CVE-2022-49976

CVE-2022-49976 relates to Linux kernel code for x86 Android tablet handling, specifically the Chuwi Hi8 touchscreen issue. The vulnerability stems from the x86_android_tablets path calling x86_acpi_irq_helper_get() which may invoke acpi_unregister_gsi(), leading to touchscreen malfunctions and ke...

CVE-2025-38025

In the Linux kernel, the following vulnerability has been resolved: iio: adc: ad7606: check for NULL before calling swmodeconfig Check that the swmodeconfig function pointer is not NULL before calling it. Not all buses define this callback, which resulted in a NULL pointer dereference...

UBUNTU-CVE-2025-38025

In the Linux kernel, the following vulnerability has been resolved: iio: adc: ad7606: check for NULL before calling swmodeconfig Check that the swmodeconfig function pointer is not NULL before calling it. Not all buses define this callback, which resulted in a NULL pointer dereference...

pycares has a Use-After-Free Vulnerability

Summary pycares is vulnerable to a use-after-free condition that occurs when a Channel object is garbage collected while DNS queries are still pending. This results in a fatal Python error and interpreter crash. Details Root Cause The vulnerability stems from improper handling of callback...

GHSA-5QPG-RH4J-QP35 pycares has a Use-After-Free Vulnerability

Summary pycares is vulnerable to a use-after-free condition that occurs when a Channel object is garbage collected while DNS queries are still pending. This results in a fatal Python error and interpreter crash. Details Root Cause The vulnerability stems from improper handling of callback...

SUSE-SU-2025:20413-1 Security update for the Linux Kernel

The SUSE Linux Enterprise Micro 6.0 and 6.1 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2023-52888: media: mediatek: vcodec: Only free buffer VA that is not NULL bsc1228557. - CVE-2024-46713: kabi fix for perf/aux: Fix AUX buffer...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: hrtimers: Properly handle CPU state during hotplug events. Consider a scenario where a CPU transitions from CPUHPONLINE to CPUHPHRTIMERSPREPARE after being hot-unplugged, and then back to CPUHPONLINE. Since the...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: nfsd: When trying to queue dlrecall, if the call to nfsd4runcb fails, the reference count of dlstid is not decremented. This leads to a leak of the following objects: unreferenced object 0xffff88812067b578 size 344: Comm “nfsd”,...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: media: i2c: et8ek8: Do not discard the remove function when the driver is built-in. Using exit for the remove function causes the remove callback to be discarded when CONFIGVIDEOET8EK8=y is enabled. When such a device is unbound...

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: ASoC: soc-pcm: do not use socpcmret on the .prepare callback. The commit 1f5664351410 states, “ASoC: lower the log severity when no backend DAIs are enabled for …”. This commit ignores the -EINVAL error message when using soc PCM...

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerabilities have been resolved: drm/sched: Fixed the leak caused by referencing the fence’s reference count. The lastscheduled fence leaks occurs when an entity is being terminated, and the cleanup callback fails. The reference count of prev was decremented...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: NFSD: fixed a hang issue in nfsd4shutdowncallback. If nfs4client is in the courtesy state, there is no point in sending the callback. This causes nfsd4shutdowncallback to hang, as clcbinflight is not set to 0. This hang lasts...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: media: streamzap: fix race between device disconnection and urb callback Syzkaller has reported a general protection fault in the function irraweventstorewithfilter. This crash occurs due to a NULL pointer dereference of the...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v2m: Prevention of use after freeing gicv2mgetfwnode. With ACPI enabled, gicv2mgetfwnode is registered with the PCI subsystem as pcimsigetfwnodecb. This function may be called during a PCI host bridge probe at runtime...

PrestaShop EuroInformation MoneticoPaiement 安全漏洞

PrestaShop EuroInformation MoneticoPaiement is a plugin from PrestaShop France for integrating Monetico/CIC/Créditxa0Mutuel payment gateway into PrestaShop. A security vulnerability exists in PrestaShop EuroInformation MoneticoPaiement versions prior to 1.1.1 that stems from the parameters TPE,...

CVE-2025-2939

The Ninja Tables – Easy Data Table Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.0.18 via deserialization of untrusted input from the argscallback parameter . This makes it possible for unauthenticated attackers to inject a PHP Object...

WordPress plugin Ninja Tables 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. WordPress Ninja Tables plugin has a code issue vulnerability , the vulnerability stems from argscallback parameter deserialization untrustworthy inputs , an attacker can use thi...

CVE-2025-4672 Offsprout Page Builder 2.2.1 - 2.15.2 - Authenticated (Contributor+) Privilege Escalation via permission_callback Function

The Offsprout Page Builder plugin for WordPress is vulnerable to Privilege Escalation due to improper authorization placed on the permissioncallback function in versions 2.2.1 to 2.15.2. This makes it possible for authenticated attackers, with Contributor-level access and above, to read, create,...

CVE-2024-21478

transient DOS when setting up a fence callback to free a KGSL memory entry object during DMA...

CVE-2024-56734

Better Auth is an authentication library for TypeScript. An open redirect vulnerability has been identified in the verify email endpoint of all versions of Better Auth prior to v1.1.6, potentially allowing attackers to redirect users to malicious websites. This issue affects users relying on emai...