Moderate: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring Syste...

Linux kernel 安全漏洞

Linux kernel is a product of the United States, etc. are products of the United States Linux Foundation. Linux kernel is the kernel used by the open source operating system Linux. nate long p4, etc. are products of the Nate Long Individual Developers. p4 is a small library of utilities for workin...

Linux Distros Unpatched Vulnerability : CVE-2025-40154

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ASoC: Intel: bytcrrt5640: Fix invalid quirk input mapping When an invalid value is passed via quirk option, currently bytcrrt5640 driver only shows an error...

Linux Distros Unpatched Vulnerability : CVE-2025-40123

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - bpf: Enforce expectedattachtype for tailcall compatibility Yinhao et al. recently reported: Our fuzzer tool discovered an uninitialized pointer issue in the...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-990781)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990781 advisory. In the Linux kernel, the following vulnerability has been resolved: mISDN: fix misuse of putdevice in mISDNregisterdevice We should not release reference by putdevic...

PT-2025-46589

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel’s remoteproc subsystem, specifically within the Qualcomm qcom pas component related to the shutdown of the lite ADSP DTB on X1E. The issue arises becaus...

CVE-2025-62220

Heap-based buffer overflow in Windows Subsystem for Linux GUI allows an unauthorized attacker to execute code over a network...

CVE-2025-62220

Heap-based buffer overflow in Windows Subsystem for Linux GUI allows an unauthorized attacker to execute code over a network...

CVE-2025-62220 Windows Subsystem for Linux GUI Remote Code Execution Vulnerability

...

CVE-2025-62220

CVE-2025-62220 describes a heap-based buffer overflow in the Windows Subsystem for Linux GUI (WSL GUI), leading to remote code execution over the network. Connected sources identify this as affecting WSL2, with disclosures noting that versions prior to 2.6.2 are vulnerable (the Nessus plugin cite...

CVE-2025-62220 Windows Subsystem for Linux GUI Remote Code Execution Vulnerability

...

EUVD-2025-93423

Heap-based buffer overflow in Windows Subsystem for Linux GUI allows an unauthorized attacker to execute code over a network...

kernel: inotify: Avoid reporting event with invalid wd

A race condition was found in the Linux kernel's inotify subsystem. When inotifyfreeingmark races with inotifyhandleinodeevent, the event handler may read imark-wd after it has been reset to -1. This causes an invalid watch descriptor value of -1 to be reported to userspace applications,...

kernel: blk-cgroup: Fix class @block_class's subsystem refcount leakage

In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: Fix class @blockclass's subsystem refcount leakage blkcgfillrootiostats iterates over @blockclass's devices by classdeviterinit|next, but does not end iterating with classdeviterexit, so causes the class's subsystem...

kernel: nvmet: fix out-of-bounds access in nvmet_enable_port

An out-of-bounds access vulnerability was found in the Linux kernel's nvme subsystem in the nvmetenableport function. The vulnerability can occur when a port is enabled without a transport type configured, causing the function to use the NVMFTRTYPEMAX value 255 as an array index into the...

kernel: padata: fix UAF in padata_reorder

A use-after-free vulnerability was found in the Linux kernel's padata subsystem, in the padatareorder function. Caused by improper synchronization controls, this vulnerability can occur when a reference-counted data structure pd is decremented in one thread, freeing it, while another thread still...

kernel: block: fix uaf for flush rq while iterating tags

In the Linux kernel, the following vulnerability has been resolved: block: fix uaf for flush rq while iterating tags blkmqclearflushrqmapping is not called during scsi probe, by checking blkqueueinitdone. However, QUEUEFLAGINITDONE is cleared in delgendisk by commit aec89dc5d421 "block: keep...

kernel: ASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during params

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during params Each cpu DAI should associate with a widget. However, the topology might not create the right number of DAI widgets for aggregated amps. And it will cause NULL...

kernel: ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data()

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: stream-ipc: Check for cstream nullity in sofipcmsgdata The nullity of sps-cstream should be checked similarly as it is done in sofsetstreamdataoffset function. Assuming that it is not NULL if sps-stream is NULL is...

kernel: ASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during params

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during params Each cpu DAI should associate with a widget. However, the topology might not create the right number of DAI widgets for aggregated amps. And it will cause NULL...