CVE-2026-11576

The CVE-2026-11576 entry concerns eclipse-threadx NetX Duo. The issue arises from a refactor of error handling in the HTTP server PUT path, where a unified cleanup path unconditionally calls fx_file_close() even if no file was successfully opened. Multiple error branches jump to the shared cleanu...

CVE-2026-11576

The security fix for CVE-2025-0728 in eclipse-threadx NetX Duo refactors error handling in the HTTP server PUT process to use a shared cleanup label, but this unified cleanup path unconditionally calls fxfileclose even when the file was never successfully opened. Multiple error branches jump to t...

PT-2026-50864

The security fix for CVE-2025-0728 in eclipse-threadx NetX Duo refactors error handling in the HTTP server PUT process to use a shared cleanup label, but this unified cleanup path unconditionally calls fx file close even when the file was never successfully opened. Multiple error branches jump to...

EUVD-2026-35145

In the Linux kernel, the following vulnerability has been resolved: lib: testhmm: evict device pages on file close to avoid use-after-free Patch series "Minor hmmtest fixes and cleanups". Two bugfixes a cleanup for the HMM kernel selftests. These were mostly reported by Zenghui Yu with special...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the fact that the device pages are not migrated back into system memory when the files are closed...

Azure Linux 3.0 Security Update: kernel (CVE-2025-37952)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-37952 advisory. - In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fix UAF in closefiletableids A...

Amazon Linux 2023 : grub2-common, grub2-efi-aa64, grub2-efi-aa64-cdboot (ALAS2023-2025-1342)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1342 advisory. A vulnerability has been identified in the GRUB2 bootloader's network module that poses an immediate Denial of Service DoS risk. This flaw is a Use-after-Free issue, caused because the...

Medium: grub2

Issue Overview: A vulnerability has been identified in the GRUB2 bootloader's network module that poses an immediate Denial of Service DoS risk. This flaw is a Use-after-Free issue, caused because the netsetvlan command is not properly unregistered when the network module is unloaded from memory...

CVE-2023-53990

In the Linux kernel, the following vulnerability has been resolved: SMB3: Add missing locks to protect deferred close file list cifsdeldeferredclose function has a critical section which modifies the deferred close file list. We must acquire deferredlock before calling cifsdeldeferredclose functi...

CVE-2025-68239

In the Linux kernel, the following vulnerability has been resolved: binfmtmisc: restore write access before closing files opened by openexec bmregisterwrite opens an executable file using openexec, which internally calls doopenexecat and denies write access on the file to avoid modification while...

ZSPACE Q2C 命令注入漏洞

ZSPACE Q2C is a private cloud storage device from China's ZSPACE ZSPACE company. A command injection vulnerability exists in ZSPACE Q2C 1.1.0210050 and earlier versions, which stems from incorrect manipulation of the parameter safedir in the file /v2/file/safe/close, which could lead to a command...

CVE-2025-40220

CVE-2025-40220 (Linux kernel) fixes a livelock in synchronous file put paths on fuseblk workers. Analysis in the description shows AIO writers hang waiting for fuse responses and fuse server threads stall due to synchronous RELEASE/put behavior. The patch resolves the hang by ensuring asynchronou...

SUSE-SU-2025:4224-1 Security update for grub2

This update for grub2 fixes the following issues: - CVE-2025-54771: Fixed rubfileclose does not properly controls the fs refcount bsc1252931 - CVE-2025-61661: Fixed out-of-bounds write in grubusbgetstring function bsc1252932 - CVE-2025-61662: Fixed missing unregister call for gettext command may...

SUSE-SU-2025:4152-1 Security update for grub2

This update for grub2 fixes the following issues: - CVE-2025-54771: Fixed rubfileclose does not properly controls the fs refcount bsc1252931 - CVE-2025-61662: Fixed missing unregister call for gettext command may lead to use-after-free bsc1252933 - CVE-2025-61663: Fixed missing unregister call fo...

Grub2: use-after-free in grub_file_close()

...

CVE-2025-54771 Grub2: use-after-free in grub_file_close()

A use-after-free vulnerability has been identified in the GNU GRUB Grand Unified Bootloader. The flaw occurs because the file-closing process incorrectly retains a memory pointer, leaving an invalid reference to a file system structure. An attacker could exploit this vulnerability to cause grub t...

CVE-2025-54771 Grub2: use-after-free in grub_file_close()

A use-after-free vulnerability has been identified in the GNU GRUB Grand Unified Bootloader. The flaw occurs because the file-closing process incorrectly retains a memory pointer, leaving an invalid reference to a file system structure. An attacker could exploit this vulnerability to cause grub t...

The vulnerability of the `cifs_close_deferred_file()` function in the fs/cifs/misc.c module of the Linux kernel’s file system support module allows a attacker to cause a service failure.

The vulnerability of the cifsclosedeferredfile function in the fs/cifs/misc.c module of the Linux kernel’s file system support module is related to synchronization errors when using shared resources. Exploiting this vulnerability can allow an attacker to cause a service failure...

PT-2025-18428

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A hang can occur while freeing a sigtrap event in the Linux kernel's perf subsystem if a related deferred signal hadn't been sent before the file got closed. This issue arises due to a...

PT-2024-40571 · Git +1 · Ghostscript

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a crash type of UNKNOWN READ. The crash state involves several functions: chunk free object, file close file, and sclose. No...