CVE-2022-50715

CVE-2022-50715 — Linux kernel md/raid1 NULL dereference during poweroff . When an md raid1 array fails to assemble with an inactive disk, the mdx_raid1 thread is not stopped, leading to a NULL pointer dereference during poweroff. The working fix is to unregister the md thread before freeing RAID1...

CVE-2022-50715 md/raid1: stop mdx_raid1 thread when raid1 array run failed

In the Linux kernel, the following vulnerability has been resolved: md/raid1: stop mdxraid1 thread when raid1 array run failed fail run raid1 array when we assemble array with the inactive disk only, but the mdxraid1 thread were not stop, Even if the associated resources have been released. it wi...

UBUNTU-CVE-2025-68368

In the Linux kernel, the following vulnerability has been resolved: md: init bioset in mddevinit IO operations may be needed before mdrun, such as updating metadata after writing sysfs. Without bioset, this triggers a NULL pointer dereference as below: BUG: kernel NULL pointer dereference, addres...

CVE-2025-68375 perf/x86: Fix NULL event access and potential PEBS record loss

In the Linux kernel, the following vulnerability has been resolved: perf/x86: Fix NULL event access and potential PEBS record loss When intelpmudrainpebsicl is called to drain PEBS records, the perfeventoverflow could be called to process the last PEBS record. While perfeventoverflow could trigge...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from a failure to check for negative user-supplied index values, which could result in an array underflow read...

PT-2025-53212

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel’s maple tree implementation, specifically within the mas wr end piv function. The issue involves a potential out-of-bounds access when determining the...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from not stopping a thread when an array run fails, which could result in a null pointer dereference...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from an array out-of-bounds, which could lead to an out-of-bounds error...

PT-2026-2607

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The rose kill by device function in the Linux kernel incorrectly indexes an array, potentially leading to an out-of-bounds read or an invalid socket pointer dereference. The function...

Updated php packages fix security vulnerabilities

Opcache: - Reset global pointers to prevent use-after-free in zendjitstatus. PDO: - Fixed PDO quoting result null deref. Standard: - Fixed Null byte termination in dnsgetrecord - Heap buffer overflow in arraymerge - Information Leak of Memory in getimagesize...

MGASA-2025-0330 Updated php packages fix security vulnerabilities

Opcache: - Reset global pointers to prevent use-after-free in zendjitstatus. PDO: - Fixed PDO quoting result null deref. Standard: - Fixed Null byte termination in dnsgetrecord - Heap buffer overflow in arraymerge - Information Leak of Memory in getimagesize...

CVE-2025-14896

due to insufficient sanitazation in Vega’s convert function when safeMode is enabled and the spec variable is an array. An attacker can craft a malicious Vega diagram specification that will allow them to send requests to any URL, including local file system paths, leading to exposure of sensitiv...

Improper Validation of Array Index

Overview Affected versions of this package are vulnerable to Improper Validation of Array Index via the DeleteSess and Sess functions in the session lookup/deletion process. An attacker can cause a crash of the service by sending a specially crafted request with a very large SEID value, leading t...

CVE-2025-14896

due to insufficient sanitazation in Vega’s convert function when safeMode is enabled and the spec variable is an array. An attacker can craft a malicious Vega diagram specification that will allow them to send requests to any URL, including local file system paths, leading to exposure of sensitiv...

CVE-2025-14896

due to insufficient sanitazation in Vega’s convert function when safeMode is enabled and the spec variable is an array. An attacker can craft a malicious Vega diagram specification that will allow them to send requests to any URL, including local file system paths, leading to exposure of sensitiv...

CVE-2025-14896

CVE-2025-14896 affects Vega. The issue is insufficient sanitization in Vega’s convert() function when safeMode is enabled and the diagram spec is an array. An attacker can craft a malicious Vega diagram specification that can cause requests to arbitrary URLs, including local filesystem paths, pot...

CVE-2025-14896

due to insufficient sanitazation in Vega’s convert function when safeMode is enabled and the spec variable is an array. An attacker can craft a malicious Vega diagram specification that will allow them to send requests to any URL, including local file system paths, leading to exposure of sensitiv...

CVE-2025-14896

due to insufficient sanitazation in Vega’s convert function when safeMode is enabled and the spec variable is an array. An attacker can craft a malicious Vega diagram specification that will allow them to send requests to any URL, including local file system paths, leading to exposure of sensitiv...

PT-2025-52263

Name of the Vulnerable Software and Affected Versions Vega affected versions not specified Description The software contains a flaw due to inadequate input validation within the convert function when safeMode is active and the spec variable is an array. This allows an attacker to create a special...

Security update for webkit2gtk3

This update for webkit2gtk3 fixes the following issues: Update to version 2.50.3. Security issues fixed: CVE-2025-13502: processing of maliciously crafted payloads by the GLib remote inspector server may lead to a UIProcess crash due to an out-of-bounds read and an integer underflow bsc1254208...