1145 matches found
CVE-2026-23225
In the Linux kernel, the following vulnerability has been resolved: sched/mmcid: Don't assume CID is CPU owned on mode switch Shinichiro reported a KASAN UAF, which is actually an out of bounds access in the MMCID management code. CPU0 CPU1 T1 runs in userspace T0: forkT4 - Switch to per CPU CID...
CVE-2026-23225
In the Linux kernel, the following vulnerability has been resolved: sched/mmcid: Don't assume CID is CPU owned on mode switch Shinichiro reported a KASAN UAF, which is actually an out of bounds access in the MMCID management code. CPU0 CPU1 T1 runs in userspace T0: forkT4 - Switch to per CPU CID...
CVE-2026-23225
In the Linux kernel, the following vulnerability has been resolved: sched/mmcid: Don't assume CID is CPU owned on mode switch Shinichiro reported a KASAN UAF, which is actually an out of bounds access in the MMCID management code. CPU0 CPU1 T1 runs in userspace T0: forkT4 - Switch to per CPU CID...
CVE-2026-23225
CVE-2026-23225 affects the Linux kernel MMCID mode switch logic. The issue arises when the per-other CPU CID ownership state (TRANSIT) is set but the CID is not CPU-owned, causing mm_drop_cid_on_cpu() to clear ONCPU and then touch an invalid bit, yielding an out-of-bounds access. The root cause i...
Linux Distros Unpatched Vulnerability : CVE-2026-23225
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: sched/mmcid: Don't assume CID is CPU owned on mode switch Shinichiro reported a KASAN UAF,...
[SECURITY] Fedora 43 Update: fontforge-20230101-19.fc43
FontForge former PfaEdit is a font editor for outline and bitmap fonts. It supports a range of font formats, including PostScript ASCII and binary Type 1, some Type 3 and Type 0, TrueType, OpenType Type2 and CID-keyed fonts...
CVE-2025-59892
Cross-Site request forgery CSRF vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. An authenticated user could cause another user to perform unwanted actions within the application they are logged into. This vulnerability is possible due to the lack of...
EUVD-2025-206490
Cross-Site request forgery CSRF vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. An authenticated user could cause another user to perform unwanted actions within the application they are logged into. This vulnerability is possible due to the lack of...
CVE-2025-59892
Cross-Site request forgery CSRF vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. An authenticated user could cause another user to perform unwanted actions within the application they are logged into. This vulnerability is possible due to the lack of...
CVE-2025-59892
Cross-Site Request Forgery (CSRF) vulnerability affecting Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. Root cause: lack of proper CSRF token implementation allows an authenticated user to cause actions on behalf of another user. Practical impact includes unauthentica...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000722)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000722 advisory. The slhcinit function in drivers/net/slip/slhc.c in the Linux kernel through 4.2.3 does not ensure that certain slot numbers are valid, which allows local users to...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-004026)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004026 advisory. The vgacon subsystem in the Linux kernel before 5.8.10 mishandles software scrollback. There is a vgaconscrolldelta out-of-bounds read, aka CID-973c096f6a85. Tenable...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-004170)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004170 advisory. A memory leak in the cx23888irprobe function in drivers/media/pci/cx23885/cx23888-ir.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of servi...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001380)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001380 advisory. An issue was discovered in fs/fuse/fusei.h in the Linux kernel before 5.11.8. A stall on CPU can occur because a retry loop continually finds the same bad inode, aka...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004198)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004198 advisory. A memory leak in the unittestdataadd function in drivers/of/unittest.c in the Linux kernel before 5.3.10 allows attackers to cause a denial of service memory...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-004053)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004053 advisory. In the Linux kernel through 5.4.6, there is a NULL pointer dereference in drivers/scsi/libsas/sasdiscover.c because of mishandling of port disconnection during...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001443)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001443 advisory. An issue was discovered in the Linux kernel before 5.9. arch/x86/kvm/svm/sev.c allows attackers to cause a denial of service soft lockup by triggering destruction of...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004385)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004385 advisory. An issue was discovered in slcbump in drivers/net/can/slcan.c in the Linux kernel 3.16 through 5.6.2. It allows attackers to read uninitialized canframe data,...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003840)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003840 advisory. An issue was discovered in the Linux kernel before 5.8.1. net/bluetooth/hcievent.c has a slab out-of- bounds read in hciextendedinquiryresultevt, aka CID-51c19bf3d5c...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-004011)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004011 advisory. In the Linux kernel before 5.0.6, there is a NULL pointer dereference in dropsysctltable in fs/proc/procsysctl.c, related to putlinks, aka CID-23da9588037e. Tenable...