Security Bulletin: IBM QRadar Data Synchronization App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. IBM QRadar Data Synchronization App for IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2024-47764 DESCRIPTION: jshttp cooki...

Vulnerability of the dev_pm_skip_resume() function in the drivers/base/power/main.c module – a driver for kernel-based PCI devices in the Linux operating system, which allows a hacker to trigger a service failure.

Vulnerability of the devpmskipresume function in the drivers/base/power/main.c module – The Linux kernel’s bus device support driver is vulnerable to synchronization errors when using shared resources. Exploiting this vulnerability could allow an attacker to cause a service failure...

Vulnerability of the dpll_nl_pin_get_dumpit() function in the drivers/dpll/dpll_netlink.c module – A DPLL driver for the Linux operating system that allows a hacker to cause a service failure.

Vulnerability of the dpllnlpingetdumpit function in the drivers/dpll/dpllnetlink.c module – The DPLL driver support in Linux kernels is vulnerable to synchronization errors when using shared resources. Exploiting this vulnerability can allow attackers to cause service failures...

Vulnerability of the aoeblk_gdalloc() function in the drivers/block/aoe/aoeblk.c module – This driver provides support for block devices in the Linux kernel, which can be exploited by attackers to cause service failures.

Vulnerability of the aoeblkgdalloc function in the drivers/block/aoe/aoeblk.c module – The Linux kernel’s block device support driver is vulnerable to synchronization errors when using shared resources. Exploiting this vulnerability can allow an attacker to cause service failures...

The vulnerability of the sk_setsockopt() function in the net/core/sock.c module exposes the support for kernel network functions in the Linux operating system, allowing an attacker to cause a service failure.

The vulnerability of the sksetsockopt function in the net/core/sock.c module related to Linux kernel network functions is associated with synchronization errors when using shared resources. Exploiting this vulnerability can allow an attacker to cause a service failure...

Vulnerability of the ufshcd_exec_dev_cmd() function in the drivers/scsi/ufs/ufshcd.c module – This driver provides support for SCSI devices in the Linux operating system. It can be exploited by attackers to cause service failures.

Vulnerability of the ufshcdexecdevcmd function in the drivers/scsi/ufs/ufshcd.c module – The Linux kernel’s SCSI device support driver is vulnerable to synchronization errors when using shared resources. Exploiting this vulnerability can allow an attacker to cause service failures...

Vulnerability of the hisi_sas_internal_abort_timeout() function in the drivers/scsi/hisi_sas/hisi_sas_main.c module – This driver for SCSI devices in the Linux operating system allows a hacker to trigger a service failure.

Vulnerability of the hisisasinternalaborttimeout function in the drivers/scsi/hisisas/hisisasmain.c module – The Linux SCSI device support driver is vulnerable to synchronization errors when using shared resources. Exploiting this vulnerability can allow an attacker to cause a service failure...

The vulnerability of the kvm_hyp_reserve() function in the arch/arm64/kvm/pkvm.c module of the virtualization subsystem on the ARM 64-bit kernel of the Linux operating system allows a hacker to trigger a service failure.

The vulnerability of the kvmhypreserve function in the arch/arm64/kvm/pkvm.c module of the virtualization subsystem on the ARM 64-bit kernel of the Linux operating system is related to synchronization errors when using shared resources. Exploiting this vulnerability can allow an attacker to cause...

The vulnerability of the Local Security Authority (LSA) service in the Windows operating system allows a perpetrator to elevate their privileges.

The vulnerability of the Local Security Authority LSA service in the Windows operating system is related to synchronization errors when using a common resource. Exploiting this vulnerability can allow an attacker to increase their privileges...

The vulnerability in the fs/quota/dquot.c component of the Linux operating system allows a hacker to trigger a service failure.

The vulnerability in the fs/quota/dquot.c component of the Linux operating system is related to the simultaneous execution using shared resources with incorrect synchronization. Exploiting this vulnerability can allow an attacker to cause service failures...

The vulnerability of the receive.c component of WireGuard in the Linux operating system allows a hacker to cause a service failure.

The vulnerability of the wireguard/receive.c component in the Linux operating system’s kernel is related to the simultaneous execution using shared resources with incorrect synchronization. Exploiting this vulnerability can allow an attacker to cause a service failure...

The vulnerability in the events_base.c component of the Linux operating system’s kernel allows a hacker to trigger a service failure.

The vulnerability of the eventsbase.c component in the Linux operating system’s kernel is related to the simultaneous execution using shared resources with incorrect synchronization. Exploiting this vulnerability can allow an attacker to cause a service failure...

CVE-2025-26649

Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Secure Channel allows an authorized attacker to elevate privileges locally...

CVE-2025-27492

CVE-2025-27492 arises from a race condition in Windows Secure Channel (Schannel) due to improper synchronization on a shared resource, enabling a locally authenticated attacker to elevate privileges. The entry is supported by multiple sources noting a Windows Privilege Elevation vulnerability and...

CVE-2025-22014

CVE-2025-22014 relates to the Linux kernel, specifically the QCOM SoC PDR path. The issue is a potential deadlock between processes when a client adds a service lookup (pdr_add_lookup) and a server locator update (pdr_locator_new_server), which can cause the response to queue on the same workqueu...

CVE-2025-22009 regulator: dummy: force synchronous probing

In the Linux kernel, the following vulnerability has been resolved: regulator: dummy: force synchronous probing Sometimes I get a NULL pointer dereference at boot time in kobjectget with the following call stack: anatopregulatorprobe devmregulatorregister regulatorregister regulatorresolvesupply...

Windows Secure Channel Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Secure Channel allows an authorized attacker to elevate privileges locally...

CVE-2024-58131

FISCO BCOS 3.11.0 has an issue with synchronization of the transaction pool that can, for example, be observed when a malicious node that has modified the codebase to allow a large minsealtime value joins a blockchain network...

Vulnerability of the rkisp1_csi_disable() function in the drivers/media/platform/rockchip/rkisp1/rkisp1-csi.c module – This driver is responsible for supporting multimedia devices in the Linux operating system. An attacker can exploit this vulnerability to cause a service failure.

Vulnerability of the rkisp1csidisable function in the drivers/media/platform/rockchip/rkisp1/rkisp1-csi.c module – The Linux kernel’s multimedia device support driver is vulnerable to synchronization errors when using shared resources. Exploiting this vulnerability could allow an attacker to caus...

The vulnerability of the section_nr_to_pfn() function in the include/linux/mmzone.h module of the Linux operating system allows a hacker to cause a service failure.

The vulnerability of the sectionnrtopfn function in the include/linux/mmzone.h module of the Linux operating system is related to synchronization errors when using shared resources. Exploiting this vulnerability can allow an attacker to cause a service failure...