517 matches found
CVE-2022-49085 drbd: Fix five use after free bugs in get_initial_state
In the Linux kernel, the following vulnerability has been resolved: drbd: Fix five use after free bugs in getinitialstate In getinitialstate, it calls notifyinitialstatedoneskb,.. if cb-args5==1. If genlmsgput failed in notifyinitialstatedone, the skb will be freed by nlmsgfreeskb. Then...
CVE-2022-49085
In the Linux kernel, the following vulnerability has been resolved: drbd: Fix five use after free bugs in getinitialstate In getinitialstate, it calls notifyinitialstatedoneskb,.. if cb-args5==1. If genlmsgput failed in notifyinitialstatedone, the skb will be freed by nlmsgfreeskb. Then...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel, which stems from a warning message triggered by the qla2xxx driver when adisc is flashed, which may result in a mismatch of...
CVE-2025-26465
A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. Fo...
CVE-2025-26465 Openssh: machine-in-the-middle attack if verifyhostkeydns is enabled
A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. Fo...
CVE-2025-26465 Openssh: machine-in-the-middle attack if verifyhostkeydns is enabled
A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. Fo...
CVE-2025-26465
A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. Fo...
CVE-2025-21672
In the Linux kernel, the following vulnerability has been resolved: afs: Fix merge preference rule failure condition syzbot reported a lock held when returning to userspace1. This is because if argc is less than 0 and the function returns directly, the held inode lock is not released. Fix this by...
CVE-2025-21672
CVE-2025-21672 concerns the Linux kernel, specifically the afs module, where a fix guards against a lock being left held when returning to userspace. The root cause is described as a scenario where if argc is less than 0 and a function returns directly, an inode mutex lock is not released. The pa...
CVE-2025-21656
In the Linux kernel, the following vulnerability has been resolved: hwmon: drivetemp Fix driver producing garbage data when SCSI errors occur scsiexecutecmd function can return both negative linux codes and positive scsicmnd result field error codes. Currently the driver just passes error codes o...
CVE-2025-21656 hwmon: (drivetemp) Fix driver producing garbage data when SCSI errors occur
In the Linux kernel, the following vulnerability has been resolved: hwmon: drivetemp Fix driver producing garbage data when SCSI errors occur scsiexecutecmd function can return both negative linux codes and positive scsicmnd result field error codes. Currently the driver just passes error codes o...
CVE-2025-21656 hwmon: (drivetemp) Fix driver producing garbage data when SCSI errors occur
In the Linux kernel, the following vulnerability has been resolved: hwmon: drivetemp Fix driver producing garbage data when SCSI errors occur scsiexecutecmd function can return both negative linux codes and positive scsicmnd result field error codes. Currently the driver just passes error codes o...
CVE-2025-23214
Cosmos provides users the ability self-host a home server by acting as a secure gateway to your application, as well as a server manager. By monitoring the error code returned in the login, it is possible to figure out whether a user exist or not in the database. Patched in 0.17.7...
CVE-2025-23214 Cosmos userbase checking vulnerability
Cosmos provides users the ability self-host a home server by acting as a secure gateway to your application, as well as a server manager. By monitoring the error code returned in the login, it is possible to figure out whether a user exist or not in the database. Patched in 0.17.7...
CVE-2025-23214
Summary: Cosmos-Server before version 0.17.7 exposes a user-enumeration vulnerability during login, allowing an attacker to determine if a username exists in the database due to error code behavior. This has been addressed in version 0.17.7. Affected software: Cosmos-Server (pre-0.17.7). Root cau...
CVE-2024-56787
In the Linux kernel, the following vulnerability has been resolved: soc: imx8m: Probe the SoC driver as platform driver With driverasyncprobe= on kernel command line, the following trace is produced because on i.MX8M Plus hardware because the soc-imx8m.c driver calls ofclkgetbyname which returns...
CVE-2024-56787
CVE-2024-56787 documents a Linux kernel issue where imx8m SoC code probed as a driver caused -EPROBE_DEFER when clock driver wasn’t probed yet. The fix converts the SoC code to a platform driver and instantiates it in current device_initcall, propagating -EPROBE_DEFER through the .probe retry mec...
CVE-2024-56596
In the Linux kernel, the following vulnerability has been resolved: jfs: fix array-index-out-of-bounds in jfsreaddir The stbl might contain some invalid values. Added a check to return error code in that case...
CVE-2024-56598
In the Linux kernel, the following vulnerability has been resolved: jfs: array-index-out-of-bounds fix in dtReadFirst The value of stbl can be sometimes out of bounds due to a bad filesystem. Added a check with appopriate return of error code in that case...
CVE-2024-56596
In the Linux kernel, the following vulnerability has been resolved: jfs: fix array-index-out-of-bounds in jfsreaddir The stbl might contain some invalid values. Added a check to return error code in that case...