AlmaLinux 9 : microcode_ctl (ALSA-2025:7043)

The remote AlmaLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2025:7043 advisory. microcodectl: Improper input validation in UEFI firmware CVE-2024-28047 microcodectl: Insufficient granularity of access control in UEFI firmware...

TeleMessage TM SGNL Initialization of a Resource with an Insecure Default Vulnerability

TeleMessage TM SGNL contains an initialization of a resource with an insecure default vulnerability. This vulnerability relies on how the Spring Boot Actuator is configured with an exposed heap dump endpoint at a /heapdump URI...

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation via the machine init process. An attacker can intercept or manipulate data in transit by performing a man-in-the-middle attack during the download of VM images from an OCI registry. Workaround This...

kernel: nbd: always initialize struct msghdr completely

In the Linux kernel, the following vulnerability has been resolved: nbd: always initialize struct msghdr completely syzbot complains that msg-msggetinq value can be uninitialized 1 struct msghdr got many new fields recently, we should always make sure their values is zero by default. 1 BUG: KMSAN...

PT-2025-33777

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The Linux kernel contained a flaw within the f2fs file system related to uninitialized values in the extent info structure. Specifically, the get read extent info function only...

Vulnerability of the betopff_init() function in the drivers/hid/hid-betopff.c module – The driver for the input device subsystem of the Linux kernel, which allows a hacker to cause a service failure.

Vulnerability of the betopffinit function in the drivers/hid/hid-betopff.c module – The driver for the user interface devices in the Linux kernel is vulnerable due to buffer overflow attacks. Exploiting this vulnerability could allow an attacker to cause a system failure...

UBUNTU-CVE-2025-6032

A flaw was found in Podman. The podman machine init command fails to verify the TLS certificate when downloading the VM images from an OCI registry. This issue results in a Man In The Middle attack...

USN-7588-1: GSS NTLMSSP vulnerabilities

Phil Turnbull discovered that GSS NTLMSSP may perform out-of-bounds reads when decoding NTLM fields and target information. An attacker could possibly use this issue to cause GSS NTLMSSP to crash, resulting in a denial of service. CVE-2023-25563, CVE-2023-25567 Phil Turnbull discovered that GSS...

libvpx: Double-free in libvpx encoder

A flaw was found in libvpx. A double-free issue can occur in vpxcodecencinitmulti after a failed allocation when initializing the encoder for WebRTC. This can cause memory corruption and an exploitable crash...

The vulnerability of the kvm_riscv_vcpu_sbi_init() function in the arch/riscv/kvm/vcpu_sbi.c module of the Linux operating system allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the kvmriscvvcpusbiinit function in the arch/riscv/kvm/vcpusbi.c module of the Linux operating system is related to unvalidated array indexing. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the protect...

CVE-2025-38036

In the Linux kernel, the following vulnerability has been resolved: drm/xe/vf: Perform early GT MMIO initialization to read GMDID VFs need to communicate with the GuC to obtain the GMDID value and existing GuC functions used for that assume that the GT has it's MMIO members already setup. However...

CVE-2025-5820

Sony XAV-AX8500 Bluetooth ERTM Channel Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected Sony XAV-AX8500 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...

CVE-2022-50127

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix error unwind in rxecreateqp In the function rxecreateqp, rxeqpfrominit is called to initialize qp, internally things like the spin locks are not setup until rxeqpinitreq. If an error occures before this point then t...

CVE-2022-50227

In the Linux kernel, the following vulnerability has been resolved: KVM: x86/xen: Initialize Xen timer only once Add a check for existing xen timers before initializing a new one. Currently kvmxeninittimer is called on every KVMXENVCPUATTRTYPETIMER, which is causing the following ODEBUG crash whe...

CVE-2022-50179

In the Linux kernel, the following vulnerability has been resolved: ath9k: fix use-after-free in ath9khifusbrxcb Syzbot reported use-after-free Read in ath9khifusbrxcb 0. The problem was in incorrect htchandle-drvpriv initialization. Probable call trace which can trigger use-after-free:...

CVE-2022-50130

A flaw was found in the fbtft module in the Linux kernel. An incorrect order of operations can cause an improper initialization of framebuffer devices, potentially impacting system stability and resulting in a denial of service...

CVE-2022-50058

In the Linux kernel, the following vulnerability has been resolved: vdpasimblk: set number of address spaces and virtqueue groups Commit bda324fd037a "vdpasim: control virtqueue support" added two new fields nas, ngroups to vdpasimdevattr, but we forgot to initialize them for vdpasimblk. When...

CVE-2025-52464

Meshtastic is an open source mesh networking solution. In versions from 2.5.0 to before 2.6.11, the flashing procedure of several hardware vendors was resulting in duplicated public/private keys. Additionally, the Meshtastic was failing to properly initialize the internal randomness pool on some...

Vulnerability fixed in Cisco AnyConnect VPN for Meraki MX and Z

Cisco has fixed a vulnerability in the Cisco AnyConnect VPN server on Cisco Meraki MX and Z Series devices. The vulnerability is in how the Cisco AnyConnect VPN server initializes variables during the establishment of SSL VPN sessions. Unauthenticated remote attackers can exploit this...

SUSE CVE-2022-49971

In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Fix a potential gpumetricstable memory leak Memory is allocated for gpumetricstable in smuv1304initsmctables, but not freed in smuv1304finismctables. This may cause memory leaks, fix it...