Apple多款产品 缓冲区错误漏洞

Apple iOS and other products are products of Apple Inc.Apple iOS is an operating system developed for mobile devices.Apple watchOS is an operating system for smartwatches.Apple iPadOS is an operating system for iPad tablets. A buffer error vulnerability exists in several Apple products, which...

PT-2025-51014

Name of the Vulnerable Software and Affected Versions iOS versions prior to 18.7.2 iOS versions prior to 26.1 iPadOS versions prior to 18.7.2 iPadOS versions prior to 26.1 macOS Sequoia versions prior to 15.7.2 macOS Sonoma versions prior to 14.8.2 macOS Tahoe versions prior to 26.1 tvOS versions...

About the security content of iOS 26.1 and iPadOS 26.1

About the security content of iOS 26.1 and iPadOS 26.1 This document describes the security content of iOS 26.1 and iPadOS 26.1. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches ...

PT-2025-44824

Name of the Vulnerable Software and Affected Versions macOS versions prior to Sonoma 14.8.2 macOS versions prior to Sequoia 15.7.2 Description An application may be able to cause unexpected system termination or corrupt kernel memory due to improper memory handling. Recommendations Update to macO...

Astra Linux - уязвимость в linux-6.12

In the Linux kernel, the following vulnerability has been resolved: nvmet: fix memory leak of bio integrity If nvmet receives commands with metadata there is a continuous memory leak of kmalloc-128 slab or more precisely bio-biintegrity. Since commit bf4c89fc8797 "block: don't call biouninit from...

SUSE CVE-2025-40040

In the Linux kernel, the following vulnerability has been resolved: mm/ksm: fix flag-dropping behavior in ksmmadvise syzkaller discovered the following crash: kernel BUG 44.607039 ------------ cut here ------------ 44.607422 kernel BUG at mm/userfaultfd.c:2067! 44.608148 Oops: invalid opcode: 000...

CVE-2025-40040

In the Linux kernel, the following vulnerability has been resolved: mm/ksm: fix flag-dropping behavior in ksmmadvise syzkaller discovered the following crash: kernel BUG 44.607039 ------------ cut here ------------ 44.607422 kernel BUG at mm/userfaultfd.c:2067! 44.608148 Oops: invalid opcode: 000...

CVE-2025-40040 mm/ksm: fix flag-dropping behavior in ksm_madvise

In the Linux kernel, the following vulnerability has been resolved: mm/ksm: fix flag-dropping behavior in ksmmadvise syzkaller discovered the following crash: kernel BUG 44.607039 ------------ cut here ------------ 44.607422 kernel BUG at mm/userfaultfd.c:2067! 44.608148 Oops: invalid opcode: 000...

Linux Distros Unpatched Vulnerability : CVE-2025-40064

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - smc: Fix use-after-free in pnetfindbasendev. syzbot reported use-after-free of netdevice in pnetfindbasendev, which was called during connect. 0...

Siemens SIMATIC Devices Out-of-bounds Write (CVE-2024-50134)

In the Linux kernel, the following vulnerability has been resolved: drm/vboxvideo: Replace fake VLA at end of vbvamousepointershape with real VLA Replace the fake VLA at end of the vbvamousepointershape shape with a real VLA to fix a memcpy: detected field-spanning write error. Note as mentioned ...

Siemens SIMATIC Devices Use of Uninitialized Resource (CVE-2024-42283)

In the Linux kernel, the following vulnerability has been resolved: net: nexthop: Initialize all fields in dumped nexthops struct nexthopgrp contains two reserved fields that are not initialized by nlaputnhgroup, and carry garbage. This can be observed e.g. with strace edited for clarity: ip...

CVE-2025-62525

OpenWrt Project is a Linux operating system targeting embedded devices. Prior to version 24.10.4, local users could read and write arbitrary kernel memory using the ioctls of the ltq-ptm driver which is used to drive the datapath of the DSL line. This only effects the lantiq target supporting...

CVE-2025-62525

OpenWrt Project is a Linux operating system targeting embedded devices. Prior to version 24.10.4, local users could read and write arbitrary kernel memory using the ioctls of the ltq-ptm driver which is used to drive the datapath of the DSL line. This only effects the lantiq target supporting...

UBUNTU-CVE-2025-62525

OpenWrt Project is a Linux operating system targeting embedded devices. Prior to version 24.10.4, local users could read and write arbitrary kernel memory using the ioctls of the ltq-ptm driver which is used to drive the datapath of the DSL line. This only effects the lantiq target supporting...

EUVD-2025-35592

OpenWrt Project is a Linux operating system targeting embedded devices. Prior to version 24.10.4, local users could read and write arbitrary kernel memory using the ioctls of the ltq-ptm driver which is used to drive the datapath of the DSL line. This only effects the lantiq target supporting...

CVE-2025-62525 OpenWrt vulnerable to local privilage escalation

OpenWrt Project is a Linux operating system targeting embedded devices. Prior to version 24.10.4, local users could read and write arbitrary kernel memory using the ioctls of the ltq-ptm driver which is used to drive the datapath of the DSL line. This only effects the lantiq target supporting...

CVE-2023-53713

In the Linux kernel, the following vulnerability has been resolved: arm64: sme: Use STR P to clear FFR context field in streaming SVE mode The FFR is a predicate register which can vary between 16 and 256 bits in size depending upon the configured vector length. When saving the SVE state in...

CVE-2023-53699 riscv: move memblock_allow_resize() after linear mapping is ready

In the Linux kernel, the following vulnerability has been resolved: riscv: move memblockallowresize after linear mapping is ready The initial memblock metadata is accessed from kernel image mapping. The regions arrays need to "reallocated" from memblock and accessed through linear mapping to cove...

OpenWrt 缓冲区错误漏洞

OpenWrt is the OpenWrt open source set of Linux operating systems for embedded devices. A buffer error vulnerability exists in versions prior to OpenWrt 24.10.4, which stems from the ioctls of the ltq-ptm driver that allows a local user to read and write arbitrary kernel memory, potentially leadi...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987604)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987604 advisory. In the Linux kernel, the following vulnerability has been resolved: watchqueue: Actually free the watch freewatch does everything barring actually freeing the watch...