Unity Linux 20.1050e Security Update: kernel (UTSA-2025-990074)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990074 advisory. In the Linux kernel, the following vulnerability has been resolved: net: ipv6: unexport init-annotated seg6hmacinit EXPORTSYMBOL and init is a bad combination becaus...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989514)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989514 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: avoid a use-after-free when BO init fails nouveauboinit is backed by ttmboinit and...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990191)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990191 advisory. In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix uninit-value in copyname syzbot reported BUG: KMSAN: uninit-value in...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989990)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989990 advisory. In the Linux kernel, the following vulnerability has been resolved: igb: Fix potential invalid memory access in igbinitmodule The pciregisterdriver can fail and when...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988708)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988708 advisory. In the Linux kernel, the following vulnerability has been resolved: efi: fix NULL-deref in init error path In cases where runtime services are not supported or have...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989757)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989757 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: myrs: Fix crash in error case In myrsdetect, cs-disableintr is NULL when privdata-hwinit...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988789)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988789 advisory. In the Linux kernel, the following vulnerability has been resolved: ath9khtc: fix uninit value bugs Syzbot reported 2 KMSAN bugs in ath9k. All of them are caused by...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989143)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989143 advisory. In the Linux kernel, the following vulnerability has been resolved: net: ipv6: unexport init-annotated seg6hmacinit EXPORTSYMBOL and init is a bad combination becaus...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990113)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990113 advisory. In the Linux kernel, the following vulnerability has been resolved: can: j1939: j1939sendone: fix missing CAN header initialization The read access to struct...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989302)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989302 advisory. In the Linux kernel, the following vulnerability has been resolved: tcp: fix tcpinittransfer to not reset icskcainitialized This commit fixes a bug found by syzkalle...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989284)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989284 advisory. In the Linux kernel, the following vulnerability has been resolved: rtc: cmos: Fix event handler registration ordering issue Because acpiinstallfixedeventhandler...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989164)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989164 advisory. In the Linux kernel, the following vulnerability has been resolved: ipv6: fix another slab-out-of-bounds in fib6nhflushexceptions While running the self-tests on a...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990059)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990059 advisory. In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Handle SRCU initialization failure during page track init Check the return of...

CVE-2025-40107

In the Linux kernel, the following vulnerability has been resolved: can: hi311x: fix null pointer dereference when resuming from sleep before interface was enabled This issue is similar to the vulnerability in the mcp251x driver, which was fixed in commit 03c427147b2d "can: mcp251x: fix resume fr...

CVE-2025-11690

An Insecure Direct Object Reference IDOR vulnerability exists in the vehicleId parameter, allowing unauthorized access to sensitive information of other users’ vehicles. Exploiting this issue enables an attacker to retrieve data such as GPS coordinates, encryption keys, initialization vectors,...

EUVD-2025-37759

An Insecure Direct Object Reference IDOR vulnerability exists in the vehicleId parameter, allowing unauthorized access to sensitive information of other users’ vehicles. Exploiting this issue enables an attacker to retrieve data such as GPS coordinates, encryption keys, initialization vectors,...

CVE-2025-11690

CVE-2025-11690 corresponds to an Insecure Direct Object Reference (IDOR) in the vehicleId parameter of the CFMOTO RIDE API backend. The issue allows unauthorized access to sensitive data from other users’ vehicles (GPS coordinates, encryption keys, initialization vectors, model numbers, fuel stat...

CVE-2025-11690 IDOR vulnerability in the CFMOTO RIDE API

An Insecure Direct Object Reference IDOR vulnerability exists in the vehicleId parameter, allowing unauthorized access to sensitive information of other users’ vehicles. Exploiting this issue enables an attacker to retrieve data such as GPS coordinates, encryption keys, initialization vectors,...

CVE-2025-11690 IDOR vulnerability in the CFMOTO RIDE API

An Insecure Direct Object Reference IDOR vulnerability exists in the vehicleId parameter, allowing unauthorized access to sensitive information of other users’ vehicles. Exploiting this issue enables an attacker to retrieve data such as GPS coordinates, encryption keys, initialization vectors,...

Linux Distros Unpatched Vulnerability : CVE-2025-40107

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - can: hi311x: fix null pointer dereference when resuming from sleep before interface was enabled This issue is similar to the vulnerability in the mcp251x driver...