CVE-2025-37920

CVE-2025-37920 affects the Linux kernel in the AF_XDP path. The issue is a race condition in the generic RX path when multiple sockets share the same xsk_buff_pool (shared umem), with RX queues being socket-exclusive and FILL queues sharable. The fix moves the rx_lock from xsk_socket to the share...

CVE-2025-37920 xsk: Fix race condition in AF_XDP generic RX path

In the Linux kernel, the following vulnerability has been resolved: xsk: Fix race condition in AFXDP generic RX path Move rxlock from xsksocket to xskbuffpool. Fix synchronization for shared umem mode in generic RX path where multiple sockets share single xskbuffpool. RX queue is exclusive to...

Lara: Lightweight Anonymous Authentication with Asynchronous Revocation Auditability

Anonymous authentication is a technique that allows to combine access control with privacy preservation. Typically, clients use different pseudonyms for each access, hindering providers from correlating their activities. To perform the revocation of pseudonyms in a privacy preserving manner is...

The vulnerability of the Cisco Application Policy Infrastructure Controller, related to synchronization errors when using shared resources, allows a perpetrator to trigger a service failure.

The vulnerability of the Cisco Application Policy Infrastructure Controller, a component of the information infrastructure management tool, is related to synchronization errors when using shared resources. Exploiting this vulnerability can allow attackers to cause service failures...

The vulnerability of the Microsoft Azure File Sync data synchronization service, related to access control deficiencies, allows attackers to escalate their privileges.

The vulnerability of the Microsoft Azure File Sync data synchronization service is related to lack of access control. Exploiting this vulnerability can allow attackers to enhance their privileges...

The vulnerability of the MS-EVEN protocol implementation (EventLog Remoting Protocol) in Windows operating systems allows a perpetrator to execute arbitrary code.

The vulnerability of the MS-EVEN protocol EventLog Remoting Protocol for Windows operating systems is related to synchronization errors when using a shared resource “Race Condition”. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...

The vulnerability of the Universal Print Management Service for Windows operating systems allows a perpetrator to increase their privileges.

The vulnerability of the Universal Print Management Service in Windows operating systems is related to synchronization errors when using a shared resource “Race Condition”. Exploiting this vulnerability can allow an attacker to increase their privileges...

The vulnerability of the Microsoft Virtual Machine Bus (VMBus) component in Windows operating systems allows a hacker to execute arbitrary code.

The vulnerability of the Microsoft Virtual Machine Bus VMBus component in Windows operating systems is related to synchronization errors when using shared resources. Exploiting this vulnerability can allow a remote attacker to execute arbitrary code...

The vulnerability of embedded software developed by Qualcomm, related to synchronization errors when using common resources (“Race Situation”), allows a violator to trigger a service failure.

The vulnerability of embedded Qualcomm software programs is related to synchronization errors when using a common resource “Race Situation”. Exploiting this vulnerability can allow an attacker to cause a service failure...

kernel: Bluetooth: Fix memory leak in hci_req_sync_complete()

This CVE identifies a memory leak in the Linux kernel's Bluetooth subsystem, specifically within the hcireqsynccomplete function. The issue arises because the function fails to release the previous synchronization request state before assigning a new one, leading to increased memory usage over...

Universal Print Management Service Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization 'race condition' in Universal Print Management Service allows an authorized attacker to elevate privileges locally...

The vulnerability of software platforms for developing and managing online stores such as Magento Open Source, Adobe Commerce, and Adobe Commerce B2B lies in synchronization errors when using shared resources. This allows attackers to circumvent existing security restrictions and gain unauthorized access to protected information.

The vulnerabilities of programming platforms for developing and managing online stores such as Magento Open Source, Adobe Commerce, and Adobe Commerce B2B are related to synchronization errors when using shared resources. Exploiting these vulnerabilities can allow remote attackers to bypass...

The vulnerability of software platforms for developing and managing online stores such as Magento Open Source, Adobe Commerce, and Adobe Commerce B2B lies in synchronization errors when using shared resources. This allows attackers to circumvent existing security restrictions and gain unauthorized access to protected information.

The vulnerabilities of programming platforms for developing and managing online stores such as Magento Open Source, Adobe Commerce, and Adobe Commerce B2B are related to synchronization errors when using shared resources. Exploiting these vulnerabilities can allow remote attackers to bypass...

CVE-2025-47735

inner::drop in inner.rs in the wgp crate through 0.2.0 for Rust lacks dropslow thread synchronization...

SUSE CVE-2025-37861

In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Synchronous access b/w reset and tm thread for reply queue When the task management thread processes reply queues while the reset thread resets them, the task management thread accesses an invalid queue ID 0xFFFF, s...

CVE-2025-47545

Concurrent Execution using Shared Resource with Improper Synchronization 'Race Condition' vulnerability in Ays Pro Poll Maker poll-maker allows Leveraging Race Conditions.This issue affects Poll Maker: from n/a through = 5.7.7...

CVE-2025-37884

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix deadlock between rcutaskstrace and eventmutex. Fix the following deadlock: CPU A freeevent perfkprobedestroy mutexlock&eventmutex perftraceeventunreg synchronizercutaskstrace There are several paths where freeevent grabs...

AZL-62498 CVE-2025-37861 affecting package kernel 6.6.126.1-1

In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Synchronous access b/w reset and tm thread for reply queue When the task management thread processes reply queues while the reset thread resets them, the task management thread accesses an invalid queue ID 0xFFFF, s...

CVE-2025-37861

In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Synchronous access b/w reset and tm thread for reply queue When the task management thread processes reply queues while the reset thread resets them, the task management thread accesses an invalid queue ID 0xFFFF, s...

DEBIAN-CVE-2025-37861

In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Synchronous access b/w reset and tm thread for reply queue When the task management thread processes reply queues while the reset thread resets them, the task management thread accesses an invalid queue ID 0xFFFF, s...