CVE-2025-66624 BACnet-stack MS/TP reply matcher OOB read

BACnet Protocol Stack library provides a BACnet application layer, network layer and media access MAC layer communications services. Prior to 1.5.0.rc2, The npduisexpectedreply function in src/bacnet/npdu.c indexes requestpduoffset+2/3/5 and replypduoffset+1/2/4 without verifying that those APDU...

CVE-2025-66624 BACnet-stack MS/TP reply matcher OOB read

BACnet Protocol Stack library provides a BACnet application layer, network layer and media access MAC layer communications services. Prior to 1.5.0.rc2, The npduisexpectedreply function in src/bacnet/npdu.c indexes requestpduoffset+2/3/5 and replypduoffset+1/2/4 without verifying that those APDU...

maxminddb's `Reader::open_mmap` unsoundly marks unsafe memmap operation as safe

maxminddb prior to version 0.27 declared Reader::openmmap as safe despite wrapping an inherently unsafe memmap2 operation with no extra step done to guarantee safety. This could have led to undefined behaviour if the file were to be modified on disk while the memory map was still active...

JLSEC-2025-332 A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library

A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is not detected and may lead to libssh using a partially initialized cipher context. This occurs because the OpenSSL error code returned aliases with th...

RUSTSEC-2025-0132 `Reader::open_mmap` unsoundly marks unsafe memmap operation as safe

maxminddb prior to version 0.27 declared Reader::openmmap as safe despite wrapping an inherently unsafe memmap2 operation with no extra step done to guarantee safety. This could have led to undefined behaviour if the file were to be modified on disk while the memory map was still active...

`Reader::open_mmap` unsoundly marks unsafe memmap operation as safe

maxminddb prior to version 0.27 declared Reader::openmmap as safe despite wrapping an inherently unsafe memmap2 operation with no extra step done to guarantee safety. This could have led to undefined behaviour if the file were to be modified on disk while the memory map was still active...

kernel: ext4: fix undefined behavior in bit shift for ext4_check_flag_values

A vulnerability was identified in the Linux kernel's ext4 filesystem implementation due to a flaw in how it processes filesystem metadata. An attacker with local privileges could create a malicious ext4 filesystem image to trigger this issue. When the system attempts to mount this malicious image...

Siemens SCALANCE and RUGGEDCOM Devices Improper Input Validation (CVE-2024-42148)

bnx2x: multiple UBSAN array-index-out-of-bounds. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid504470; scriptversion"1.2";...

HSEC-2024-0002 out-of-bounds write when there are many bzip2 selectors

out-of-bounds write when there are many bzip2 selectors A malicious bzip2 payload may produce a memory corruption resulting in a denial of service and/or remote code execution. Network services or command line utilities decompressing untrusted bzip2 payloads are affected. Note that the exploitati...

OESA-2025-2661 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: Squashfs: check return result of sbminblocksize Syzkaller reports an "UBSAN: shift-out-of-bounds in squashfsbioread" bug. Syzkaller forks multiple processes whic...

kernel: HID: core: fix shift-out-of-bounds in hid_report_raw_event

In the Linux kernel, the following vulnerability has been resolved: HID: core: fix shift-out-of-bounds in hidreportrawevent Syzbot reported shift-out-of-bounds in hidreportrawevent. microsoft 0003:045E:07DA.0001: hidfieldextract called with n 128 32! swapper/0...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-990755)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990755 advisory. In the Linux kernel, the following vulnerability has been resolved: capabilities: fix undefined behavior in bit shift for CAPTOMASK Shifting signed 32-bit value by 3...

kernel: ipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init()

In the Linux kernel, the following vulnerability has been resolved: ipvs: fix UB due to uninitialized stack access in ipvsprotocolinit Under certain kernel configurations when building with Clang/LLVM, the compiler does not generate a return or jump as the terminator instruction for...

kernel: wifi: mac80211: Set n_channels after allocating struct cfg80211_scan_request

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: Set nchannels after allocating struct cfg80211scanrequest Make sure that nchannels is set after allocating the struct cfg80211registereddevice::intscanreq member. Seen with syzkaller: UBSAN:...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989086)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989086 advisory. In the Linux kernel, the following vulnerability has been resolved: gpio: wcd934x: Fix shift-out-of-bounds error bit-mask for pins 0 to 4 is BIT0 to BIT4 however we...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989007)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989007 advisory. In the Linux kernel, the following vulnerability has been resolved: fs/jfs: Add check for negative dbl2nbperpage l2nbperpage is log2number of blks per page, and the...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990325)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990325 advisory. In the Linux kernel, the following vulnerability has been resolved: blk-iocost: avoid out of bounds shift UBSAN catches undefined behavior in blk-iocost, where...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-990081)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990081 advisory. In the Linux kernel, the following vulnerability has been resolved: ipvs: fix UB due to uninitialized stack access in ipvsprotocolinit Under certain kernel...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989631)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989631 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/amd: Fix UBSAN array-index-out-of-bounds for Polaris and Tonga For pptable structs that use...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988664)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988664 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/amd: Fix UBSAN array-index-out-of-bounds for SMU7 For pptable structs that use flexible array...