PT-2025-2782 · Imagination Technologies · Graphics Ddk

Name of the Vulnerable Software and Affected Versions: Software affected versions not specified Description: The issue arises when software is installed and run as a non-privileged user, leading to improper GPU system calls. This results in platform instability and reboots. Recommendations: At th...

CVE-2024-7095

On affected platforms running Arista EOS with SNMP configured, if “snmp-server transmit max-size” is configured, under some circumstances a specially crafted packet can cause the snmpd process to leak memory. This may result in the snmpd process being terminated causing SNMP requests to time out...

Stack Overflow

github.com/cosmos/cosmos-sdk, cosmossdk.io/x/tx is vulnerable to Stack overflow. The vulnerability is due to improper handling of transaction decoding in Cosmos SDK, allows for excessive resource consumption or stack overflow when processing transactions, potentially leading to system instability...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that originates in the tracing module that triggers a warning in bitmapparseuser when a large count value is supplied and there ...

PT-2025-34411

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The Linux kernel contains a flaw within the hfsplus filesystem. Syzbot reported an issue where a mutex lock check in hfsplus free extents could trigger warnings and errors during...

Build corruption when using `PYO3_CONFIG_FILE` environment variable

In PyO3 0.23.0 the PYO3CONFIGFILE environment variable used to configure builds regressed such that changing the environment variable would no longer trigger PyO3 to reconfigure and recompile. In combination with workflows using tools such as maturin to build for multiple versions in a single...

rPGP Potential Resource Exhaustion when handling Untrusted Messages

During a security audit, Radically Open Security discovered two vulnerabilities which allow attackers to trigger resource exhaustion vulnerabilities in rpgp by providing crafted messages. This affects general message parsing and decryption with symmetric keys. Impact Affected rpgp versions do not...

SUSE CVE-2024-53135

In the Linux kernel, the following vulnerability has been resolved: KVM: VMX: Bury Intel PT virtualization guest/host mode behind CONFIGBROKEN Hide KVM's ptmode module param behind CONFIGBROKEN, i.e. disable support for virtualizing Intel PT via guest/host mode unless BROKEN=y. There are myriad...

Build corruption when using `PYO3_CONFIG_FILE` environment variable

In PyO3 0.23.0 the PYO3CONFIGFILE environment variable used to configure builds regressed such that changing the environment variable would no longer trigger PyO3 to reconfigure and recompile. In combination with workflows using tools such as maturin to build for multiple versions in a single...

kernel: firmware: cs_dsp: Prevent buffer overrun when processing V2 alg headers

A vulnerability was found in the Linux kernel in the csdsp firmware involving the V2 algorithm headers and the wmfw V2 format, which introduced variable-length strings into the algorithm block header. This means the overall header length is variable and without proper checks can result in an...

The vulnerability of the qcom_llcc_probe() function in the llcc component of Linux kernel allows a hacker to cause a service failure.

The vulnerability of the qcomllccprobe function in the llcc component of Linux kernel relates to the issue of writing operations out of the buffer in memory. Exploiting this vulnerability could allow an attacker to cause a system failure...

kernel: vsock: remove vsock from connected table when connect is interrupted by a signal

A vulnerability was found in the Linux kernel's vsock subsystem's vsockstreamconnect function where improper handling of the socket state can lead to the connected table's list being corrupted. This occurs when a signal interrupt occurs and resets the socket's state without removing it from the...

kernel: firmware: cs_dsp: Prevent buffer overrun when processing V2 alg headers

A vulnerability was found in the Linux kernel in the csdsp firmware involving the V2 algorithm headers and the wmfw V2 format, which introduced variable-length strings into the algorithm block header. This means the overall header length is variable and without proper checks can result in an...

kernel: wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values

A vulnerability was found in the cfg80211 component in the Linux kernel, where a lack of proper range validation applied to the NL80211ATTRTXQQUANTUM can lead to a scenario where the userspace passes an extremely high value that the kernel is not designed to handle efficiently ex. 2^31. This can...

PT-2025-23520 · Hewlett Packard · Hpe Storeonce

Name of the Vulnerable Software and Affected Versions: HPE StoreOnce Software affected versions not specified Description: A directory traversal arbitrary file deletion issue exists. This allows for the deletion of arbitrary files, potentially leading to data loss or system instability. No...

kernel: nvmet: fix a possible leak when destroy a ctrl during qp establishment

A vulnerability was found in the Linux kernel's nvme driver. A lack of proper checks can lead to a race condition during the destruction of a queue pair when a controller is being established. This issue can lead to system instability or crashes...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that originates from a dentry leak in the cachefiles subsystem in the cachefilesopenfile function, which could lead to...

kernel: wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values

A vulnerability was found in the cfg80211 component in the Linux kernel, where a lack of proper range validation applied to the NL80211ATTRTXQQUANTUM can lead to a scenario where the userspace passes an extremely high value that the kernel is not designed to handle efficiently ex. 2^31. This can...

kernel: ppp: reject claimed-as-LCP but actually malformed packets

The vulnerability was found in the Linux kernel's ppp pppgeneric.c driver, in the pppread and pppwrite functions where malformed packets were erroneously identified as LCP packets, leading to potential issues with packet handling. This flaw could potentially lead to system instability...

kernel: PCI/PM: Drain runtime-idle callbacks before driver removal

A vulnerability was found in the PCI subsystem in the Linux kernel, where runtime-idle callbacks are not always drained before a PCI driver is removed. If these callbacks are still active when the driver is removed, it could result in system instability or crashes...