DEBIAN-CVE-2022-50332

In the Linux kernel, the following vulnerability has been resolved: video/aperture: Call sysfbdisable before removing PCI devices Call sysfbdisable from apertureremoveconflictingpcidevices before removing PCI devices. Without, simpledrm can still bind to simple-framebuffer devices after the...

CVE-2022-50292

In the Linux kernel, the following vulnerability has been resolved: drm/msm/dp: fix bridge lifetime Device-managed resources allocated post component bind must be tied to the lifetime of the aggregate DRM device or they will not necessarily be released when binding of the aggregate device is...

DEBIAN-CVE-2022-50292

In the Linux kernel, the following vulnerability has been resolved: drm/msm/dp: fix bridge lifetime Device-managed resources allocated post component bind must be tied to the lifetime of the aggregate DRM device or they will not necessarily be released when binding of the aggregate device is...

CVE-2022-50332

CVE-2022-50332 concerns a Linux kernel issue in video/aperture where sysfb_disable() must be called from aperture_remove_conflicting_pci_devices() before removing PCI devices to prevent simpledrm from binding to simple-framebuffer devices after the driver takes over. The vulnerability is describe...

CVE-2022-50332 video/aperture: Call sysfb_disable() before removing PCI devices

In the Linux kernel, the following vulnerability has been resolved: video/aperture: Call sysfbdisable before removing PCI devices Call sysfbdisable from apertureremoveconflictingpcidevices before removing PCI devices. Without, simpledrm can still bind to simple-framebuffer devices after the...

CVE-2022-50292 drm/msm/dp: fix bridge lifetime

In the Linux kernel, the following vulnerability has been resolved: drm/msm/dp: fix bridge lifetime Device-managed resources allocated post component bind must be tied to the lifetime of the aggregate DRM device or they will not necessarily be released when binding of the aggregate device is...

CVE-2022-50292

The CVE-2022-50292 entry concerns the Linux kernel DRM MSM DP bridge lifetime issue. Device-managed resources allocated after component bind must be tied to the lifetime of the aggregate DRM device; if not, resources may leak or binding may fail on retry. For DP bridges, bridges allocated earlier...

CVE-2022-50292 drm/msm/dp: fix bridge lifetime

In the Linux kernel, the following vulnerability has been resolved: drm/msm/dp: fix bridge lifetime Device-managed resources allocated post component bind must be tied to the lifetime of the aggregate DRM device or they will not necessarily be released when binding of the aggregate device is...

PT-2025-37594

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A flaw exists in the Linux kernel’s DRM/msm/dp subsystem related to the lifetime management of DP bridges. Device-managed resources allocated after component binding were not properly...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from improper DP bridge lifecycle management, which could result in a resource leak or device binding failure...

PT-2025-37850

Name of the Vulnerable Software and Affected Versions: macOS Tahoe version 26 macOS Sequoia versions 15.7 macOS Sonoma version 14.8 tvOS version 26 visionOS version 26 watchOS version 26 iOS versions prior to 18.7 iPadOS versions prior to 18.7 Description: A logic issue was addressed with improve...

PT-2025-37634

Name of the Vulnerable Software and Affected Versions Linux kernel versions 6.0.3 Description A flaw exists in the Linux kernel related to the handling of PCI devices and simple framebuffer devices. Specifically, the sysfb disable function was not being called before removing PCI devices, leading...

SUSE CVE-2025-39774

In the Linux kernel, the following vulnerability has been resolved: iio: adc: rzg2ladc: Set driver data before enabling runtime PM When stress-testing the system by repeatedly unbinding and binding the ADC device in a loop, and the ADC is a supplier for another device e.g., a thermal hardware blo...

DEBIAN-CVE-2025-39774

In the Linux kernel, the following vulnerability has been resolved: iio: adc: rzg2ladc: Set driver data before enabling runtime PM When stress-testing the system by repeatedly unbinding and binding the ADC device in a loop, and the ADC is a supplier for another device e.g., a thermal hardware blo...

UBUNTU-CVE-2025-39774

In the Linux kernel, the following vulnerability has been resolved: iio: adc: rzg2ladc: Set driver data before enabling runtime PM When stress-testing the system by repeatedly unbinding and binding the ADC device in a loop, and the ADC is a supplier for another device e.g., a thermal hardware blo...

CISA Adds Three Known Exploited Vulnerabilities to Catalog

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2025-38352link is external Linux Kernel Time-of-Check Time-of-Use TOCTOU Race Condition Vulnerability CVE-2025-48543link is external Android Runtime Unspecifi...

vsock: Do not allow binding to VMADDR_PORT_ANY

...

Security Bulletin: The following vulnerabilities that can affect IBM Storage Scale and the Management GUI are now included (CVE-2025-49146)

Summary The following vulnerabilities that can affect IBM Storage Scale and the Management GUI and could provide weaker than expected security are now fixed CVE-2025-49146. Vulnerability Details CVEID:CVE-2025-49146 DESCRIPTION: pgjdbc is an open source postgresql JDBC Driver. From 42.7.4 and unt...

Linux Distros Unpatched Vulnerability : CVE-2025-38618

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - vsock: Do not allow binding to VMADDRPORTANY It is possible for a vsock to autobind to VMADDRPORTANY. This can cause a use-after-free when a connection is made ...

Linux Distros Unpatched Vulnerability : CVE-2023-32249

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ksmbd: not allow guest user on multichannel This patch return STATUSNOTSUPPORTED if binding session is guest. CVE-2023-32249 Note that Nessus relies on the...