CVE-2025-68817 ksmbd: fix use-after-free in ksmbd_tree_connect_put under concurrency

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in ksmbdtreeconnectput under concurrency Under high concurrency, A tree-connection object tcon is freed on a disconnect path while another path still holds a reference and later executes put/write on it...

CVE-2025-68817

The CVE-2025-68817 entry concerns a Linux kernel ksmbd issue: a use-after-free in ksmbd_tree_connect_put under concurrent disconnect paths. Under high concurrency, a tcon (tree-connection object) can be freed on disconnect while another path still holds a reference and may later call *_put() or w...

CVE-2025-68817

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in ksmbdtreeconnectput under concurrency Under high concurrency, A tree-connection object tcon is freed on a disconnect path while another path still holds a reference and later executes put/write on it...

CVE-2025-68778 btrfs: don't log conflicting inode if it's a dir moved in the current transaction

In the Linux kernel, the following vulnerability has been resolved: btrfs: don't log conflicting inode if it's a dir moved in the current transaction We can't log a conflicting inode if it's a directory and it was moved from one parent directory to another parent directory in the current...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerabilities have been resolved: dmaengine: qcom: bamdma: Fixed error handling for num-channels/ees When there is no clock specified in the device tree, there is no way to ensure that BAM is enabled. This often occurs for remotely controlled or remotely power...

Astra Linux - уязвимость в linux-6.12

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix infinite loop in insertextenttree When we get wrong extent info data, and look up extentnode in rb tree, it will cause infinite loop CONFIGF2FSCHECKFS=n. Avoiding this by return NULL and print some kernel messages in th...

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: Networks: Bridges – Fix for use-after-free due to bypassing the port’s state. 1 Syzbot reported a use-after-free when deleting an expired fdb. This issue arises due to a race condition between the ongoing learning process and the...

What Should We Learn From How Attackers Leveraged AI in 2025?

Old Playbook, New Scale:While defenders are chasing trends, attackers are optimizing the basics The security industry loves talking about "new" threats. AI-powered attacks. Quantum-resistant encryption. Zero-trust architectures. But looking around, it seems like the most effective attacks in 2025...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the possibility that tree-connected objects may be released prematurely under high concurrency, potentially...

PT-2026-2549

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the ksmbd module. Specifically, a use-after-free condition can occur in the ksmbd tree connect put function under conditions of high concurrency...

git-lfs: Git LFS may write to arbitrary files via crafted symlinks

A flaw was found in Git LFS. Running git lfs checkout and git lfs pull in a specially crafted repository, specifically with symbolic or hard links tracked by Git LFS and pointing to files outside the working tree or in a bare repository, can cause Git LFS to write to arbitrary file system locatio...

git-lfs: Git LFS may write to arbitrary files via crafted symlinks

A flaw was found in Git LFS. Running git lfs checkout and git lfs pull in a specially crafted repository, specifically with symbolic or hard links tracked by Git LFS and pointing to files outside the working tree or in a bare repository, can cause Git LFS to write to arbitrary file system locatio...

git-lfs: Git LFS may write to arbitrary files via crafted symlinks

A flaw was found in Git LFS. Running git lfs checkout and git lfs pull in a specially crafted repository, specifically with symbolic or hard links tracked by Git LFS and pointing to files outside the working tree or in a bare repository, can cause Git LFS to write to arbitrary file system locatio...

ROS-20260112-7305

A vulnerability in the genradixiterpeek function of the include/linux/generic-radix-tree.h module of the Linux operating system kernel is related to integer overflow. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

CVE-2022-23051

PeteReport Version 0.5 allows an authenticated admin user to inject persistent JavaScript code while adding an 'Attack Tree' by modifying the 'svgfile' parameter...

CVE-2019-2932

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft component: Tree Manager. Supported versions that are affected are 8.56 and 8.57. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise...

CVE-2024-34460

The Tree Explorer tool from Organizer in Zenario before 9.5.60602 is affected by XSS. This component was removed in 9.5.60602...

CVE-2023-29173

Missing Authorization vulnerability in AWESOME TOGI Product Category Tree allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Category Tree: from n/a through 2.5...

CVE-2025-23515

Missing Authorization vulnerability in tsecher ts-tree ts-tree allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ts-tree: from n/a through = 0.1.1...

CVE-2022-23628

OPA is an open source, general-purpose policy engine. Under certain conditions, pretty-printing an abstract syntax tree AST that contains synthetic nodes could change the logic of some statements by reordering array literals. Example of policies impacted are those that parse and compare web paths...