kernel: mptcp: fix UaF in listener shutdown

In the Linux kernel, the following vulnerability has been resolved: mptcp: fix UaF in listener shutdown As reported by Christoph after having refactored the passive socket initialization, the mptcp listener shutdown path is prone to an UaF issue. BUG: KASAN: use-after-free in...

kernel: virtio_net: Fix error unwinding of XDP initialization

In the Linux kernel, the following vulnerability has been resolved: virtionet: Fix error unwinding of XDP initialization When initializing XDP in virtnetopen, some rq xdp initialization may hit an error causing net device open failed. However, previous rqs have already initialized XDP and enabled...

kernel: perf/arm_dmc620: Fix hotplug callback leak in dmc620_pmu_init()

A resource leak flaw was found in the ARM DMC-620 PMU driver. If platformdriverregister fails during module initialization, the CPU hotplug callback registered earlier is not removed, leaving a dangling callback...

kernel: cpufreq: Init completion before kobject_init_and_add()

An initialization order bug was found in the Linux kernel's cpufreq subsystem during policy allocation. A local user can trigger this issue when CPU frequency policy initialization fails after kobject registration but before completion initialization, causing the cleanup path to attempt to use an...

kernel: dm stats: check for and propagate alloc_percpu failure

In the Linux kernel, the following vulnerability has been resolved: dm stats: check for and propagate allocpercpu failure Check allocprecpu's return value and return an error from dmstatsinit if it fails. Update allocdev to fail if dmstatsinit does. Otherwise, a NULL pointer dereference will occu...

kernel: floppy: Fix memory leak in do_floppy_init()

In the Linux kernel, the following vulnerability has been resolved: floppy: Fix memory leak in dofloppyinit A memory leak was reported when floppyallocdisk failed in dofloppyinit. unreferenced object 0xffff888115ed25a0 size 8: comm "modprobe", pid 727, jiffies 4295051278 age 25.529s hex dump firs...

kernel: Linux kernel KVM: Denial of Service due to incorrect kvm_arm_init failure handling in finalize_pkvm

A flaw was found in the Linux kernel's Kernel-based Virtual Machine KVM for arm64 architectures. This vulnerability arises from a lack of synchronization between the finalizepkvm and kvmarminit initialization calls. A local attacker with low privileges could exploit this by triggering a scenario...

haproxy: data leak via fcgi requests

A flaw was found in HAProxy, which could allow a remote attacker to obtain sensitive information caused by improper initialization when encoding the FCGIBEGINREQUEST record. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information and us...

Moderate: cloud-init security, bug fix, and enhancement update

The cloud-init packages provide a set of init scripts for cloud instances. Cloud instances need special scripts to run during initialization to retrieve and install SSH keys, and to let the user run various scripts. Security Fixes: cloud-init: sensitive data could be exposed in logs CVE-2023-1786...

PT-2025-40703

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel’s wwan subsystem, specifically within the iosm component. During a suspend and resume cycle, a NULL pointer dereference can occur during device removal ...

Rocky Linux 8 : python-pillow (RLSA-2022:0643)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:0643 advisory. - pathgetbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path. CVE-2022-22815 - pathgetbbox in path.c in Pillow before 9.0.0 has ...

The vulnerability in the bitrix/modules/main/tools.php component of the Bitrix24 business management service allows a malicious individual to gain unauthorized access to protected information and execute arbitrary JavaScript code.

The vulnerability of the bitrix/modules/main/tools.php component of the Bitrix24 business management service is related to initialization errors. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information and execute arbitrary...

Incorrect cipher key & IV length processing

...

SUSE CVE-2017-15097

Privilege escalation flaws were found in the Red Hat initialization scripts of PostgreSQL. An attacker with access to the postgres user account could use these flaws to obtain root access on the server machine...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : openssl-3 (SUSE-SU-2023:4190-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4190-1 advisory. - Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summar...

Uninitialized State Variables

Lines of code Vulnerability details Impact in The resetTmpMarketParameters function is an internal function, which means it can only be called from within the WildcatMarketController contract itself. If a child contract inherits from WildcatMarketController and calls resetTmpMarketParameters befo...

CVE-2023-46232

era-compiler-vyper is the EraVM Vyper compiler for zkSync Era, a layer 2 rollup that uses zero-knowledge proofs to scale Ethereum. Prior to era-compiler-vype version 1.3.10, a bug prevented the initialization of the first immutable variable for Vyper contracts meeting certain criteria. The proble...

Code injection

era-compiler-vyper is the EraVM Vyper compiler for zkSync Era, a layer 2 rollup that uses zero-knowledge proofs to scale Ethereum. Prior to era-compiler-vype version 1.3.10, a bug prevented the initialization of the first immutable variable for Vyper contracts meeting certain criteria. The proble...

CVE-2023-46232 era-compiler-vyper First Immutable Variable Initialization vulnerability

era-compiler-vyper is the EraVM Vyper compiler for zkSync Era, a layer 2 rollup that uses zero-knowledge proofs to scale Ethereum. Prior to era-compiler-vype version 1.3.10, a bug prevented the initialization of the first immutable variable for Vyper contracts meeting certain criteria. The proble...

CVE-2023-46232 era-compiler-vyper First Immutable Variable Initialization vulnerability

era-compiler-vyper is the EraVM Vyper compiler for zkSync Era, a layer 2 rollup that uses zero-knowledge proofs to scale Ethereum. Prior to era-compiler-vype version 1.3.10, a bug prevented the initialization of the first immutable variable for Vyper contracts meeting certain criteria. The proble...