Azure Linux 3.0 Security Update: kernel (CVE-2025-37952)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-37952 advisory. - In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fix UAF in closefiletableids A...

Amazon Linux 2023 : grub2-common, grub2-efi-aa64, grub2-efi-aa64-cdboot (ALAS2023-2025-1342)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1342 advisory. A vulnerability has been identified in the GRUB2 bootloader's network module that poses an immediate Denial of Service DoS risk. This flaw is a Use-after-Free issue, caused because the...

Medium: grub2

Issue Overview: A vulnerability has been identified in the GRUB2 bootloader's network module that poses an immediate Denial of Service DoS risk. This flaw is a Use-after-Free issue, caused because the netsetvlan command is not properly unregistered when the network module is unloaded from memory...

CVE-2023-53990

In the Linux kernel, the following vulnerability has been resolved: SMB3: Add missing locks to protect deferred close file list cifsdeldeferredclose function has a critical section which modifies the deferred close file list. We must acquire deferredlock before calling cifsdeldeferredclose functi...

CVE-2025-68239

In the Linux kernel, the following vulnerability has been resolved: binfmtmisc: restore write access before closing files opened by openexec bmregisterwrite opens an executable file using openexec, which internally calls doopenexecat and denies write access on the file to avoid modification while...

ZSPACE Q2C 命令注入漏洞

ZSPACE Q2C is a private cloud storage device from China's ZSPACE ZSPACE company. A command injection vulnerability exists in ZSPACE Q2C 1.1.0210050 and earlier versions, which stems from incorrect manipulation of the parameter safedir in the file /v2/file/safe/close, which could lead to a command...

CVE-2025-40220

CVE-2025-40220 (Linux kernel) fixes a livelock in synchronous file put paths on fuseblk workers. Analysis in the description shows AIO writers hang waiting for fuse responses and fuse server threads stall due to synchronous RELEASE/put behavior. The patch resolves the hang by ensuring asynchronou...

SUSE-SU-2025:4224-1 Security update for grub2

This update for grub2 fixes the following issues: - CVE-2025-54771: Fixed rubfileclose does not properly controls the fs refcount bsc1252931 - CVE-2025-61661: Fixed out-of-bounds write in grubusbgetstring function bsc1252932 - CVE-2025-61662: Fixed missing unregister call for gettext command may...

SUSE-SU-2025:4152-1 Security update for grub2

This update for grub2 fixes the following issues: - CVE-2025-54771: Fixed rubfileclose does not properly controls the fs refcount bsc1252931 - CVE-2025-61662: Fixed missing unregister call for gettext command may lead to use-after-free bsc1252933 - CVE-2025-61663: Fixed missing unregister call fo...

Grub2: use-after-free in grub_file_close()

...

CVE-2025-54771 Grub2: use-after-free in grub_file_close()

A use-after-free vulnerability has been identified in the GNU GRUB Grand Unified Bootloader. The flaw occurs because the file-closing process incorrectly retains a memory pointer, leaving an invalid reference to a file system structure. An attacker could exploit this vulnerability to cause grub t...

CVE-2025-54771 Grub2: use-after-free in grub_file_close()

A use-after-free vulnerability has been identified in the GNU GRUB Grand Unified Bootloader. The flaw occurs because the file-closing process incorrectly retains a memory pointer, leaving an invalid reference to a file system structure. An attacker could exploit this vulnerability to cause grub t...

PT-2024-40571 · Git +1 · Ghostscript

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a crash type of UNKNOWN READ. The crash state involves several functions: chunk free object, file close file, and sclose. No...

PT-2024-40563 · Git +1 · Ghostscript

Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned. Description: A crash occurred due to an unknown read issue. The crash state involves functions such as chunk free object, file close file, and sclose. Recommendations: At the moment, there is no...

DEBIAN-CVE-2024-26831

In the Linux kernel, the following vulnerability has been resolved: net/handshake: Fix handshakereqdestroytest1 Recently, handshakereqdestroytest1 started failing: Expected handshakereqdestroytest == req, but handshakereqdestroytest == 0000000000000000 req == 0000000060f99b40 not ok 11 reqdestroy...

UBUNTU-CVE-2024-26831

In the Linux kernel, the following vulnerability has been resolved: net/handshake: Fix handshakereqdestroytest1 Recently, handshakereqdestroytest1 started failing: Expected handshakereqdestroytest == req, but handshakereqdestroytest == 0000000000000000 req == 0000000060f99b40 not ok 11 reqdestroy...

CVE-2024-26831

In the Linux kernel, the following vulnerability has been resolved: net/handshake: Fix handshakereqdestroytest1 Recently, handshakereqdestroytest1 started failing: Expected handshakereqdestroytest == req, but handshakereqdestroytest == 0000000000000000 req == 0000000060f99b40 not ok 11 reqdestroy...

UBUNTU-CVE-2019-13351

posix/JackSocket.cpp in libjack in JACK2 1.9.1 through 1.9.12 as distributed with alsa-plugins 1.1.7 and later has a "double file descriptor close" issue during a failed connection attempt when jackd2 is not running. Exploitation success depends on multithreaded timing of that double close, which...

Denial of Service Vulnerability in Configuration King 7.5sp2

KingView is an industrial automation configuration software produced by Beijing Asian Control Technology Development Co. A denial of service vulnerability exists in KingView 7.5sp2. The vulnerability stems from the use of wcslen to read the length of a string when closing a file and failing to...