CVE-2023-21200

In onremoveisodatapath of btmisoimpl.h, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

CVE-2023-1431

The WP Simple Shopping Cart plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.6.3 due to the plugin saving shopping cart data exports in a publicly accessible location /wp-content/plugins/wordpress-simple-paypal-shopping-cart/includes/admin/...

D-Link DI-7003GV2 安全漏洞

The D-Link DI-7003GV2 is a router from China-based AUO D-Link. The D-Link DI-7003GV2 suffers from an information disclosure vulnerability that originates in the file /H5/versionupdate.data function sub48F4F0, which is not sufficiently protected against sensitive information and can be exploited b...

kernel: vdpa/mlx5: Fix invalid mr resource destroy

In the Linux kernel, the following vulnerability has been resolved: vdpa/mlx5: Fix invalid mr resource destroy Certain error paths from mlx5vdpadevadd can end up releasing mr resources which never got initialized in the first place. This patch adds the missing check in mlx5vdpadestroymrresources ...

PT-2025-27713

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to the fixed version Description: A vulnerability in the Linux kernel has been resolved, related to the ice driver's Tx scheduler error handling in the XDP callback. When the XDP program is loaded, it adds new Tx...

UBUNTU-CVE-2025-37820

In the Linux kernel, the following vulnerability has been resolved: xen-netfront: handle NULL returned by xdpconvertbufftoframe The function xdpconvertbufftoframe may return NULL if it fails to correctly convert the XDP buffer into an XDP frame due to memory constraints, internal errors, or inval...

CVE-2023-53107

A use-after-free vulnerability has been identified within the vethconvertskbtoxdpbuff function of the Linux kernel's veth driver. The flaw stems from improper memory management during packet headroom expansion for XDP eXpress Data Path. Specifically, when the pskbexpandhead function allocates new...

CLSA-2025-1746183800 liblouis: Fix of CVE-2023-26767

CVE-2023-26767: fix buffer overflow in lousetDataPath function...

CVE-2022-49924 nfc: fdp: Fix potential memory leak in fdp_nci_send()

In the Linux kernel, the following vulnerability has been resolved: nfc: fdp: Fix potential memory leak in fdpncisend fdpncisend will call fdpncii2cwrite that will not free skb in the function. As a result, when fdpncii2cwrite finished, the skb will memleak. fdpncisend should free skb after...

UBUNTU-CVE-2024-58099

In the Linux kernel, the following vulnerability has been resolved: vmxnet3: Fix packet corruption in vmxnet3xdpxmitframe Andrew and Nikolay reported connectivity issues with Cilium's service load-balancing in case of vmxnet3. If a BPF program for native XDP adds an encapsulation header such as...

PT-2025-18943

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue concerns the vmxnet3 driver's XDP handling, which is buggy for packet sizes between 128 and 3k bytes. This bug can cause MTU-related connectivity issues, and in some cases, it...

SUSE CVE-2025-22106

In the Linux kernel, the following vulnerability has been resolved: vmxnet3: unregister xdp rxq info in the reset path vmxnet3 does not unregister xdp rxq info in the vmxnet3resetwork code path as vmxnet3rqdestroy is not invoked in this code path. So, we get below message with a backtrace. Missin...

CVE-2025-21961 eth: bnxt: fix truesize for mb-xdp-pass case

In the Linux kernel, the following vulnerability has been resolved: eth: bnxt: fix truesize for mb-xdp-pass case When mb-xdp is set and return is XDPPASS, packet is converted from xdpbuff to skbuff with xdpupdateskbsharedinfo in bnxtxdpbuildskb. bnxtxdpbuildskb passes incorrect truesize argument ...

SUSE CVE-2023-52977

In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix flow memory leak in ovsflowcmdnew Syzkaller reports a memory leak of newflow in ovsflowcmdnew as it is not freed when an allocation of a key fails. BUG: memory leak unreferenced object 0xffff888116668000 siz...

USN-7383-2 linux-realtime vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - x86 architecture; - Block layer subsystem; - Drivers core; - Ublk userspace block driver; -...

OESA-2025-1283 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: net: sfc: add missing xdp queue reinitialization After rx/tx ring buffer size is changed, kernel panic occurs when it acts XDPTX or XDPREDIRECT. When tx/rx ring...

usbnet: ipheth: fix DPE OoB read

...

SUSE CVE-2025-21788

In the Linux kernel, the following vulnerability has been resolved: net: ethernet: ti: am65-cpsw: fix memleak in certain XDP cases If the XDP program doesn't result in XDPPASS then we leak the memory allocated by am65cpswbuildskb. It is pointless to allocate SKB memory before running the XDP...

DEBIAN-CVE-2025-21788

In the Linux kernel, the following vulnerability has been resolved: net: ethernet: ti: am65-cpsw: fix memleak in certain XDP cases If the XDP program doesn't result in XDPPASS then we leak the memory allocated by am65cpswbuildskb. It is pointless to allocate SKB memory before running the XDP...

UBUNTU-CVE-2025-21741

In the Linux kernel, the following vulnerability has been resolved: usbnet: ipheth: fix DPE OoB read Fix an out-of-bounds DPE read, limit the number of processed DPEs to the amount that fits into the fixed-size NDP16 header...