Important: kernel6.12

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: jfs: fix array-index-out-of-bounds read in addmissingindices CVE-2025-38204 In the Linux kernel, the following vulnerability has been resolved: exfat: fix double free in delayedfree CVE-2025-38206 In the Linux...

Important: kernel-rt security update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: bpf: Don't use tnumrange on array range checking for poke descriptors CVE-2022-49985 kernel: posix-cpu-timers: fix race between...

SQLite FTS5 安全漏洞

SQLite FTS5 is a full-text search virtual table module for SQLite open source. A security vulnerability exists in SQLite FTS5 that stems from an integer overflow when calculating the size of an array of tombstone pointers, which could result in an out-of-bounds write...

PT-2025-37749

Name of the Vulnerable Software and Affected Versions: is-arrayish versions prior to 0.3.4 Description: The is-arrayish package was compromised through a phishing attack on an npm publishing account. Version 0.3.3 was published with a malware payload designed to redirect cryptocurrency transactio...

iio: imu: bno055: fix OOB access of hw_xlate array

...

CVE-2025-0034

Insufficient parameter sanitization in TEE SOC Driver could allow an attacker to issue a malformed DRVSOCCMDIDSRIOVSPATIALPART and cause read or write past the end of allocated arrays, potentially resulting in a loss of platform integrity or denial of service...

CVE-2024-21970

Improper validation of an array index in the AND power Management Firmware could allow a privileged attacker to corrupt AGESA memory potentially leading to a loss of integrity...

CVE-2024-21970

CVE-2024-21970 describes improper validation of an array index in the AND power Management Firmware, causing possible AGESA memory corruption and loss of integrity when exploited by a privileged attacker. Connected documents identify affected AMD Client Processor platforms and indicate mitigation...

CVE-2024-21970

Improper validation of an array index in the AND power Management Firmware could allow a privileged attacker to corrupt AGESA memory potentially leading to a loss of integrity...

CVE-2024-21970

Improper validation of an array index in the AND power Management Firmware could allow a privileged attacker to corrupt AGESA memory potentially leading to a loss of integrity...

CVE-2023-31306

Improper validation of an array index in the AMD graphics driver software could allow an attacker to pass malformed arguments to the dynamic power management DPM functions resulting in an out of bounds read and loss of availability...

CVE-2023-31306

Improper validation of an array index in the AMD graphics driver software could allow an attacker to pass malformed arguments to the dynamic power management DPM functions resulting in an out of bounds read and loss of availability...

CVE-2023-31306

CVE-2023-31306 concerns the AMD graphics driver software and its dynamic power management (DPM) handling. The root cause is improper validation of an array index, which can enable passing malformed arguments to DPM functions, causing an out-of-bounds read and resulting in loss of availability. Th...

CVE-2023-31306

Improper validation of an array index in the AMD graphics driver software could allow an attacker to pass malformed arguments to the dynamic power management DPM functions resulting in an out of bounds read and loss of availability...

AMD Graphics Driver 安全漏洞

AMD Graphics Driver is an integrated graphics driver from UltraMicroelectronics AMD. A security vulnerability exists in AMD Graphics Driver that stems from insufficient validation of array indexes, which could lead to out-of-bounds reads and loss of availability...

PT-2025-36385

Name of the Vulnerable Software and Affected Versions: AND power Management Firmware affected versions not specified Description: Improper validation of an array index within the firmware could allow a privileged attacker to corrupt AGESA memory, potentially leading to a loss of system integrity...

Linux Distros Unpatched Vulnerability : CVE-2025-39690

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: iio: accel: sca3300: fix uninitialized iio scan data Fix potential leak of uninitialized sta...

AMD Embedded Processors和AMD Client Processor 安全漏洞

AMD Embedded Processors and AMD Client Processor are both products of AMD Semiconductor, Inc.AMD Embedded Processors are a family of embedded high-performance GPUs.AMD Client Processor is a processor for client devices such as personal computers, AMD Embedded Processors and AMD Client Processors...

PT-2025-36377

Name of the Vulnerable Software and Affected Versions: AMD graphics driver software affected versions not specified Description: Improper validation of an array index within the software could allow an attacker to pass malformed arguments to the dynamic power management DPM functions. This can...

CVE-2025-39690

In the Linux kernel, the following vulnerability has been resolved: iio: accel: sca3300: fix uninitialized iio scan data Fix potential leak of uninitialized stack data to userspace by ensuring that the channels array is zeroed before use...