CVE-2025-21802 net: hns3: fix oops when unload drivers paralleling

In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix oops when unload drivers paralleling When unload hclge driver, it tries to disable sriov first for each aedev node from hnae3aedevlist. If user unloads hns3 driver at the time, because it removes all the aedev node...

Schneider Electric communication modules for Modicon M580 and Quantum controllers (Update B)

GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install...

CVE-2024-57996 net_sched: sch_sfq: don't allow 1 packet limit

In the Linux kernel, the following vulnerability has been resolved: netsched: schsfq: don't allow 1 packet limit The current implementation does not work correctly with a limit of 1. iproute2 actually checks for this and this patch adds the check in kernel as well. This fixes the following...

CVE-2022-49636

In the Linux kernel, the following vulnerability has been resolved: vlan: fix memory leak in vlannewlink Blamed commit added back a bug I fixed in commit 9bbd917e0bec "vlan: fix memory leak in vlandevsetegresspriority" If a memory allocation fails in vlanchangelink after other allocations...

CVE-2022-49210

In the Linux kernel, the following vulnerability has been resolved: MIPS: pgalloc: fix memory leak caused by pgdfree pgd page is freed by generic implementation pgdfree since commit f9cb654cb550 "asm-generic: pgalloc: provide generic pgdfree", however, there are scenarios that the system uses mor...

CVE-2022-49127

In the Linux kernel, the following vulnerability has been resolved: reftracker: implement use-after-free detection Whenever reftrackerdirinit is called, mark the struct reftrackerdir as dead. Test the dead status from reftrackeralloc and reftrackerfree This should detect buggy devput/devhold...

CVE-2022-49639 cipso: Fix data-races around sysctl.

In the Linux kernel, the following vulnerability has been resolved: cipso: Fix data-races around sysctl. While reading cipso sysctl variables, they can be changed concurrently. So, we need to add READONCE to avoid data-races...

CVE-2022-49452 dpaa2-eth: retrieve the virtual address before dma_unmap

In the Linux kernel, the following vulnerability has been resolved: dpaa2-eth: retrieve the virtual address before dmaunmap The TSO header was DMA unmapped before the virtual address was retrieved and then used to free the buffer. This meant that we were actually removing the DMA map and then...

CVE-2022-49291 ALSA: pcm: Fix races among concurrent hw_params and hw_free calls

In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Fix races among concurrent hwparams and hwfree calls Currently we have neither proper check nor protection against the concurrent calls of PCM hwparams and hwfree ioctls, which may result in a UAF. Since the existing P...

CVE-2022-49291

In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Fix races among concurrent hwparams and hwfree calls Currently we have neither proper check nor protection against the concurrent calls of PCM hwparams and hwfree ioctls, which may result in a UAF. Since the existing P...

CVE-2022-49272 ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and mmap_lock

In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Fix potential AB/BA lock with buffermutex and mmaplock syzbot caught a potential deadlock between the PCM runtime-buffermutex and the mm-mmaplock. It was brought by the recent fix to cover the racy read/write and other...

CVE-2022-49210

The CVE-2022-49210 issue is a Linux-kernel memory-leak in the MIPS pgalloc path. The generic pgd_free() freed only one pgd page, but on 64‑bit systems with PAGE_SIZE_4KB and without MIPS_VA_BITS_48 the PGD_TABLE spans two pages; this mismatch leaks memory. MemFree behavior can reveal the leak. Ro...

CVE-2022-49173

In the Linux kernel, the following vulnerability has been resolved: spi: fsi: Implement a timeout for polling status The data transfer routines must poll the status register to determine when more data can be shifted in or out. If the hardware gets into a bad state, these polling loops may never...

CVE-2022-49094

CVE-2022-49094 details a Linux kernel TLS slab-out-of-bounds condition in decrypt_internal caused by an IV size mismatch for AES128-CCM when TLS offload uses a 12-byte tls_ctx->rx.iv while crypto_aead_ivsize() reports 16 bytes. The issue manifests during memcpy() from a 12-byte space, leading ...

GHSA-M3CH-223F-43C6 vulnerabilities

Vulnerabilities for packages: openjdk-26-openj9, openjdk-11-openj9, openjdk-25-openj9, openjdk-17-openj9, openjdk-21-openj9, openjdk-8-openj9...

Siemens SIMATIC Devices Linux Kernel Out-of-bounds Write (CVE-2022-2274)

The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X8664 CPUs supporting the AVX512IFMA instructions. This issue makes the RSA implementation with 2048 bit private keys incorrect on such machines and memory corruption will happen during the computation. As a...

CGA-2RMR-WMHC-2W99

Bulletin has no description...

Wireshark Security Update (wnpa-sec-2025-01) - Mac OS X

Wireshark is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wireshark:wireshark"...

Wireshark Security Update (wnpa-sec-2025-01) - Windows

Wireshark is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wireshark:wireshark"...

S3-Proxy allows Reflected Cross-site Scripting (XSS) in template implementation

Summary A Reflected Cross-site Scripting XSS vulnerability enables attackers to create malicious URLs that, when visited, inject scripts into the web application. This can lead to session hijacking or phishing attacks on a trusted domain, posing a high risk to all users. Details Give all details ...