Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a null pointer dereference in the l2capsockresumecb function...

CVE-2024-12237

The Photo Gallery Slideshow & Masonry Tiled Gallery plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0.15 via the rjggetyoutubeinfojustifiedgallerycallback function. This makes it possible for authenticated attackers, with Subscriber-level...

CVE-2024-33067

Information disclosure while invoking callback function of sound model driver from ADSP for every valid opcode received from sound model driver...

CVE-2023-34823

fdkaac before 1.0.5 was discovered to contain a stack overflow in readcallback function in src/main.c...

CVE-2023-33035

Memory corruption while invoking callback function of AFE from ADSP...

CVE-2023-33055

Memory Corruption in Audio while invoking callback function in driver from ADSP...

CVE-2023-33064

Transient DOS in Audio when invoking callback function of ASM driver...

CVE-2021-3786

A potential vulnerability in the SMI callback function used in CSME configuration of some Lenovo Notebook and ThinkPad systems could be used to leak out data out of the SMRAM range...

CVE-2020-8354

A potential vulnerability in the SMI callback function used in the VariableServiceSmm driver in some Lenovo Notebook models may allow arbitrary code execution...

CVE-2019-6172

A potential vulnerability in the SMI callback function used in Legacy USB driver using passed parameter without sufficient checking in some Lenovo ThinkPad models may allow arbitrary code execution...

CVE-2019-6170

A potential vulnerability in the SMI callback function used in the Legacy USB driver using boot services structure in runtime phase in some Lenovo ThinkPad models may allow arbitrary code execution...

CVE-2024-52879

An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.38.50, kernel 5.4 before version 05.46.50, kernel 5.5 before version 05.54.50, kernel 5.6 before version 05.61.50, and kernel 5.7 before version 05.70.50. In VariableRuntimeDxe driver,...

CVE-2024-52879

An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.38.50, kernel 5.4 before version 05.46.50, kernel 5.5 before version 05.54.50, kernel 5.6 before version 05.61.50, and kernel 5.7 before version 05.70.50. In VariableRuntimeDxe driver,...

CVE-2024-52879

The CVE-2024-52879 issue affects Insyde InsydeH2O kernel variants 5.2–5.7, prior to 05.70.50. The root cause is in the VariableRuntimeDxe driver, where the SMM callback SmmUpdateVariablePropertySmi() uses StrCmp() to compare variable names, potentially causing a buffer over-read. Impact component...

CVE-2022-49830 drm/drv: Fix potential memory leak in drm_dev_init()

In the Linux kernel, the following vulnerability has been resolved: drm/drv: Fix potential memory leak in drmdevinit drmdevinit will add drmdevinitrelease as a callback. When drmmaddaction failed, the release function won't be added. As the result, the ref cnt added by deviceget in drmdevinit won...

PT-2025-17632 · Insyde · Insydeh2O

Name of the Vulnerable Software and Affected Versions: Insyde InsydeH2O kernel versions 5.2 through 5.7 before version 05.70.50 Description: An issue was discovered in the InsydeH2O kernel, where the SmmUpdateVariablePropertySmi function, a SMM callback function in the VariableRuntimeDxe driver,...

CVE-2025-22025

In the Linux kernel, the following vulnerability has been resolved: nfsd: put dlstid if fail to queue dlrecall Before calling nfsd4runcb to queue dlrecall to the callbackwq, we increment the reference count of dlstid. We expect that after the corresponding workstruct is processed, the reference...

CVE-2024-6825

BerriAI/litellm version 1.40.12 contains a vulnerability that allows remote code execution. The issue exists in the handling of the 'postcallrules' configuration, where a callback function can be added. The provided value is split at the final '.' mark, with the last part considered the function...

LiteLLM Vulnerable to Remote Code Execution (RCE)

BerriAI/litellm version 1.40.12 contains a vulnerability that allows remote code execution. The issue exists in the handling of the 'postcallrules' configuration, where a callback function can be added. The provided value is split at the final '.' mark, with the last part considered the function...

CVE-2024-6825

BerriAI/litellm version 1.40.12 contains a vulnerability that allows remote code execution. The issue exists in the handling of the 'postcallrules' configuration, where a callback function can be added. The provided value is split at the final '.' mark, with the last part considered the function...