CVE-2025-21763

Summary of CVE-2025-21763 : In the Linux kernel, __neigh_notify() can be invoked without RTNL or RCU protection, creating a potential use-after-free (UAF) scenario in neighbour handling. The mitigation is to apply RCU protection to neighbour notifications to prevent UAF. Connected advisories corr...

CVE-2025-21761 openvswitch: use RCU protection in ovs_vport_cmd_fill_info()

In the Linux kernel, the following vulnerability has been resolved: openvswitch: use RCU protection in ovsvportcmdfillinfo ovsvportcmdfillinfo can be called without RTNL or RCU. Use RCU protection and devnetrcu to avoid potential UAF...

UBUNTU-CVE-2022-49316

In the Linux kernel, the following vulnerability has been resolved: NFSv4: Don't hold the layoutget locks across multiple RPC calls When doing layoutget as part of the open compound, we have to be careful to release the layout locks before we can call any further RPC calls, such as setattr. The...

CVE-2022-49380 f2fs: fix to avoid f2fs_bug_on() in dec_valid_node_count()

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid f2fsbugon in decvalidnodecount As Yanming reported in bugzilla: https://bugzilla.kernel.org/showbug.cgi?id=215897 I have encountered a bug in F2FS file system in kernel v5.17. The kernel should enable...

CVE-2022-49071 drm/panel: ili9341: fix optional regulator handling

In the Linux kernel, the following vulnerability has been resolved: drm/panel: ili9341: fix optional regulator handling If the optional regulator lookup fails, reset the pointer to NULL. Other functions such as mipidbipoweronresetconditional only do a NULL pointer check and will otherwise...

drm/sti: avoid potential dereference of error pointers

...

CVE-2025-0752

A flaw was found in OpenShift Service Mesh 2.6.3 and 2.5.6. Rate-limiter avoidance, access-control bypass, CPU and memory exhaustion, and replay attacks may be possible due to improper HTTP header sanitization in Envoy...

CVE-2025-0752

CVE-2025-0752 affects OpenShift Service Mesh versions 2.6.3 and 2.5.6 due to improper HTTP header sanitization in Envoy. The issue can enable rate-limiter circumvention, access-control bypass, and may cause CPU/memory exhaustion and replay attacks. Documented impact is limited to these versions; ...

PT-2025-4039 · Red Hat · Openshift Service Mesh

Name of the Vulnerable Software and Affected Versions: OpenShift Service Mesh versions 2.5.6 through 2.6.3 Description: A flaw was found in OpenShift Service Mesh due to improper HTTP header sanitization in Envoy. This may lead to rate-limiter avoidance, access-control bypass, CPU and memory...

CVE-2025-0752

A flaw was found in OpenShift Service Mesh 2.6.3 and 2.5.6. Rate-limiter avoidance, access-control bypass, CPU and memory exhaustion, and replay attacks may be possible due to improper HTTP header sanitization in Envoy...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: IORINGOPREAD did not correctly consume the provided buffer list when CVE-2023-52926 In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fixed overflow check in mienumattr CVE-2024-27407 I...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix fortify source warning while accessing Eth segment CVE-2024-26907 In the Linux kernel, the following vulnerability has been resolved: i3c: Use i3cdev-desc-info instead of calling i3cdevicegetinfo to...

CVE-2024-9310 Traffic Alert and Collision Avoidance System (TCAS) II has a Reliance on Untrusted Inputs in a Security Decision vulnerability

By utilizing software-defined radios and a custom low-latency processing pipeline, RF signals with spoofed location data can be transmitted to aircraft targets. This can lead to the appearance of fake aircraft on displays and potentially trigger undesired Resolution Advisories RAs...

CVE-2024-9310

CVE-2024-9310 concerns TCAS II vulnerabilities where use of software-defined radios and a low-latency processing pipeline can allow RF signals with spoofed location data to be transmitted to aircraft targets. This can make fake aircraft appear on displays and potentially trigger undesired Resolut...

CVE-2024-9310 Traffic Alert and Collision Avoidance System (TCAS) II has a Reliance on Untrusted Inputs in a Security Decision vulnerability

By utilizing software-defined radios and a custom low-latency processing pipeline, RF signals with spoofed location data can be transmitted to aircraft targets. This can lead to the appearance of fake aircraft on displays and potentially trigger undesired Resolution Advisories RAs...

Federal Aviation Administration TCAS 安全漏洞

Federal Aviation Administration TCAS is a traffic alert and collision avoidance system organized by the Federal Aviation Administration FAA in the United States. A security vulnerability exists in Federal Aviation Administration TCAS that originates from an attacker being able to impersonate a...

PT-2025-3713 · Traffic Alert Collision Avoidance System (Tcas) Ii · Collision Avoidance Systems

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue involves utilizing software-defined radios and a custom low-latency processing pipeline to transmit RF signals with spoofed location data to...

PT-2025-5189 · Unknown · Menus Plus+

Name of the Vulnerable Software and Affected Versions: Menus Plus+ versions 1.9.6 and earlier Description: The issue is related to improper neutralization of special elements used in an SQL command, which allows SQL Injection. This means that an attacker could potentially inject malicious SQL cod...

Federal Aviation Administration TCAS 安全漏洞

Federal Aviation Administration TCAS is a traffic alert and collision avoidance system organized by the Federal Aviation Administration FAA in the United States. A security vulnerability exists in Federal Aviation Administration TCAS version 7.1 and prior versions, which stems from a dependency o...

CVE-2025-21638

In the Linux kernel, the following vulnerability has been resolved: sctp: sysctl: authenable: avoid using current-nsproxy As mentioned in a previous commit of this series, using the 'net' structure via 'current' is not recommended for different reasons: - Inconsistency: getting info from the...