CVE-2025-68209 mlx5: Fix default values in create CQ

In the Linux kernel, the following vulnerability has been resolved: mlx5: Fix default values in create CQ Currently, CQs without a completion function are assigned the mlx5addcqtotasklet function by default. This is problematic since only user CQs created through the mlx5ib driver are intended to...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from not properly checking the chained notification context, which could lead to ambiguity in notification completion...

PT-2025-51622

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw in the mlx5 driver related to the creation of completion queues CQs. Currently, CQs without a completion function are assigned the mlx5 add cq to tasklet...

Linux Distros Unpatched Vulnerability : CVE-2025-68209

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mlx5: Fix default values in create CQ Currently, CQs without a completion function are assigned the mlx5addcqtotasklet function by default. This is problematic...

CVE-2025-12883 Campay Woocommerce Payment Gateway <= 1.2.2 - Unauthenticated Payment Bypass

The Campay Woocommerce Payment Gateway plugin for WordPress is vulnerable to Unauthenticated Payment Bypass in all versions up to, and including, 1.2.2. This is due to the plugin not properly validating that a transaction has occurred through the payment gateway. This makes it possible for...

libsoup: Heap Use-After-Free in libsoup message queue handling during HTTP/2 read completion

A flaw was found in the asynchronous message queue handling of the libsoup library, widely used by GNOME and WebKit-based applications to manage HTTP/2 communications. When network operations are aborted at specific timing intervals, an internal message queue item may be freed twice due to missin...

CVE-2023-53810

In the Linux kernel, the following vulnerability has been resolved: blk-mq: release crypto keyslot before reporting I/O complete Once all I/O using a blkcryptokey has completed, filesystems can call blkcryptoevictkey. However, the block layer currently doesn't call blkcryptoputkeyslot until the...

SUSE CVE-2023-53810

In the Linux kernel, the following vulnerability has been resolved: blk-mq: release crypto keyslot before reporting I/O complete Once all I/O using a blkcryptokey has completed, filesystems can call blkcryptoevictkey. However, the block layer currently doesn't call blkcryptoputkeyslot until the...

EUVD-2025-202314

A vulnerability was discovered in the PCI Express PCIe Integrity and Data Encryption IDE specification, where insufficient guidance on tag reuse after completion timeouts may allow multiple outstanding Non-Posted Requests to share the same tag. This tag aliasing condition can result in completion...

CVE-2025-9613

CVE-2025-9613 concerns PCI Express Integrity and Data Encryption (IDE) tagging after completion timeouts. The issue allows multiple outstanding Non-Posted Requests to share a tag, causing completions to reach the wrong security context and potentially exposing data confidentiality and integrity. ...

CVE-2025-9613 CVE-2025-9613

A vulnerability was discovered in the PCI Express PCIe Integrity and Data Encryption IDE specification, where insufficient guidance on tag reuse after completion timeouts may allow multiple outstanding Non-Posted Requests to share the same tag. This tag aliasing condition can result in completion...

CVE-2023-53810

In the Linux kernel, the following vulnerability has been resolved: blk-mq: release crypto keyslot before reporting I/O complete Once all I/O using a blkcryptokey has completed, filesystems can call blkcryptoevictkey. However, the block layer currently doesn't call blkcryptoputkeyslot until the...

CVE-2023-53810

CVE-2023-53810 is a Linux kernel race condition in the blk-mq/keyslot path. After I/O using a blk_crypto_key completes, keyslot release was delayed until request free, potentially allowing blk_crypto_evict_key() to observe non-zero slot_refs while there is no active bug. The vulnerability manifes...

CVE-2023-53810 blk-mq: release crypto keyslot before reporting I/O complete

In the Linux kernel, the following vulnerability has been resolved: blk-mq: release crypto keyslot before reporting I/O complete Once all I/O using a blkcryptokey has completed, filesystems can call blkcryptoevictkey. However, the block layer currently doesn't call blkcryptoputkeyslot until the...

PCI-SIG PCI Express Integrity and Data Encryption 安全漏洞

PCI-SIG PCI Express Integrity and Data Encryption is a data encryption software from PCI-SIG, USA. A security vulnerability exists in PCI-SIG PCI Express Integrity and Data Encryption that stems from insufficient guidance for label reuse after a completion timeout, which could result in multiple...

PT-2025-50218

A vulnerability was discovered in the PCI Express PCIe Integrity and Data Encryption IDE specification, where insufficient guidance on tag reuse after completion timeouts may allow multiple outstanding Non-Posted Requests to share the same tag. This tag aliasing condition can result in completion...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from blk-mq not releasing a cryptographic key slot before I/O completion, which could lead to post-release reuse...

Unity Linux 20.1070e Security Update: emacs (UTSA-2025-991092)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-991092 advisory. In elisp-mode.el in GNU Emacs before 30.1, a user who chooses to invoke elisp-completion-at-point for code completion on untrusted Emacs Lisp source code can trigger...

CVE-2023-53760 scsi: ufs: core: mcq: Fix &hwq->cq_lock deadlock issue

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: mcq: Fix &hwq-cqlock deadlock issue When ufshcderrhandler is executed, CQ event interrupt can enter waiting for the same lock. This can happen in ufshcdhandlemcqcqevents and also in ufsmtkmcqintr. The following...

CVE-2025-40290

In the Linux kernel, the following vulnerability has been resolved: xsk: avoid data corruption on cq descriptor number Since commit 30f241fcf52a "xsk: Fix immature cq descriptor production", the descriptor number is stored in skb control block and xskcqsubmitaddrlocked relies on it to put the ume...