CVE-2026-43489

The CVE describes a Linux kernel liveupdate issue where LUO’s retrieve status for a LUO file could be inconsistent after a failed retrieve, risking repeated retries and potential use-after-free-like states due to stale serialization data. The fix changes the retrieved indicator from a boolean to ...

SUSE CVE-2026-43389

In the Linux kernel, the following vulnerability has been resolved: mm: memfdluo: always dirty all folios A dirty folio is one which has been written to. A clean folio is its opposite. Since a clean folio has no user data, it can be freed under memory pressure. memfd preservation with LUO saves t...

Linux Distros Unpatched Vulnerability : CVE-2026-43389

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: mm: memfdluo: always dirty all folios A dirty folio is one which has been written to. A clea...

CVE-2026-43389

A flaw was found in the memfdluo subsystem of the Linux kernel. When using memfd preservation with Live Update Operations LUO, the kernel may incorrectly mark a memory page folio as clean even if it contains user data. This can lead to data loss, as the kernel might reclaim these 'dirty' folios...

EUVD-2026-28695

In the Linux kernel, the following vulnerability has been resolved: mm: memfdluo: always dirty all folios A dirty folio is one which has been written to. A clean folio is its opposite. Since a clean folio has no user data, it can be freed under memory pressure. memfd preservation with LUO saves t...

CVE-2026-43389

In the Linux kernel, the following vulnerability has been resolved: mm: memfdluo: always dirty all folios A dirty folio is one which has been written to. A clean folio is its opposite. Since a clean folio has no user data, it can be freed under memory pressure. memfd preservation with LUO saves t...

CVE-2026-43389

In the Linux kernel, the following vulnerability has been resolved: mm: memfdluo: always dirty all folios A dirty folio is one which has been written to. A clean folio is its opposite. Since a clean folio has no user data, it can be freed under memory pressure. memfd preservation with LUO saves t...

UBUNTU-CVE-2026-43389

In the Linux kernel, the following vulnerability has been resolved: mm: memfdluo: always dirty all folios A dirty folio is one which has been written to. A clean folio is its opposite. Since a clean folio has no user data, it can be freed under memory pressure. memfd preservation with LUO saves t...

CVE-2026-43389 mm: memfd_luo: always dirty all folios

In the Linux kernel, the following vulnerability has been resolved: mm: memfdluo: always dirty all folios A dirty folio is one which has been written to. A clean folio is its opposite. Since a clean folio has no user data, it can be freed under memory pressure. memfd preservation with LUO saves t...

PT-2026-39050

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the memfd luo component where the preservation of folios units of memory management does not correctly track their dirty state. A dirty folio is one that has been...

Vulnerability impacts AIX due to cURL libcurl (CVE-2025-14524)

IBM SECURITY ADVISORY First Issued: Wed Apr 15 15:24:39 CDT 2026 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/curladvisory9.asc Security Bulletin: Vulnerability impacts AIX due to cURL libcurl CVE-2025-14524...

EUVD-2016-10867

IObit Malware Fighter 4.3.1 contains an unquoted service path vulnerability in the IMFservice and LiveUpdateSvc services that allows local attackers to escalate privileges. Attackers can insert a malicious executable file in the unquoted service path and trigger privilege escalation when the...

CVE-2016-20059 IObit Malware Fighter 4.3.1 Unquoted Service Path Privilege Escalation

IObit Malware Fighter 4.3.1 contains an unquoted service path vulnerability in the IMFservice and LiveUpdateSvc services that allows local attackers to escalate privileges. Attackers can insert a malicious executable file in the unquoted service path and trigger privilege escalation when the...

GHSA-GFMV-VH34-H2X5 Signal K Server: Unauthenticated Source Priorities Manipulation

Summary The SignalK Server exposes an unauthenticated HTTP endpoint that allows remote attackers to modify navigation data source priorities. This endpoint, accessible via PUT /signalk/v1/api/sourcePriorities, does not enforce authentication or authorization checks and directly assigns...

Signal K Server: Unauthenticated Source Priorities Manipulation

Summary The SignalK Server exposes an unauthenticated HTTP endpoint that allows remote attackers to modify navigation data source priorities. This endpoint, accessible via PUT /signalk/v1/api/sourcePriorities, does not enforce authentication or authorization checks and directly assigns...

ASUS Live Update < 3.6.8 Embedded Malicious Code (CVE-2025-59374)

The version of ASUS Live Update installed on the remote host is prior to 3.6.8 and, therefore, affected by an embedded malicious code vulnerability. - Certain versions of the ASUS Live Update client were distributed with unauthorized modifications introduced through a supply chain compromise. The...

CVE-2020-24088

An issue was discovered in MmMapIoSpace routine in Foxconn Live Update Utility 2.1.6.26, allows local attackers to escalate privileges...

CISA warns ASUS Live Update backdoor is still exploitable, seven years on

Recently, the Cybersecurity and Infrastructure Security Agency CISA added along with two others a vulnerability in ASUS Live Update to its catalog of Known Exploited Vulnerabilities KEV. The KEV catalog lists vulnerabilities that are known to be exploited in the wild and sets patch deadlines for...

CISA Flags Critical ASUS Live Update Flaw After Evidence of Active Exploitation

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Wednesday added a critical flaw impacting ASUS Live Update to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2025-59374 CVSS score: 9.3, has been described...

CVE-2025-59374

"UNSUPPORTED WHEN ASSIGNED" Certain versions of the ASUS Live Update client were distributed with unauthorized modifications introduced through a supply chain compromise. The modified builds could cause devices meeting specific targeting conditions to perform unintended actions. Only devices that...