CVE-2025-38695

CVE-2025-38695 affects the Linux kernel SCSI lpfc, where lpfc_sli4_vport cleanup can run before sli4_hba.hdwqs are allocated if lpfc_sli4_read_rev() fails. This may cause a NULL pointer dereference when acquiring abts_io_buf_list_lock for the first hardware queue. The fix adds a NULL pointer chec...

CVE-2025-38691 pNFS: Fix uninited ptr deref in block/scsi layout

In the Linux kernel, the following vulnerability has been resolved: pNFS: Fix uninited ptr deref in block/scsi layout The error occurs on the third attempt to encode extents. When function exttreepreparecommit reallocates a larger buffer to retry encoding extents, the "layoutupdatepages" page arr...

vsock/vmci: Clear the vmci transport packet properly when initializing it

...

scsi: hisi_sas: Create all dump files during debugfs initialization

...

drm/amd/display: Add NULL check for clk_mgr in dcn32_init_hw

...

drm/amd/display: Check null-initialized variables

...

drm/xe/vf: Perform early GT MMIO initialization to read GMDID

...

comedi: Fix initialization of data for instructions that write to subdevice

...

Multiple race conditions in the font initialization could have led to memory corruption and execution of attacker-controlled code. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112.

...

i2c/designware: Fix an initialization issue

...

f2fs: initialize locks earlier in f2fs_fill_super()

...

HID: nvidia-shield: Add missing null pointer checks to LED initialization

...

genirq/irq_sim: Initialize work context pointers properly

...

drm/xe: Add a NULL check in xe_ttm_stolen_mgr_init

...

Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized.

...

CVE-2025-52494

Adacore Ada Web Server AWS before 25.2 is vulnerable to a denial-of-service DoS condition due to improper handling of SSL handshakes during connection initialization. When a client initiates an HTTPS connection, the server performs the SSL handshake before assigning the connection to a processing...

PT-2025-35816

Name of the Vulnerable Software and Affected Versions: Adacore Ada Web Server AWS versions prior to 25.2 Description: The Adacore Ada Web Server AWS is susceptible to a denial-of-service DoS condition resulting from improper handling of SSL handshakes during connection initialization. The server...

Linux Distros Unpatched Vulnerability : CVE-2020-5529

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HtmlUnit prior to 2.37.0 contains code execution vulnerabilities. HtmlUnit initializes Rhino engine improperly, hence a malicious JavScript code can execute...

Linux Distros Unpatched Vulnerability : CVE-2025-38645

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net/mlx5: Check device memory pointer before usage Add a NULL check before accessing device memory to prevent a crash if dev-dm allocation in mlx5initonce fails...

Linux Distros Unpatched Vulnerability : CVE-2022-48824

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - scsi: myrs: Fix crash in error case In myrsdetect, cs-disableintr is NULL when privdata-hwinit fails with non-zero. In this case, myrscleanupcs will call a NULL...