AZL-62678 CVE-2025-21892 affecting package kernel 6.6.126.1-1

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix the recovery flow of the UMR QP This patch addresses an issue in the recovery flow of the UMR QP, ensuring tasks do not get stuck, as highlighted by the call trace 1. During recovery, before transitioning the QP to...

DEBIAN-CVE-2025-21885

In the Linux kernel, the following vulnerability has been resolved: RDMA/bnxtre: Fix the page details for the srq created by kernel consumers While using nvme target with usesrq on, below kernel panic is noticed. 549.698111 bnxten 0000:41:00.0 enp65s0np0: FEC autoneg off encoding: Clause 91...

UBUNTU-CVE-2025-21892

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix the recovery flow of the UMR QP This patch addresses an issue in the recovery flow of the UMR QP, ensuring tasks do not get stuck, as highlighted by the call trace 1. During recovery, before transitioning the QP to...

UBUNTU-CVE-2025-21890

In the Linux kernel, the following vulnerability has been resolved: idpf: fix checksums set in idpfrxrsc idpfrxrsc uses skbtransportoffsetskb while the transport header is not set yet. This triggers the following warning for CONFIGDEBUGNET=y builds. DEBUGNETWARNONONCE!skbtransportheaderwassetskb...

CVE-2025-21892 RDMA/mlx5: Fix the recovery flow of the UMR QP

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix the recovery flow of the UMR QP This patch addresses an issue in the recovery flow of the UMR QP, ensuring tasks do not get stuck, as highlighted by the call trace 1. During recovery, before transitioning the QP to...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from bnxtre not handling SRQ page details correctly, which could lead to a divide-by-zero error...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the fscache component using waitonbit to wait for a volume to be released, but suffers from a wait queue...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an overflow in the block ublk component queuesize, resulting in a misreference to a pointer...

The vulnerability of the `reqsk_queue_unlink()` function in the `net/ipv4/inet_connection_sock.c` module of the Linux operating system allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the reqskqueueunlink function in the net/ipv4/inetconnectionsock.c module of the Linux operating system is related to the reutilization of previously freed memory. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and...

Insecure Defaults

Overview fprime-gds is a F Prime Flight Software Ground Data System layer Affected versions of this package are vulnerable to Insecure Defaults by repeated invocation of sendcommand, which can overflow the queue and consume excessive memory. Remediation There is no fixed version for fprime-gds...

Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to gcc, github.com/opencontainers/runc and github.com/containers/common (CVE-2024-45310, CVE-2020-11023, CVE-2024-9341)

Summary gcc, github.com/opencontainers/runc and github.com/containers/common used by IBM MQ Operator and Queue Manager container images are vulnerable by executing untrusted code using jQuery's DOM manipulation methods and bypassing security restrictions which might allow an attacker to access...

The vulnerability of the `bnxt_qplib_alloc_init_hwq()` function in the drivers/infiniband/hw/bnxt_re/qplib_res.c module of the Linux kernel allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the bnxtqpliballocinithwq function in the drivers/infiniband/hw/bnxtre/qplibres.c module of the Linux kernel is related to code errors. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of protected informati...

The vulnerability of Zoom’s video conferencing software, related to buffer overflows, allows attackers to trigger a service failure.

The vulnerability of Zoom’s video conferencing software is related to overflowing buffers in the “queue”. Exploiting this vulnerability could allow a malicious actor to cause service failures...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS via the /3/ImportFiles endpoint. An attacker can cause the server to repeatedly call its own endpoint, eventually filling up the request queue and leaving the server unable to handle other requests by recursively...

GHSA-P2VC-M5FV-9W9M H2O Vulnerable to Denial of Service (DoS) via `/3/ImportFiles` Endpoint

A vulnerability in the /3/ImportFiles endpoint of h2oai/h2o-3 version 3.46.1 allows an attacker to cause a denial of service. The endpoint takes a single GET parameter, path, which can be recursively set to reference itself. This leads the server to repeatedly call its own endpoint, eventually...

Server-side Request Forgery (SSRF)

Overview fschat is an An open platform for training, serving, and evaluating large language model based chatbots. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF through the /queue/join? endpoint. An attacker can gain unauthorized access to internal networks o...

GHSA-H254-G997-685C FastChat Server-Side Request Forgery vulnerability

A Server-Side Request Forgery SSRF vulnerability exists in lm-sys/fastchat version 0.2.36. The vulnerability is present in the /queue/join? endpoint, where insufficient validation of the path parameter allows an attacker to send crafted requests. This can lead to unauthorized access to internal...

Deserialization of Untrusted Data

Overview vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the MessageQueue.dequeue API function. An attacker can execute arbitrary code by sending a malicious payload to...

GHSA-5VQR-WPRC-CPP7 vLLM Deserialization of Untrusted Data vulnerability

vllm-project vllm version v0.6.2 contains a vulnerability in the MessageQueue.dequeue API function. The function uses pickle.loads to parse received sockets directly, leading to a remote code execution vulnerability. An attacker can exploit this by sending a malicious payload to the MessageQueue,...

CVE-2024-7768

A vulnerability in the /3/ImportFiles endpoint of h2oai/h2o-3 version 3.46.1 allows an attacker to cause a denial of service. The endpoint takes a single GET parameter, path, which can be recursively set to reference itself. This leads the server to repeatedly call its own endpoint, eventually...