EUVD-2026-38728

In the Linux kernel, the following vulnerability has been resolved: vrf: Fix a potential NPD when removing a port from a VRF RCU readers that identified a net device as a VRF port using netifisl3slave assume that a subsequent call to netdevmasterupperdevgetrcu will return a VRF device. They then...

Wavlink WL-WN579X3-C 安全漏洞

Wavlink WL-WN579X3-C is a wireless network extender produced by Wavlink Corporation. The Wavlink WL-WN579X3-C 231124 version contains a security vulnerability. This vulnerability arises from incorrect handling of the parameter “delflag” in the file /cgi-bin/firewall.cgi, which may lead to a stack...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990574)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990574 advisory. In the Linux kernel, the following vulnerability has been resolved: PM: core: keep irq flags in devicepmcheckcallbacks The function devicepmcheckcallbacks can be...

mm/ksm: fix flag-dropping behavior in ksm_madvise

...

EUVD-2025-36488

In the Linux kernel, the following vulnerability has been resolved: mm/ksm: fix flag-dropping behavior in ksmmadvise syzkaller discovered the following crash: kernel BUG 44.607039 ------------ cut here ------------ 44.607422 kernel BUG at mm/userfaultfd.c:2067! 44.608148 Oops: invalid opcode: 000...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the dmaengine driver not properly handling the FDQ flag when resetting the RX channel...

CVE-2025-37968

CVE-2025-37968 (Linux kernel) affects the iio: light: opt3001 driver. The issue is a deadlock in a threaded IRQ path caused by reading the same flag twice (once for mutex_lock, once for mutex_unlock). The fix standardizes the flag handling by reading it into a local variable and reusing that valu...

SUSE CVE-2025-22125

In the Linux kernel, the following vulnerability has been resolved: md/raid1,raid10: don't ignore IO flags If blk-wbt is enabled by default, it's found that raid write performance is quite bad because all IO are throttled by wbt of underlying disks, due to flag REQIDLE is ignored. And turns out...

CVE-2022-49175 PM: core: keep irq flags in device_pm_check_callbacks()

In the Linux kernel, the following vulnerability has been resolved: PM: core: keep irq flags in devicepmcheckcallbacks The function devicepmcheckcallbacks can be called under the spin lock in the reported case it happens from genpdadddevice - devpmdomainset, when the genpd uses spinlocks rather...

CVE-2022-49175

In the Linux kernel, the following vulnerability has been resolved: PM: core: keep irq flags in devicepmcheckcallbacks The function devicepmcheckcallbacks can be called under the spin lock in the reported case it happens from genpdadddevice - devpmdomainset, when the genpd uses spinlocks rather...

SUSE CVE-2024-53210

In the Linux kernel, the following vulnerability has been resolved: s390/iucv: MSGPEEK causes memory leak in iucvsockdestruct Passing MSGPEEK flag to skbrecvdatagram increments skb refcount skb-users and iucvsockrecvmsg does not decrement skb refcount at exit. This results in skb memory leak in...

The vulnerability of the ctl_write_buffer() function in the ctl subsystem of the FreeBSD operating system allows a hacker to execute arbitrary code.

The vulnerability of the ctlwritebuffer function in the ctl subsystem of the FreeBSD operating system is related to the use of memory after it is freed due to incorrect flag setting. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of the msp_info_htm function in D-Link DI-8400 router microprogramming software allows a hacker to execute arbitrary commands.

The vulnerability of the mspinfohtm function in D-Link DI-8400 router microprogramming software is related to the lack of measures taken to neutralize special elements used in commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands when processing the flag a...

CVE-2024-21533

All versions of the package ggit are vulnerable to Arbitrary Argument Injection via the clone API, which allows specifying the remote URL to clone and the file on disk to clone to. The library does not sanitize for user input or validate a given URL scheme, nor does it properly pass command-line...

The vulnerability of the Cgo extension in the Go programming language allows a hacker to execute arbitrary code.

The vulnerability of the Cgo programming language extension is related to improper code generation when processing arguments from the CgoLDFLAGS directive. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

SUSE CVE-2017-9744

The shelfsetmachfromflags function in bfd/elf32-sh.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service buffer overflow and application crash or possibly have unspecified other impact via a crafted binary...

IBM Guardium Data Encryption 信息泄露漏洞

IBM Security Guardium Data Encryption is an American IBM software for securing sensitive data within an organization. The software protects assets located in cloud, virtual, big data and physical environments by controlling access to databases, files, applications and containers. An information...

Code injection

The skbrecvdatagram function in net/core/datagram.c in the Linux kernel before 3.8 does not properly handle the MSGPEEK flag with zero-length data, which allows local users to cause a denial of service infinite loop and system hang via a crafted application...