65 matches found
PT-2026-43969
In the Linux kernel, the following vulnerability has been resolved: netfilter: reject zero shift in nft bitwise Reject zero shift operands for nft bitwise left and right shift expressions during initialization. The carry propagation logic computes the carry from the adjacent 32-bit word using BIT...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: ice: fixed NULL access to tx-inuse in iceptptsirq. The E810 device supports a “low latency” firmware interface for accessing and reading Tx timestamps. This interface does not use the standard Tx timestamp logic, due to the laten...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: usb-storage: alauda: Check whether the media is initialized The member “uzonesize” of the struct alaudainfo structure will remain 0 if alaudainitmedia fails. This could potentially cause division errors in alaudareaddata and...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: pstore/ram: Check the start of empty przs during initialization. After the commit 30696378f68a “pstore/ram: Do not treat empty buffers as valid”, initialization would assume that the prz was valid after determining that buffersiz...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Handle SRCU initialization failure during page track init Check the return of initsrcustruct, which can fail due to OOM, when initializing the page track mechanism. Lack of checking leads to a NULL pointer deref found b...
Linux Distros Unpatched Vulnerability : CVE-2026-31749
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - comedi: niatmio16d: Fix invalid clean-up after failed attach If the driver's COMEDI attach handler function atmio16dattach returns an error, the COMEDI core wil...
CVE-2026-23413
In the Linux kernel, the following vulnerability has been resolved: clsact: Fix use-after-free in init/destroy rollback asymmetry Fix a use-after-free in the clsact qdisc upon init/destroy rollback asymmetry. The latter is achieved by first fully initializing a clsact instance, and then in a seco...
Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005665)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005665 advisory. In the Linux kernel, the following vulnerability has been resolved: pstore/ram: Check start of empty przs during init After commit 30696378f68a pstore/ram: Do not...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-005471)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005471 advisory. In the Linux kernel, the following vulnerability has been resolved: pstore/ram: Check start of empty przs during init After commit 30696378f68a pstore/ram: Do not...
CVE-2025-66363
CVE-2025-66363 affects the Samsung Mobile Processor Exynos 2200, specifically the LBS component. The issue is that there was no check for memory initialization within DL NAS Transport messages, representing a failure in validating memory initialization in that path. The available connected docume...
CVE-2026-22998
In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: fix NULL pointer dereferences in nvmettcpbuildpduiovec Commit efa56305908b "nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length" added ttag bounds checking and dataoffset validation in...
CVE-2025-68807 block: fix race between wbt_enable_default and IO submission
In the Linux kernel, the following vulnerability has been resolved: block: fix race between wbtenabledefault and IO submission When wbtenabledefault is moved out of queue freezing in elevatorchange, it can cause the wbt inflight counter to become negative -1, leading to hung tasks in the writebac...
CVE-2025-13529 Unify <= 3.4.9 - Missing Authorization to Unauthenticated Option Deletion via 'unify_plugin_downgrade' Parameter
The Unify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'init' action in all versions up to, and including, 3.4.9. This makes it possible for unauthenticated attackers to delete specific plugin options via the 'unifyplugindowngrad...
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-992235)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992235 advisory. In the Linux kernel, the following vulnerability has been resolved: pstore/ram: Check start of empty przs during init After commit 30696378f68a pstore/ram: Do not...
UBUNTU-CVE-2025-68225
In the Linux kernel, the following vulnerability has been resolved: lib/testkho: check if KHO is enabled We must check whether KHO is enabled prior to issuing KHO commands, otherwise KHO internal data structures are not initialized...
CVE-2025-68224
CVE-2025-68224 is rejected/not used as stated in the Initial Description.
Linux Distros Unpatched Vulnerability : CVE-2025-68224
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - scsi: core: Fix a regression triggered by scsihostbusy Commit 995412e23bb2 blk-mq: Replace tags-lock with SRCU for tag iterators introduced the following...
CVE-2025-40234
In the Linux kernel, the following vulnerability has been resolved: platform/x86: alienware-wmi-wmax: Fix NULL pointer dereference in sleep handlers Devices without the AWCC interface don't initialize awcc. Add a check before dereferencing it in sleep handlers...
CVE-2025-40234 platform/x86: alienware-wmi-wmax: Fix NULL pointer dereference in sleep handlers
In the Linux kernel, the following vulnerability has been resolved: platform/x86: alienware-wmi-wmax: Fix NULL pointer dereference in sleep handlers Devices without the AWCC interface don't initialize awcc. Add a check before dereferencing it in sleep handlers...
CVE-2025-41733
The commissioning wizard on the affected devices does not validate if the device is already initialized. An unauthenticated remote attacker can construct POST requests to set root credentials...