Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2022-49492: nvme-pci: fix a NULL pointer dereference in nvmeallocadmintags bsc1238954. CVE-2022-50116: kernel: tty: ngsm: fix deadlock and link starvation in...

Important: Red Hat Security Advisory: VolSync v0.13 security fixes and container updates

VolSync v0.13 General Availability release images, which provide enhancements, security fixes, and updated container images. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

UBUNTU-CVE-2025-39886

In the Linux kernel, the following vulnerability has been resolved: bpf: Tell memcg to use allowspinning=false path in bpftimerinit Currently, calling bpfmapkmallocnode from bpfasyncinit can cause various locking issues; see the following stack trace edited for style as one example: ... 10.011566...

CVE-2025-39886

CVE-2025-39886 in the Linux kernel relates to a locking issue triggered when bpf_map_kmalloc_node() is called from __bpf_async_init(), potentially affecting memcg accounting and causing MEMCG_MAX events. The documented fix changes the bpf_timer_init() path to use allow_spinning=false and, per ups...

Semantic-Aware Fuzzing: an Empirical Framework for LLM-Guided, Reasoning-Driven Input Mutation

Security vulnerabilities in Internet-of-Things devices, mobile platforms, and autonomous systems remain critical. Traditional mutation-based fuzzers -- while effectively explore code paths -- primarily perform byte- or bit-level edits without semantic reasoning. Coverage-guided tools such as AFL+...

CVE-2025-55888

Cross-Site Scripting XSS vulnerability was discovered in the Ajax transaction manager endpoint of ARD. An attacker can intercept the Ajax response and inject malicious JavaScript into the accountName field. This input is not properly sanitized or encoded when rendered, allowing script execution i...

atm: atmtcp: Prevent arbitrary write in atmtcp_recv_control().

...

Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2022-49980: USB: gadget: fix use-after-free read in usbudcuevent bsc1245110. CVE-2022-50116: tty: ngsm: fix deadlock and link starvation in outgoing data path...

CVE-2023-53442

Technical details about CVE-2023-53442 are not present in the provided connected documents. The SUSE/Tenable entries reference kernel fixes in general but do not disclose affected products/versions or specific exploit vectors here. Monitor for official patch specifics.

UBUNTU-CVE-2023-53374

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hciconn: fail SCO/ISO via hciconnfailed if ACL gone early Not calling hcidisconnectcfm before deleting conn referred to by a socket generally results to use-after-free. When cleaning up SCO connections when the parent...

CVE-2023-53374 Bluetooth: hci_conn: fail SCO/ISO via hci_conn_failed if ACL gone early

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hciconn: fail SCO/ISO via hciconnfailed if ACL gone early Not calling hcidisconnectcfm before deleting conn referred to by a socket generally results to use-after-free. When cleaning up SCO connections when the parent...

DEBIAN-CVE-2023-53344

In the Linux kernel, the following vulnerability has been resolved: can: bcm: bcmtxsetup: fix KMSAN uninit-value in vfswrite Syzkaller reported the following issue: ===================================================== BUG: KMSAN: uninit-value in aiorwdone fs/aio.c:1520 inline BUG: KMSAN:...

SUSE CVE-2023-53231

In the Linux kernel, the following vulnerability has been resolved: erofs: Fix detection of atomic context Current check for atomic context is not sufficient as zerofsdecompressqueueendio can be called under rcu lock from blkmqflushpluglist. See the stacktrace 1 In such case we should hand off th...

CVE-2025-39828 atm: atmtcp: Prevent arbitrary write in atmtcp_recv_control().

In the Linux kernel, the following vulnerability has been resolved: atm: atmtcp: Prevent arbitrary write in atmtcprecvcontrol. syzbot reported the splat below. 0 When atmtcpvopen or atmtcpvclose is called via connect or close, atmtcpsendcontrol is called to send an in-kernel special message. The...

CLSA-2025-1758009294 kernel: Fix of 3 CVEs

posix-cpu-timers: fix race between handleposixcputimers and posixcputimerdel CVE-2025-38352 - schqfq: make qfqqlennotify idempotent CVE-2025-38177 - schhfsc: make hfscqlennotify idempotent CVE-2025-38177 - schdrr: make drrqlennotify idempotent CVE-2025-38177 - schhtb: make htbqlennotify...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: ACPI: processor: idle: Check acpifetchacpidev return value CVE-2022-50327 In the Linux kernel, the following vulnerability has been resolved: bpf: Fix helper writes to read-only maps CVE-2024-49861 In the Linux...

Important: Red Hat Security Advisory: VolSync v0.12 security fixes and container updates

VolSync v0.12 General Availability release images, which provide enhancements, security fixes, and updated container images. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

CVE-2023-53231 erofs: Fix detection of atomic context

In the Linux kernel, the following vulnerability has been resolved: erofs: Fix detection of atomic context Current check for atomic context is not sufficient as zerofsdecompressqueueendio can be called under rcu lock from blkmqflushpluglist. See the stacktrace 1 In such case we should hand off th...

PT-2025-49034

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw related to a livelock in synchronous file put operations from fuseblk workers. This issue can lead to a hang when running tests that involve opening a...

WordPress plugin Salon Booking System 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exist...