CVE-2025-40208 media: iris: fix module removal if firmware download failed

In the Linux kernel, the following vulnerability has been resolved: media: iris: fix module removal if firmware download failed Fix remove if firmware failed to load: qcom-iris aa00000.video-codec: Direct firmware load for qcom/vpu/vpu33p4.mbn failed with error -2 qcom-iris aa00000.video-codec:...

CVE-2025-40132 ASoC: Intel: sof_sdw: Prevent jump to NULL add_sidecar callback

In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: sofsdw: Prevent jump to NULL addsidecar callback In createsdwdailink check that sofend-codecinfo-addsidecar is not NULL before calling it. The original code assumed that if includesidecar is true, the codec on that...

CVE-2025-21074

Out-of-bounds read in libimagecodec.quram.so prior to SMR Nov-2025 Release 1 allows remote attackers to access out-of-bounds memory...

MGASA-2025-0264 Updated gstreamer1.0-plugins-bad packages fix security vulnerability

GStreamer H265 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. CVE-2025-3887...

CVE-2025-21074

Out-of-bounds read in libimagecodec.quram.so prior to SMR Nov-2025 Release 1 allows remote attackers to access out-of-bounds memory...

CVE-2025-21075

Out-of-bounds write in libimagecodec.quram.so prior to SMR Nov-2025 Release 1 allows remote attackers to access out-of-bounds memory...

CVE-2025-21075

Out-of-bounds write in libimagecodec.quram.so prior to SMR Nov-2025 Release 1 allows remote attackers to access out-of-bounds memory...

CVE-2025-21074

Out-of-bounds read in libimagecodec.quram.so prior to SMR Nov-2025 Release 1 allows remote attackers to access out-of-bounds memory...

CVE-2025-21074

Out-of-bounds read in libimagecodec.quram.so prior to SMR Nov-2025 Release 1 allows remote attackers to access out-of-bounds memory...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990018)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990018 advisory. In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: Do not unset preset when cleaning up codec Several functions that take part in codec's...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988960)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988960 advisory. In the Linux kernel, the following vulnerability has been resolved: ASoC: soc-compress: prevent the potentially use of null pointer There is one call trace that...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989317)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989317 advisory. In the Linux kernel, the following vulnerability has been resolved: ASoC: rt5645: Fix deadlock in rt5645jackdetectwork There is a path in rt5645jackdetectwork, where...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988765)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988765 advisory. In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: wcd934x: Add missing ofnodeput in wcd934xcodecparsedata The devicenode pointer is...

Security Bulletin: IBM Maximo Application Suite uses multiple third party dependencies which are vulnerable to CVEs.

Summary IBM Maximo Application Suite uses "form-data 4.0.0, org.apache.cxfcxf-core 3.6.7 , net/http/internal v1.24.1, braces 3.0.2 , cross-spawn 7.0.3 , crypto/x509 1.24.1 1.24.3 , github.com/golang-jwt/jwt/v4 github.com/golang-jwt/jwt/v5 v4.5.0 v5.2.1 , httpd 2.4.37 , setuptools 78.0.2 75.8.0 ,...

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: wcd9375: Fixed the double-free of regulator supplies. The driver obtains regulator supplies through the devmregulatorbulkget function; therefore, regulatorbulkfree should not be called in error handling scenarios...

SUSE CVE-2025-40045

In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: wcd937x: set the comp soundwire port correctly For some reason we endup with setting soundwire port for HPHLCOMP and HPHRCOMP as zero, this can potentially result in a memory corruption due to accessing and setting ...

CVE-2025-40045 ASoC: codecs: wcd937x: set the comp soundwire port correctly

In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: wcd937x: set the comp soundwire port correctly For some reason we endup with setting soundwire port for HPHLCOMP and HPHRCOMP as zero, this can potentially result in a memory corruption due to accessing and setting ...

CVE-2025-40045 ASoC: codecs: wcd937x: set the comp soundwire port correctly

In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: wcd937x: set the comp soundwire port correctly For some reason we endup with setting soundwire port for HPHLCOMP and HPHRCOMP as zero, this can potentially result in a memory corruption due to accessing and setting ...

CVE-2025-40045

In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: wcd937x: set the comp soundwire port correctly For some reason we endup with setting soundwire port for HPHLCOMP and HPHRCOMP as zero, this can potentially result in a memory corruption due to accessing and setting ...

Fedora: Security Advisory (FEDORA-2025-b17c2ce3ff)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...