EUVD-2025-24190

Malicious code in bioql PyPI...

RLSA-2025:7956 Moderate: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: dm-flakey: Fix memory corruption in optional corruptbiobyte feature CVE-2025-21966 kernel: iscsiibft: Fix UBSAN shift-out-of-bounds warning in ibftattrshownic CVE-2025-21993 For more...

kernel security update

An update is available for kernel. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel packages contain the Linux kernel, the core of any Linux operating...

SUSE CVE-2021-4460

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix UBSAN shift-out-of-bounds warning If getnumsdmaqueues or getnumxgmisdmaqueues is 0, we end up doing a shift operation where the number of bits shifted equals number of bits in the operand. This behaviour is...

SUSE CVE-2023-53474

In the Linux kernel, the following vulnerability has been resolved: x86/MCE/AMD: Use an u64 for bankmap Thee maximum number of MCA banks is 64 MAXNRBANKS, see a0bc32b3cacf "x86/mce: Increase maximum number of banks to 64". However, the bankmap which contains a bitfield of which banks to initializ...

UBUNTU-CVE-2023-53513

In the Linux kernel, the following vulnerability has been resolved: nbd: fix incomplete validation of ioctl arg We tested and found an alarm caused by nbdioctl arg without verification. The UBSAN warning calltrace like below: UBSAN: Undefined behaviour in fs/buffer.c:1709:35 signed integer...

CVE-2021-4460

CVE-2021-4460 affects the Linux kernel drm/amdkfd path. The issue is a UBSAN shift-out-of-bounds warning when get_num_sdma_queues or get_num_xgmi_sdma_queues is 0, causing a shift by the operand’s bit width (undefined behavior). The fix changes the code to set num_sdma_queues or num_xgmi_sdma_que...

CVE-2023-53485 fs: jfs: Fix UBSAN: array-index-out-of-bounds in dbAllocDmapLev

In the Linux kernel, the following vulnerability has been resolved: fs: jfs: Fix UBSAN: array-index-out-of-bounds in dbAllocDmapLev Syzkaller reported the following issue: UBSAN: array-index-out-of-bounds in fs/jfs/jfsdmap.c:1965:6 index -84 is out of range for type 's8341' aka 'signed char341'...

UBUNTU-CVE-2025-39904

In the Linux kernel, the following vulnerability has been resolved: arm64: kexec: initialize kexecbuf struct in loadothersegments Patch series "kexec: Fix invalid field access". The kexecbuf structure was previously declared without initialization. commit bf454ec31add "kexecfile: allow to place...

PT-2025-40104

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the drm/amdkfd module. A shift-out-of-bounds warning can occur if get num sdma queues or get num xgmi sdma queues returns 0, leading to a shift...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that originates from a shift operation in which the number of shift bits equals the number of operand bits, which could lead to...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from an incorrectly handled RX metadata pointer retrieval error that could result in a crash or undefined behavior...

K000156730: Multiple ImageMagick vulnerabilities

Security Advisory Description CVE-2021-20176 A divide-by-zero flaw was found in ImageMagick 6.9.11-57 and 7.0.10-57 in gem.c. This flaw allows an attacker who submits a crafted file that is processed by ImageMagick to trigger undefined behavior through a division by zero. The highest threat from...

K000156722: Multiple ImageMagick vulnerabilities

Security Advisory Description CVE-2020-27763 A flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. This would most likely lead to an impact to applicati...

firefox: thunderbird: Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape due to undefined behavior, invalid pointer in the Graphics...

firefox: thunderbird: Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape due to undefined behavior, invalid pointer in the Graphics...

CVE-2025-10456

A vulnerability was identified in the handling of Bluetooth Low Energy BLE fixed channels such as SMP or ATT. Specifically, an attacker could exploit a flaw that causes the BLE target i.e., the device under attack to attempt to disconnect a fixed channel, which is not allowed per the Bluetooth...

Linux Distros Unpatched Vulnerability : CVE-2022-50366

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - powercap: intelrapl: fix UBSAN shift-out-of-bounds issue When value timeunit, the parameter of ilog2 will be zero and the return value is -1. u64-1 is too large...

CVE-2025-10456

CVE-2025-10456 concerns BLE fixed-channel handling (SMP/ATT) in Zephyr RTOS. The root issue: a device may be tricked into sending a disconnection request for a fixed channel, which is disallowed by the Bluetooth spec, triggering undefined behavior such as assertion failures, crashes, or memory co...

PT-2025-38514

Name of the Vulnerable Software and Affected Versions Bluetooth Low Energy BLE affected versions not specified Description A flaw exists in the handling of Bluetooth Low Energy BLE fixed channels, such as SMP or ATT. An attacker can exploit this issue, causing the BLE target device to attempt to...