UBUNTU-CVE-2022-50786

In the Linux kernel, the following vulnerability has been resolved: media: s5p-mfc: Clear workbit to handle error condition During error on CLOSEINSTANCE command, ctxworkbits was not getting cleared. During consequent mfc execution NULL pointer dereferencing of this context led to kernel panic...

CVE-2023-54184

Summary (CVE-2023-54184) The vulnerability affects the Linux kernel SCSI target (iscsi_target_mod) where recovery entries for iSCSI sessions are freed after the session is closed, leading to use-after-free or NULL dereference during command free due to a late cleanup. The root cause is the cleanu...

CVE-2022-50785 fsi: occ: Prevent use after free

In the Linux kernel, the following vulnerability has been resolved: fsi: occ: Prevent use after free Use getdevice and putdevice in the open and close functions to make sure the device doesn't get freed while a file descriptor is open. Also, lock around the freeing of the device buffer and check...

CVE-2022-50786 media: s5p-mfc: Clear workbit to handle error condition

In the Linux kernel, the following vulnerability has been resolved: media: s5p-mfc: Clear workbit to handle error condition During error on CLOSEINSTANCE command, ctxworkbits was not getting cleared. During consequent mfc execution NULL pointer dereferencing of this context led to kernel panic...

CVE-2022-50785

The CVE-2022-50785 entry describes a Linux kernel use-after-free in fsi: occ where a device could be freed while a file descriptor is open. The root cause and mitigation are specified: use get_device and put_device in open/close functions to keep the device alive while a descriptor is open, and a...

CVE-2022-50785 fsi: occ: Prevent use after free

In the Linux kernel, the following vulnerability has been resolved: fsi: occ: Prevent use after free Use getdevice and putdevice in the open and close functions to make sure the device doesn't get freed while a file descriptor is open. Also, lock around the freeing of the device buffer and check...

PT-2025-54087

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the CIFS implementation, specifically in the cifs oplock break function. A race condition can occur with deferred close operations and lease break...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992252)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992252 advisory. In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcildisc,serdev: check percpuinitrwsem failure syzbot is reporting NULL pointer...

PT-2025-54005

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.3.0-rc1-gde5e8fd0123c 11 Description The mptcp protocol could run a worker when the associated socket was in an unexpected state, specifically during a connect operation following an incoming reset and fastclos...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992674)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992674 advisory. In the Linux kernel, the following vulnerability has been resolved: fix bitmap corruption on closerange with CLOSERANGEUNSHARE copyfdbitmapsnew, old, count is expect...

PT-2025-54013

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw in the SCSI target iSCSI implementation. Specifically, commands from recovery entries are freed after the session has been closed, leading to a...

CVE-2025-15133

A vulnerability was identified in ZSPACE Z4Pro+ 1.0.0440024. The impacted element is the function zfilev2apiCloseSafe of the file /v2/file/safe/close of the component HTTP POST Request Handler. Such manipulation leads to command injection. It is possible to launch the attack remotely. The exploit...

CVE-2025-15133

A vulnerability was identified in ZSPACE Z4Pro+ 1.0.0440024. The impacted element is the function zfilev2apiCloseSafe of the file /v2/file/safe/close of the component HTTP POST Request Handler. Such manipulation leads to command injection. It is possible to launch the attack remotely. The exploit...

CVE-2025-15133

A vulnerability was identified in ZSPACE Z4Pro+ 1.0.0440024. The impacted element is the function zfilev2apiCloseSafe of the file /v2/file/safe/close of the component HTTP POST Request Handler. Such manipulation leads to command injection. It is possible to launch the attack remotely. The exploit...

CVE-2025-15133 ZSPACE Z4Pro+ HTTP POST Request close zfilev2_api_CloseSafe command injection

A vulnerability was identified in ZSPACE Z4Pro+ 1.0.0440024. The impacted element is the function zfilev2apiCloseSafe of the file /v2/file/safe/close of the component HTTP POST Request Handler. Such manipulation leads to command injection. It is possible to launch the attack remotely. The exploit...

CVE-2025-15133

ZSPACE Z4Pro+ 1.0.0440024 contains a vulnerability in the HTTP POST Request Handler, specifically the zfilev2_api_CloseSafe function in /v2/file/safe/close. The issue allows remote command injection and is facilitated by manipulation of this function. Several sources confirm the exploit is public...

CVE-2025-15133 ZSPACE Z4Pro+ HTTP POST Request close zfilev2_api_CloseSafe command injection

A vulnerability was identified in ZSPACE Z4Pro+ 1.0.0440024. The impacted element is the function zfilev2apiCloseSafe of the file /v2/file/safe/close of the component HTTP POST Request Handler. Such manipulation leads to command injection. It is possible to launch the attack remotely. The exploit...

ZSPACE Z4Pro+ 命令注入漏洞

ZSPACE Z4Pro+ is a private cloud storage device from China Pole Space ZSPACE. A command injection vulnerability exists in ZSPACE Z4Pro+ version 1.0.0440024, which originates from a misbehavior of the function zfilev2apiCloseSafe in the file /v2/file/safe/close, which could lead to command injecti...

Linux Distros Unpatched Vulnerability : CVE-2022-50707

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - virtio-crypto: fix memory leak in virtiocryptoalgskcipherclosesession 'vcctrlreq' is alloced in virtiocryptoalgskcipherclosesession, and should be freed in the...

CVE-2023-53990

In the Linux kernel, the following vulnerability has been resolved: SMB3: Add missing locks to protect deferred close file list cifsdeldeferredclose function has a critical section which modifies the deferred close file list. We must acquire deferredlock before calling cifsdeldeferredclose functi...