`Reader::open_mmap` unsoundly marks unsafe memmap operation as safe

maxminddb prior to version 0.27 declared Reader::openmmap as safe despite wrapping an inherently unsafe memmap2 operation with no extra step done to guarantee safety. This could have led to undefined behaviour if the file were to be modified on disk while the memory map was still active...

RUSTSEC-2025-0132 `Reader::open_mmap` unsoundly marks unsafe memmap operation as safe

maxminddb prior to version 0.27 declared Reader::openmmap as safe despite wrapping an inherently unsafe memmap2 operation with no extra step done to guarantee safety. This could have led to undefined behaviour if the file were to be modified on disk while the memory map was still active...

kernel: ext4: fix undefined behavior in bit shift for ext4_check_flag_values

A vulnerability was identified in the Linux kernel's ext4 filesystem implementation due to a flaw in how it processes filesystem metadata. An attacker with local privileges could create a malicious ext4 filesystem image to trigger this issue. When the system attempts to mount this malicious image...

Siemens SCALANCE and RUGGEDCOM Devices Improper Input Validation (CVE-2024-42148)

bnx2x: multiple UBSAN array-index-out-of-bounds. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid504470; scriptversion"1.2";...

HSEC-2024-0002 out-of-bounds write when there are many bzip2 selectors

out-of-bounds write when there are many bzip2 selectors A malicious bzip2 payload may produce a memory corruption resulting in a denial of service and/or remote code execution. Network services or command line utilities decompressing untrusted bzip2 payloads are affected. Note that the exploitati...

OESA-2025-2661 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: Squashfs: check return result of sbminblocksize Syzkaller reports an "UBSAN: shift-out-of-bounds in squashfsbioread" bug. Syzkaller forks multiple processes whic...

kernel: HID: core: fix shift-out-of-bounds in hid_report_raw_event

In the Linux kernel, the following vulnerability has been resolved: HID: core: fix shift-out-of-bounds in hidreportrawevent Syzbot reported shift-out-of-bounds in hidreportrawevent. microsoft 0003:045E:07DA.0001: hidfieldextract called with n 128 32! swapper/0...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-990755)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990755 advisory. In the Linux kernel, the following vulnerability has been resolved: capabilities: fix undefined behavior in bit shift for CAPTOMASK Shifting signed 32-bit value by 3...

kernel: wifi: mac80211: Set n_channels after allocating struct cfg80211_scan_request

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: Set nchannels after allocating struct cfg80211scanrequest Make sure that nchannels is set after allocating the struct cfg80211registereddevice::intscanreq member. Seen with syzkaller: UBSAN:...

kernel: ipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init()

In the Linux kernel, the following vulnerability has been resolved: ipvs: fix UB due to uninitialized stack access in ipvsprotocolinit Under certain kernel configurations when building with Clang/LLVM, the compiler does not generate a return or jump as the terminator instruction for...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989631)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989631 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/amd: Fix UBSAN array-index-out-of-bounds for Polaris and Tonga For pptable structs that use...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989007)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989007 advisory. In the Linux kernel, the following vulnerability has been resolved: fs/jfs: Add check for negative dbl2nbperpage l2nbperpage is log2number of blks per page, and the...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989086)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989086 advisory. In the Linux kernel, the following vulnerability has been resolved: gpio: wcd934x: Fix shift-out-of-bounds error bit-mask for pins 0 to 4 is BIT0 to BIT4 however we...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990325)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990325 advisory. In the Linux kernel, the following vulnerability has been resolved: blk-iocost: avoid out of bounds shift UBSAN catches undefined behavior in blk-iocost, where...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988664)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988664 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/amd: Fix UBSAN array-index-out-of-bounds for SMU7 For pptable structs that use flexible array...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989904)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989904 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix UBSAN warning in kvdpm.c Adds bounds check for sumovidmappingentry. Tenable has...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-990081)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990081 advisory. In the Linux kernel, the following vulnerability has been resolved: ipvs: fix UB due to uninitialized stack access in ipvsprotocolinit Under certain kernel...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988914)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988914 advisory. In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on curseg-alloctype As Wenqing Liu reported in bugzilla:...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990374)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990374 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix UBSAN warning in kvdpm.c Adds bounds check for sumovidmappingentry. Tenable has...

FreeBSD : Firefox -- Sandbox escape due to undefined behavior (8b5f4eb3-b808-11f0-8016-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 8b5f4eb3-b808-11f0-8016-b42e991fc52e advisory. https://bugzilla.mozilla.org/showbug.cgi?id=1986185 reports: Sandbox escape due to undefined behavior,...