CVE-2025-40216 io_uring/rsrc: don't rely on user vaddr alignment

In the Linux kernel, the following vulnerability has been resolved: iouring/rsrc: don't rely on user vaddr alignment There is no guaranteed alignment for user pointers, however the calculation of an offset of the first page into a folio after coalescing uses some weird bit mask logic, get rid of ...

CVE-2025-40216

CVE-2025-40216 concerns Linux kernel code for io_uring/rsrc: the fix removes a flawed bit-mask/offset calculation that assumed user pointer alignment when coalescing the first page into a folio. The vulnerability description across multiple sources states there is no guaranteed user pointer align...

CVE-2025-40216

In the Linux kernel, the following vulnerability has been resolved: iouring/rsrc: don't rely on user vaddr alignment There is no guaranteed alignment for user pointers, however the calculation of an offset of the first page into a folio after coalescing uses some weird bit mask logic, get rid of ...

CVE-2025-40216 io_uring/rsrc: don't rely on user vaddr alignment

In the Linux kernel, the following vulnerability has been resolved: iouring/rsrc: don't rely on user vaddr alignment There is no guaranteed alignment for user pointers, however the calculation of an offset of the first page into a folio after coalescing uses some weird bit mask logic, get rid of ...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from unverified user virtual address alignment, which could lead to memory access errors...

PT-2025-49027

In the Linux kernel, the following vulnerability has been resolved: io uring/rsrc: don't rely on user vaddr alignment There is no guaranteed alignment for user pointers, however the calculation of an offset of the first page into a folio after coalescing uses some weird bit mask logic, get rid of...

Service Catalog is Here: Expand Risk Visibility for Your Service and Its Dependencies, Simplify Issue Ownership

Give security and developers a shared view of cloud risk, aligned to the way applications are built and maintained...

Frequency Bias Matters: Diving into Robust and Generalized Deep Image Forgery Detection

As deep image forgery powered by AI generative models, such as GANs, continues to challenge today's digital world, detecting AI-generated forgeries has become a vital security topic. Generalizability and robustness are two critical concerns of a forgery detector, determining its reliability when...

Siemens SCALANCE and RUGGEDCOM Devices Improper Input Validation (CVE-2024-44949)

parisc: fix a possible DMA corruption ARCHDMAMINALIGN was defined as 16 - this is too small - it may be possible that two unrelated 16-byte allocations share a cache line. If one of these allocations is written using DMA and the other is written using cached write, the value that was written with...

NegBLEURT Forest: Leveraging Inconsistencies for Detecting Jailbreak Attacks

Jailbreak attacks designed to bypass safety mechanisms pose a serious threat by prompting LLMs to generate harmful or inappropriate content, despite alignment with ethical guidelines. Crafting universal filtering rules remains difficult due to their inherent dependence on specific contexts. To...

Decoupling Bias, Aligning Distributions: Synergistic Fairness Optimization for Deepfake Detection

Fairness is a core element in the trustworthy deployment of deepfake detection models, especially in the field of digital identity security. Biases in detection models toward different demographic groups, such as gender and race, may lead to systemic misjudgments, exacerbating the digital divide...

StyleBreak: Revealing Alignment Vulnerabilities in Large Audio-Language Models Via Style-Aware Audio Jailbreak

Large Audio-language Models LAMs have recently enabled powerful speech-based interactions by coupling audio encoders with Large Language Models LLMs. However, the security of LAMs under adversarial attacks remains underexplored, especially through audio jailbreaks that craft malicious audio promp...

kernel: bpf: Fix softlockup in arena_map_free on 64k page kernel

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix softlockup in arenamapfree on 64k page kernel On an aarch64 kernel with CONFIGPAGESIZE64KB=y, arenahtab tests cause a segmentation fault and soft lockup. The same failure is not observed with 4k pages on aarch64. It turn...

kernel: bpf: Fix softlockup in arena_map_free on 64k page kernel

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix softlockup in arenamapfree on 64k page kernel On an aarch64 kernel with CONFIGPAGESIZE64KB=y, arenahtab tests cause a segmentation fault and soft lockup. The same failure is not observed with 4k pages on aarch64. It turn...

EASE: Practical and Efficient Safety Alignment for Small Language Models

Small language models SLMs are increasingly deployed on edge devices, making their safety alignment crucial yet challenging. Current shallow alignment methods that rely on direct refusal of malicious queries fail to provide robust protection, particularly against adversarial jailbreaks. While...

Quantifying the Risk of Transferred Black Box Attacks

Neural networks have become pervasive across various applications, including security-related products. However, their widespread adoption has heightened concerns regarding vulnerability to adversarial attacks. With emerging regulations and standards emphasizing security, organizations must...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990566)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990566 advisory. In the Linux kernel, the following vulnerability has been resolved: arm64: asm-bug: Add .align 2 to the end of BUGENTRY When CONFIGDEBUGBUGVERBOSE=n, we fail to add...

CVE-2025-61084

MDaemon Mail Server 23.5.2 validates SPF, DKIM, and DMARC using the email enclosed in angle brackets in the From: header of SMTP DATA. An attacker can craft a From: header with multiple invisible Unicode thin spaces to display a spoofed sender while passing validation, allowing email spoofing eve...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989490)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989490 advisory. In the Linux kernel, the following vulnerability has been resolved: bpf, testrun: Fix alignment problem in bpfprogtestrunskb We got a syzkaller problem because of...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989849)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989849 advisory. In the Linux kernel, the following vulnerability has been resolved: arm64: asm-bug: Add .align 2 to the end of BUGENTRY When CONFIGDEBUGBUGVERBOSE=n, we fail to add...