Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerabilities have been resolved: ASoC: Intel: avs: Disabling period-elapsed work when closing PCM The avsdaifeshutdown function handles the shutdown procedure for the HOST HAudio stream. Period-elapsed work processes its IRQs. Since the former frees the DAI’s...

EUVD-2025-201858

In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: avs: Disable periods-elapsed work when closing PCM avsdaifeshutdown handles the shutdown procedure for HOST HDAudio stream while period-elapsed work services its IRQs. As the former frees the DAI's private context,...

CVE-2025-40344

In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: avs: Disable periods-elapsed work when closing PCM avsdaifeshutdown handles the shutdown procedure for HOST HDAudio stream while period-elapsed work services its IRQs. As the former frees the DAI's private context,...

CVE-2025-40344

In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: avs: Disable periods-elapsed work when closing PCM avsdaifeshutdown handles the shutdown procedure for HOST HDAudio stream while period-elapsed work services its IRQs. As the former frees the DAI's private context,...

CVE-2025-40344

In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: avs: Disable periods-elapsed work when closing PCM avsdaifeshutdown handles the shutdown procedure for HOST HDAudio stream while period-elapsed work services its IRQs. As the former frees the DAI's private context,...

CVE-2025-40344

CVE-2025-40344 is a Linux kernel vulnerability in the Intel ASoC (avs) driver. The issue arises from improper synchronization between the PCM shutdown path and the period-elapsed IRQ work, enabling a slab-use-after-free scenario when the DAI private context is freed during shutdown. The connected...

CVE-2025-40344 ASoC: Intel: avs: Disable periods-elapsed work when closing PCM

In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: avs: Disable periods-elapsed work when closing PCM avsdaifeshutdown handles the shutdown procedure for HOST HDAudio stream while period-elapsed work services its IRQs. As the former frees the DAI's private context,...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from not disabling the periods-elapsed job when turning off PCM...

CVE-2025-38689

In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Fix NULL dereference in avx512status Problem ------- With CONFIGX86DEBUGFPU enabled, reading /proc/kthread/archstatus causes a warning and a NULL pointer dereference. This is because the AVX-512 timestamp code uses...

PT-2025-35962

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw where reading /proc/kthread/arch status can cause a NULL pointer dereference when CONFIG X86 DEBUG FPU is enabled. This occurs because the AVX-512...

CVE-2025-37805 sound/virtio: Fix cancel_sync warnings on uninitialized work_structs

In the Linux kernel, the following vulnerability has been resolved: sound/virtio: Fix cancelsync warnings on uninitialized workstructs Betty reported hitting the following warning: 8.709131 T221 WARNING: CPU: 2 PID: 221 at kernel/workqueue.c:4182 ... 8.713282 T221 Call trace: 8.713365 T221...

PT-2025-49797

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel’s ASoC Advanced Linux Sound Architecture Intel avs Audio Video Stream component. Specifically, the avs dai fe shutdown function, responsible for shuttin...

UBUNTU-CVE-2024-42274

In the Linux kernel, the following vulnerability has been resolved: Revert "ALSA: firewire-lib: operate for period elapse event in process context" Commit 7ba5ca32fe6e "ALSA: firewire-lib: operate for period elapse event in process context" removed the process context workqueue from...

Malicious code in a14z6ch-elapsed-days (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

CVE-2023-44400 Uptime Kuma has Persistentent User Sessions

Uptime Kuma is a self-hosted monitoring tool. Prior to version 1.23.3, attackers with access to a user's device can gain persistent account access. This is caused by missing verification of Session Tokens after password changes and/or elapsed inactivity periods. Version 1.23.3 has a patch for the...

_computeRewardFraction logic looks susceptible to manipulation around the edges.

Lines of code Vulnerability details Impact if auctionElapsedTime is 0, it returns the full reward fraction Proof of Concept The RewardLib.fractionalReward calculates the reward fraction linearly based on the elapsed time. When auctionElapsedTime is 0, fractionalReward will return 1 full rewards...

function rngComplete is unpprotected

Lines of code Vulnerability details Impact The rngComplete is a function Called by the relayer to complete the Rng relay auction. However it has zero access control. Proof of Concept The function makes calls to the prizepool to close a draw, it also withdraws from a reserve. All these are done wi...

Sophos UTM WebAdmin SID Command Injection Exploit

This Metasploit module exploits an SID-based command injection in Sophos UTM's WebAdmin interface to execute shell commands as the root user. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule...

Online Motorcycle (Bike) Rental System 1.0 - Blind Time-Based SQL Injection Exploit

Exploit Title: Online Motorcycle Bike Rental System 1.0 - Blind Time-Based SQL Injection Unauthenticated Exploit Author: Chase ComardelleCASO Vendor Homepage: https://www.sourcecodester.com/php/14989/online-motorcycle-bike-rental-system-phpoop-source-code.html Software Link:...

Updated jetty packages fix security vulnerability

Jetty is prone to a timing channel attack in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords CVE-2017-9735...