CVE-2021-41208

TensorFlow is an open source platform for machine learning. In affected versions the code for boosted trees in TensorFlow is still missing validation. As a result, attackers can trigger denial of service via dereferencing nullptrs or via CHECK-failures as well as abuse undefined behavior binding...

CVE-2021-41213

TensorFlow is an open source platform for machine learning. In affected versions the code behind tf.function API can be made to deadlock when two tf.function decorated Python functions are mutually recursive. This occurs due to using a non-reentrant Lock Python object. Loading any model which...

CVE-2021-29577

TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.AvgPool3DGrad is vulnerable to a heap buffer overflow. The...

CVE-2025-37946

CVE-2025-37946 concerns the Linux kernel, specifically the s390 PCI subsystem. The issue arises from a duplicate pci_dev_put() in disable_slot() when a PF has child VFs, introduced during a change that added a lock to zpci_dev state. The extra pci_dev_put() can lead to a use-after-free if the pci...

CVE-2025-37879

In the Linux kernel, the following vulnerability has been resolved: 9p/net: fix improper handling of bogus negative read/write replies In p9clientwrite and p9clientreadonce, if the server incorrectly replies with success but a negative write/read count then we would consider written negative 3...

CVE-2025-37826 scsi: ufs: core: Add NULL check in ufshcd_mcq_compl_pending_transfer()

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Add NULL check in ufshcdmcqcomplpendingtransfer Add a NULL check for the returned hwq pointer by ufshcdmcqreqtohwq. This is similar to the fix in commit 74736103fb41 "scsi: ufs: core: Fix ufshcdabortone racing...

CVE-2025-37817 mcb: fix a double free bug in chameleon_parse_gdd()

In the Linux kernel, the following vulnerability has been resolved: mcb: fix a double free bug in chameleonparsegdd In chameleonparsegdd, if mcbdeviceregister fails, 'mdev' would be released in mcbdeviceregister via putdevice. Thus, goto 'err' label and free 'mdev' again causes a double free. Jus...

CVE-2025-46728

A flaw was found in cpp-httplib. This vulnerability allows for denial of service via oversized HTTP requests when using chunked transfer encoding or missing Content-Length headers, leading to uncontrolled memory allocation and potential server crash. Mitigation Short-term workaround through a...

drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse()

...

CVE-2025-37760

In the Linux kernel, the following vulnerability has been resolved: mm/vma: add giveuponoom option on modify/merge, use in uffd release Currently, if a VMA merge fails due to an OOM condition arising on commit merge or a failure to duplicate anonvma's, we report this so the caller can handle it...

CVE-2025-39735

In the Linux kernel, the following vulnerability has been resolved: jfs: fix slab-out-of-bounds read in eaget During the "sizecheck" label in eaget, the code checks if the extended attribute list xattr size matches easize. If not, it logs "eaget: invalid extended attribute" and calls printhexdump...

CLSA-2025-1744875533 php: Fix of CVE-2025-1736

CVE-2025-1736: add checking of http user header crlf...

CVE-2025-22096

CVE-2025-22096 is a Linux kernel vulnerability resolved in the drm/msm/gem path. The root cause was in error handling: the SUBMIT_ERROR() macro made an error code negative, and an extra “-” turned it back to a positive EINVAL. The positive value was passed to ERR_PTR(), which is not an IS_ERR(), ...

CVE-2025-22007

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix error code in chanallocskbcb The chanallocskbcb function is supposed to return error pointers on error. Returning NULL will lead to a NULL dereference...

CVE-2025-21922

CVE-2025-21922 concerns a Linux kernel PPP driver issue where a 2-byte header used by socket filter/BPF is not fully initialized, triggering a KMSAN “uninit-value” warning. The root cause, as described, is that only the first byte of the direction indicator is initialized while the second byte re...

Security Bulletin: IBM Security Verify Governance stores user credentials in plain clear text which can be read by a local user (CVE-2022-22470)

Summary IBM Security Verify Governance is vulnerable to exposure of user credentials to local users due to storage of credentials in cleartext CVE-2022-22470. This vulnerability has been removed by a code fix. Vulnerability Details CVEID:CVE-2022-22470 DESCRIPTION: IBM Security Verify Governance...

Moderate: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Red Hat Product Security has rated this update as...

CVE-2025-21789 LoongArch: csum: Fix OoB access in IP checksum code for negative lengths

In the Linux kernel, the following vulnerability has been resolved: LoongArch: csum: Fix OoB access in IP checksum code for negative lengths Commit 69e3a6aa6be2 "LoongArch: Add checksum optimization for 64-bit system" would cause an undefined shift and an out-of-bounds read. Commit 8bd795fedb84...

CVE-2022-49518 ASoC: SOF: ipc3-topology: Correct get_control_data for non bytes payload

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: ipc3-topology: Correct getcontroldata for non bytes payload It is possible to craft a topology where sofgetcontroldata would do out of bounds access because it expects that it is only called when the payload is bytes...

CVE-2022-49416

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix use-after-free in chanctx code In ieee80211vifusereservedcontext, when we have an old context and the new context's replacestate is set to IEEE80211CHANCTXREPLACENONE, we free the old context in...