Lucene search
K

481 matches found

Ubuntu
Ubuntu
added 2025/10/01 2:52 p.m.4 views

USN-7790-1: Linux kernel (Raspberry Pi) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - x86 architecture; - Compute Acceleration Framework; - Bus devices; - AMD CDX bus driver; - DP...

8.1CVSS7AI score0.00352EPSS
Exploits0
NVD
NVD
added 2025/10/01 12:15 p.m.11 views

CVE-2023-53487

In the Linux kernel, the following vulnerability has been resolved: powerpc/rtasflash: allow user copy to flash block cache objects With hardened usercopy enabled CONFIGHARDENEDUSERCOPY=y, using the /proc/powerpc/rtas/firmwareupdate interface to prepare a system firmware update yields a BUG: kern...

7.8CVSS0.00153EPSS
Exploits0References7
Cvelist
Cvelist
added 2025/10/01 11:42 a.m.8 views

CVE-2022-50433 efi: ssdt: Don't free memory if ACPI table was loaded successfully

In the Linux kernel, the following vulnerability has been resolved: efi: ssdt: Don't free memory if ACPI table was loaded successfully Amadeusz reports KASAN use-after-free errors introduced by commit 3881ee0b1edc "efi: avoid efivars layer when loading SSDTs from variables". The problem appears t...

0.00143EPSS
Exploits0References2
OSV
OSV
added 2025/09/19 4:15 p.m.3 views

UBUNTU-CVE-2025-39854

In the Linux kernel, the following vulnerability has been resolved: ice: fix NULL access of tx-inuse in icelltsintr Recent versions of the E810 firmware have support for an extra interrupt to handle report of the "low latency" Tx timestamps coming from the specialized low latency firmware...

7.8CVSS6.5AI score0.00141EPSS
Exploits0References16
OSV
OSV
added 2025/09/19 3:26 p.m.8 views

CVE-2025-39855 ice: fix NULL access of tx->in_use in ice_ptp_ts_irq

In the Linux kernel, the following vulnerability has been resolved: ice: fix NULL access of tx-inuse in iceptptsirq The E810 device has support for a "low latency" firmware interface to access and read the Tx timestamps. This interface does not use the standard Tx timestamp logic, due to the...

7.8CVSS5.9AI score0.00151EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2025/09/17 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2025-39836

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - efi: stmm: Fix incorrect buffer allocation method The communication buffer allocated by setupmmhdr is later on passed to teeshmregisterkernelbuf. The latter...

7.8CVSS6.8AI score0.00142EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2025/09/16 11:23 p.m.6 views

SUSE CVE-2025-39836

In the Linux kernel, the following vulnerability has been resolved: efi: stmm: Fix incorrect buffer allocation method The communication buffer allocated by setupmmhdr is later on passed to teeshmregisterkernelbuf. The latter expects those buffers to be contiguous pages, but setupmmhdr just uses...

5.5CVSS6.7AI score0.00142EPSS
Exploits0References12
NVD
NVD
added 2025/09/16 2:15 p.m.7 views

CVE-2025-39836

In the Linux kernel, the following vulnerability has been resolved: efi: stmm: Fix incorrect buffer allocation method The communication buffer allocated by setupmmhdr is later on passed to teeshmregisterkernelbuf. The latter expects those buffers to be contiguous pages, but setupmmhdr just uses...

7.8CVSS0.00142EPSS
Exploits0References3
CVE
CVE
added 2025/09/16 1:8 p.m.31 views

CVE-2025-39836

CVE-2025-39836 is a Linux kernel issue described as resolved: the EFI stmm path allocated a communication buffer with kmalloc(), while the consumer expects contiguous pages, risking corruptions/BUGs. The fix switches from kmalloc() to alloc_pages_exact() in setup_mm_hdr() so buffers passed to tee...

7.8CVSS6.3AI score0.00142EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2025/09/15 3:15 p.m.4 views

DEBIAN-CVE-2023-53216

In the Linux kernel, the following vulnerability has been resolved: arm64: efi: Make efirtlock a rawspinlock Running a rt-kernel base on 6.2.0-rc3-rt1 on an Ampere Altra outputs the following: BUG: sleeping function called from invalid context at kernel/locking/spinlockrt.c:46 inatomic: 1,...

