UBUNTU-CVE-2022-49444

In the Linux kernel, the following vulnerability has been resolved: module: fix eshstrndx.shsize=0 OOB access It is trivial to craft a module to trigger OOB access in this line: if info-secstringsstrhdr-shsize - 1 != '\0' BUG: unable to handle page fault for address: ffffc90000aa0fff PGD 10000006...

DEBIAN-CVE-2022-49236

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix UAF due to race between btftrygetmodule and loadmodule While working on code to populate kfunc BTF ID sets for module BTF from its initcall, I noticed that by the time the initcall is invoked, the module BTF can already ...

CVE-2022-49444

CVE-2022-49444: Linux kernel vulnerability in module loading (e_shstrndx).sh_size) leading to an out-of-bounds access; described as exploitable by crafting a module. The issue is resolved by a patch that was rebased onto modules-next. Affected systems require updating to a kernel version containi...

CVE-2022-49236

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix UAF due to race between btftrygetmodule and loadmodule While working on code to populate kfunc BTF ID sets for module BTF from its initcall, I noticed that by the time the initcall is invoked, the module BTF can already ...

CVE-2022-49236

CVE-2022-49236 concerns a Linux kernel use-after-free in BPF/BTF handling: a race between module init and module reuse could allow BTF IDs to be published before a module is fully live. The fix, as described in the related documentation, is to set a BTF_MODULE_F_LIVE flag at MODULE_STATE_LIVE so ...

CVE-2022-49236 bpf: Fix UAF due to race between btf_try_get_module and load_module

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix UAF due to race between btftrygetmodule and loadmodule While working on code to populate kfunc BTF ID sets for module BTF from its initcall, I noticed that by the time the initcall is invoked, the module BTF can already ...

Citrix Profile Management fails to load When User Personalization Layer is enabled

When User Personalization Layer UPL is enabled, Citrix Profile Management CPM profile is is not loaded. If UPL is not enabled, CPM profile does load...

Cybercriminals Use Eclipse Jarsigner to Deploy XLoader Malware via ZIP Archives

A malware campaign distributing the XLoader malware has been observed using the DLL side-loading technique by making use of a legitimate application associated with the Eclipse Foundation. "The legitimate application used in the attack, jarsigner, is a file created during the installation of the...

CVE-2024-57963

Insecure Loading of Dynamic Link Libraries have been discovered in USB-CONVERTERCABLE DRIVER, which could allow local attackers to potentially disclose information or execute arbitray code on affected systems. This issue affects USB-CONVERTERCABLE DRIVER:...

CVE-2025-21703

In the Linux kernel, the following vulnerability has been resolved: netem: Update sch-q.qlen before qdisctreereducebacklog qdisctreereducebacklog notifies parent qdisc only if child qdisc becomes empty, therefore we need to reduce the backlog of the child qdisc before calling it. Otherwise it wou...

CVE-2024-57964

Insecure Loading of Dynamic Link Libraries have been discovered in HVAC Energy Saving Program, which could allow local attackers to potentially disclose information or execute arbitray code on affected systems. This issue affects HVAC Energy Saving Program:...

CVE-2024-57964

The CVE-2024-57964 entry concerns the HVAC Energy Saving Program, where insecure loading of Dynamic Link Libraries is the root cause. The vulnerability can allow a local attacker to disclose information or execute arbitrary code on affected systems, with a CVSS v3.1 base score of 7.3 ( HIGH ) and...

CVE-2024-57964 Insecure Loading of Dynamic Link Libraries in HVAC Energy Saving Program

Insecure Loading of Dynamic Link Libraries have been discovered in HVAC Energy Saving Program, which could allow local attackers to potentially disclose information or execute arbitray code on affected systems. This issue affects HVAC Energy Saving Program:...

CVE-2024-57964 Insecure Loading of Dynamic Link Libraries in HVAC Energy Saving Program

Insecure Loading of Dynamic Link Libraries have been discovered in HVAC Energy Saving Program, which could allow local attackers to potentially disclose information or execute arbitray code on affected systems. This issue affects HVAC Energy Saving Program:...

CVE-2024-57963

CVE-2024-57963 concerns the Hitachi USB-CONVERTERCABLE DRIVER, where an unsafe loading of dynamic link libraries could allow a local attacker to disclose information or execute arbitrary code on affected systems. The vulnerability affects the USB-CONVERTERCABLE DRIVER and is classified with local...

CVE-2024-57963 Insecure Loading of Dynamic Link Libraries in USB-CONVERTERCABLE DRIVER

Insecure Loading of Dynamic Link Libraries have been discovered in USB-CONVERTERCABLE DRIVER, which could allow local attackers to potentially disclose information or execute arbitray code on affected systems. This issue affects USB-CONVERTERCABLE DRIVER:...

Hitachi USB-CONVERTERCABLE DRIVER 安全漏洞

Hitachi USB-CONVERTERCABLE DRIVER is a driver from Hitachi, Ltd Hitachi, Japan. A security vulnerability exists in Hitachi USB-CONVERTERCABLE DRIVER that originates from an unsafe loading of a dynamic link library, which could lead to local code execution or information disclosure...

PT-2025-6761 · Unknown · Usb-Convertercable Driver

Name of the Vulnerable Software and Affected Versions: USB-CONVERTERCABLE DRIVER affected versions not specified Description: A security issue has been discovered in USB-CONVERTERCABLE DRIVER, related to the insecure loading of dynamic link libraries, which could allow local attackers to...

PT-2025-6762 · Unknown · Hvac Energy Saving Program

Name of the Vulnerable Software and Affected Versions: HVAC Energy Saving Program affected versions not specified Description: A discovery has been made of an insecure loading of dynamic link libraries in the HVAC Energy Saving Program, which could allow local attackers to potentially disclose...

Hitachi HVAC Energy Saving Program 安全漏洞

Hitachi HVAC Energy Saving Program is an energy saving program project of Hitachi, Ltd Hitachi, Japan. A security vulnerability exists in Hitachi HVAC Energy Saving Program that originates from an unsafe loading of a dynamic link library, which could lead to local code execution or information...