PyTorch 缓冲区错误漏洞

PyTorch is a Python package open-sourced by PyTorch. A security vulnerability exists in PyTorch version 2.6.0+cu124, which stems from the torch.ops.profiler.callendcallbacksonjitfut function that could lead to memory corruption...

Linux Distros Unpatched Vulnerability : CVE-2024-46861

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - usbnet: ipheth: do not stop RX on failing RX callback RX callbacks can fail for multiple reasons: Payload too short Payload formatted incorrecly e.g. bad NCM...

Linux Distros Unpatched Vulnerability : CVE-2024-41045

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - bpf: Defer work in bpftimercancelandfree Currently, the same case as previous patch two timer callbacks trying to cancel each other can be invoked through...

Linux Distros Unpatched Vulnerability : CVE-2024-46770

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ice: Add netifdeviceattach/detach into PF reset flow Ethtool callbacks can be executed while reset is in progress and try to access deleted resources, e.g...

SUSE CVE-2022-49506

In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Add vblank register/unregister callback functions We encountered a kernel panic issue that callback data will be NULL when it's using in ovl irq handler. There is a timing issue between mtkdispovlirqhandler and...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from not properly handling peer hash locks and RCU callbacks, which could lead to a deadlock...

PT-2025-9008

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A potential deadlock issue has been identified in the Linux kernel. The problem occurs when the sysfs -store function is called while a queue is frozen, and memory allocation with GFP...

CVE-2022-49732 sock: redo the psock vs ULP protection check

In the Linux kernel, the following vulnerability has been resolved: sock: redo the psock vs ULP protection check Commit 8a59f9d1e3d4 "sock: Introduce sk-skprot-psockupdateskprot" has moved the inetcskhasulpsk check from skpsockinit to the new tcpbpfupdateproto function. I'm guessing that this was...

DEBIAN-CVE-2022-49568

In the Linux kernel, the following vulnerability has been resolved: KVM: Don't null dereference ops-destroy A KVM device cleanup happens in either of two callbacks: 1 destroy which is called when the VM is being destroyed; 2 release which is called when a device fd is closed. Most KVM devices use...

CVE-2022-49175 PM: core: keep irq flags in device_pm_check_callbacks()

In the Linux kernel, the following vulnerability has been resolved: PM: core: keep irq flags in devicepmcheckcallbacks The function devicepmcheckcallbacks can be called under the spin lock in the reported case it happens from genpdadddevice - devpmdomainset, when the genpd uses spinlocks rather...

PT-2025-9097 · Git +1 · Net-Snmp

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: A heap buffer overflow issue was identified, which can cause a crash. The crash occurs during the setup engineID, init snmpv3 post premib config, and snmp call callbacks functions...

Astra Linux – Vulnerability in Firefox, Thunderbird

Internal browser event interfaces were exposed to web content when privileged EventHandler listener callbacks were executed for those events. Web content that attempted to use those interfaces would not be able to do so with elevated privileges. However, the presence of these interfaces indicated...

Important: runfinch-finch

Issue Overview: Applications and libraries which misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that the key offered is in fact used to...

Security update for avahi

This update for avahi fixes the following issues: CVE-2024-52616: Properly randomize query id of DNS packets bsc1233420. Bug fixes: No longer supply bogus services to callbacks bsc1226586. Tag hardening patches as PATCH-FEATURE-OPENSUSE Remove dependency on /usr/bin/python3 using %python3fixsheba...

SUSE-SU-2025:20103-1 Security update for avahi

This update for avahi fixes the following issues: - CVE-2024-52616: Properly randomize query id of DNS packets bsc1233420. Bug fixes: - No longer supply bogus services to callbacks bsc1226586. - Tag hardening patches as PATCH-FEATURE-OPENSUSE - Remove dependency on /usr/bin/python3 using...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the gve module not properly handling XDP xmit callbacks when XDP queues do not exist. This could result in a...

PT-2025-30812

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains an issue within the platform/x86/dell-wmi-sysman component. A flaw exists in how WMI data blocks are retrieved in sysfs callbacks, potentially leading to issues...

PT-2026-2878

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel's block layer related to request queue freezing within sysfs store callbacks. Freezing the request queue during these callbacks can lead to a deadlock...

DEBIAN-CVE-2024-56575

In the Linux kernel, the following vulnerability has been resolved: media: imx-jpeg: Ensure power suppliers be suspended before detach them The power suppliers are always requested to suspend asynchronously, devpmdomaindetach requires the caller to ensure proper synchronization of this function...

Security update for avahi

This update for avahi fixes the following issues: CVE-2024-52616: Fixed Avahi Wide-Area DNS Predictable Transaction IDs bsc1233420 Other fixes: - no longer supply bogus services to callbacks bsc1226586. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods...