CVE-2025-40176

In the Linux kernel, the following vulnerability has been resolved: tls: wait for pending async decryptions if tlsstrpmsghold fails Async decryption calls tlsstrpmsghold to create a clone of the input skb to hold references to the memory it uses. If we fail to allocate that clone, proceeding with...

CVE-2025-9408

System call entry on Cortex M and possibly R and A, but I think not has a race which allows very practical privilege escalation for malicious userspace processes...

EUVD-2025-124924

In the Linux kernel, the following vulnerability has been resolved: xsk: Harden userspace-supplied xdpdesc validation Turned out certain clearly invalid values passed in xdpdesc from userspace can pass xp,unalignedvalidatedesc and then lead to UBs or just invalid frames to be queued for xmit...

CVE-2025-40159

In the Linux kernel, the following vulnerability has been resolved: xsk: Harden userspace-supplied xdpdesc validation Turned out certain clearly invalid values passed in xdpdesc from userspace can pass xp,unalignedvalidatedesc and then lead to UBs or just invalid frames to be queued for xmit...

UBUNTU-CVE-2025-40159

In the Linux kernel, the following vulnerability has been resolved: xsk: Harden userspace-supplied xdpdesc validation Turned out certain clearly invalid values passed in xdpdesc from userspace can pass xp,unalignedvalidatedesc and then lead to UBs or just invalid frames to be queued for xmit...

CVE-2025-40159 xsk: Harden userspace-supplied xdp_desc validation

In the Linux kernel, the following vulnerability has been resolved: xsk: Harden userspace-supplied xdpdesc validation Turned out certain clearly invalid values passed in xdpdesc from userspace can pass xp,unalignedvalidatedesc and then lead to UBs or just invalid frames to be queued for xmit...

CVE-2025-40159

The CVE-2025-40159 entry concerns the Linux kernel XDP/AF_XDP path (xsk) where unsafely constructed xdp_desc values from userspace could bypass validation in xp_{,un}aligned_validate_desc() and cause overflows to queue invalid frames. Root cause details from the description: desc->len near U32...

PT-2025-46634

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw in the xsk module related to the validation of userspace-supplied xdp desc. Specifically, certain invalid values provided in the xdp desc from userspace...

CVE-2025-9408

System call entry on Cortex M and possibly R and A, but I think not has a race which allows very practical privilege escalation for malicious userspace processes...

CVE-2025-9408

System call entry on Cortex M and possibly R and A, but I think not has a race which allows very practical privilege escalation for malicious userspace processes...

CVE-2025-9408

CVE-2025-9408 describes a race condition in the system call entry path on Cortex-M ( Zephyr RTOS context in the provided docs ) that enables privilege escalation by malicious userspace processes. The available connected documents confirm the issue and its impact but do not specify concrete exploi...

CVE-2025-9408 Userspace privilege escalation vulnerability on Cortex M

System call entry on Cortex M and possibly R and A, but I think not has a race which allows very practical privilege escalation for malicious userspace processes...

CVE-2025-9408 Userspace privilege escalation vulnerability on Cortex M

System call entry on Cortex M and possibly R and A, but I think not has a race which allows very practical privilege escalation for malicious userspace processes...

EUVD-2025-84338

System call entry on Cortex M and possibly R and A, but I think not has a race which allows very practical privilege escalation for malicious userspace processes...

kernel: inotify: Avoid reporting event with invalid wd

A race condition was found in the Linux kernel's inotify subsystem. When inotifyfreeingmark races with inotifyhandleinodeevent, the event handler may read imark-wd after it has been reset to -1. This causes an invalid watch descriptor value of -1 to be reported to userspace applications,...

kernel: x86/tdx: Fix "in-kernel MMIO" check

A flaw was found in the Linux kernel. Userspace can deceive the kernel into performing MMIO Memory-Mapped IO operations in TDX Trust Domain Extensions on its behalf, allowing a VE Virtualization Exception to be incorrectly handled as a in-kernel MMIO operation...

Zephyr 安全漏洞

Zephyr is an extensible real-time operating system RTOS open-sourced by Zephyr. A security vulnerability exists in Zephyr that stems from a contention condition in the entry point of a system call, which could lead to elevation of privilege by a malicious userspace process...

PT-2025-46349

Name of the Vulnerable Software and Affected Versions versions prior to 2025-9408 Description A race condition exists during system call entry on Cortex M processors, potentially allowing privilege escalation for malicious user space processes. It is possible this issue may also affect Cortex R a...

USN-7862-2: Linux kernel vulnerability

Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered that the Linux kernel contained insufficient branch predictor isolation between a guest and a userspace hypervisor for certain processors. This flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this t...

USN-7860-5: Linux kernel (HWE) vulnerability

Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered that the Linux kernel contained insufficient branch predictor isolation between a guest and a userspace hypervisor for certain processors. This flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this t...