CVE-2025-34186 Ilevia EVE X1/X5 Server 4.7.18.0.eden Authentication Bypass

Ilevia EVE X1/X5 Server version ≤ 4.7.18.0.eden contains a vulnerability in its authentication mechanism. Unsanitized input is passed to a system call for authentication, allowing attackers to inject special characters and manipulate command parsing. Because the binary interprets non-zero exit...

nfsd: don't ignore the return code of svc_proc_register()

...

Libssh: incorrect return code handling in ssh_kdf() in libssh

...

CVE-2025-5372 Libssh: incorrect return code handling in ssh_kdf() in libssh

A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the sshkdf function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success—the function may mistakenl...

CVE-2025-38142

In the Linux kernel, the following vulnerability has been resolved: hwmon: asus-ec-sensors check sensor index in readstring Prevent a potential invalid memory access when the requested sensor is not found. findecsensorindex may return a negative value e.g. -ENOENT, but its result was used without...

CVE-2025-38142

The CVE-2025-38142 issue affects the Linux kernel hwmon path (asus-ec-sensors) where read_string() could read a non-existent sensor because find_ec_sensor_index() returned a negative value (for example -ENOENT) and was used without validation. The fix introduces a check to ensure sensor_index is ...

CVE-2025-38142 hwmon: (asus-ec-sensors) check sensor index in read_string()

In the Linux kernel, the following vulnerability has been resolved: hwmon: asus-ec-sensors check sensor index in readstring Prevent a potential invalid memory access when the requested sensor is not found. findecsensorindex may return a negative value e.g. -ENOENT, but its result was used without...

CVE-2025-37930

In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: Fix WARNON in nouveaufencecontextkill Nouveau is mostly designed in a way that it's expected that fences only ever get signaled through nouveaufencesignal. However, in at least one other place, nouveaufencedone, can...

CVE-2025-37837 iommu/tegra241-cmdqv: Fix warnings due to dmam_free_coherent()

In the Linux kernel, the following vulnerability has been resolved: iommu/tegra241-cmdqv: Fix warnings due to dmamfreecoherent Two WARNINGs are observed when SMMU driver rolls back upon failure: arm-smmu-v3.9.auto: Failed to register iommu arm-smmu-v3.9.auto: probe with driver arm-smmu-v3 failed...

CVE-2024-49841

Memory corruption during memory assignment to headless peripheral VM due to incorrect error code handling...

CVE-2024-49841

Memory corruption during memory assignment to headless peripheral VM due to incorrect error code handling...

CVE-2024-49841

CVE-2024-49841 describes memory corruption during memory assignment to a headless peripheral VM stemming from incorrect error code handling in Qualcomm components (closed-source). The CVE is tracked in multiple feeds (NVD, Red Hat), with a CVSS v3.1 base score of 7.8 (HIGH), local attack vector, ...

Qualcomm Chipsets 安全漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets, which originates from memory corruption due to the passing of too large an unsigned value for DisplayId when handling escaped code...

DEBIAN-CVE-2025-22096

In the Linux kernel, the following vulnerability has been resolved: drm/msm/gem: Fix error code msmparsedeps The SUBMITERROR macro turns the error code negative. This extra '-' operation turns it back to positive EINVAL again. The error code is passed to ERRPTR and since positive values are not a...

CVE-2025-22096

In the Linux kernel, the following vulnerability has been resolved: drm/msm/gem: Fix error code msmparsedeps The SUBMITERROR macro turns the error code negative. This extra '-' operation turns it back to positive EINVAL again. The error code is passed to ERRPTR and since positive values are not a...

CVE-2025-22026

In the Linux kernel, the following vulnerability has been resolved: nfsd: don't ignore the return code of svcprocregister Currently, nfsdprocstatinit ignores the return value of svcprocregister. If the procfile creation fails, then the kernel will WARN when it tries to remove the entry later. Fix...

UBUNTU-CVE-2025-22026

In the Linux kernel, the following vulnerability has been resolved: nfsd: don't ignore the return code of svcprocregister Currently, nfsdprocstatinit ignores the return value of svcprocregister. If the procfile creation fails, then the kernel will WARN when it tries to remove the entry later. Fix...

CVE-2025-22026

In the Linux kernel, the following vulnerability has been resolved: nfsd: don't ignore the return code of svcprocregister Currently, nfsdprocstatinit ignores the return value of svcprocregister. If the procfile creation fails, then the kernel will WARN when it tries to remove the entry later. Fix...

CVE-2023-52929

In the Linux kernel, the following vulnerability has been resolved: nvmem: core: fix cleanup after devsetname If devsetname fails, we leak nvmem-wpgpio as the cleanup does not put this. While a minimal fix for this would be to add the gpiodput call, we can do better if we split deviceregister, an...

CLSA-2025-1742472067 Fix CVE(s): CVE-2025-26465

SECURITY UPDATE: it's possible machine-in-the-middle attack vulnerability caused by a malicious machine impersonating a legitimate server - debian/patches/CVE-2025-26465.patch: Correct error code handling - CVE-2025-26465...