CVE-2025-15038

The CVE-2025-15038 affected component is the ASUS Business System Control Interface driver. A vulnerability described as Out-of-Bounds allows a local, unprivileged user to craft an IOCTL request that can trigger kernel information disclosure or cause a system crash. The exposure is linked to loca...

CVE-2025-15037

An Incorrect Permission Assignment vulnerability exists in the ASUS Business System Control Interface driver. This vulnerability can be triggered by an unprivileged local user sending a specially crafted IOCTL request, potentially leading to unauthorized access to sensitive hardware resources and...

CVE-2025-15037

An Incorrect Permission Assignment vulnerability exists in the ASUS Business System Control Interface driver. This vulnerability can be triggered by an unprivileged local user sending a specially crafted IOCTL request, potentially leading to unauthorized access to sensitive hardware resources and...

CVE-2025-70616

A stack buffer overflow vulnerability exists in the Wincor Nixdorf wnBios64.sys kernel driver version 1.2.0.0 in the IOCTL handler for code 0x80102058. The vulnerability is caused by missing bounds checking on the user-controlled Options parameter before copying data into a 40-byte stack buffer...

CVE-2025-70616

A stack buffer overflow vulnerability exists in the Wincor Nixdorf wnBios64.sys kernel driver version 1.2.0.0 in the IOCTL handler for code 0x80102058. The vulnerability is caused by missing bounds checking on the user-controlled Options parameter before copying data into a 40-byte stack buffer...

PT-2026-23482

Name of the Vulnerable Software and Affected Versions Wincor Nixdorf wnBios64.sys version 1.2.0.0 Description A stack buffer overflow exists in the wnBios64.sys kernel driver within the IOCTL handler for code 0x80102058. The issue is due to a lack of bounds checking on the user-controlled Options...

CVE-2025-70616

A stack buffer overflow vulnerability exists in the Wincor Nixdorf wnBios64.sys kernel driver version 1.2.0.0 in the IOCTL handler for code 0x80102058. The vulnerability is caused by missing bounds checking on the user-controlled Options parameter before copying data into a 40-byte stack buffer...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-005538)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005538 advisory. In the Linux kernel, the following vulnerability has been resolved: ip: Fix data-races around sysctlipfwdupdatepriority. While reading sysctlipfwdupdatepriority, it...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005646)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005646 advisory. In the Linux kernel, the following vulnerability has been resolved: afunix: Fix data-races around user-unixinflight. user-unixinflight is changed under...

Vulnerabilities fixed in Microsoft Windows

Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Manipulation of data - Accessing sensitive data - Execution of arbitrary code user privileges -...

Linux Distros Unpatched Vulnerability : CVE-2026-22978

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wifi: avoid kernel-infoleak from struct iwpoint struct iwpoint has a 32bit hole on 64bit arches. struct iwpoint void user pointer; / Pointer to the data in user...

EUVD-2022-54676

In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Use kzalloc for sev ioctl interfaces to prevent kernel data leak For some sev ioctl interfaces, the length parameter that is passed maybe less than or equal to SEVFWBLOBMAXSIZE, but larger than the data that PSP firmwar...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004413)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004413 advisory. A flaw was found in the Linux kernel's implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004211)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004211 advisory. A stack information leak flaw was found in s390/s390x in the Linux kernels memory manager functionality, where it incorrectly writes to the /proc/sys/vm/cmmtimeout...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-004124)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004124 advisory. A flaw was found in the Linux kernel's implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001629)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001629 advisory. A kernel data leak due to an out-of-bound read was found in the Linux kernel in inetdiagmsgsctp,laddrfill and sctpgetsctpinfo functions present since version 4.7-rc1...

CVE-2025-67246

A local information disclosure vulnerability exists in the Ludashi driver before 5.1025 due to a lack of access control in the IOCTL handler. This driver exposes a device interface accessible to a normal user and handles attacker-controlled structures containing the lower 4GB of physical addresse...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002059)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002059 advisory. The sg implementation in the Linux kernel through 4.9 does not properly restrict write operations in situations where the KERNELDS option is set, which allows local...

CVE-2025-67246

A local information disclosure vulnerability exists in the Ludashi driver before 5.1025 due to a lack of access control in the IOCTL handler. This driver exposes a device interface accessible to a normal user and handles attacker-controlled structures containing the lower 4GB of physical addresse...

CVE-2025-67246

A local information disclosure in the Ludashi driver (pre-5.1025) due to insufficient access control in the IOCTL handler. The driver exposes a device interface to unprivileged users, accepts attacker-controlled structures containing the lower 4 GB of physical addresses, maps arbitrary physical m...