CVE-2019-19396

illumos, as used in OmniOS Community Edition before r151030y, allows a kernel crash via an application with multiple threads calling sendmsg concurrently over a single socket, because uts/common/inet/ip/ipattr.c mishandles connixa dereferences...

AZL-61919 CVE-2025-23166 affecting package nodejs for versions less than 20.14.0-9

The C++ method SignTraits::DeriveBits may incorrectly call ThrowException based on user-supplied inputs when executing in a background thread, crashing the Node.js process. Such cryptographic operations are commonly applied to untrusted inputs. Thus, this mechanism potentially allows an adversary...

CVE-2025-23166

The C++ method SignTraits::DeriveBits may incorrectly call ThrowException based on user-supplied inputs when executing in a background thread, crashing the Node.js process. Such cryptographic operations are commonly applied to untrusted inputs. Thus, this mechanism potentially allows an adversary...

Citrix Virtual Apps and Desktops - Citrix.Monitor.exe memory leak

Citrix.Monitor.exe is gradually taking up ram memory on the Delivery Controller. Number of threads increases every day 200+. Memory usage is very high 1GB+. Process memory dump shows a lot of threads with ‘SendMessagesToPendo’ on the call stack...

CVE-2025-37861

In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Synchronous access b/w reset and tm thread for reply queue When the task management thread processes reply queues while the reset thread resets them, the task management thread accesses an invalid queue ID 0xFFFF, s...

DEBIAN-CVE-2025-37861

In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Synchronous access b/w reset and tm thread for reply queue When the task management thread processes reply queues while the reset thread resets them, the task management thread accesses an invalid queue ID 0xFFFF, s...

SUSE CVE-2025-37750

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix UAF in decryption with multichannel After commit f7025d861694 "smb: client: allocate crypto only for primary server" and commit b0abcd65ec54 "smb: client: fix UAF in async decryption", the channels started reusin...

DEBIAN-CVE-2022-49852

In the Linux kernel, the following vulnerability has been resolved: riscv: process: fix kernel info leakage threadstruct's s12 may contain random kernel memory content, which may be finally leaked to userspace. This is a security hole. Fix it by clearing the s12 array in threadstruct when fork. A...

AZL-69737 CVE-2025-37750 affecting package kernel 6.6.126.1-1

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix UAF in decryption with multichannel After commit f7025d861694 "smb: client: allocate crypto only for primary server" and commit b0abcd65ec54 "smb: client: fix UAF in async decryption", the channels started reusin...

SUSE CVE-2025-22024

In the Linux kernel, the following vulnerability has been resolved: nfsd: fix management of listener transports Currently, when no active threads are running, a root user using nfsdctl command can try to remove a particular listener from the list of previously added ones, then start the server by...

DEBIAN-CVE-2025-22009

In the Linux kernel, the following vulnerability has been resolved: regulator: dummy: force synchronous probing Sometimes I get a NULL pointer dereference at boot time in kobjectget with the following call stack: anatopregulatorprobe devmregulatorregister regulatorregister regulatorresolvesupply...

CVE-2025-21436

Memory corruption may occur while initiating two IOCTL calls simultaneously to create processes from two different threads...

CVE-2025-21436

Memory corruption may occur while initiating two IOCTL calls simultaneously to create processes from two different threads...

Azure Linux 3.0 Security Update: kernel (CVE-2024-56670)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-56670 advisory. - In the Linux kernel, the following vulnerability has been resolved: usb: gadget: userial: Fix the issue that...

net: rose: fix timer races against user threads

...

Linux Distros Unpatched Vulnerability : CVE-2024-38667

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - riscv: prevent ptregs corruption for secondary idle threads Top of the kernel thread stack should be reserved for ptregs. However this is not the case for the...

MAL-2025-1633 Malicious code in threads_api_sample (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bdb5d2ffbf67e52e43a62054fde29f4de7d6c5b68dd8fb80a42606e42170325f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

SUSE CVE-2025-21718

In the Linux kernel, the following vulnerability has been resolved: net: rose: fix timer races against user threads Rose timers only acquire the socket spinlock, without checking if the socket is owned by one user thread. Add a check and rearm the timers if needed. BUG: KASAN: slab-use-after-free...

UBUNTU-CVE-2025-21749

In the Linux kernel, the following vulnerability has been resolved: net: rose: lock the socket in rosebind syzbot reported a soft lockup in roseloopbacktimer, with a repro calling bind from multiple threads. rosebind must lock the socket to avoid this issue...

SUSE CVE-2022-49124

In the Linux kernel, the following vulnerability has been resolved: x86/mce: Work around an erratum on fast string copy instructions A rare kernel panic scenario can happen when the following conditions are met due to an erratum on fast string copy instructions: 1 An uncorrected error. 2 That err...