Linux Distros Unpatched Vulnerability : CVE-2022-48985

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: net: mana: Fix race on per-CQ variable napi workdone After calling napicompletedone, the...

Linux Distros Unpatched Vulnerability : CVE-2024-39480

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - kdb: Fix buffer overflow during tab-complete Currently, when the user attempts symbol completion with the Tab key, kdb will use strncpy to insert the completed...

SUSE CVE-2025-38488

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free in cryptmessage when using async crypto The CVE-2024-50047 fix removed asynchronous crypto handling from cryptmessage, assuming all crypto operations are synchronous. However, when hardware crypto...

CVE-2025-38492

In the Linux kernel, the following vulnerability has been resolved: netfs: Fix race between cache write completion and ALLQUEUED being set When netfslib is issuing subrequests, the subrequests start processing immediately and may complete before we reach the end of the issuing function. At the en...

DEBIAN-CVE-2025-38488

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free in cryptmessage when using async crypto The CVE-2024-50047 fix removed asynchronous crypto handling from cryptmessage, assuming all crypto operations are synchronous. However, when hardware crypto...

CVE-2025-38492

In CVE-2025-38492, the Linux kernel netfs subsystem exposes a race between cache write completion and NETFS_RREQ_ALL_QUEUED being set. When netfslib spawns subrequests (e.g., copy2cache used by Ceph) that finish asynchronously, the collector can be blocked if ALL_QUEUED is set after subrequests a...

CVE-2025-38492 netfs: Fix race between cache write completion and ALL_QUEUED being set

In the Linux kernel, the following vulnerability has been resolved: netfs: Fix race between cache write completion and ALLQUEUED being set When netfslib is issuing subrequests, the subrequests start processing immediately and may complete before we reach the end of the issuing function. At the en...

No title provided

In the Linux kernel, the following vulnerability has been resolved: usb: xhci: prevent potential failure in handletxevent for Transfer events without TRB Some transfer events don't always point to a TRB, and consequently don't have a endpoint ring. In these cases, function handletxevent should no...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from the netfs module double-releasing references on request completion, which could lead to memory corruption...

emacs: arbitrary code execution via Lisp macro expansion

A flaw was found in Emacs. Viewing or editing an untrusted Emacs Lisp source code file can cause arbitrary code execution due to unsafe macro expansion when a user has configured elisp-completion-at-point for code completion or has enabled automatic error checking, such as Flymake or Flycheck...

PT-2025-44093

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.16.0-rc5-c1610d2d66b1-next-vm Description The Linux kernel contains an issue within the KVM component related to handling L1 intercepts during userspace I/O completion. Specifically, the kernel may recheck L1...

SUSE CVE-2025-38287

In the Linux kernel, the following vulnerability has been resolved: IB/cm: Drop lockdep assert and WARN when freeing old msg The send completion handler can run after cmid has advanced to another message. The cmid lock is not needed in this case, but a recent change re-used cmfreeprivmsg, which...

CVE-2025-38314

In the Linux kernel, the following vulnerability has been resolved: virtio-pci: Fix result size returned for the admin command completion The result size returned by virtiopciadmindevpartsget is 8 bytes larger than the actual result data size. This occurs because the resultsgsize field of the...

CVE-2025-38287

In the Linux kernel, the following vulnerability has been resolved: IB/cm: Drop lockdep assert and WARN when freeing old msg The send completion handler can run after cmid has advanced to another message. The cmid lock is not needed in this case, but a recent change re-used cmfreeprivmsg, which...

CVE-2025-38314 virtio-pci: Fix result size returned for the admin command completion

In the Linux kernel, the following vulnerability has been resolved: virtio-pci: Fix result size returned for the admin command completion The result size returned by virtiopciadmindevpartsget is 8 bytes larger than the actual result data size. This occurs because the resultsgsize field of the...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an incorrect size of the completion result of the management command in virtio-pci, which could lead to...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an FDMI timeout in fnicwqcmplhandler that causes a crash...

PT-2025-27769 · Docker · Docker Desktop

Name of the Vulnerable Software and Affected Versions: Docker Desktop versions prior to 4.43.0 Description: The issue concerns the recording of system environment variables in Docker Desktop diagnostic logs when using shell auto-completion. This leads to the unintentional disclosure of sensitive...

The vulnerability of the mana_ib_install_cq_cb() function in the drivers/infiniband/hw/mana/cq.c file of the Linux operating system allows a hacker to compromise the confidentiality and accessibility of protected information.

The vulnerability of the manaibinstallcqcb function in the drivers/infiniband/hw/mana/cq.c file of the Linux operating system is related to the execution of operations outside of memory buffers. Exploiting this vulnerability could allow an attacker to compromise the confidentiality and...

emacs: arbitrary code execution via Lisp macro expansion

A flaw was found in Emacs. Viewing or editing an untrusted Emacs Lisp source code file can cause arbitrary code execution due to unsafe macro expansion when a user has configured elisp-completion-at-point for code completion or has enabled automatic error checking, such as Flymake or Flycheck...