CVE-2025-57800 Audiobookshelf vulnerable to OIDC token exfiltration and account takeover

Audiobookshelf is an open-source self-hosted audiobook server. In versions 2.6.0 through 2.26.3, the application does not properly restrict redirect callback URLs during OIDC authentication. An attacker can craft a login link that causes Audiobookshelf to store an arbitrary callback in a cookie,...

UBUNTU-CVE-2025-8860

When the guest writes to register UEFIVARSREGBUFFERSIZE, the .write callback uefivarswrite is invoked. The function allocates a heap buffer without zeroing the memory, leaving the buffer filled with residual data from prior allocations. When the guest later reads from register...

SUSE CVE-2025-38565

In the Linux kernel, the following vulnerability has been resolved: perf/core: Exit early on perfmmap fail When perfmmap fails to allocate a buffer, it still invokes the eventmapped callback of the related event. On X86 this might increase the perfrdpmcallowed reference counter. But nothing undoe...

AZL-66539 CVE-2025-38565 affecting package kernel for versions less than 6.6.104.2-1

In the Linux kernel, the following vulnerability has been resolved: perf/core: Exit early on perfmmap fail When perfmmap fails to allocate a buffer, it still invokes the eventmapped callback of the related event. On X86 this might increase the perfrdpmcallowed reference counter. But nothing undoe...

CVE-2025-38565

In the Linux kernel, the following vulnerability has been resolved: perf/core: Exit early on perfmmap fail When perfmmap fails to allocate a buffer, it still invokes the eventmapped callback of the related event. On X86 this might increase the perfrdpmcallowed reference counter. But nothing undoe...

DEBIAN-CVE-2025-38565

In the Linux kernel, the following vulnerability has been resolved: perf/core: Exit early on perfmmap fail When perfmmap fails to allocate a buffer, it still invokes the eventmapped callback of the related event. On X86 this might increase the perfrdpmcallowed reference counter. But nothing undoe...

CVE-2025-38565

CVE-2025-38565: In the Linux kernel perf_mmap() path, if buffer allocation fails the code still invokes event_mapped(), which can increment perf_rdpmc_allowed on x86 and leaks references because perf_mmap_close() is not called. The documented fix is to return early on failure to prevent the refer...

CVE-2025-38565 perf/core: Exit early on perf_mmap() fail

In the Linux kernel, the following vulnerability has been resolved: perf/core: Exit early on perfmmap fail When perfmmap fails to allocate a buffer, it still invokes the eventmapped callback of the related event. On X86 this might increase the perfrdpmcallowed reference counter. But nothing undoe...

CVE-2025-38565

In the Linux kernel, the following vulnerability has been resolved: perf/core: Exit early on perfmmap fail When perfmmap fails to allocate a buffer, it still invokes the eventmapped callback of the related event. On X86 this might increase the perfrdpmcallowed reference counter. But nothing undoe...

CVE-2025-38565 perf/core: Exit early on perf_mmap() fail

In the Linux kernel, the following vulnerability has been resolved: perf/core: Exit early on perfmmap fail When perfmmap fails to allocate a buffer, it still invokes the eventmapped callback of the related event. On X86 this might increase the perfrdpmcallowed reference counter. But nothing undoe...

CVE-2025-38563 perf/core: Prevent VMA split of buffer mappings

In the Linux kernel, the following vulnerability has been resolved: perf/core: Prevent VMA split of buffer mappings The perf mmap code is careful about mmap'ing the user page with the ringbuffer and additionally the auxiliary buffer, when the event supports it. Once the first mapping is...

CVE-2025-38563 perf/core: Prevent VMA split of buffer mappings

In the Linux kernel, the following vulnerability has been resolved: perf/core: Prevent VMA split of buffer mappings The perf mmap code is careful about mmap'ing the user page with the ringbuffer and additionally the auxiliary buffer, when the event supports it. Once the first mapping is...

Linux Distros Unpatched Vulnerability : CVE-2025-38374

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: optee: ffa: fix sleep in atomic context The OP-TEE driver registers the function notifcallba...

Linux Distros Unpatched Vulnerability : CVE-2025-38390

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: firmware: armffa: Fix memory leak by freeing notifier callback node Commit e0573444edbf...

CVE-2025-38549

In the Linux kernel, the following vulnerability has been resolved: efivarfs: Fix memory leak of efivarfsfsinfo in fscontext error paths When processing mount options, efivarfs allocates efivarfsfsinfo sfi early in fscontext initialization. However, sfi is associated with the superblock and...

CVE-2025-38549

In the Linux kernel, the following vulnerability has been resolved: efivarfs: Fix memory leak of efivarfsfsinfo in fscontext error paths When processing mount options, efivarfs allocates efivarfsfsinfo sfi early in fscontext initialization. However, sfi is associated with the superblock and...

DEBIAN-CVE-2025-38549

In the Linux kernel, the following vulnerability has been resolved: efivarfs: Fix memory leak of efivarfsfsinfo in fscontext error paths When processing mount options, efivarfs allocates efivarfsfsinfo sfi early in fscontext initialization. However, sfi is associated with the superblock and...

UBUNTU-CVE-2025-38549

In the Linux kernel, the following vulnerability has been resolved: efivarfs: Fix memory leak of efivarfsfsinfo in fscontext error paths When processing mount options, efivarfs allocates efivarfsfsinfo sfi early in fscontext initialization. However, sfi is associated with the superblock and...

CVE-2025-38549 efivarfs: Fix memory leak of efivarfs_fs_info in fs_context error paths

In the Linux kernel, the following vulnerability has been resolved: efivarfs: Fix memory leak of efivarfsfsinfo in fscontext error paths When processing mount options, efivarfs allocates efivarfsfsinfo sfi early in fscontext initialization. However, sfi is associated with the superblock and...

CVE-2025-38549

In the Linux kernel, the following vulnerability has been resolved: efivarfs: Fix memory leak of efivarfsfsinfo in fscontext error paths When processing mount options, efivarfs allocates efivarfsfsinfo sfi early in fscontext initialization. However, sfi is associated with the superblock and...