PT-2025-51722

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.14.0-570.12.1.bringup7.el9.s390x 1 Description The Linux kernel contained a flaw where a deadlock could occur between PCI error recovery and mlx5 crdump operations on the s390 architecture. Specifically, the...

PT-2025-51577

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel's ext4 file system implementation related to memory allocation within the extended attribute handling routines. Specifically, the ext4 xattr inode cache...

SUSE CVE-2023-53777

In the Linux kernel, the following vulnerability has been resolved: erofs: kill hooked chains to avoid loops on deduplicated compressed images After heavily stressing EROFS with several images which include a hand-crafted image of repeated patterns for more than 46 days, I found two chains could ...

SUSE CVE-2023-53742

In the Linux kernel, the following vulnerability has been resolved: kcsan: Avoid READONCE in readinstrumentedmemory Haibo Li reported: | Unable to handle kernel paging request at virtual address | ffffff802a0d8d7171 | Mem abort info:o: | ESR = 0x9600002121 | EC = 0x25: DABT current EL, IL = 32...

EUVD-2025-201197

In the Linux kernel, the following vulnerability has been resolved: schedext: Fix scxenable crash on helper kthread creation failure A crash was observed when the schedext selftests runner was terminated with Ctrl+\ while test 15 was running: NIP c00000000028fa58 scxenable.constprop.0+0x358/0x12b...

EUVD-2025-201209

In the Linux kernel, the following vulnerability has been resolved: vsock: Ignore signal/timeout on connect if already established During connect, acting on a signal/timeout by disconnecting an already established socket leads to several issues: 1. connect invoking vsocktransportcancelpkt -...

CVE-2025-40218

CVE-2025-40218: In the Linux kernel, DAMON’s vaddr implementation was retrying pte_offset_map_lock() on failure, which could loop in scenarios where the target is a PMD migration entry, potentially causing a soft lockup when DAMON runs in parallel with CPU hotplug. The fix removes the retry-on-fa...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

Malicious Package

Overview integrator-2830 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious Package

Overview integrator-2829 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

SUSE CVE-2025-40120

In the Linux kernel, the following vulnerability has been resolved: net: usb: asix: hold PM usage ref to avoid PM/MDIO + RTNL deadlock Prevent USB runtime PM autosuspend for AX88772 in bind. usbnet enables runtime PM autosuspend by default, so disabling it via the usbdriver flag is ineffective. O...

Malicious code in avangi-oliuka-tamoki (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2efbd386b21e332ed66af1857e91e6bf520042331231c42bb2135adf4384e4b6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

UBUNTU-CVE-2025-40168

In the Linux kernel, the following vulnerability has been resolved: smc: Use skdstget and dstdevrcu in smcclcprfxmatch. smcclcprfxmatch is called from smclistenwork and not under RCU nor RTNL. Using skdstgetsk-dev could trigger UAF. Let's use skdstget and dstdevrcu. Note that the returned value o...

Malicious code in siska-oblok95-miaww (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 772c035a43f854203fca5e79dc0dc667ead053a52e702edb254e64989b30479f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious Package

Overview bcryptjs-node-js is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989789)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989789 advisory. In the Linux kernel, the following vulnerability has been resolved: tty: fix deadlock caused by calling printk under ttyport-lock ptywrite invokes kmalloc which may...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990361)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990361 advisory. In the Linux kernel, the following vulnerability has been resolved: i3c: Use i3cdev-desc-info instead of calling i3cdevicegetinfo to avoid deadlock A deadlock may...

Malicious Package

Overview jsonretype is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...