CVE-2025-38250 Bluetooth: hci_core: Fix use-after-free in vhci_flush()

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcicore: Fix use-after-free in vhciflush syzbot reported use-after-free in vhciflush without repro. 0 From the splat, a thread closed a vhci file descriptor while its device was being used by iotcl on another thread...

SUSE CVE-2025-38236

In the Linux kernel, the following vulnerability has been resolved: afunix: Don't leave consecutive consumed OOB skbs. Jann Horn reported a use-after-free in unixstreamreadgeneric. The following sequences reproduce the issue: $ python3 from socket import s1, s2 = socketpairAFUNIX, SOCKSTREAM...

AZL-64799 CVE-2025-38236 affecting package kernel for versions less than 6.6.96.1-1

In the Linux kernel, the following vulnerability has been resolved: afunix: Don't leave consecutive consumed OOB skbs. Jann Horn reported a use-after-free in unixstreamreadgeneric. The following sequences reproduce the issue: $ python3 from socket import s1, s2 = socketpairAFUNIX, SOCKSTREAM...

webkitgtk: Improper access management to CLONE_NEWUSER and the TIOCSTI ioctl

A flaw was found in webkitgtk in versions prior to 2.28.3 and in WPE WebKit in versions prior to 2.28.3. The bubblewrap sandbox failed to properly block access to CLONENEWUSER and the TIOCSTI ioctl. CLONENEWUSER could potentially be used to confuse xdg- desktop-portal, which allows access outside...

CVE-2025-38111

In the Linux kernel, the following vulnerability has been resolved: net/mdiobus: Fix potential out-of-bounds read/write access When using publicly available tools like 'mdio-tools' to read/write data from/to network interface and its PHY via mdiobus, there is no verification of parameters passed ...

kernel: dm ioctl: prevent potential spectre v1 gadget

A vulnerability was found in the Linux kernel's dm-ioctl interface in the lookupioctl function, which accepts a user-provided cmd value that is used to index the ioctls array directly. This issue could lead to an out-of-bounds access if the CPU speculatively executes the array access before cmd i...

kernel: dm ioctl: prevent potential spectre v1 gadget

A vulnerability was found in the Linux kernel's dm-ioctl interface in the lookupioctl function, which accepts a user-provided cmd value that is used to index the ioctls array directly. This issue could lead to an out-of-bounds access if the CPU speculatively executes the array access before cmd i...

CVE-2025-45737

An issue in NetEase Hangzhou Network Co., Ltd NeacSafe64 Driver before v1.0.0.8 allows attackers to escalate privileges via sending crafted IOCTL commands to the NeacSafe64.sys component...

CVE-2025-45737

An issue in NetEase Hangzhou Network Co., Ltd NeacSafe64 Driver before v1.0.0.8 allows attackers to escalate privileges via sending crafted IOCTL commands to the NeacSafe64.sys component...

CVE-2025-45737

CVE-2025-45737 involves the NeacSafe64 Driver (NeacSafe64.sys) from NetEase, with root cause described as improper handling of IOCTL commands in versions prior to 1.0.0.8. The issue enables privilege escalation via crafted IOCTLs and has a network attack vector with no user interaction required. ...

CVE-2025-45737

An issue in NetEase Hangzhou Network Co., Ltd NeacSafe64 Driver before v1.0.0.8 allows attackers to escalate privileges via sending crafted IOCTL commands to the NeacSafe64.sys component...

PT-2025-27046 · Unknown · Neacsafe64 Driver +1

Name of the Vulnerable Software and Affected Versions: NeacSafe64 Driver versions prior to 1.0.0.8 Description: The issue allows attackers to escalate privileges by sending crafted IOCTL commands to the NeacSafe64.sys component. Recommendations: For versions prior to 1.0.0.8, update to version...

CVE-2025-45737

An issue in NetEase Hangzhou Network Co., Ltd NeacSafe64 Driver before v1.0.0.8 allows attackers to escalate privileges via sending crafted IOCTL commands to the NeacSafe64.sys component...

CVE-2022-50226

In the Linux kernel, the following vulnerability has been resolved: crypto: ccp - Use kzalloc for sev ioctl interfaces to prevent kernel memory leak For some sev ioctl interfaces, input may be passed that is less than or equal to SEVFWBLOBMAXSIZE, but larger than the data that PSP firmware return...

CVE-2022-49993

In the Linux kernel, the following vulnerability has been resolved: loop: Check for overflow while configuring loop The userspace can configure a loop using an ioctl call, wherein a configuration of type loopconfig is passed see loioctl's case on line 1550 of drivers/block/loop.c. This proceeds t...

CVE-2022-50010

In the Linux kernel, the following vulnerability has been resolved: video: fbdev: i740fb: Check the argument of i740calcvclk Since the user can control the arguments of the ioctl from the user space, under special arguments that may result in a divide-by-zero bug. If the user provides an improper...

SUSE CVE-2022-49978

In the Linux kernel, the following vulnerability has been resolved: fbdev: fbpm2fb: Avoid potential divide by zero error In dofbioctl of fbmem.c, if cmd is FBIOPUTVSCREENINFO, var will be copied from user, then go through fbsetvar and info-fbops-fbcheckvar which could may be pm2fbcheckvar. Along...

SUSE CVE-2022-50102

In the Linux kernel, the following vulnerability has been resolved: video: fbdev: arkfb: Fix a divide-by-zero bug in arksetpixclock Since the user can control the arguments of the ioctl from the user space, under special arguments that may result in a divide-by-zero bug in:...

CVE-2022-50226

In the Linux kernel, the following vulnerability has been resolved: crypto: ccp - Use kzalloc for sev ioctl interfaces to prevent kernel memory leak For some sev ioctl interfaces, input may be passed that is less than or equal to SEVFWBLOBMAXSIZE, but larger than the data that PSP firmware return...

CVE-2022-49993

In the Linux kernel, the following vulnerability has been resolved: loop: Check for overflow while configuring loop The userspace can configure a loop using an ioctl call, wherein a configuration of type loopconfig is passed see loioctl's case on line 1550 of drivers/block/loop.c. This proceeds t...