CVE-2025-55158 Vim double-free vulnerability during Vim9 script import operations

Vim is an open source, command line text editor. In versions from 9.1.1231 to before 9.1.1406, when processing nested tuples during Vim9 script import operations, an error during evaluation can trigger a double-free in Vim’s internal typed value typvalT management. Specifically, the cleartv...

PT-2025-36274

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak was identified and resolved in the nvif vmm ctor function within the drm/nouveau/nvif module of the Linux kernel. The issue occurred when the nvif vmm type was invalid,...

Linux Distros Unpatched Vulnerability : CVE-2024-27073

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - media: ttpci: fix two memleaks in budgetavattach When saa7146registerdevice and saa7146vvinit fails, budgetavattach should free the resources it allocates, like...

Linux Distros Unpatched Vulnerability : CVE-2025-38313

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - bus: fsl-mc: fix double-free on mcdev The blamed commit tried to simplify how the deallocations are done but, in the process, introduced a double-free on the...

The vulnerability of the Advanced Notification Service (ANS) management service in the HarmonyOS operating system allows a perpetrator to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the Advanced Notification Service ANS management service in the HarmonyOS operating system is related to the use of memory after deallocation. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the protecte...

Linux Distros Unpatched Vulnerability : CVE-2024-42138

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: mlxsw: corelinecards: Fix double memory deallocation in case of invalid INI file In case of...

The vulnerability of the native code library for analyzing and linearizing PGF grammars lies in its memory management after deallocation. This allows attackers to gain elevated privileges within the system.

The vulnerability of the native code library for analyzing and linearizing PGF grammars is related to the use of memory after deallocation in Decoder.cpp. Exploiting this vulnerability can allow an attacker to gain elevated privileges within the system...

The vulnerability of the Windows Notification Service (WNS), a notification service for Windows operating systems, allows a perpetrator to escalate their privileges.

The vulnerability of the Windows Notification Service WNS on Windows operating systems relates to the possibility of memory exploitation after deallocation. Exploiting this vulnerability can allow an attacker to increase their privileges...

The vulnerability of the Animation component in the Google Chrome browser allows a hacker to execute arbitrary code.

The vulnerability of the Animation component in Google Chrome browser relates to the use of memory after deallocation. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...

The vulnerability of the gf_filter_pid_inst_swap_delete_task function in the MP4Box multimedia platform GPAC allows a intruder to cause a service failure.

The vulnerability of the gffilterpidinstswapdeletetask function in the MP4Box multimedia platform GPAC utility is related to the use of memory after deallocation. Exploiting this vulnerability could allow an attacker to cause a service failure...

The vulnerability of the Microsoft Office suite relates to the possibility of exploiting memory after deallocation, allowing an attacker to execute arbitrary code.

The vulnerability of the Microsoft Office suite is related to the possibility of using memory after it is freed. Exploiting this vulnerability could allow an attacker to execute arbitrary code...

SUSE CVE-2025-38313

In the Linux kernel, the following vulnerability has been resolved: bus: fsl-mc: fix double-free on mcdev The blamed commit tried to simplify how the deallocations are done but, in the process, introduced a double-free on the mcdev variable. In case the MC device is a DPRC, a new mcbus is allocat...

DEBIAN-CVE-2025-38313

In the Linux kernel, the following vulnerability has been resolved: bus: fsl-mc: fix double-free on mcdev The blamed commit tried to simplify how the deallocations are done but, in the process, introduced a double-free on the mcdev variable. In case the MC device is a DPRC, a new mcbus is allocat...

CVE-2025-38313 bus: fsl-mc: fix double-free on mc_dev

In the Linux kernel, the following vulnerability has been resolved: bus: fsl-mc: fix double-free on mcdev The blamed commit tried to simplify how the deallocations are done but, in the process, introduced a double-free on the mcdev variable. In case the MC device is a DPRC, a new mcbus is allocat...

CVE-2025-38258

In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs-schemes: free old damonsysfsschemefilter-memcgpath on write memcgpathstore assigns a newly allocated memory buffer to filter-memcgpath, without deallocating the previously allocated and assigned memory buffer. As a...

UBUNTU-CVE-2025-38258

In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs-schemes: free old damonsysfsschemefilter-memcgpath on write memcgpathstore assigns a newly allocated memory buffer to filter-memcgpath, without deallocating the previously allocated and assigned memory buffer. As a...

kernel security update

5.14.0-570.24.1.0.16.OL9 - nvme-pci: remove two deallocate zeroes quirks Orabug: 37756650 - Disable UKI signing Orabug: 36571828 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys lis...

CVE-2022-50146

In the Linux kernel, the following vulnerability has been resolved: PCI: dwc: Deallocate EPC memory on dwpcieepinit errors If dwpcieepinit fails to perform any action after the EPC memory is initialized and the MSI memory region is allocated, the latter parts won't be undone thus causing a memory...

The vulnerability of the refresh_cache_worker() function in the Linux operating system’s kernel allows a hacker to trigger a service failure.

The vulnerability of the refreshcacheworker function in the Linux operating system’s kernel is related to errors that occur after deallocation. Exploiting this vulnerability can allow an attacker to cause a service failure...

The vulnerability of the Compositing component in the Google Chrome browser allows attackers to execute arbitrary code or trigger a service denial.

The vulnerability of the Compositing component in the Google Chrome browser is related to the use of memory after deallocation. Exploiting this vulnerability could allow an attacker to execute arbitrary code or cause a service failure...