CVE-2022-50447

The CVE pertains to the Linux kernel Bluetooth subsystem. A crash in the HCI path occurs when connecting multiple ISO sockets without DEFER_SETUP, caused by a NULL pointer dereference in hci_create_cis_sync, leading to a KASAN crash. The vulnerability is described in CVE-2022-50447 as fixed by th...

CVE-2022-50422 scsi: libsas: Fix use-after-free bug in smp_execute_task_sg()

In the Linux kernel, the following vulnerability has been resolved: scsi: libsas: Fix use-after-free bug in smpexecutetasksg When executing SMP task failed, the smpexecutetasksg calls deltimer to delete "slowtask-timer". However, if the timer handler sastaskinternaltimedout is running, the deltim...

CVE-2022-50422 scsi: libsas: Fix use-after-free bug in smp_execute_task_sg()

In the Linux kernel, the following vulnerability has been resolved: scsi: libsas: Fix use-after-free bug in smpexecutetasksg When executing SMP task failed, the smpexecutetasksg calls deltimer to delete "slowtask-timer". However, if the timer handler sastaskinternaltimedout is running, the deltim...

CVE-2025-39896 accel/ivpu: Prevent recovery work from being queued during device removal

In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Prevent recovery work from being queued during device removal Use disableworksync instead of cancelworksync in ivpudevfini to ensure that no new recovery work items can be queued after device removal has started...

CVE-2025-39896

CVE-2025-39896 (Linux kernel, open-source) The vulnerability affects the ivpu driver in the kernel’s accel path. It arises from recovery work being queued during device removal, potentially allowing use-after-free if recovery code accesses freed resources. The fix replaces cancel_work_sync() with...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a failure to use a synchronization mechanism when deleting timers in the smpexecutetasksg function, which...

[SECURITY] Fedora 42 Update: nextcloud-31.0.9-1.fc42

NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing rig ht on the web. NextCloud is extendable via a simple but powerful API...

Microsoft Windows inconsistent driver blocking

RISK EVALUATION Microsoft Windows Defender Application Control WDAC and the Microsoft vulnerable driver blocklist do not adequately block known-vulnerable drivers. These unexpected behaviors can confuse users about whether or not driver blocking is working and which drivers are being blocked. 2...

CVE-2025-56233

Openindiana, kernel SunOS 5.11 has a denial of service vulnerability. For the processing of TCP packets with RST or SYN flag set, Openindiana has a wide acceptable range of sequence numbers. It does not require the sequence number to exactly match the next expected sequence value, just to be with...

CVE-2025-9894

The Sync Feedly plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the crsfcronjobfunc function. This makes it possible for unauthenticated attackers to trigger content synchronizati...

CVE-2025-9894 Sync Feedly <= 1.0.1 - Cross-Site Request Forgery to Sync Trigger

The Sync Feedly plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the crsfcronjobfunc function. This makes it possible for unauthenticated attackers to trigger content synchronizati...

CVE-2025-9894 Sync Feedly <= 1.0.1 - Cross-Site Request Forgery to Sync Trigger

The Sync Feedly plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the crsfcronjobfunc function. This makes it possible for unauthenticated attackers to trigger content synchronizati...

Linux Distros Unpatched Vulnerability : CVE-2025-39845

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - x86/mm/64: define ARCHPAGETABLESYNCMASK and archsynckernelmappings Define ARCHPAGETABLESYNCMASK and archsynckernelmappings to ensure page tables are properly...

CVE-2025-59577

Concurrent Execution using Shared Resource with Improper Synchronization 'Race Condition' vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows Leveraging Race Conditions.This issue affects MasterStudy LMS: from n/a through = 3.6.20...

net: dsa: Avoid cross-chip syncing of VLAN filtering

...

SUSE CVE-2025-39874

In the Linux kernel, the following vulnerability has been resolved: macsec: sync features on RTMNEWLINK Syzkaller managed to lock the lower device via ETHTOOLSFEATURES: netdevlock include/linux/netdevice.h:2761 inline netdevlockops include/net/netdevlock.h:42 inline netdevsynclowerfeatures...

UBUNTU-CVE-2025-39874

In the Linux kernel, the following vulnerability has been resolved: macsec: sync features on RTMNEWLINK Syzkaller managed to lock the lower device via ETHTOOLSFEATURES: netdevlock include/linux/netdevice.h:2761 inline netdevlockops include/net/netdevlock.h:42 inline netdevsynclowerfeatures...

CVE-2025-39874 macsec: sync features on RTM_NEWLINK

In the Linux kernel, the following vulnerability has been resolved: macsec: sync features on RTMNEWLINK Syzkaller managed to lock the lower device via ETHTOOLSFEATURES: netdevlock include/linux/netdevice.h:2761 inline netdevlockops include/net/netdevlock.h:42 inline netdevsynclowerfeatures...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a macsec feature synchronization issue that could lead to device lockup...

CVE-2025-59577

Concurrent Execution using Shared Resource with Improper Synchronization 'Race Condition' vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows Leveraging Race Conditions.This issue affects MasterStudy LMS: from n/a through = 3.6.20...