CVE-2025-54894 Local Security Authority Subsystem Service Elevation of Privilege Vulnerability

...

CVE-2025-54894 Local Security Authority Subsystem Service Elevation of Privilege Vulnerability

...

CVE-2025-54894

CVE-2025-54894 is described as Local Security Authority Subsystem Service Elevation of Privilege, but no concrete technical details (affected product/version/root cause) are provided in the connected documents; monitor for updates.

SUSE-SU-2025:03116-1 Security update for microcode_ctl

This update for microcodectl fixes the following issues: - Intel CPU Microcode was updated to the 20250812 release bsc1248438 - CVE-2025-20109: Improper Isolation or Compartmentalization in the stream cache mechanism for some Intel Processors may allow an authenticated user to potentially enable...

Security update for the Linux Kernel RT (Live Patch 0 for SLE 15 SP6)

This update for the Linux Kernel 6.4.0-1506008 fixes several issues. The following security issues were fixed: CVE-2025-38087: net/sched: fix use-after-free in tapriodevnotifier bsc1245504 . CVE-2025-21999: proc: fix UAF in procgetinode bsc1242579. CVE-2025-38001: netsched: hfsc: Address reentran...

Windows Graphics Component Remote Code Execution Vulnerability

Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Win32K - GRFX allows an authorized attacker to execute code locally...

Local Security Authority Subsystem Service Elevation of Privilege Vulnerability

...

Microsoft Windows Local Security Authority Subsystem Service 输入验证错误漏洞

The Microsoft Windows Local Security Authority Subsystem Service is an internal program of Microsoft Corporation USA that runs Windows system security policies. It verifies user identity, manages user password changes, and generates access characters when a user logs on to a computer standalone o...

PT-2025-36883

Name of the Vulnerable Software and Affected Versions: Windows Win32K - GRFX affected versions not specified Description: The issue involves concurrent execution using a shared resource with improper synchronization, specifically a race condition within Windows Win32K - GRFX. This allows an...

PT-2025-36860

Name of the Vulnerable Software and Affected Versions: Local Security Authority Subsystem Service affected versions not specified Description: An elevation-of-privilege vulnerability allows attackers to affect the system. Recommendations: At the moment, there is no information about a newer versi...

PT-2025-36832

Name of the Vulnerable Software and Affected Versions: Windows Local Security Authority Subsystem Service LSASS affected versions not specified Description: Improper input validation in the Windows Local Security Authority Subsystem Service LSASS can allow an authorized attacker to cause a denial...

PT-2025-44098

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw in the pinctrl subsystem where the return value of the pinmux ops::get function name function is not adequately checked. The pinmux generic get function...

Unbreakable Enterprise kernel security update

5.15.0-312.187.5 - Revert 'mm: hugetlb: independent PMD page table shared count' Harshit Mogalapalli Orabug: 38327655 5.15.0-312.187.4 - rds: Fix NULL ptr deref in xasstart Hakon Bugge Orabug: 38166374 - KVM: x86: use arrayindexnospec with indices that come from guest Thijs Raymakers Orabug:...

AZL-67007 CVE-2025-39673 affecting package kernel for versions less than 6.6.104.2-1

In the Linux kernel, the following vulnerability has been resolved: ppp: fix race conditions in pppfillforwardpath pppfillforwardpath has two race conditions: 1. The ppp-channels list can change between listempty and listfirstentry, as ppplock is not held. If the only channel is deleted in...

UBUNTU-CVE-2025-39712

In the Linux kernel, the following vulnerability has been resolved: media: mt9m114: Fix deadlock in getframeinterval/setframeinterval Getting / Setting the frame interval using the V4L2 subdev pad ops getframeinterval/setframeinterval causes a deadlock, as the subdev state is locked in the 1 but...

CVE-2025-39712 media: mt9m114: Fix deadlock in get_frame_interval/set_frame_interval

In the Linux kernel, the following vulnerability has been resolved: media: mt9m114: Fix deadlock in getframeinterval/setframeinterval Getting / Setting the frame interval using the V4L2 subdev pad ops getframeinterval/setframeinterval causes a deadlock, as the subdev state is locked in the 1 but...

CVE-2025-39691

CVE-2025-39691 (Linux kernel) is a use-after-free in fs/buffer when bh_read() is used during ntfs3 mount, where a stack variable map_bh passed to ntfs_get_block_vbo() may be freed before end_buffer_read_sync(), risking stack overrun on put_bh. The issue is triggered in the I/O path for buffer hea...

CVE-2025-39686 comedi: Make insn_rw_emulate_bits() do insn->n samples

In the Linux kernel, the following vulnerability has been resolved: comedi: Make insnrwemulatebits do insn-n samples The insnrwemulatebits function is used as a default handler for INSNREAD instructions for subdevices that have a handler for INSNBITS but not for INSNREAD. Similarly, it is used as...

CVE-2025-39676 scsi: qla4xxx: Prevent a potential error pointer dereference

In the Linux kernel, the following vulnerability has been resolved: scsi: qla4xxx: Prevent a potential error pointer dereference The qla4xxxgetepfwdb function is supposed to return NULL on error, but qla4xxxepconnect returns error pointers. Propagating the error pointers will lead to an Oops in t...

CVE-2025-38734 net/smc: fix UAF on smcsk after smc_listen_out()

In the Linux kernel, the following vulnerability has been resolved: net/smc: fix UAF on smcsk after smclistenout BPF CI testing report a UAF issue: 16.446633 BUG: kernel NULL pointer dereference, address: 000000000000003 0 16.447134 PF: supervisor read access in kernel mod e 16.447516 PF:...