GHSA-V8V5-48X9-6R8P vulnerabilities

Vulnerabilities for packages: binutils...

GHSA-GWQ6-FMVP-QP68 vulnerabilities

Vulnerabilities for packages: dotnet-bootstrap...

GHSA-Q93H-5J3X-2H4V vulnerabilities

Vulnerabilities for packages: binutils...

firefox: thunderbird: Use-after-free in the Audio/Video component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the Audio/Video component...

CVE-2025-40168

In the Linux kernel, the following vulnerability has been resolved: smc: Use skdstget and dstdevrcu in smcclcprfxmatch. smcclcprfxmatch is called from smclistenwork and not under RCU nor RTNL. Using skdstgetsk-dev could trigger UAF. Let's use skdstget and dstdevrcu. Note that the returned value o...

CVE-2025-40170

In the Linux kernel, the following vulnerability has been resolved: net: use dstdevrcu in sksetupcaps Use RCU to protect accesses to dst-dev from sksetupcaps and skdstgsomaxsize. Also use dstdevrcu in ip6dstmtumaybeforward, and ipdstmtumaybeforward. ip4dsthoplimit can use dstdevnetrcu...

CVE-2025-40157

In the Linux kernel, the following vulnerability has been resolved: EDAC/i10nm: Skip DIMM enumeration on a disabled memory controller When loading the i10nmedac driver on some Intel Granite Rapids servers, a call trace may appear as follows: UBSAN: shift-out-of-bounds in...

CVE-2025-40163

In the Linux kernel, the following vulnerability has been resolved: sched/deadline: Stop dlserver before CPU goes offline IBM CI tool reported kernel warning1 when running a CPU removal operation through drmgr2. i.e "drmgr -c cpu -r -q 1" WARNING: CPU: 0 PID: 0 at kernel/sched/cpudeadline.c:219...

CVE-2025-40159

In the Linux kernel, the following vulnerability has been resolved: xsk: Harden userspace-supplied xdpdesc validation Turned out certain clearly invalid values passed in xdpdesc from userspace can pass xp,unalignedvalidatedesc and then lead to UBs or just invalid frames to be queued for xmit...

CVE-2025-40157

In the Linux kernel, the following vulnerability has been resolved: EDAC/i10nm: Skip DIMM enumeration on a disabled memory controller When loading the i10nmedac driver on some Intel Granite Rapids servers, a call trace may appear as follows: UBSAN: shift-out-of-bounds in...

CVE-2025-40153

In the Linux kernel, the following vulnerability has been resolved: mm: hugetlb: avoid soft lockup when mprotect to large memory area When calling mprotect to a large hugetlb memory area in our customer's workload 300GB hugetlb memory, soft lockup was observed: watchdog: BUG: soft lockup - CPU98...

CVE-2025-40122

In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel: Fix IA32PMCxCFGB MSRs access error When running perffuzzer on PTL, sometimes the below "unchecked MSR access error" is seen when accessing IA32PMCxCFGB MSRs. 55.611268 unchecked MSR access error: WRMSR to 0x1986...

thunderbird: firefox: Memory safety bugs

A flaw was found in Thunderbird and Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Firefox ESR 115.28, Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143. Some of these bugs showed evidence of memory corrupti...

thunderbird: firefox: Memory safety bugs

A flaw was found in Thunderbird and Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Firefox ESR 115.28, Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143. Some of these bugs showed evidence of memory corrupti...

thunderbird: firefox: Some non-writable Object properties could be modified

A flaw was found in Thunderbird and Firefox. The Mozilla Foundation's Security Advisory describes the following issue: There was a way to change the value of JavaScript Object properties that were supposed to be non-writeable...

CVE-2025-63396

An issue was discovered in PyTorch v2.5 and v2.7.1. Omission of profiler.stop can cause torch.profiler.profile PythonTracer to crash or hang during finalization, leading to a Denial of Service DoS...

IBM Db2 Denial of Service Vulnerability (CNVD-2025-29175)

IBM Db2 is a relational database management system from International Business Machines IBM. The system's execution environments are mainly UNIX, Linux, IBMi, z/OS, and Windows server versions. A denial of service vulnerability exists in IBM Db2, which can be exploited by an attacker to cause a...

ROS-20251111-04

Vulnerability of mlx5 driver Poll Mode Driver of DPDK package is related to incorrect data processing when working with Mellanox network devices. with Mellanox network devices. Exploitation of the vulnerability could allow an attacker, remotely to cause information disclosure or denial of service...

CVE-2025-64181

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.3.0 through 3.3.5 and 3.4.0 through 3.4.2, while fuzzing openexrexrcheckfuzzer, Valgrind reports a conditional branch depending on...

CVE-2021-32256 affecting package gdb for versions less than 11.2-10

CVE-2021-32256 affecting package gdb for versions less than 11.2-10. A patched version of the package is available...