PT-2026-44252

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix double free in create space info error path When kobject init and add fails, the call chain is: create space info - btrfs sysfs add space info type - kobject init and add - failure - kobject put&space info-kobj - space...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-012988)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-012988 advisory. In the Linux kernel, the following vulnerability has been resolved: fs: sysfs: Fix reference leak in sysfsbreakactiveprotection The sysfsbreakactiveprotection routin...

CVE-2026-23763 VB-Audio Matrix Drivers Local Privilege Escalation via Kernel Memory Exposure

VB-Audio Matrix and Matrix Coconut versions ending in 1.0.2.2 and 2.0.2.2 and earlier, respectively, contain a local privilege escalation vulnerability in the VBMatrix VAIO virtual audio driver vbmatrixvaio64win10.sys. The driver allocates a 128-byte non-paged pool buffer and, upon receiving IOCT...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a failure to free kernel object names after a device registration failure, which could lead to a memory leak...

CVE-2025-55078

CVE-2025-55078 affects Eclipse ThreadX before version 6.4.3. The issue is incomplete validation of kernel object pointers in system calls: a pointer to a reserved or unmapped memory region could bypass checks because the validator did not ensure the pointer lies within the module memory region, e...

Linux Distros Unpatched Vulnerability : CVE-2024-25740

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A memory leak flaw was found in the UBI driver in drivers/mtd/ubi/attach.c in the Linux kernel through 6.7.4 for UBIIOCATT, because kobj-name is not released...

CVE-2022-25477

Vulnerability in Realtek RtsPer driver for PCIe Card Reader RtsPer.sys before 10.0.22000.21355 and Realtek RtsUer driver for USB Card Reader RtsUer.sys before 10.0.22000.31274 leaks driver logs that contain addresses of kernel mode objects, weakening KASLR...

The Cost of Performance: Breaking ThreadX with Kernel Object Masquerading Attacks

Microcontroller-based IoT devices often use embedded real-time operating systems RTOSs. Vulnerabilities in these embedded RTOSs can lead to compromises of those IoT devices. Despite the significance of security protections, the absence of standardized security guidelines results in various levels...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: use timestamp to check for set element timeout CVE-2024-27397 In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: prefer nftchainvalidate CVE-2024-41042 In...

CVE-2022-25477

Vulnerability in Realtek RtsPer driver for PCIe Card Reader RtsPer.sys before 10.0.22000.21355 and Realtek RtsUer driver for USB Card Reader RtsUer.sys before 10.0.22000.31274 leaks driver logs that contain addresses of kernel mode objects, weakening KASLR...

Realtek RtsPer driver for PCIe Card Reader and Realtek RtsUer driver for USB Card Reader Security Vulnerabilities

Realtek RtsPer driver for PCIe Card Reader and Realtek RtsUer driver for USB Card Reader are both a card reader driver from Realtek Semiconductor Realtek of China. A security vulnerability exists in Realtek RtsPer driver for PCIe Card Reader and Realtek RtsUer driver for USB Card Reader. An...

USN-6625-3 linux-raspi, linux-raspi-5.4 vulnerabilities

Marek Marczykowski-Górecki discovered that the Xen event channel infrastructure implementation in the Linux kernel contained a race condition. An attacker in a guest VM could possibly use this to cause a denial of service paravirtualized device unavailability. CVE-2023-34324 Zheng Wang discovered...

USN-6625-2 linux-gcp, linux-gcp-5.4 vulnerabilities

Marek Marczykowski-Górecki discovered that the Xen event channel infrastructure implementation in the Linux kernel contained a race condition. An attacker in a guest VM could possibly use this to cause a denial of service paravirtualized device unavailability. CVE-2023-34324 Zheng Wang discovered...

CLSA-2023-1701801241 Fix of 8 CVEs

CVE-url: https://ubuntu.com/security/CVE-2023-45871 - igb: Limit maximum frame Rx based on MTU - igb: Only sync size of expected frame in ethtool testing - igb: Add support for ethtool private flag to allow use of legacy Rx - igb: Add support for using order 1 pages to receive large frames - igb:...

kernel: cpufreq: governor: Use kobject release() method to free dbs_data

A vulnerability was found in the Linux kernel's cpufreq subsystem. The dbsdata struct, which embeds a kobject, improperly attempts to free the struct using kfree rather than through the proper release method. This issue can lead to a use-after-free scenario, resulting in system instability, memor...

Microsoft Windows Kernel Information Disclosure Vulnerability (CNVD-2020-46569)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation.Microsoft Windows is an operating system for personal devices.Microsoft Windows Server is a server operating system. Windows Kernel is one of the Windows system kernels. An information disclosure vulnerabili...

Windows Exploitation Tricks: Abusing the User-Mode Debugger

Posted by James Forshaw, Google Project Zero I've recently been adding native user-mode debugger support to NtObjectManager. Whenever I add new functionality I have to do some research and reverse engineering to better understand how it works. In this case I wondered what access you need to debug...

Microsoft Windows Kernel Information Disclosure Vulnerability (CNVD-2019-03922)

Microsoft Windows 10 and others are a series of operating systems released by Microsoft Corporation in the U.S. Windows kernel is one of the Windows system kernels. An information disclosure vulnerability exists in the Microsoft Windows kernel that can be exploited by an attacker to retrieve the...

Microsoft Windows Unnamed Kernel Object Limit Elevation Vulnerability

Microsoft Windows is a series of operating systems released by the American company Microsoft. An elevation of privilege vulnerability exists in Microsoft Windows Unnamed Kernel Object. An attacker can exploit the vulnerability to cause elevation of privilege by defaulting the security descriptor...

CVE-2017-8471

Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an authenticated attacker to run a specially crafted application when the Windows kernel improperly...