CVE-2025-38392

In the Linux kernel, the following vulnerability has been resolved: idpf: convert control queue mutex to a spinlock With VIRTCHNL2CAPMACFILTER enabled, the following warning is generated on module load: 324.701677 BUG: sleeping function called from invalid context at kernel/locking/mutex.c:578...

CVE-2025-38392

CVE-2025-38392 (Linux kernel) describes a concurrency issue in the idpf driver where a control queue mutex (cq_lock) is held across operations that may sleep, triggering warnings during module load when VIRTCHNL2_CAP_MACFILTER is ON. The fix converts cq_lock from a mutex to a spinlock to avoid sl...

CVE-2025-38379

CVE-2025-38379 affects the Linux kernel SMB/CIFS client during channel reconnect in smb2_reconnect_server(). A dummy tcon passed to smb2_reconnect() had an uninitialized ->query_interface, causing queue_delayed_work() to be invoked on an incorrect tcon and triggering a kernel warning (seen in ...

CVE-2025-38379 smb: client: fix warning when reconnecting channel

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix warning when reconnecting channel When reconnecting a channel in smb2reconnectserver, a dummy tcon is passed down to smb2reconnect with -queryinterface uninitialized, so we can't call queuedelayedwork on it. Fix...

CVE-2025-38379 smb: client: fix warning when reconnecting channel

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix warning when reconnecting channel When reconnecting a channel in smb2reconnectserver, a dummy tcon is passed down to smb2reconnect with -queryinterface uninitialized, so we can't call queuedelayedwork on it. Fix...

CVE-2025-38374

In the Linux kernel, the following vulnerability has been resolved: optee: ffa: fix sleep in atomic context The OP-TEE driver registers the function notifcallback for FF-A notifications. However, this function is called in an atomic context leading to errors like this when processing asynchronous...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from not checking IDXD work queue availability...

CVE-2025-36005

IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, and MQ Operator SC2 3.2.0 through 3.2.13 Internet Pass-Thru could allow a malicious user to obtain sensitive information from another TLS session connection by the...

CVE-2025-33013

IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, and MQ Operator SC2 3.2.0 through 3.2.13 Container could disclose sensitive information to a local user due to improper clearing of heap memory before release...

IBM多款产品 信任管理问题漏洞

IBM MQ and others are products of International Business Machines IBM.IBM MQ is a messaging middleware product.IBM MQ Operator is a tool for managing the lifecycle of IBM MQ Queue Manager.IBM MQ Container CD is a containerized deployment solution for IBM MQ. A trust management issue vulnerability...

The vulnerability of the updateWifiInfo() function in the MQTT service of the TOTOLink T6 mesh-system’s microprogramming system allows a intruder to execute arbitrary code.

The vulnerability of the updateWifiInfo function in the MQTT service of the TOTOLink T6 mesh-system’s microprogramming system is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code...

The vulnerability of the Work Provider Administration component of the application for accessing, organizing, and interacting with various types of work in the Oracle Universal Work Queue system—a business automation solution from Oracle E-Business Suite—allows a malicious actor to gain access to read, modify, add, or delete data.

The vulnerability of the Work Provider Administration component of the application for accessing, organizing, and interacting with various types of work in the Oracle Universal Work Queue system, a business automation solution from Oracle E-Business Suite, is related to deficiencies in access...

Unspecified Vulnerability in Oracle E-Business Suite (CNVD-2025-24084)

Oracle E-Business Suite is a fully integrated set of global business management software from Oracle USA. The software provides customer relationship management, service management, financial management and other functions. A security vulnerability exists in Oracle Universal Work Queue for Oracle...

Unspecified Vulnerability in Oracle E-Business Suite (CNVD-2025-24085)

Oracle E-Business Suite is a fully integrated set of global business management software from Oracle USA. The software provides customer relationship management, service management, financial management and other functions. A security vulnerability exists in Oracle Universal Work Queue of Oracle...

TOTOLINK T6 安全漏洞

TOTOLINK T6 is a wireless dual-band router from China's TOTOLINK, which supports MQTT protocol and Telnet service, and is mainly used for home and small business networking. The TOTOLINK T6 suffers from a buffer overflow vulnerability, which originates from the failure of parameter s in the MQTT...

SUSE CVE-2025-38350

In the Linux kernel, the following vulnerability has been resolved: net/sched: Always pass notifications when child class becomes empty Certain classful qdiscs may invoke their classes' dequeue handler on an enqueue operation. This may unexpectedly empty the child qdisc and thus make an in-flight...

AZL-72593 CVE-2025-38350 affecting package kernel for versions less than 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: net/sched: Always pass notifications when child class becomes empty Certain classful qdiscs may invoke their classes' dequeue handler on an enqueue operation. This may unexpectedly empty the child qdisc and thus make an in-flight...

DEBIAN-CVE-2025-38350

In the Linux kernel, the following vulnerability has been resolved: net/sched: Always pass notifications when child class becomes empty Certain classful qdiscs may invoke their classes' dequeue handler on an enqueue operation. This may unexpectedly empty the child qdisc and thus make an in-flight...

CVE-2025-38350 net/sched: Always pass notifications when child class becomes empty

In the Linux kernel, the following vulnerability has been resolved: net/sched: Always pass notifications when child class becomes empty Certain classful qdiscs may invoke their classes' dequeue handler on an enqueue operation. This may unexpectedly empty the child qdisc and thus make an in-flight...

OESA-2025-1874 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: pfifotailenqueue: Drop new packet when sch-limit == 0 Expected behaviour: In case we reach scheduler's limit, pfifotailenqueue will drop a packet in scheduler's...