34 matches found
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: ASoC: soc-core: care NULL dirver name on sndsoclookupcomponentnolocked soc-generic-dmaengine-pcm.c uses the same device for both CPU and Platform. In such cases, the CPU component driver may not have the required driver-name fiel...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the email notification template system. An attacker can inject arbitrary HTML content by supplying crafted values in device, geofence, or driver name fields, which are then rendered in notification emails se...
CVE-2026-27694
Traccar (org.traccar:traccar) versions 6.11.1–6.12.x are vulnerable to stored HTML injection in email notification templates. User-controlled device, geofence, and driver names are inserted into HTML output without proper escaping, allowing an attacker with low privileges to store crafted HTML th...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989359)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989359 advisory. In the Linux kernel, the following vulnerability has been resolved: ipack: ipoctal: fix stack information leak The tty driver name is used also after registering the...
EUVD-2025-31859
A vulnerability was identified in projectworlds Advanced Library Management System 1.0. Affected is an unknown function of the file /editadmin.php. The manipulation of the argument firstname leads to cross site scripting. It is possible to initiate the attack remotely. The exploit is publicly...
CVE-2025-39892
In the Linux kernel, the following vulnerability has been resolved: ASoC: soc-core: care NULL dirver name on sndsoclookupcomponentnolocked soc-generic-dmaengine-pcm.c uses same dev for both CPU and Platform. In such case, CPU component driver might not have driver-name, then...
SUSE CVE-2025-39892
In the Linux kernel, the following vulnerability has been resolved: ASoC: soc-core: care NULL dirver name on sndsoclookupcomponentnolocked soc-generic-dmaengine-pcm.c uses same dev for both CPU and Platform. In such case, CPU component driver might not have driver-name, then...
CVE-2025-39892
In the Linux kernel, the following vulnerability has been resolved: ASoC: soc-core: care NULL dirver name on sndsoclookupcomponentnolocked soc-generic-dmaengine-pcm.c uses same dev for both CPU and Platform. In such case, CPU component driver might not have driver-name, then...
UBUNTU-CVE-2025-39892
In the Linux kernel, the following vulnerability has been resolved: ASoC: soc-core: care NULL dirver name on sndsoclookupcomponentnolocked soc-generic-dmaengine-pcm.c uses same dev for both CPU and Platform. In such case, CPU component driver might not have driver-name, then...
CVE-2025-39892
In the Linux kernel, the following vulnerability has been resolved: ASoC: soc-core: care NULL dirver name on sndsoclookupcomponentnolocked soc-generic-dmaengine-pcm.c uses same dev for both CPU and Platform. In such case, CPU component driver might not have driver-name, then...
CVE-2025-39892 ASoC: soc-core: care NULL dirver name on snd_soc_lookup_component_nolocked()
In the Linux kernel, the following vulnerability has been resolved: ASoC: soc-core: care NULL dirver name on sndsoclookupcomponentnolocked soc-generic-dmaengine-pcm.c uses same dev for both CPU and Platform. In such case, CPU component driver might not have driver-name, then...
CVE-2025-39892 ASoC: soc-core: care NULL dirver name on snd_soc_lookup_component_nolocked()
In the Linux kernel, the following vulnerability has been resolved: ASoC: soc-core: care NULL dirver name on sndsoclookupcomponentnolocked soc-generic-dmaengine-pcm.c uses same dev for both CPU and Platform. In such case, CPU component driver might not have driver-name, then...
CVE-2025-39892
CVE-2025-39892 affects the Linux kernel ASoC subsystem. The vulnerability arises in soc-core where a NULL driver name could be dereferenced by snd_soc_lookup_component_nolocked() when soc-generic-dmaengine-pcm.c uses the same device for CPU and Platform, leading to a NULL pointer access in compon...
CVE-2025-39892 ASoC: soc-core: care NULL dirver name on snd_soc_lookup_component_nolocked()
In the Linux kernel, the following vulnerability has been resolved: ASoC: soc-core: care NULL dirver name on sndsoclookupcomponentnolocked soc-generic-dmaengine-pcm.c uses same dev for both CPU and Platform. In such case, CPU component driver might not have driver-name, then...
UBUNTU-CVE-2025-39755
In the Linux kernel, the following vulnerability has been resolved: staging: gpib: Fix cb7210 pcmcia Oops The pcmciadriver struct was still only using the old .name initialization in the drv field. This led to a NULL pointer deref Oops in strcmp called from pcmciaregisterdriver. Initialize the...
CVE-2024-46823
A flaw was found in the Linux kernel before initialization in subsystem tests. The 'devicename' array doesn't exist out of the 'overflowallocationtest' function scope, however, it is being used as a driver name when calling 'kunitdrivercreate' from 'kunitdeviceregister', which can produce a kerne...
CVE-2024-46823
CVE-2024-46823 is a Linux kernel issue resolved by removing a locally scoped device_name array used as a driver name in kunit_device_register, which caused a KASAN-enabled kernel panic. The fix passes the device name directly into kunit_device_register as an ASCII string, addressing an out-of-sco...
CVE-2024-46823 kunit/overflow: Fix UB in overflow_allocation_test
In the Linux kernel, the following vulnerability has been resolved: kunit/overflow: Fix UB in overflowallocationtest The 'devicename' array doesn't exist out of the 'overflowallocationtest' function scope. However, it is being used as a driver name when calling 'kunitdrivercreate' from...
kernel: driver core: auxiliary bus: Fix memory leak when driver_register() fail
In the Linux kernel, the following vulnerability has been resolved: driver core: auxiliary bus: Fix memory leak when driverregister fail If driverregister returns with error we need to free the memory allocated for auxdrv-driver.name before returning from auxiliarydriverregister...
kernel: platform/x86: wmi: Fix opening of char device
In the Linux kernel, the following vulnerability has been resolved: platform/x86: wmi: Fix opening of char device Since commit fa1f68db6ca7 "drivers: misc: pass miscdevice pointer via file private data", the miscdevice stores a pointer to itself inside filp-privatedata, which means that privateda...