CVE-2025-40349

CVE-2025-40349 affects the Linux kernel’s hfs/hfsplus_bmap_alloc path. The bug occurs when hfsplus_bmap_alloc retrieves a bitmap using node info and an offset/length that may exceed node_size, risking slab-out-of-bounds page access. The referenced patch adds validation for both offset and length ...

Unity Linux 20.1050e Security Update: kernel (UTSA-2025-991156)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-991156 advisory. In the Linux kernel, the following vulnerability has been resolved: netsched: keep allochash updated after hash allocation In commit 599be01ee567 netsched: fix an OO...

Unity Linux 20.1050e Security Update: kernel (UTSA-2025-991128)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-991128 advisory. In the Linux kernel, the following vulnerability has been resolved: fs: fix UAF/GPF bug in nilfsmdtdestroy In allocinode, inodeinitalways could return -ENOMEM if...

DEBIAN-CVE-2022-50646

In the Linux kernel, the following vulnerability has been resolved: scsi: hpsa: Fix possible memory leak in hpsainitone The hpdaallocctlrinfo allocates h and its field replymap. However, in hpsainitone, if allocpercpu failed, the hpsainitone jumps to clean1 directly, which frees h and leaks the...

KissFFT Integer Overflow Heap Buffer Overflow via kiss_fft_alloc

...

UBUNTU-CVE-2025-40260

In the Linux kernel, the following vulnerability has been resolved: schedext: Fix scxenable crash on helper kthread creation failure A crash was observed when the schedext selftests runner was terminated with Ctrl+\ while test 15 was running: NIP c00000000028fa58 scxenable.constprop.0+0x358/0x12b...

SUSE CVE-2025-34297

KissFFT versions prior to the fix commit 1b083165 contain an integer overflow in kissfftalloc in kissfft.c on platforms where sizet is 32-bit. The nfft parameter is not validated before being used in a size calculation sizeofkissfftcpx nfft - 1, which can wrap to a small value when nfft is large...

CVE-2025-34297

KissFFT contains an integer overflow in kiss_fft_alloc() (kiss_fft.c) on 32-bit platforms due to an unvalidated nfft in the size calculation (sizeof(kiss_fft_cpx) * (nfft - 1)). This can cause an undersized malloc and a subsequent loop to write nfft elements, resulting in a heap buffer overflow. ...

KISS FFT 输入验证错误漏洞

KISS FFT is a Fourier Transform computational library by mborgerding individual developers. An input validation error vulnerability exists in versions of KISS FFT prior to 1b083165, which stems from an integer overflow in the function kissfftalloc in kissfft.c, which could result in a heap buffer...

mruby/c 代码问题漏洞

mruby/c is a C language library in the ITOC mruby/c team.open source. A code issue vulnerability exists in mruby/c version 3.4 and earlier, which stems from improper manipulation of the parameter ptr to function mrbcrawrealloc in file src/alloc.c, which may result in a null pointer dereference...

Siemens SCALANCE and RUGGEDCOM Devices Improper Input Validation (CVE-2024-47668)

lib/generic-radix-tree.c: race in genradixptralloc. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid504685; scriptversion"1.3";...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-990921)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990921 advisory. In the Linux kernel, the following vulnerability has been resolved: ubi: fastmap: Fix duplicate slab cache names while attaching Since commit 4c39529663b9 slab: Warn...

Siemens SIMATIC S7-1500 Improper Input Validation (CVE-2024-50246)

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Add rough attr allocsize check This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if descripti...

CVE-2025-40207 media: v4l2-subdev: Fix alloc failure check in v4l2_subdev_call_state_try()

In the Linux kernel, the following vulnerability has been resolved: media: v4l2-subdev: Fix alloc failure check in v4l2subdevcallstatetry v4l2subdevcallstatetry macro allocates a subdev state with v4l2subdevstatealloc, but does not check the returned value. If v4l2subdevstatealloc fails, it retur...

kernel: fs: fix UAF/GPF bug in nilfs_mdt_destroy

In the Linux kernel, the following vulnerability has been resolved: fs: fix UAF/GPF bug in nilfsmdtdestroy In allocinode, inodeinitalways could return -ENOMEM if securityinodealloc fails, which causes inode-iprivate uninitialized. Then nilfsismetadatafileinode returns true and nilfsfreeinode...

kernel: fs: fix UAF/GPF bug in nilfs_mdt_destroy

In the Linux kernel, the following vulnerability has been resolved: fs: fix UAF/GPF bug in nilfsmdtdestroy In allocinode, inodeinitalways could return -ENOMEM if securityinodealloc fails, which causes inode-iprivate uninitialized. Then nilfsismetadatafileinode returns true and nilfsfreeinode...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-990789)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990789 advisory. In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix the sk-skforwardalloc warning of skstreamkillqueues When running testsockmap...

kernel: nfp: bpf: Add check for nfp_app_ctrl_msg_alloc()

In the Linux kernel, the following vulnerability has been resolved: nfp: bpf: Add check for nfpappctrlmsgalloc Add check for the return value of nfpappctrlmsgalloc in nfpbpfcmsgalloc to prevent null pointer dereference...

kernel: net/sched: cls_api: fix error handling causing NULL dereference

In the Linux kernel, the following vulnerability has been resolved: net/sched: clsapi: fix error handling causing NULL dereference tcfextsmisscookiebasealloc calls xaalloccyclic which can return 1 if the allocation succeeded after wrapping. This was treated as an error, with value 1 returned to...

kernel: fs: fix UAF/GPF bug in nilfs_mdt_destroy

In the Linux kernel, the following vulnerability has been resolved: fs: fix UAF/GPF bug in nilfsmdtdestroy In allocinode, inodeinitalways could return -ENOMEM if securityinodealloc fails, which causes inode-iprivate uninitialized. Then nilfsismetadatafileinode returns true and nilfsfreeinode...