CVE-2023-53555 mm/damon/core: initialize damo_filter->list from damos_new_filter()

In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: initialize damofilter-list from damosnewfilter damosnewfilter is not initializing the list field of newly allocated filter object. However, DAMON sysfs interface and DAMONRECLAIM are not initializing it after calli...

CVE-2022-50482

CVE-2022-50482 is a Linux kernel vulnerability in the iommu/vt-d path. The issue is a memory leak of si_domain that occurs when init_dmars() fails, due to domain objects still lingering in the iommu_domain cache. The description states that this memory leak could occur in kernel builds prior to a...

CVE-2022-50482 iommu/vt-d: Clean up si_domain in the init_dmars() error path

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Clean up sidomain in the initdmars error path A splat from kmemcachedestroy was seen with a kernel prior to commit ee2653bbe89d "iommu/vt-d: Remove domain and devinfo mempool" when there was a failure in initdmars,...

CVE-2022-50473 cpufreq: Init completion before kobject_init_and_add()

In the Linux kernel, the following vulnerability has been resolved: cpufreq: Init completion before kobjectinitandadd In cpufreqpolicyalloc, it will call uninitialed completion in cpufreqsysfsrelease when kobjectinitandadd fails. And that will cause a crash such as the following page fault in...

CVE-2022-50473

CVE-2022-50473 affects the Linux kernel cpufreq subsystem. The root cause is calling an uninitialized completion in cpufreq_sysfs_release() when kobject_init_and_add() fails, occurring in cpufreq_policy_alloc(). This can lead to a crash (page fault) on a local system via complete+0x98, with Call ...

EUVD-2025-32386

In the Linux kernel, the following vulnerability has been resolved: drm: bridge: anx7625: Fix NULL pointer dereference with early IRQ If the interrupt occurs before resource initialization is complete, the interrupt handler/worker may access uninitialized data such as the I2C tcpcclient device,...

CVE-2025-39937

In the Linux kernel, the following vulnerability has been resolved: net: rfkill: gpio: Fix crash due to dereferencering uninitialized pointer Since commit 7d5e9737efda "net: rfkill: gpio: get the name and type from device property" rfkillfindtype gets called with the possibly uninitialized "const...

CVE-2025-39934

In the Linux kernel, the following vulnerability has been resolved: drm: bridge: anx7625: Fix NULL pointer dereference with early IRQ If the interrupt occurs before resource initialization is complete, the interrupt handler/worker may access uninitialized data such as the I2C tcpcclient device,...

CVE-2025-39934

CVE-2025-39934: Linux kernel drm: bridge: anx7625 fixes a NULL pointer dereference when an IRQ fires before resource initialization, potentially accessing uninitialized I2C tcpc_client data. The NVD entry notes a MEDIUM base score (5.5) with LOCAL attack vector and LOW PR, HIGH impact on availabi...

CVE-2025-39934 drm: bridge: anx7625: Fix NULL pointer dereference with early IRQ

In the Linux kernel, the following vulnerability has been resolved: drm: bridge: anx7625: Fix NULL pointer dereference with early IRQ If the interrupt occurs before resource initialization is complete, the interrupt handler/worker may access uninitialized data such as the I2C tcpcclient device,...

CVE-2025-39934 drm: bridge: anx7625: Fix NULL pointer dereference with early IRQ

In the Linux kernel, the following vulnerability has been resolved: drm: bridge: anx7625: Fix NULL pointer dereference with early IRQ If the interrupt occurs before resource initialization is complete, the interrupt handler/worker may access uninitialized data such as the I2C tcpcclient device,...

CVE-2025-39931 crypto: af_alg - Set merge to zero early in af_alg_sendmsg

In the Linux kernel, the following vulnerability has been resolved: crypto: afalg - Set merge to zero early in afalgsendmsg If an error causes afalgsendmsg to abort, ctx-merge may contain a garbage value from the previous loop. This may then trigger a crash on the next entry into afalgsendmsg whe...

EUVD-2025-32421

The Integrate Dynamics 365 CRM plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 1.0.9. This is due to missing capability checks and nonce verification on functions hooked to 'init'. This makes it possible for unauthenticated attackers to deactivate t...

CVE-2025-10746

CVE-2025-10746 – Integrate Dynamics 365 CRM plugin (WordPress) affects all versions up to 1.0.9. Root cause: missing capability checks and nonce verification on functions hooked to init, enabling unauthenticated access. Impact (per sources): unauthenticated attackers can deactivate the plugin, ta...

RLSA-2025:7043 Moderate: microcode_ctl security update

The microcodectl packages provide microcode updates for Intel and AMD processors. Security Fixes: microcodectl: Improper input validation in UEFI firmware CVE-2024-28047 microcodectl: Insufficient granularity of access control in UEFI firmware CVE-2024-39279 microcodectl: mproper initialization i...

PT-2025-40660

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel related to the cpufreq subsystem. Specifically, in cpufreq policy alloc, an uninitialized completion is called within cpufreq sysfs release when kobject...

PT-2025-40762

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the crypto/af alg subsystem, specifically impacting the gcm-aes-s390 driver. A missing initialization in af alg alloc areq can lead to an issue...

EUVD-2025-13224

Malicious code in bioql PyPI...

EUVD-2023-35616

Malicious code in bioql PyPI...

EUVD-2022-45360

Malicious code in bioql PyPI...