The vulnerability of the kfd_queue_acquire_buffers() function in the drivers/gpu/drm/amd/amdkfd/kfd_queue.c module of the Linux operating system allows a hacker to trigger a service failure.

The vulnerability of the kfdqueueacquirebuffers function in the drivers/gpu/drm/amd/amdkfd/kfdqueue.c module of the Linux operating system is related to the pointer manipulation. Exploiting this vulnerability can allow an attacker to cause a service failure...

CVE-2025-32435

Hydra is a Continuous Integration service for Nix based projects. Evaluation of untrusted non-flake nix code could potentially access secrets that are accessible by the hydra user/group. This should not affect the signing keys, that are owned by the hydra-queue-runner and hydra-www users...

PT-2025-22241

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A resource leak issue in the Linux kernel has been identified. The problem occurs when registering a queue fails after a successful blk mq sysfs register call, but an error is encountere...

The vulnerability of the sctp_stream_outq_migrate() function in the net/sctp/stream.c module of the Linux operating system’s SCTP protocol implementation allows a attacker to cause a service failure.

The vulnerability of the sctpstreamoutqmigrate function in the net/sctp/stream.c module of the Linux operating system’s SCTP protocol implementation is related to a memory leak. Exploiting this vulnerability could allow an attacker to cause a service failure...

PT-2025-20355

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A vulnerability in the Linux kernel has been resolved by adding a NULL check in the ufshcd mcq compl pending transfer function and a NULL check for the hwq pointer returned by ufshcd mcq...

af_unix: Update unix_sk(sk)->oob_skb under sk_receive_queue lock.

...

scsi: ufs: bsg: Set bsg_queue to NULL after removal

...

USB: gadget: f_midi: f_midi_complete to call queue_work

...

acct: perform last write from workqueue

...

PT-2025-18440

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to the version containing commit 8284066946e6 Description A null pointer dereference issue has been identified in the Linux kernel's ublk driver, specifically in the handling of recovery and reissue in ublk abort...

PT-2025-22193

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A vulnerability in the Linux kernel has been resolved. The issue is related to the htb qlen notify function, which always deactivates the HTB class and could trigger a warning if it is...

PT-2025-18777

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A vulnerability in the Linux kernel has been resolved. The issue concerned the codel controlled delay qdisc queueing discipline in the kernel. Specifically, the problem involved the qlen...

Qualcomm Chipsets 安全漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm, an American company. A security vulnerability exists in Qualcomm Chipsets that stems from a possible information leak when creating MQ channels...

SUSE CVE-2025-21973

In the Linux kernel, the following vulnerability has been resolved: eth: bnxt: fix kernel panic in the bnxtgetqueuestatsrx | tx When qstats-get operation is executed, callbacks of netdevstatsops are called. The bnxtgetqueuestatsrx | tx collect per-queue stats from swstats in the rings. But rx | t...

SUSE CVE-2025-21974

In the Linux kernel, the following vulnerability has been resolved: eth: bnxt: return fail if interface is down in bnxtqueuememalloc The bnxtqueuememalloc is called to allocate new queue memory when a queue is restarted. It internally accesses rx buffer descriptor corresponding to the index. The ...

CVE-2025-31723

A cross-site request forgery CSRF vulnerability in Jenkins Simple Queue Plugin 1.4.6 and earlier allows attackers to change and reset the build queue order...

SUSE CVE-2025-21925

In the Linux kernel, the following vulnerability has been resolved: llc: do not use skbget before devqueuexmit syzbot is able to crash hosts 1, using llc and devices not supporting IFFTXSKBSHARING. In this case, e1000 driver calls ethskbpad, while the skb is shared. Simply replace skbget by...

SUSE CVE-2025-21940

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix NULL Pointer Dereference in KFD queue Through KFD IOCTL Fuzzing we encountered a NULL pointer derefrence when calling kfdqueueacquirebuffers. cherry picked from commit 049e5bf3c8406f87c3d8e1958e0a16804fa1d530...

Cross-site Request Forgery (CSRF)

Overview io.jenkins.plugins:simple-queue is a plugin that enables to change queue order by simple up & down arrow buttons. UI Queue Sorter. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the HTTP endpoints. An attacker can manipulate the build queue order ...

GHSA-HCFH-QJCP-34Q9 Jenkins Simple Queue Plugin Cross-Site Request Forgery (CSRF)

Jenkins Simple Queue Plugin 1.4.6 and earlier does not require POST requests for multiple HTTP endpoints, resulting in cross-site request forgery CSRF vulnerabilities. These vulnerabilities allow attackers to change and reset the build queue order. Simple Queue Plugin 1.4.7 requires POST requests...