9 matches found
Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-011349)
"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011349 advisory. In the Linux kernel, the following vulnerability has been resolved: fs/proc: fix uaf in procreaddirde Pde is erased from subdir rbtree through rberase, but not set...
CVE-2025-40271
In the Linux kernel, the following vulnerability has been resolved: fs/proc: fix uaf in procreaddirde Pde is erased from subdir rbtree through rberase, but not set the node to EMPTY, which may result in uaf access. We should use RBCLEARNODE set the erased node to EMPTY, then pdesubdirnext will...
DEBIAN-CVE-2025-40271
In the Linux kernel, the following vulnerability has been resolved: fs/proc: fix uaf in procreaddirde Pde is erased from subdir rbtree through rberase, but not set the node to EMPTY, which may result in uaf access. We should use RBCLEARNODE set the erased node to EMPTY, then pdesubdirnext will...
CVE-2025-40271
In the Linux kernel, the following vulnerability has been resolved: fs/proc: fix uaf in procreaddirde Pde is erased from subdir rbtree through rberase, but not set the node to EMPTY, which may result in uaf access. We should use RBCLEARNODE set the erased node to EMPTY, then pdesubdirnext will...
CVE-2025-40271 fs/proc: fix uaf in proc_readdir_de()
In the Linux kernel, the following vulnerability has been resolved: fs/proc: fix uaf in procreaddirde Pde is erased from subdir rbtree through rberase, but not set the node to EMPTY, which may result in uaf access. We should use RBCLEARNODE set the erased node to EMPTY, then pdesubdirnext will...
CVE-2025-40271 fs/proc: fix uaf in proc_readdir_de()
In the Linux kernel, the following vulnerability has been resolved: fs/proc: fix uaf in procreaddirde Pde is erased from subdir rbtree through rberase, but not set the node to EMPTY, which may result in uaf access. We should use RBCLEARNODE set the erased node to EMPTY, then pdesubdirnext will...
@actbase/node-server contains malware after npm account takeover
On November 24th 2025, a new supply chain attack called Shai-Hulud 2.0 was launched. This package contains the malicious code that attempts to harvest credentials and infect GitHub and npm repositories. The malicious software executes during the pre-install phase and attempts to harvest credentia...
kernel: sch_hfsc: make hfsc_qlen_notify() idempotent
In the Linux kernel, the following vulnerability has been resolved: schhfsc: make hfscqlennotify idempotent hfscqlennotify is not idempotent either and not friendly to its callers, like fqcodeldequeue. Let's make it idempotent to ease qdisctreereducebacklog callers' life: 1. updatevf decreases...
PT-2025-49372
Name of the Vulnerable Software and Affected Versions Linux kernel versions 3.14 through 6.18-rc5 Description A use-after-free UAF issue exists in the proc readdir de function within the Linux kernel. The problem occurs because rb erase is used to remove a proc directory entry pde from the...