CVE-2025-38424

CVE-2025-38424 is a Linux kernel fix. The issue arose when perf sampling could access user-space state while the kernel was tearing down a process, risking a crash on ARM64 during do_exit(). The patch changes the teardown order to stop perf earlier in do_exit() and hardens PERF_SAMPLE_CALLCHAIN a...

AZL-65678 CVE-2025-38404 affecting package kernel for versions less than 6.6.104.2-1

In the Linux kernel, the following vulnerability has been resolved: usb: typec: displayport: Fix potential deadlock The deadlock can occur due to a recursive lock acquisition of crostypecaltmodedata::mutex. The call chain is as follows: 1. crostypecaltmodework acquires the mutex 2. typecaltmodevd...

UBUNTU-CVE-2025-38404

In the Linux kernel, the following vulnerability has been resolved: usb: typec: displayport: Fix potential deadlock The deadlock can occur due to a recursive lock acquisition of crostypecaltmodedata::mutex. The call chain is as follows: 1. crostypecaltmodework acquires the mutex 2. typecaltmodevd...

SUSE CVE-2025-38352

In the Linux kernel, the following vulnerability has been resolved: posix-cpu-timers: fix race between handleposixcputimers and posixcputimerdel If an exiting non-autoreaping task has already passed exitnotify and calls handleposixcputimers from IRQ, it can be reaped by its parent or debugger rig...

CVE-2025-38352

In the Linux kernel, the following vulnerability has been resolved: posix-cpu-timers: fix race between handleposixcputimers and posixcputimerdel If an exiting non-autoreaping task has already passed exitnotify and calls handleposixcputimers from IRQ, it can be reaped by its parent or debugger rig...

DEBIAN-CVE-2025-38352

In the Linux kernel, the following vulnerability has been resolved: posix-cpu-timers: fix race between handleposixcputimers and posixcputimerdel If an exiting non-autoreaping task has already passed exitnotify and calls handleposixcputimers from IRQ, it can be reaped by its parent or debugger rig...

UBUNTU-CVE-2025-38352

In the Linux kernel, the following vulnerability has been resolved: posix-cpu-timers: fix race between handleposixcputimers and posixcputimerdel If an exiting non-autoreaping task has already passed exitnotify and calls handleposixcputimers from IRQ, it can be reaped by its parent or debugger rig...

CVE-2025-38352 posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del()

In the Linux kernel, the following vulnerability has been resolved: posix-cpu-timers: fix race between handleposixcputimers and posixcputimerdel If an exiting non-autoreaping task has already passed exitnotify and calls handleposixcputimers from IRQ, it can be reaped by its parent or debugger rig...

CVE-2025-38352 posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del()

In the Linux kernel, the following vulnerability has been resolved: posix-cpu-timers: fix race between handleposixcputimers and posixcputimerdel If an exiting non-autoreaping task has already passed exitnotify and calls handleposixcputimers from IRQ, it can be reaped by its parent or debugger rig...

PT-2025-37203

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A flaw exists in the Linux kernel related to rcu read unlock. Specifically, a potential deadlock can occur during rcu read unlock special when invoked within the irq exit path, trigger...

KVM: SVM: Forcibly leave SMM mode on SHUTDOWN interception

...

PT-2025-28958 · Builder.Io · @Builder.Io/Qwik-City

Name of the Vulnerable Software and Affected Versions: @builder.io/qwik-city versions prior to 1.13.0 Description: The @builder.io/qwik-city meta-framework for Qwik is susceptible to an issue where improper handling of invalid qfunc during the execution of a Qwik Server Action QRL can lead to a...

kernel: md: fix mddev uaf while iterating all_mddevs list

A flaw was discovered in the Linux kernel’s MD multiple device subsystem during iteration over the allmddevs list in functions such as mdnotifyreboot and mdexit. The code used listforeachentrysafe, but released locks before completing reference counting, allowing concurrent deletion and freeing o...

kernel: md: fix mddev uaf while iterating all_mddevs list

A flaw was discovered in the Linux kernel’s MD multiple device subsystem during iteration over the allmddevs list in functions such as mdnotifyreboot and mdexit. The code used listforeachentrysafe, but released locks before completing reference counting, allowing concurrent deletion and freeing o...

PT-2025-49021

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw related to the handling of ipcomp fallback tunnels and xfrm states. Specifically, the issue arises when deleting xfrm states, where the fallback state...

CVE-2025-53170

Null pointer dereference vulnerability in the application exit cause module Impact: Successful exploitation of this vulnerability may affect function stability...

CVE-2025-53170

Null pointer dereference vulnerability in the application exit cause module Impact: Successful exploitation of this vulnerability may affect function stability...

CVE-2025-53170

Null pointer dereference vulnerability in the application exit cause module Impact: Successful exploitation of this vulnerability may affect function stability...

Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A security vulnerability exists in Huawei HarmonyOS version 5.1.0, which stems from a null pointer dereference in the Application Exit Reason module, and can...

PT-2025-33780

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The Linux kernel contains a flaw in the RDMA/hns subsystem where rsv qp may be double destroyed during an error condition. This occurs first in free mr init and then in hns roce exit...