9 matches found
CVE-2025-39747
In the Linux kernel, the following vulnerability has been resolved: drm/msm: Add error handling for krealloc in metadata setup Function msmioctlgeminfosetmetadata now checks for krealloc failure and returns -ENOMEM, avoiding potential NULL pointer dereference. Explicitly avoids GFPNOFAIL due to...
CVE-2025-39763
In the Linux kernel, the following vulnerability has been resolved: ACPI: APEI: send SIGBUS to current task if synchronous memory error not recovered If a synchronous error is detected as a result of user-space process triggering a 2-bit uncorrected error, the CPU will take a synchronous error...
CVE-2025-40300
In the Linux kernel, the following vulnerability has been resolved: x86/vmscape: Add conditional IBPB mitigation VMSCAPE is a vulnerability that exploits insufficient branch predictor isolation between a guest and a userspace hypervisor like QEMU. Existing mitigations already protect kernel/KVM...
CVE-2025-48041
Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh sshsftp modules allows Excessive Allocation, Flooding. This vulnerability is associated with program files lib/ssh/src/sshsftpd.erl. This issue affects OTP form OTP 17.0 until OTP 28.0.3, OTP 27.3.4.3 and 26.2.5....
CVE-2025-39696
In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: tas2781: Fix wrong reference of tasdevicepriv During the conversion to unify the calibration data management, the reference to tasdevicepriv was wrongly set to h-hdapriv instead of h-priv. This resulted in memory...
CVE-2025-39700
In the Linux kernel, the following vulnerability has been resolved: mm/damon/ops-common: ignore migration request to invalid nodes damonmigratepages tries migration even if the target node is invalid. If users mistakenly make such invalid requests via DAMOSMIGRATEHOT,COLD action, the below kernel...
CVE-2025-38705
In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: fix null pointer access Writing a string without delimiters ' ', '\n', '\0' to the under gpuod/fanctrl sysfs or pppowerprofilemode for the CUSTOM profile will result in a null pointer dereference...
CVE-2025-38684
In the Linux kernel, the following vulnerability has been resolved: net/sched: ets: use old 'nbands' while purging unused classes Shuang reported schets test-case 1 crashing in etsclassqlennotify after recent changes from Lion 2. The problem is: in etsqdiscchange we purge unused DWRR queues; the...
CVE-2025-47909
Hosts listed in TrustedOrigins implicitly allow requests from the corresponding HTTP origins, allowing network MitMs to perform CSRF attacks. After the CVE-2025-24358 fix, a network attacker that places a form at http://example.com can't get it to submit to https://example.com because the Origin...