7.8CVSS6.2AI score0.00153EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/15 2:21 p.m.6 views

CVE-2023-53216 arm64: efi: Make efi_rt_lock a raw_spinlock

In the Linux kernel, the following vulnerability has been resolved: arm64: efi: Make efirtlock a rawspinlock Running a rt-kernel base on 6.2.0-rc3-rt1 on an Ampere Altra outputs the following: BUG: sleeping function called from invalid context at kernel/locking/spinlockrt.c:46 inatomic: 1,...

0.00153EPSS
Exploits0References5
The Hacker News
The Hacker News
added 2025/09/15 11:22 a.m.27 views

⚡ Weekly Recap: Bootkit Malware, AI-Powered Attacks, Supply Chain Breaches, Zero-Days & More

In a world where threats are persistent, the modern CISO's real job isn't just to secure technology—it's to preserve institutional trust and ensure business continuity. This week, we saw a clear pattern: adversaries are targeting the complex relationships that hold businesses together, from suppl...

10CVSS9AI score0.96742EPSS
Exploits15
Microsoft CVE
Microsoft CVE
added 2025/09/04 2:46 a.m.2 views

A heap overflow in LzmaUefiDecompressGetInfo function in EDK II.

...

6.7CVSS7AI score0.00386EPSS
Exploits1
Securelist
Securelist
added 2025/08/27 10:0 a.m.13 views

Exploits and vulnerabilities in Q2 2025

Vulnerability registrations in Q2 2025 proved to be quite dynamic. Vulnerabilities that were published impact the security of nearly every computer subsystem: UEFI, drivers, operating systems, browsers, as well as user and web applications. Based on our analysis, threat actors continue to leverag...

10CVSS8.9AI score0.99959EPSS
Exploits400
NVD
NVD
added 2025/08/26 3:15 p.m.12 views

CVE-2025-25734

Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units RSUs v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 was discovered to contain an unauthenticated EFI shell which allows attackers to execute arbitrary code or escalate privileges during the boot process...

6.8CVSS0.00326EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2025/08/26 12:0 a.m.5 views

PT-2025-34782 · Kapsch Trafficcom · Ris-9160 +1

Name of the Vulnerable Software and Affected Versions: Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units RSUs versions 3.2.0.829.23, 3.8.0.1119.42, and 4.6.0.1211.28 Description: The Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units RSUs contain an unauthenticated EFI shell. This allows...

9.8CVSS7.6AI score0.00326EPSS
Exploits1References9
CVE
CVE
added 2025/08/26 12:0 a.m.20 views

CVE-2025-25734

Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) versions 3.2.0.829.23, 3.8.0.1119.42, and 4.6.0.1211.28 contain an unauthenticated EFI shell that can be leveraged to execute arbitrary code or escalate privileges during boot. Root cause is an EFI shell exposure in the RSU firmware; aff...

6.8CVSS8.7AI score0.00326EPSS
Exploits1References6Affected Software1
Cvelist
Cvelist
added 2025/08/26 12:0 a.m.11 views

CVE-2025-25734

Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units RSUs v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 was discovered to contain an unauthenticated EFI shell which allows attackers to execute arbitrary code or escalate privileges during the boot process...

0.00326EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2025/08/26 12:0 a.m.5 views

PT-2025-37981

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains an issue where the communication buffer allocated by setup mm hdr was not contiguous, despite being expected to be by tee shm register kernel buf. This could le...

7.8CVSS7.2AI score0.00142EPSS
Exploits0
SUSE Linux
SUSE Linux
added 2025/08/25 6:22 a.m.10 views

Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP6 Azure kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2024-36028: mm/hugetlb: fix DEBUGLOCKSWARNON1 when dissolvefreehugetlbfolio bsc1225707. CVE-2024-36348, CVE-2024-36349, CVE-2024-36350, CVE-2024-36357:...

8.7CVSS9AI score0.03133EPSS
Exploits11References1018
Rows per page
Query Builder