2995 matches found
CVE-2025-6395
A NULL pointer dereference flaw was found in the GnuTLS software in gnutlsfigurecommonciphersuite...
CVE-2025-7370
Rejected reason: Upon investigtion upstream maintainers discovered this was not a real issue. See the references for more details. See: https://gitlab.gnome.org/GNOME/libsoup/-/issues/430note2494090...
CVE-2025-7424
A flaw was found in the libxslt library. The same memory field, psvi, is used for both stylesheet and input data, which can lead to type confusion during XML transformations. This vulnerability allows an attacker to crash the application or corrupt memory. In some cases, it may lead to denial of...
CVE-2025-38320
In the Linux kernel, the following vulnerability has been resolved: arm64/ptrace: Fix stack-out-of-bounds read in regsgetkernelstacknth KASAN reports a stack-out-of-bounds read in regsgetkernelstacknth. Call Trace: 97.283505 BUG: KASAN: stack-out-of-bounds in regsgetkernelstacknth+0xa8/0xc8...
CVE-2025-38323
In the Linux kernel, the following vulnerability has been resolved: net: atm: add lecmutex syzbot found its way in net/atm/lec.c, and found an error path in lecdattach could leave a dangling pointer in devlec. Add a mutex to protect devlecp uses from lecdattach, lecvccattach and lecmcastattach...
CVE-2025-38328
In the Linux kernel, the following vulnerability has been resolved: jffs2: check jffs2preallocrawnoderefs result in few other places Fuzzing hit another invalid pointer dereference due to the lack of checking whether jffs2preallocrawnoderefs completed successfully. Subsequent logic implies that t...
CVE-2025-38332
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Use memcpy for BIOS version The strlcat with FORTIFY support is triggering a panic because it thinks the target buffer will overflow although the correct target buffer size is passed in. Anyway, instead of memset with...
CVE-2025-38322
In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel: Fix crash in iclupdatetopdownevent The perffuzzer found a hard-lockup crash on a RaptorLake machine: Oops: general protection fault, maybe for address 0xffff89aeceab400: 0000 CPU: 23 UID: 0 PID: 0 Comm: swapper/23...
CVE-2025-38336
In the Linux kernel, the following vulnerability has been resolved: ata: patavia: Force PIO for ATAPI devices on VT6415/VT6330 The controller has a hardware bug that can hard hang the system when doing ATAPI DMAs without any trace of what happened. Depending on the device attached, it can also...
CVE-2025-38347
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on ino and xnid syzbot reported a f2fs bug as below: INFO: task syz-executor140:5308 blocked for more than 143 seconds. Not tainted 6.14.0-rc7-syzkaller-00069-g81e4f8d68c66 0 "echo 0...
CVE-2025-38345
In the Linux kernel, the following vulnerability has been resolved: ACPICA: fix acpi operand cache leak in dswstate.c ACPICA commit 987a3b5cf7175916e2a4b6ea5b8e70f830dfe732 I found an ACPI cache leak in ACPI early termination and boot continuing case. When early termination occurs due to maliciou...
CVE-2025-38326
In the Linux kernel, the following vulnerability has been resolved: aoe: clean device rqlist in aoedevdowndev An aoe device's rqlist contains accepted block requests that are waiting to be transmitted to the aoe target. This queue was added as part of the conversion to blkmq. However, the queue w...
CVE-2025-38346
In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix UAF when lookup kallsym after ftrace disabled The following issue happens with a buggy module: BUG: unable to handle page fault for address: ffffffffc05d0218 PGD 1bd66f067 P4D 1bd66f067 PUD 1bd671067 PMD 101808067 PTE...
CVE-2025-38324
In the Linux kernel, the following vulnerability has been resolved: mpls: Use rcudereferencertnl in mplsrouteinputrcu. As syzbot reported 0, mplsrouteinputrcu can be called from mplsgetroute, where is under RTNL. net-mpls.platformlabel is only updated under RTNL. Let's use rcudereferencertnl in...
CVE-2025-38334
In the Linux kernel, the following vulnerability has been resolved: x86/sgx: Prevent attempts to reclaim poisoned pages TL;DR: SGX page reclaim touches the page to copy its contents to secondary storage. SGX instructions do not gracefully handle machine checks. Despite this, the existing SGX code...
CVE-2025-38285
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix WARN in getbpfrawtpregs syzkaller reported an issue: WARNING: CPU: 3 PID: 5971 at kernel/trace/bpftrace.c:1861 getbpfrawtpregs+0xa4/0x100 kernel/trace/bpftrace.c:1861 Modules linked in: CPU: 3 UID: 0 PID: 5971 Comm:...
CVE-2025-38288
In the Linux kernel, the following vulnerability has been resolved: scsi: smartpqi: Fix smpprocessorid call trace for preemptible kernels Correct kernel call trace when calling smpprocessorid when called in preemptible kernels by using rawsmpprocessorid. smpprocessorid checks to see if preemption...
CVE-2025-38279
In the Linux kernel, the following vulnerability has been resolved: bpf: Do not include stack ptr register in precision backtracking bookkeeping Yi Lai reported an issue 1 where the following warning appears in kernel dmesg: 60.643604 verifier backtracking bug 60.643635 WARNING: CPU: 10 PID: 2315...
CVE-2025-38297
In the Linux kernel, the following vulnerability has been resolved: PM: EM: Fix potential division-by-zero error in emcomputecosts When the device is of a non-CPU type, tablei.performance won't be initialized in the previous eminitperformance, resulting in division by zero when calculating costs ...
CVE-2025-38295
In the Linux kernel, the following vulnerability has been resolved: perf/amlogic: Replace smpprocessorid with rawsmpprocessorid in mesonddrpmucreate The Amlogic DDR PMU driver mesonddrpmucreate function incorrectly uses smpprocessorid, which assumes disabled preemption. This leads to kernel...