PT-2026-44252

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A double free issue exists in the btrfs module within the create space info function error path. When kobject init and add fails, the system executes a call chain that leads to space inf...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-012988)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-012988 advisory. In the Linux kernel, the following vulnerability has been resolved: fs: sysfs: Fix reference leak in sysfsbreakactiveprotection The sysfsbreakactiveprotection routin...

CVE-2026-23763 VB-Audio Matrix Drivers Local Privilege Escalation via Kernel Memory Exposure

VB-Audio Matrix and Matrix Coconut versions ending in 1.0.2.2 and 2.0.2.2 and earlier, respectively, contain a local privilege escalation vulnerability in the VBMatrix VAIO virtual audio driver vbmatrixvaio64win10.sys. The driver allocates a 128-byte non-paged pool buffer and, upon receiving IOCT...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a failure to free kernel object names after a device registration failure, which could lead to a memory leak...

CVE-2025-55078

CVE-2025-55078 affects Eclipse ThreadX before version 6.4.3. The issue is incomplete validation of kernel object pointers in system calls: a pointer to a reserved or unmapped memory region could bypass checks because the validator did not ensure the pointer lies within the module memory region, e...

Linux Distros Unpatched Vulnerability : CVE-2024-25740

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A memory leak flaw was found in the UBI driver in drivers/mtd/ubi/attach.c in the Linux kernel through 6.7.4 for UBIIOCATT, because kobj-name is not released...

CVE-2022-25477

Vulnerability in Realtek RtsPer driver for PCIe Card Reader RtsPer.sys before 10.0.22000.21355 and Realtek RtsUer driver for USB Card Reader RtsUer.sys before 10.0.22000.31274 leaks driver logs that contain addresses of kernel mode objects, weakening KASLR...

The Cost of Performance: Breaking ThreadX with Kernel Object Masquerading Attacks

Microcontroller-based IoT devices often use embedded real-time operating systems RTOSs. Vulnerabilities in these embedded RTOSs can lead to compromises of those IoT devices. Despite the significance of security protections, the absence of standardized security guidelines results in various levels...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: use timestamp to check for set element timeout CVE-2024-27397 In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: prefer nftchainvalidate CVE-2024-41042 In...

CVE-2022-25477

Vulnerability in Realtek RtsPer driver for PCIe Card Reader RtsPer.sys before 10.0.22000.21355 and Realtek RtsUer driver for USB Card Reader RtsUer.sys before 10.0.22000.31274 leaks driver logs that contain addresses of kernel mode objects, weakening KASLR...

Realtek RtsPer driver for PCIe Card Reader and Realtek RtsUer driver for USB Card Reader Security Vulnerabilities

Realtek RtsPer driver for PCIe Card Reader and Realtek RtsUer driver for USB Card Reader are both a card reader driver from Realtek Semiconductor Realtek of China. A security vulnerability exists in Realtek RtsPer driver for PCIe Card Reader and Realtek RtsUer driver for USB Card Reader. An...

The vulnerability of the ubi_attach() function in the UBI driver for Linux operating systems allows a hacker to cause a service failure or exert other effects.

The vulnerability of the ubiattach function in the UBI Unsorted Block Images driver for the Linux operating system is related to a memory leak caused by the lack of releasing the kobj-name variable in the drivers/mtd/ubi/attach.c file. Exploiting this vulnerability can allow an attacker to cause ...

USN-6625-3 linux-raspi, linux-raspi-5.4 vulnerabilities

Marek Marczykowski-Górecki discovered that the Xen event channel infrastructure implementation in the Linux kernel contained a race condition. An attacker in a guest VM could possibly use this to cause a denial of service paravirtualized device unavailability. CVE-2023-34324 Zheng Wang discovered...

USN-6625-2 linux-gcp, linux-gcp-5.4 vulnerabilities

Marek Marczykowski-Górecki discovered that the Xen event channel infrastructure implementation in the Linux kernel contained a race condition. An attacker in a guest VM could possibly use this to cause a denial of service paravirtualized device unavailability. CVE-2023-34324 Zheng Wang discovered...

CLSA-2023-1701801241 Fix of 8 CVEs

CVE-url: https://ubuntu.com/security/CVE-2023-45871 - igb: Limit maximum frame Rx based on MTU - igb: Only sync size of expected frame in ethtool testing - igb: Add support for ethtool private flag to allow use of legacy Rx - igb: Add support for using order 1 pages to receive large frames - igb:...

kernel: cpufreq: governor: Use kobject release() method to free dbs_data

A vulnerability was found in the Linux kernel's cpufreq subsystem. The dbsdata struct, which embeds a kobject, improperly attempts to free the struct using kfree rather than through the proper release method. This issue can lead to a use-after-free scenario, resulting in system instability, memor...

Microsoft Windows Kernel Information Disclosure Vulnerability (CNVD-2020-46569)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation.Microsoft Windows is an operating system for personal devices.Microsoft Windows Server is a server operating system. Windows Kernel is one of the Windows system kernels. An information disclosure vulnerabili...

The compatibility subsystem for running Linux applications allows Windows Subsystem for Linux (WSL) operating systems to enable unauthorized access to protected information by attackers.

The vulnerability of the compatibility subsystem for running Linux applications in Windows Subsystem for Linux WSL operating systems is related to object handling errors in the kernel. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information through...

Windows Exploitation Tricks: Abusing the User-Mode Debugger

Posted by James Forshaw, Google Project Zero I've recently been adding native user-mode debugger support to NtObjectManager. Whenever I add new functionality I have to do some research and reverse engineering to better understand how it works. In this case I wondered what access you need to debug...

Microsoft Windows Kernel Information Disclosure Vulnerability (CNVD-2019-03922)

Microsoft Windows 10 and others are a series of operating systems released by Microsoft Corporation in the U.S. Windows kernel is one of the Windows system kernels. An information disclosure vulnerability exists in the Microsoft Windows kernel that can be exploited by an attacker to retrieve the...