EUVD-2025-36493

In the Linux kernel, the following vulnerability has been resolved: Input: uinput - zero-initialize uinputffuploadcompat to avoid info leak Struct ffeffectcompat is embedded twice inside uinputffuploadcompat, contains internal padding. In particular, there is a hole after struct ffreplay to satis...

CVE-2025-40035 Input: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak

In the Linux kernel, the following vulnerability has been resolved: Input: uinput - zero-initialize uinputffuploadcompat to avoid info leak Struct ffeffectcompat is embedded twice inside uinputffuploadcompat, contains internal padding. In particular, there is a hole after struct ffreplay to satis...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from a race condition during kprobe initialization that could lead to a null pointer dereference...

kernel: pstore/ram: Check start of empty przs during init

An out of bounds array vulnerability exists in the linux kernel, such that a missing check on the start field of a PRZ persistent ram zone during initialization leads to damage to the availability and integrity of the system...

Siemens SIMATIC, SCALANCE and RUGGEDCOM Devices Improper Input Validation (CVE-2024-38619)

usb-storage: alauda: Check whether the media is initialized. The member uzonesize of struct alaudainfo will remain 0 if alaudainitmedia fails, potentially causing divide errors in alaudareaddata and alaudawritelba. This plugin only works with Tenable.ot. Please visit...

Siemens SIMATIC, SCALANCE and RUGGEDCOM Devices Improper Initialization (CVE-2024-50015)

ext4: dax: Overflowing extents beyond inode size when partially writing. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid503434; scriptversion"1.3...

Siemens SIMATIC, SCALANCE and RUGGEDCOM Devices Missing Initialization of a Variable (CVE-2024-53101)

In the Linux kernel, the following vulnerability has been resolved: fs: Fix uninitialized value issue in fromkuid and fromkgid ocfs2setattr uses attr-iamode, attr-iauid and attr-iagid in a trace point even though ATTRMODE, ATTRUID and ATTRGID aren't set. Initialize all fields of newattrs to avoid...

Siemens SIMATIC Devices Divide By Zero (CVE-2024-27059)

In the Linux kernel, the following vulnerability has been resolved: USB: usb-storage: Prevent divide-by-0 error in isd200atacommand The isd200 sub-driver in usb-storage uses the HEADS and SECTORS values in the ATA ID information to calculate cylinder and head values when creating a CDB for READ o...

Siemens SIMATIC, SCALANCE and RUGGEDCOM Devices Use of Uninitialized Resource (CVE-2024-50302)

In the Linux kernel, the following vulnerability has been resolved: HID: core: zero-initialize the report buffer Since the report buffer is used by all kinds of drivers in various ways, let's zero-initialize it during allocation to make sure that it can't be ever used to leak kernel memory via...

Siemens SIMATIC Devices Use of Uninitialized Resource (CVE-2024-46865)

In the Linux kernel, the following vulnerability has been resolved: fou: fix initialization of grc The grc must be initialize first. There can be a condition where if fou is NULL, goto out will be executed and grc would be used uninitialized. This plugin only works with Tenable.ot. Please visit...

Siemens SIMATIC, SCALANCE and RUGGEDCOM Devices Use of Uninitialized Resource (CVE-2024-49900)

In the Linux kernel, the following vulnerability has been resolved: jfs: Fix uninit-value access of newea in eabuffer syzbot reports that lzo1x1docompress is using uninit-value: ===================================================== BUG: KMSAN: uninit-value in lzo1x1docompress+0x19f9/0x2510...

Siemens SIMATIC Devices Missing Initialization of a Variable (CVE-2024-45018)

In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: initialise extack before use Fix missing initialisation of extack in flow offload. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information...

SUSE CVE-2023-53696

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix memory leak in qla2x00probeone There is a memory leak reported by kmemleak: unreferenced object 0xffffc900003f0000 size 12288: comm "modprobe", pid 19117, jiffies 4299751452 age 42490.264s hex dump first 32...

CVE-2025-0033

Improper access control within AMD SEV-SNP could allow an admin privileged attacker to write to the RMP during SNP initialization, potentially resulting in a loss of SEV-SNP guest memory integrity...

EUVD-2023-60009

In the Linux kernel, the following vulnerability has been resolved: serial: arcuart: fix ofiomap leak in arcserialprobe Smatch reports: drivers/tty/serial/arcuart.c:631 arcserialprobe warn: 'port-membase' from ofiomap not released on lines: 631. In arcserialprobe, if uartaddoneport fails,...

UBUNTU-CVE-2022-50574

In the Linux kernel, the following vulnerability has been resolved: drm/omap: dss: Fix refcount leak bugs In dssinitports and dssuninitports, we should call ofnodeput for the reference returned by ofgraphgetportbyid in fail path or when it is not used anymore...

CVE-2023-53696

CVE-2023-53696 affects the Linux kernel scsi/qla2xxx driver. The root cause is an error-path leak in qla2x00_probe_one(): when base_vha initialization fails, the fab_scan_rp (scan.l) allocated in qla2x00_create_host() is not released in the probe_failed path, causing a memory leak reported by kme...

CVE-2023-53696 scsi: qla2xxx: Fix memory leak in qla2x00_probe_one()

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix memory leak in qla2x00probeone There is a memory leak reported by kmemleak: unreferenced object 0xffffc900003f0000 size 12288: comm "modprobe", pid 19117, jiffies 4299751452 age 42490.264s hex dump first 32...

Security update for libqt5-qtbase

This update for libqt5-qtbase fixes the following issues: Security issues fixed: CVE-2025-5455: processing of malformed data in qDecodeDataUrl can trigger assertion and cause a crash bsc1243958. CVE-2025-30348: complex algorithm used in encodeText in QDom when processing XML data can cause low...

CVE-2025-56801

The Reolink Desktop Application 8.18.12 contains hardcoded credentials as the Initialization Vector IV in its AES-CFB encryption implementation allowing attackers with access to the application environment to reliably decrypt encrypted configuration data. NOTE: the Supplier's position is that...