CVE-2025-38647

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: sar: drop lockdep assertion in rtw89setsarfromacpi The following assertion is triggered on the rtw89 driver startup. It looks meaningless to hold wiphy lock on the early init stage so drop the assertion. WARNING: CPU...

CVE-2025-38647

CVE-2025-38647 affects the Linux kernel wifi/rtw89 driver. The issue is a dropped lockdep assertion in rtw89_set_sar_from_acpi during driver startup, which could trigger under early init and is resolved by the kernel fix. The vulnerability details, call trace, and affected chain are documented in...

CVE-2025-38647 wifi: rtw89: sar: drop lockdep assertion in rtw89_set_sar_from_acpi

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: sar: drop lockdep assertion in rtw89setsarfromacpi The following assertion is triggered on the rtw89 driver startup. It looks meaningless to hold wiphy lock on the early init stage so drop the assertion. WARNING: CPU...

CVE-2025-38645

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Check device memory pointer before usage Add a NULL check before accessing device memory to prevent a crash if dev-dm allocation in mlx5initonce fails...

OESA-2025-2055 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: drm/vkms: Fix use after free and double free on init error If the driver initialization fails, the vkmsexit function might access an uninitialized or freed...

CVE-2025-55619

Reolink v4.54.0.4.20250526 was discovered to contain a hardcoded encryption key and initialization vector. An attacker can leverage this vulnerability to decrypt access tokens and web session tokens stored inside the app via reverse engineering...

CVE-2025-55619

Summary: CVE-2025-55619 affects the Reolink Android app (version 4.54.0.4.20250526). The root cause is a hardcoded encryption key and IV, which attackers can leverage to decrypt access tokens and web session tokens stored in the app via reverse engineering. This vulnerability has a high impact (C...

CVE-2025-55619

Reolink v4.54.0.4.20250526 was discovered to contain a hardcoded encryption key and initialization vector. An attacker can leverage this vulnerability to decrypt access tokens and web session tokens stored inside the app via reverse engineering...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from nvmet pci-epf potentially double-completing commands when nvmetreqinit fails...

AlmaLinux 9 : kernel (ALSA-2025:13962)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:13962 advisory. kernel: bpf, testrun: Fix use-after-free issue in ethskbpkttype CVE-2025-21867 microcodectl: From CVEorg collector CVE-2024-28956 kernel: mm/hugetlb:...

PT-2025-34450 · Reolink · Reolink

Name of the Vulnerable Software and Affected Versions: Reolink version 4.54.0.4.20250526 Description: The Reolink application contains a hardcoded encryption key and initialization vector. This allows an attacker to decrypt access tokens and web session tokens through reverse engineering...

Reolink App 安全漏洞

Reolink App is a mobile application from Reolink USA. A security vulnerability exists in Reolink App version v4.54.0.4.20250526, which stems from the use of hard-coded encryption keys and initialization vectors, which could lead to the decryption of access tokens and session tokens...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from rtw89 sar performing a meaningless lock assertion check during the initialization phase...

Null Pointer Dereference

libtiff.so is vulnerable to Null Pointer Dereference. The vulnerability is due to improper handling in the t2preadtiffinit function of tools/tiff2pdf.c in the fax2ps component, which allows a local attacker to trigger a null pointer dereference under complex conditions...

CVE-2025-47184

An XML external entities XXE injection vulnerability in the /init API endpoint in Exagid EX10 before 6.4.0 P20, 7.0.1 P12, and 7.2.0 P08 allows an authenticated, unprivileged attacker to achieve information disclosure and privilege escalation via a crafted ISys XML message...

Exagrid EX10 安全漏洞

Exagrid EX10 is a backup storage server from Exagrid Corporation, USA. A security vulnerability exists in Exagrid EX10 version 7.0.1p02, which originates from the presence of XML external entity injection in the /init API endpoint, which could lead to information disclosure and elevation of...

CVE-2025-47184

An XML external entities XXE injection vulnerability in the /init API endpoint in Exagid EX10 before 6.4.0 P20, 7.0.1 P12, and 7.2.0 P08 allows an authenticated, unprivileged attacker to achieve information disclosure and privilege escalation via a crafted ISys XML message...

Linux Distros Unpatched Vulnerability : CVE-2023-5363

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Issue summary: A bug has been identified in the processing of key and initialisation vector IV lengths. This can lead to potential truncation or overruns during...

SUSE CVE-2025-38579

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix KMSAN uninit-value in extentinfo usage KMSAN reported a use of uninitialized value in isextentmergeable and isbackmergeable via the read extent tree path. The root cause is that getreadextentinfo only initializes three...

SUSE CVE-2025-38582

In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix double destruction of rsvqp rsvqp may be double destroyed in error flow, first in freemrinit, and then in hnsroceexit. Fix it by moving the freemrinit call into hnsrocev2init. listdel corruption, ffff589732eb9b50-ne...