CVE-2023-53728

The CVE affects the Linux kernel’s posix-timers path, where posix_timer_add() allocates timer IDs by scanning from a cached, last-allocation ID. The loop that searches for a free ID is not properly synchronized with the starting value, because start is read locklessly while the hash lock is acqui...

CVE-2023-53727

CVE-2023-53727 (Linux kernel) : The vulnerability resides in net/sched fq_pie where fq_pie_timer() could stall when configuring a very high number of flows (65536). The fix adds logic to yield the CPU every 2048 flows, reducing stall time to under 150 microseconds on debug kernels and preventing ...

CVE-2023-53725

CVE-2023-53725 affects the Linux kernel Cadence TTC clocksource driver, specifically the ttc_timer_probe path. The vulnerability is described as a memory leak caused by the base IO mapping not being released. The provided fixes replace the non-managed iomap usage with devm_of_iomap() and add clea...

CVE-2023-53725 clocksource/drivers/cadence-ttc: Fix memory leak in ttc_timer_probe

In the Linux kernel, the following vulnerability has been resolved: clocksource/drivers/cadence-ttc: Fix memory leak in ttctimerprobe Smatch reports: drivers/clocksource/timer-cadence-ttc.c:529 ttctimerprobe warn: 'timerbaseaddr' from ofiomap not released on lines: 498,508,516. timerbaseaddr may...

CVE-2023-53712

CVE-2023-53712 relates to the Linux kernel ARM kexec crash handling where the SMP stop notification can be triggered synchronously with interrupts disabled during a crash path. The root issue occurs when a panic is caused by a hrtimer interrupt, which would notify all online CPUs and set them off...

CVE-2022-50563 dm thin: Fix UAF in run_timer_softirq()

In the Linux kernel, the following vulnerability has been resolved: dm thin: Fix UAF in runtimersoftirq When dmresume and dmdestroy are concurrent, it will lead to UAF, as follows: BUG: KASAN: use-after-free in runtimers+0x173/0x710 Write of size 8 at addr ffff88816d9490f0 by task swapper/0/0 Cal...

CVE-2022-50563

CVE-2022-50563 (Linux kernel) describes a use-after-free in the dm thin subsystem when concurrent dm_resume() and dm_destroy() trigger run_timer_softirq(). The root cause is that dm_resume() can re-arm a timer after dm_destroy() has not cancelled it due to suspend status, leading to the timer fir...

CVE-2022-50563 dm thin: Fix UAF in run_timer_softirq()

In the Linux kernel, the following vulnerability has been resolved: dm thin: Fix UAF in runtimersoftirq When dmresume and dmdestroy are concurrent, it will lead to UAF, as follows: BUG: KASAN: use-after-free in runtimers+0x173/0x710 Write of size 8 at addr ffff88816d9490f0 by task swapper/0/0 Cal...

PT-2025-43128

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.5.0-syzkaller-00453-g727dbda16b83 Description The Linux kernel contains an issue within the networking scheduler related to the fq pie Fair Queueing Packet Identifier implementation. Specifically, the fq pie...

WordPress plugin WPC Countdown Timer for WooCommerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from an invalid timer ID search loop limit in the posixtimeradd function, which could lead to an infinite loop...

PT-2025-43176

Name of the Vulnerable Software and Affected Versions WPClever WPC Countdown Timer for WooCommerce versions through 3.1.4 Description The WPC Countdown Timer for WooCommerce software contains a flaw due to improper neutralization of input during web page generation, which allows for Stored...

PT-2025-43126

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a memory leak in the ttc timer probe function within the cadence-ttc timer driver. The timer baseaddr resource, obtained through of iomap, was not consistently...

CLSA-2025-1761074747 kernel: Fix of 39 CVEs

nfs: fix UAF in direct writes CVE-2024-26958 - NFSD: Fix the behavior of READ near OFFSETMAX CVE-2022-48827 - thermal: core: prevent potential string overflow CVE-2023-52868 - ath5k: fix OOB in ath5keepromreadpcalinfo5111 CVE-2021-47633 - RDMA/cma: Ensure rdmaaddrcancel happens before issuing...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987660)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987660 advisory. In the Linux kernel, the following vulnerability has been resolved: drivers: tty: serial: Fix deadlock in sa1100settermios There is a deadlock in sa1100settermios,...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987575)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987575 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: xtIDLETIMER: fix panic that occurs when timertype has garbage value Currently, when th...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987665)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987665 advisory. In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Use deltimersync in fw reset flow of halting poll Substitute deltimer with deltimersync...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987555)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987555 advisory. In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix call timer start racing with call destruction The rxrpccall struct has a timer used to...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987632)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987632 advisory. In the Linux kernel, the following vulnerability has been resolved: drivers: staging: rtl8192u: Fix deadlock in ieee80211beaconsstop There is a deadlock in...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987636)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987636 advisory. In the Linux kernel, the following vulnerability has been resolved: drivers: usb: host: Fix deadlock in oxubussuspend There is a deadlock in oxubussuspend, which is...