Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that originates from an SMB server link operation resulting in a deadlock...

Amazon Linux 2 : samba, --advisory ALAS2-2025-2979 (ALAS-2025-2979)

The version of samba installed on the remote host is prior to 4.10.16-24. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2979 advisory. All versions of Samba prior to 4.13.16 are vulnerable to a malicious client using an SMB1 or NFS race to allow a directory to be...

smb: client: guarantee refcounted children from parent session

...

smb: client: fix potential UAF in smb2_is_valid_oplock_break()

...

smb: client: fix use-after-free in smb2_query_info_compound()

...

smb3: missing lock when picking channel

...

smb: client: fix potential UAF in cifs_stats_proc_write()

...

smb: client: fix potential UAF in cifs_signal_cifsd_for_reconnect()

...

smb: client: fix potential UAF in smb2_is_valid_lease_break()

...

Exploit for CVE-2017-0144

Metasploit Framework Cheatsheet Introduction Metasploit i...

USN-7719-1 linux-raspi-realtime vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - x86 architecture; - Block layer subsystem; - GPIO subsystem; - GPU...

MAL-2025-41406 Malicious code in server_msg (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9c915f51661674b9cbfd2e897a3d15c0682ceb1ddd99b4b6b70e3d9eee48f1c3 Any computer that has this package installed or running should be considered...

CVE-2025-8448

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could cause unauthorized access to sensitive credential data when an attacker is able to capture local SMB traffic between a valid user within the BMS network and the vulnerable products...

Linux Distros Unpatched Vulnerability : CVE-2022-22995

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. By exploiting these combination of...

USN-7701-3: Linux kernel (IoT) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Device tree and open firmware driver; - SCSI subsystem; - TTY drivers; - SMB network file system; - Bluetooth...

USN-7701-3 linux-iot vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Device tree and open firmware driver; - SCSI subsystem; - TTY drivers; - SMB network file system; - Bluetooth...

USN-7704-3: Linux kernel vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - Arm Firmware Framework for ARMv8-AFFA; - Multiple devices driver; - Media drivers; - Network...

CVE-2025-8448

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could cause unauthorized access to sensitive credential data when an attacker is able to capture local SMB traffic between a valid user within the BMS network and the vulnerable products...

CVE-2025-8448

CVE-2025-8448 involves Schneider Electric EcoStruxure Building Operation Enterprise Server and EcoStruxure Enterprise Server. The vulnerability (CWE-200) allows an attacker who can capture local SMB traffic on a BMS network to access sensitive credential data from a valid user, exposing confident...

CVE-2025-8448

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could cause unauthorized access to sensitive credential data when an attacker is able to capture local SMB traffic between a valid user within the BMS network and the vulnerable products...