Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990191)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990191 advisory. In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix uninit-value in copyname syzbot reported BUG: KMSAN: uninit-value in...

Unity Linux 20.1050e Security Update: kernel (UTSA-2025-990074)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990074 advisory. In the Linux kernel, the following vulnerability has been resolved: net: ipv6: unexport init-annotated seg6hmacinit EXPORTSYMBOL and init is a bad combination becaus...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988858)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988858 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: invalid parameter check in dpusetupdspppcc The function performs a check on the ctx...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989143)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989143 advisory. In the Linux kernel, the following vulnerability has been resolved: net: ipv6: unexport init-annotated seg6hmacinit EXPORTSYMBOL and init is a bad combination becaus...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990059)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990059 advisory. In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Handle SRCU initialization failure during page track init Check the return of...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990113)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990113 advisory. In the Linux kernel, the following vulnerability has been resolved: can: j1939: j1939sendone: fix missing CAN header initialization The read access to struct...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989284)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989284 advisory. In the Linux kernel, the following vulnerability has been resolved: rtc: cmos: Fix event handler registration ordering issue Because acpiinstallfixedeventhandler...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989302)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989302 advisory. In the Linux kernel, the following vulnerability has been resolved: tcp: fix tcpinittransfer to not reset icskcainitialized This commit fixes a bug found by syzkalle...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988789)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988789 advisory. In the Linux kernel, the following vulnerability has been resolved: ath9khtc: fix uninit value bugs Syzbot reported 2 KMSAN bugs in ath9k. All of them are caused by...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989164)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989164 advisory. In the Linux kernel, the following vulnerability has been resolved: ipv6: fix another slab-out-of-bounds in fib6nhflushexceptions While running the self-tests on a...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989757)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989757 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: myrs: Fix crash in error case In myrsdetect, cs-disableintr is NULL when privdata-hwinit...

CVE-2025-40107

In the Linux kernel, the following vulnerability has been resolved: can: hi311x: fix null pointer dereference when resuming from sleep before interface was enabled This issue is similar to the vulnerability in the mcp251x driver, which was fixed in commit 03c427147b2d "can: mcp251x: fix resume fr...

CVE-2025-11690

An Insecure Direct Object Reference IDOR vulnerability exists in the vehicleId parameter, allowing unauthorized access to sensitive information of other users’ vehicles. Exploiting this issue enables an attacker to retrieve data such as GPS coordinates, encryption keys, initialization vectors,...

EUVD-2025-37759

An Insecure Direct Object Reference IDOR vulnerability exists in the vehicleId parameter, allowing unauthorized access to sensitive information of other users’ vehicles. Exploiting this issue enables an attacker to retrieve data such as GPS coordinates, encryption keys, initialization vectors,...

CVE-2025-11690

CVE-2025-11690 corresponds to an Insecure Direct Object Reference (IDOR) in the vehicleId parameter of the CFMOTO RIDE API backend. The issue allows unauthorized access to sensitive data from other users’ vehicles (GPS coordinates, encryption keys, initialization vectors, model numbers, fuel stat...

CVE-2025-11690 IDOR vulnerability in the CFMOTO RIDE API

An Insecure Direct Object Reference IDOR vulnerability exists in the vehicleId parameter, allowing unauthorized access to sensitive information of other users’ vehicles. Exploiting this issue enables an attacker to retrieve data such as GPS coordinates, encryption keys, initialization vectors,...

CVE-2025-11690 IDOR vulnerability in the CFMOTO RIDE API

An Insecure Direct Object Reference IDOR vulnerability exists in the vehicleId parameter, allowing unauthorized access to sensitive information of other users’ vehicles. Exploiting this issue enables an attacker to retrieve data such as GPS coordinates, encryption keys, initialization vectors,...

PT-2025-44991

Name of the Vulnerable Software and Affected Versions CFMOTO RIDE affected versions not specified Description An Insecure Direct Object Reference IDOR vulnerability exists in the vehicleId parameter, allowing unauthorized access to sensitive information of other users’ vehicles. Exploiting this...

Linux Distros Unpatched Vulnerability : CVE-2025-40107

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - can: hi311x: fix null pointer dereference when resuming from sleep before interface was enabled This issue is similar to the vulnerability in the mcp251x driver...

EUVD-2025-37481

In the Linux kernel, the following vulnerability has been resolved: can: hi311x: fix null pointer dereference when resuming from sleep before interface was enabled This issue is similar to the vulnerability in the mcp251x driver, which was fixed in commit 03c427147b2d "can: mcp251x: fix resume fr...