue handling of the libsoup library, widely used by GNOME and WebKit-based applications to manage HTTP/2 communications. When network operations are aborted at specific timing intervals, an internal message queue item may be freed twice due to missin...

DEBIAN-CVE-2025-12105

A flaw was found in the asynchronous message queue handling of the libsoup library, widely used by GNOME and WebKit-based applications to manage HTTP/2 communications. When network operations are aborted at specific timing intervals, an internal message queue item may be freed twice due to missin...

CVE-2025-12105

A flaw was found in the asynchronous message queue handling of the libsoup library, widely used by GNOME and WebKit-based applications to manage HTTP/2 communications. When network operations are aborted at specific timing intervals, an internal message queue item may be freed twice due to missin...

UBUNTU-CVE-2025-12105

A flaw was found in the asynchronous message queue handling of the libsoup library, widely used by GNOME and WebKit-based applications to manage HTTP/2 communications. When network operations are aborted at specific timing intervals, an internal message queue item may be freed twice due to missin...

CVE-2025-12105 Libsoup: heap use-after-free in libsoup message queue handling during http/2 read completion

A flaw was found in the asynchronous message queue handling of the libsoup library, widely used by GNOME and WebKit-based applications to manage HTTP/2 communications. When network operations are aborted at specific timing intervals, an internal message queue item may be freed twice due to missin...

CVE-2025-12105

CVE-2025-12105 affects libsoup3 and is caused by a heap use-after-free in the asynchronous message queue handling during HTTP/2 read completion. When network operations are aborted at specific timing, a message queue item may be freed twice, enabling a remote attacker to trigger a denial-of-servi...

CVE-2025-12105

A flaw was found in the asynchronous message queue handling of the libsoup library, widely used by GNOME and WebKit-based applications to manage HTTP/2 communications. When network operations are aborted at specific timing intervals, an internal message queue item may be freed twice due to missin...

CVE-2025-12105

A flaw was found in the asynchronous message queue handling of the libsoup library, widely used by GNOME and WebKit-based applications to manage HTTP/2 communications. When network operations are aborted at specific timing intervals, an internal message queue item may be freed twice due to missin...

SUSE-SU-2025:3748-1 Security update for the Linux Kernel (Live Patch 6 for SLE 15 SP6)

This update for the Linux Kernel 6.4.0-1506002330 fixes several issues. The following security issues were fixed: - CVE-2025-38678: netfilter: nftables: reject duplicate device on updates bsc1249534. - CVE-2025-38499: cloneprivatemnt: make sure that caller has CAPSYSADMIN in the right userns...

libsoup 资源管理错误漏洞

libsoup is a GNOME HTTP client/server library from the GNOME Project. A resource management error vulnerability exists in libsoup that stems from a lack of state synchronization in asynchronous message queue processing, which could lead to post-release reuse and denial of service attacks...

Moodle 安全漏洞

Moodle is a free e-learning software platform open-sourced by Moodle, also known as a course management system, learning management system, or virtual learning environment. A security vulnerability exists in Moodle that originates in the cohort search web service feature, where a context user wit...

PT-2025-43435

Name of the Vulnerable Software and Affected Versions libsoup versions prior to 3.6.5-1ubuntu0.3 Description The libsoup library contains a flaw in its asynchronous message queue handling, specifically when managing HTTP/2 communications. When network operations are aborted at certain times, an...

Ubuntu 22.04 LTS / 24.04 LTS : Linux kernel vulnerabilities (USN-7835-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7835-1 advisory. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update...

SUSE CVE-2023-53693

In the Linux kernel, the following vulnerability has been resolved: USB: gadget: Fix the memory leak in rawgadget driver Currently, increasing rawdev-count happens before invoke the rawqueueevent, if the rawqueueevent return error, invoke rawrelease will not trigger the devfree to be called...

EUVD-2022-54640

In the Linux kernel, the following vulnerability has been resolved: net: stmmac: fix dma queue left shift overflow issue When queue number is 4, left shift overflows due to 32 bits integer variable. Mask calculation is wrong for MTLRXQDMAMAP1. If CONFIGUBSAN is enabled, kernel dumps below warning...

EUVD-2022-54677

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hciqca: Use deltimersync before freeing While looking at a crash report on a timer list being corrupted, which usually happens when a timer is freed while still active. This is commonly triggered by code calling deltim...