8 matches found
GHSA-CHGR-C6PX-7XPP PyO3 has a missing `Sync` bound on `PyCFunction::new_closure` closures
PyCFunction::newclosure and the temporary newclosurebound complement in the 0.21–0.22 series required the supplied closure to be Send + 'static but not Sync. The resulting PyCFunction is a Python callable that can be invoked from any Python thread, which means the closure may be called concurrent...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the lack of serialization in the VFIODEVICESETIRQS operation within the vfio/cdx driver. This...
EUVD-2026-30020
In the Linux kernel, the following vulnerability has been resolved: mmc: core: Avoid bitfield RMW for claim/retune flags Move claimed and retune control flags out of the bitfield word to avoid unrelated RMW side effects in asynchronous contexts. The host-claimed bit shared a word with retune flag...
Linux kernel 安全漏洞
The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from improper use of the tcon field in the cifs driver’s locking mechanism. This vulnerability may lead to...
CVE-2025-59028
When sending invalid base64 SASL data, login process is disconnected from the auth server, causing all active authentication sessions to fail. Invalid BASE64 data can be used to DoS a vulnerable server to break concurrent logins. Install fixed version or disable concurrency in login processes hea...
CVE-2026-24040
The CVE-2026-24040 issue affects jspdf in versions prior to 4.1.0, where the addJS method uses a module-scoped shared variable to store JavaScript content. In concurrent environments (notably Node.js servers), this shared state can be overwritten by simultaneous requests, causing cross-user data ...
UBUNTU-CVE-2025-22060
In the Linux kernel, the following vulnerability has been resolved: net: mvpp2: Prevent parser TCAM memory corruption Protect the parser TCAM/SRAM memory, and the cached shadow SRAM information, from concurrent modifications. Both the TCAM and SRAM tables are indirectly accessed by configuring an...
kernel: net: hns3: do not allow call hns3_nic_net_open repeatedly
A vulnerability was discovered in the Linux kernel's hns3 network driver. The hns3nicnetopen function is designed to be called only once per device instance. However, due to insufficient checks, multiple calls to this function are possible. This can lead to scenarios where hns3nicnetopen is invok...