CVE-2025-71298

In CVE-2025-71298, the Linux kernel fix targets drm_gem_shmem_madvise_locking: the GEM object reservation lock is now held around the madvise path to correct locking in shmem tests. The update exposes a dedicated helper drm_gem_shmem_madvise() for Kunit tests (not intended as a driver interface)....

SecureForge: Finding and Preventing Vulnerabilities in LLM-Generated Code Via Prompt Optimization

LLM coding agents now generate code at an unprecedented scale, yet LLM-generated code introduces cybersecurity vulnerabilities into codebases without human involvement. Even when frontier models are explicitly asked to write secure production code with relevant weaknesses to avoid in context, we...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: LoongArch: Add architecture specific hugepteclear When executing mm selftests runvmtests.sh, there is such an error: BUG: Bad page state in process uffd-unit-tests pfn:00000 page: refcount:0 mapcount:0 mapping:0000000000000000...

org.apache.activemq:activemq-http (>=6.0.0 <=6.2.1), org.apache.activemq:activemq-karaf (>=6.0.0 <=6.2.1) +4 more potentially affected by CVE-2026-33227 via org.apache.activemq:activemq-mqtt (>=6.0.0 <=6.2.1)

org.apache.activemq:activemq-mqtt MAVEN version =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.2.1 Source cves: CVE-2026-33227 Source advisory: SNYK:JAVA-ORGAPACHEACTIVEMQ-15930952...

Security update for obs-service-set_version (moderate)

openSUSE Security Update: Security update for obs-service-setversion Announcement ID: openSUSE-SU-2026:0108-1 Rating: moderate References: 1072359 1212476 866966 Cross-References: CVE-2014-0593 Affected Products: openSUSE Backports SLE-15-SP7 An update that solves one vulnerability and has two...

CVE-2023-53303

CVE-2023-53303 affects the Linux kernel in the net: microchip: vcap API. The vulnerability is a memory leak in vcap_dup_rule() when kmemdup() fails after kzalloc() succeeds under CONFIG_VCAP_KUNIT_TEST. The leak can leave allocated resources (duprule, ckf, caf) unreleased, as shown by the unrefer...

CVE-2025-38651

Summary: CVE-2025-38651 concerns the Linux kernel landlock component. A bug in get_id_range() could receive a non-positive value because get_random_u8() may return 0, triggering an unsafe first argument. The fix clamps the value to ensure positivity. The vulnerability was discussed in kernel-land...

SCGAgent: Recreating the Benefits of Reasoning Models for Secure Code Generation with Agentic Workflows

Large language models LLMs have seen widespread success in code generation tasks for different scenarios, both everyday and professional. However current LLMs, despite producing functional code, do not prioritize security and may generate code with exploitable vulnerabilities. In this work, we...

SafeTrans: LLM-Assisted Transpilation from C to Rust

Rust is a strong contender for a memory-safe alternative to C as a "systems" programming language, but porting the vast amount of existing C code to Rust is a daunting task. In this paper, we evaluate the potential of large language models LLMs to automate the transpilation of C code to idiomatic...

SUSE CVE-2024-56628

In the Linux kernel, the following vulnerability has been resolved: LoongArch: Add architecture specific hugepteclear When executing mm selftests runvmtests.sh, there is such an error: BUG: Bad page state in process uffd-unit-tests pfn:00000 page: refcount:0 mapcount:0 mapping:0000000000000000...

OPENSUSE-SU-2025:0003-1 Security update for etcd

This update for etcd fixes the following issues: Update to version 3.5.12: Bump golang.org/x/crypto to v0.17+ to address CVE-2023-48795 test: fix TestHashKVWhenCompacting: ensure all goroutine finished print error log when creating peer listener failed mvcc: Printing etcd backend database related...

PyJWT Issuer field partial matches allowed

Summary The wrong string if check is run for iss checking, resulting in "acb" being accepted for "abc". Details This is a bug introduced in version 2.10.0: checking the "iss" claim changed from isinstanceissuer, list to isinstanceissuer, Sequence. diff - if isinstanceissuer, list: + if...

GHSA-75C5-XW7C-P5PM PyJWT Issuer field partial matches allowed

Summary The wrong string if check is run for iss checking, resulting in "acb" being accepted for "abc". Details This is a bug introduced in version 2.10.0: checking the "iss" claim changed from isinstanceissuer, list to isinstanceissuer, Sequence. diff - if isinstanceissuer, list: + if...

UBUNTU-CVE-2024-50113

In the Linux kernel, the following vulnerability has been resolved: firewire: core: fix invalid port index for parent device In a commit 24b7f8e5cd65 "firewire: core: use helper functions for self ID sequence", the enumeration over self ID sequence was refactored with some helper functions with...

protobuf-java has potential Denial of Service issue

Summary When parsing unknown fields in the Protobuf Java Lite and Full library, a maliciously crafted message can cause a StackOverflow error and lead to a program crash. Reporter: Alexis Challande, Trail of Bits Ecosystem Security Team Affected versions: This issue affects all versions of both t...

SUSE CVE-2024-42146

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Add outer runtimepm protection to xelivektest@xedmabuf Any kunit doing any memory access should get their own runtimepm outer references since they don't use the standard driver API entries. In special this dmabuf from th...

SUSE CVE-2024-36019

In the Linux kernel, the following vulnerability has been resolved: regmap: maple: Fix cache corruption in regcachemapledrop When keeping the upper end of a cache block entry, the entry array must be indexed by the offset from the base register of the block, i.e. max - mas.index. The code was...

Oracle Linux 8 : Image / builder / components (ELSA-2024-2961)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-2961 advisory. osbuild 110-1 - New upstream release 109-1 - New upstream release 106-1 - New upstream release 105-1 - New upstream release 104-2 - Fix unit tests in RHEL CI by...

Image builder components bug fix, enhancement and security update

osbuild 110-1 - New upstream release 109-1 - New upstream release 106-1 - New upstream release 105-1 - New upstream release 104-2 - Fix unit tests in RHEL CI by backporting upstream fixes 104-1 - New upstream release 101-1 - New upstream release 100-2 - Change unit-test timeout from 3h to 4h 100-...

UBUNTU-CVE-2023-52679

In the Linux kernel, the following vulnerability has been resolved: of: Fix double free in ofparsephandlewithargsmap In ofparsephandlewithargsmap the inner loop that iterates through the map entries calls ofnodeputnew to free the reference acquired by the previous iteration of the inner loop. Thi...