Malicious code in @oku-ui/presence (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9ccfe3cd227dfd52c2a7bb6d2c15fc511a5d1baab2eb3378960905005e421b9a The package @oku-ui/presence was found to contain malicious code. Source: google-open-source-security...

Siemens SIMATIC S7-1500 Improper Input Validation (CVE-2025-21712)

md/md-bitmap: vulnerability caused by bitmapgetstats can be called even if the bitmap is destroyed or not fully initialized, leading to a kernel crash, which is fixed by synchronizing bitmapgetstats with bitmapinfo.mutex. This plugin only works with Tenable.ot. Please visit...

Siemens SIMATIC S7-1500 Race Condition (CVE-2025-21701)

net: vulnerability arises because unregisternetdevicemanynotify might run before the rtnl lock section of ethnl operations, leading to potential use of destroyed locks, which is fixed by denying operations on devices being unregistered. This plugin only works with Tenable.ot. Please visit...

CVE-2025-40191

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix kfd process ref leaking when userptr unmapping kfdlookupprocessbypid hold the kfd process reference to ensure it doesn't get destroyed while sending the segfault event to user space. Calling kfdlookupprocessbypid ...

UBUNTU-CVE-2025-40191

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix kfd process ref leaking when userptr unmapping kfdlookupprocessbypid hold the kfd process reference to ensure it doesn't get destroyed while sending the segfault event to user space. Calling kfdlookupprocessbypid ...

CVE-2025-40191

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix kfd process ref leaking when userptr unmapping kfdlookupprocessbypid hold the kfd process reference to ensure it doesn't get destroyed while sending the segfault event to user space. Calling kfdlookupprocessbypid ...

CVE-2023-53625 drm/i915/gvt: fix vgpu debugfs clean in remove

In the Linux kernel, the following vulnerability has been resolved: drm/i915/gvt: fix vgpu debugfs clean in remove Check carefully on root debugfs available when destroying vgpu, e.g in remove case drm minor's debugfs root might already be destroyed, which led to kernel oops like below. Console:...

PT-2025-41069

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.1.0-rc2+ 6 Description A flaw exists in the Linux kernel's i915/gvt component related to the handling of debugfs cleanup during vgpu removal. Specifically, the code does not carefully check for the availability...

UBUNTU-CVE-2022-49974

In the Linux kernel, the following vulnerability has been resolved: HID: nintendo: fix rumble worker null pointer deref We can dereference a null pointer trying to queue work to a destroyed workqueue. If the device is disconnected, nintendohidremove is called, in which the rumblequeue is destroye...

Linux kernel 资源管理错误漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from nettxaction potentially using a destroyed qdisc...

SUSE CVE-2025-21858

In the Linux kernel, the following vulnerability has been resolved: geneve: Fix use-after-free in genevefinddev. syzkaller reported a use-after-free in genevefinddev 0 without repro. geneveconfigure links struct genevedev.next to netgenericnet, genevenetid-genevelist. The net here could differ fr...

CVE-2025-21675 net/mlx5: Clear port select structure when fail to create

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Clear port select structure when fail to create Clear the port select structure on error so no stale values left after definers are destroyed. That's because the mlx5lagdestroydefiners always try to destroy all lag...

kernel: stmmac: Clear variable when destroying workqueue

A vulnerability was found in the stmmac ethernet driver of the Linux kernel, where a workqueue variable was not cleared after being destroyed. This issue could lead to kernel panics if the code later attempted to access or destroy the already-freed workqueue...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that originates from the use of a destroyed mutex lock by the logout function of the LED class in the leds:an30259a module...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel, which originates in the leds:mlxreg module during driver removal, where the logout function of the LED class calls the...

CVE-2024-32974

Envoy is a cloud-native, open source edge and service proxy. A crash was observed in EnvoyQuicServerStream::OnInitialHeadersComplete with following call stack. It is a use-after-free caused by QUICHE continuing push request headers after StopReading being called on the stream. As after StopReadin...

SUSE CVE-2021-47519

In the Linux kernel, the following vulnerability has been resolved: can: mcan: mcanreadfifo: fix memory leak in error branch In mcanreadfifo, if the second call to mcanfiforead fails, the function jump to the outfail label and returns without calling mcanreceiveskb. This means that the skb...

CVE-2021-47060

In the Linux kernel, the following vulnerability has been resolved: KVM: Stop looking for coalesced MMIO zones if the bus is destroyed Abort the walk of coalesced MMIO zones if kvmiobusunregisterdev fails to allocate memory for the new instance of the bus. If it can't instantiate a new bus,...

CVE-2021-47056 crypto: qat - ADF_STATUS_PF_RUNNING should be set after adf_dev_init

In the Linux kernel, the following vulnerability has been resolved: crypto: qat - ADFSTATUSPFRUNNING should be set after adfdevinit ADFSTATUSPFRUNNING is only used and checked by adfvf2pfshutdown before calling adfiovputmsg-mutexlockvf2pflock, however the vf2pflock is initialized in adfdevinit,...

CVE-2021-46936 net: fix use-after-free in tw_timer_handler

In the Linux kernel, the following vulnerability has been resolved: net: fix use-after-free in twtimerhandler A real world panic issue was found as follow in Linux 5.4. BUG: unable to handle page fault for address: ffffde49a863de28 PGD 7e6fe62067 P4D 7e6fe62067 PUD 7e6fe63067 PMD f51e064067 PTE 0...