UBUNTU-CVE-2025-39904

In the Linux kernel, the following vulnerability has been resolved: arm64: kexec: initialize kexecbuf struct in loadothersegments Patch series "kexec: Fix invalid field access". The kexecbuf structure was previously declared without initialization. commit bf454ec31add "kexecfile: allow to place...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that originates from a shift operation in which the number of shift bits equals the number of operand bits, which could lead to...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from an incorrectly handled RX metadata pointer retrieval error that could result in a crash or undefined behavior...

PT-2025-40104

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the drm/amdkfd module. A shift-out-of-bounds warning can occur if get num sdma queues or get num xgmi sdma queues returns 0, leading to a shift...

K000156730: Multiple ImageMagick vulnerabilities

Security Advisory Description CVE-2021-20176 A divide-by-zero flaw was found in ImageMagick 6.9.11-57 and 7.0.10-57 in gem.c. This flaw allows an attacker who submits a crafted file that is processed by ImageMagick to trigger undefined behavior through a division by zero. The highest threat from...

K000156722: Multiple ImageMagick vulnerabilities

Security Advisory Description CVE-2020-27763 A flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. This would most likely lead to an impact to applicati...

firefox: thunderbird: Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape due to undefined behavior, invalid pointer in the Graphics...

firefox: thunderbird: Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape due to undefined behavior, invalid pointer in the Graphics...

CVE-2025-10456

A vulnerability was identified in the handling of Bluetooth Low Energy BLE fixed channels such as SMP or ATT. Specifically, an attacker could exploit a flaw that causes the BLE target i.e., the device under attack to attempt to disconnect a fixed channel, which is not allowed per the Bluetooth...

Linux Distros Unpatched Vulnerability : CVE-2022-50366

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - powercap: intelrapl: fix UBSAN shift-out-of-bounds issue When value timeunit, the parameter of ilog2 will be zero and the return value is -1. u64-1 is too large...

CVE-2025-10456

CVE-2025-10456 concerns BLE fixed-channel handling (SMP/ATT) in Zephyr RTOS. The root issue: a device may be tricked into sending a disconnection request for a fixed channel, which is disallowed by the Bluetooth spec, triggering undefined behavior such as assertion failures, crashes, or memory co...

PT-2025-38514

Name of the Vulnerable Software and Affected Versions Bluetooth Low Energy BLE affected versions not specified Description A flaw exists in the handling of Bluetooth Low Energy BLE fixed channels, such as SMP or ATT. An attacker can exploit this issue, causing the BLE target device to attempt to...

Zephyr 安全漏洞

Zephyr is an extensible real-time operating system RTOS open-sourced by Zephyr. A security vulnerability exists in Zephyr that stems from a flaw in the handling of the Bluetooth Low Energy Fixed Channel, which could lead to undefined behavior, including assertion failure, crashes, or memory...

SUSE CVE-2022-50390

In the Linux kernel, the following vulnerability has been resolved: drm/ttm: fix undefined behavior in bit shift for TTMTTFLAGPRIVPOPULATED Shifting signed 32-bit value by 31 bits is undefined, so changing significant bit to unsigned. The UBSAN warning calltrace like below: UBSAN:...

CVE-2022-50403

A vulnerability was identified in the Linux kernel's ext4 filesystem implementation due to a flaw in how it processes filesystem metadata. An attacker with local privileges could create a malicious ext4 filesystem image to trigger this issue. When the system attempts to mount this malicious image...

CVE-2022-50403

In the Linux kernel, the following vulnerability has been resolved: ext4: fix undefined behavior in bit shift for ext4checkflagvalues Shifting signed 32-bit value by 31 bits is undefined, so changing significant bit to unsigned. The UBSAN warning calltrace like below: UBSAN: shift-out-of-bounds i...

CVE-2022-50403

CVE-2022-50403 is documented in connected advisories as a kernel/ext4 issue: undefined behavior in a bit-shift check within ext4_check_flag_values. Red Hat RHSA-2025-23947 (RHEL 7 kernel) and RHSA-2025-23445 (RHEL 8 kernel) enumerate this CVE among security fixes for the kernel. Affected componen...

CVE-2022-50390

In the Linux kernel, the following vulnerability has been resolved: drm/ttm: fix undefined behavior in bit shift for TTMTTFLAGPRIVPOPULATED Shifting signed 32-bit value by 31 bits is undefined, so changing significant bit to unsigned. The UBSAN warning calltrace like below: UBSAN:...

DEBIAN-CVE-2022-50390

In the Linux kernel, the following vulnerability has been resolved: drm/ttm: fix undefined behavior in bit shift for TTMTTFLAGPRIVPOPULATED Shifting signed 32-bit value by 31 bits is undefined, so changing significant bit to unsigned. The UBSAN warning calltrace like below: UBSAN:...

UBUNTU-CVE-2023-53395

In the Linux kernel, the following vulnerability has been resolved: ACPICA: Add AMLNOOPERANDRESOLVE flag to Timer ACPICA commit 90310989a0790032f5a0140741ff09b545af4bc5 According to the ACPI specification 19.6.134, no argument is required to be passed for ASL Timer instruction. For taking care of...