MAL-2025-1108 Malicious code in deferred-example (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 38dc68c75cb202e1290f22eb1e64cef5c216402392a2e18f51514c56b50134de Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

mm/thp: fix deferred split unqueue naming and locking

...

CVE-2025-23022

FreeType 2.8.1 has a signed integer overflow in cf2doFlex in cff/cf2intrp.c...

UBUNTU-CVE-2024-56787

In the Linux kernel, the following vulnerability has been resolved: soc: imx8m: Probe the SoC driver as platform driver With driverasyncprobe= on kernel command line, the following trace is produced because on i.MX8M Plus hardware because the soc-imx8m.c driver calls ofclkgetbyname which returns...

PT-2025-52661

Name of the Vulnerable Software and Affected Versions Linux Kernel affected versions not specified Description The Linux kernel contains a flaw in the scheduler related to deferred interrupt handling in PREEMPT RT kernels. Specifically, a potential deadlock situation can occur within the deferred...

CVE-2024-56717 net: mscc: ocelot: fix incorrect IFH SRC_PORT field in ocelot_ifh_set_basic()

In the Linux kernel, the following vulnerability has been resolved: net: mscc: ocelot: fix incorrect IFH SRCPORT field in ocelotifhsetbasic Packets injected by the CPU should have a SRCPORT field equal to the CPU port module index in the Analyzer block ocelot-numphysports. The blamed commit copie...

DEBIAN-CVE-2024-56682

In the Linux kernel, the following vulnerability has been resolved: irqchip/riscv-aplic: Prevent crash when MSI domain is missing If the APLIC driver is probed before the IMSIC driver, the parent MSI domain will be missing, which causes a NULL pointer dereference in msicreatedeviceirqdomain. Avoi...

SUSE CVE-2024-56553

In the Linux kernel, the following vulnerability has been resolved: binder: fix memleak of proc-deliveredfreeze If a freeze notification is cleared with BCCLEARFREEZENOTIFICATION before calling binderfreezenotificationdone, then it is detached from its reference e.g. ref-freeze but the work remai...

PT-2024-36991 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A vulnerability in the Linux kernel has been resolved, specifically in the irqchip/riscv-aplic component. The issue occurs when the APLIC driver is probed before the IMSIC driver,...

DEBIAN-CVE-2024-56553

In the Linux kernel, the following vulnerability has been resolved: binder: fix memleak of proc-deliveredfreeze If a freeze notification is cleared with BCCLEARFREEZENOTIFICATION before calling binderfreezenotificationdone, then it is detached from its reference e.g. ref-freeze but the work remai...

CVE-2024-56553

In the Linux kernel, the following vulnerability has been resolved: binder: fix memleak of proc-deliveredfreeze If a freeze notification is cleared with BCCLEARFREEZENOTIFICATION before calling binderfreezenotificationdone, then it is detached from its reference e.g. ref-freeze but the work remai...

UBUNTU-CVE-2024-56554

In the Linux kernel, the following vulnerability has been resolved: binder: fix freeze UAF in binderreleasework When a binder reference is cleaned up, any freeze work queued in the associated process should also be removed. Otherwise, the reference is freed while its ref-freeze.work is still queu...

UBUNTU-CVE-2024-56568

In the Linux kernel, the following vulnerability has been resolved: iommu/arm-smmu: Defer probe of clients after smmu device bound Null pointer dereference occurs due to a race between smmu driver probe and client driver probe, when ofdmaconfigure for client is called after the iommudeviceregiste...

UBUNTU-CVE-2024-56553

In the Linux kernel, the following vulnerability has been resolved: binder: fix memleak of proc-deliveredfreeze If a freeze notification is cleared with BCCLEARFREEZENOTIFICATION before calling binderfreezenotificationdone, then it is detached from its reference e.g. ref-freeze but the work remai...

CVE-2024-56568 iommu/arm-smmu: Defer probe of clients after smmu device bound

In the Linux kernel, the following vulnerability has been resolved: iommu/arm-smmu: Defer probe of clients after smmu device bound Null pointer dereference occurs due to a race between smmu driver probe and client driver probe, when ofdmaconfigure for client is called after the iommudeviceregiste...

CVE-2024-56555 binder: fix OOB in binder_add_freeze_work()

In the Linux kernel, the following vulnerability has been resolved: binder: fix OOB in binderaddfreezework In binderaddfreezework we iterate over the proc-nodes with the proc-innerlock held. However, this lock is temporarily dropped to acquire the node-lock first lock nesting order. This can race...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: bpf: Defer the free of inner map when necessary When updating or deleting an inner map in map array or map htab, the map may still be accessed by non-sleepable program or sleepable program. However bpfmapfdputptr...

PT-2025-13206 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A vulnerability in the Linux kernel has been resolved by adding shadow buffering for deferred I/O in the drm/fbdev-dma module. This change addresses driver errors related to kernel NUL...

CVE-2024-53079

In the Linux kernel, the following vulnerability has been resolved: mm/thp: fix deferred split unqueue naming and locking Recent changes are putting more pressure on THP deferred split queues: under load revealing long-standing races, causing listdel corruptions, "Bad page state"s and worse I kee...

Unspecified vulnerability in Linux kernel (CNVD-2024-46418)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from reinitializing a deferred reference list. No details of the vulnerability are provided at this time...