Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-004073)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004073 advisory. A buffer over-read at the framebuffer layer in the fbcon code in the Linux kernel before 5.8.15 could be used by local attackers to read kernel memory, aka...

EUVD-2024-18551

Malicious code in bioql PyPI...

CVE-2025-7027 SMM Arbitrary Write via Dual-Controlled Pointers in CommandRcx1

A vulnerability in the Software SMI handler SwSmiInputValue 0xB2 allows a local attacker to control both the read and write addresses used by the CommandRcx1 function. The write target is derived from an unvalidated UEFI NVRAM variable SetupXtuBufferAddress, while the write content is read from a...

TencentOS Server 3: libXpm (TSSA-2024:0181)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0181 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

CVE-2025-22886

OpenHarmony vulnerability CVE-2025-22886 affects OpenHarmony v5.0.3 and earlier. The issue stems from missing release of memory in a component, enabling a local attacker to cause a Denial of Service. Affected scope is limited to local access; integrity and confidentiality are not impacted per ava...

CVE-2025-25057

CVE-2025-25057 affects OpenHarmony v5.0.2 and earlier. The root cause is a memory release issue that can be exploited locally to cause a denial of service (memory leak). The available sources consistently describe a local attacker and a DoS outcome due to unfreed memory, but do not provide concre...

CVE-2024-20836

Out of bounds Read vulnerability in ssmisgetfrm in libsubextractor.so prior to SMR Mar-2024 Release 1 allows local attackers to read out of bounds memory...

CVE-2023-43788 Libxpm: out of bounds read in xpmcreatexpmimagefrombuffer()

A vulnerability was found in libXpm due to a boundary condition within the XpmCreateXpmImageFromBuffer function. This flaw allows a local attacker to trigger an out-of-bounds read error and read the contents of memory on the system...

LSN-0074-1 Kernel Live Patch Security Notice

Elena Petrova discovered that the pin controller device tree implementation in the Linux kernel did not properly handle string references. A local attacker could use this to expose sensitive information kernel memory. CVE-2020-0427 Andy Nguyen discovered that the Bluetooth A2MP implementation in...

MGASA-2020-0474 Updated spice-vdagent package fixes security vulnerabilities

Matthias Gerstner discovered that SPICE vdagent incorrectly handled the activexfers hash table. A local attacker could possibly use this issue to cause SPICE vdagent to consume memory, resulting in a denial of service CVE-2020-25650. Matthias Gerstner discovered that SPICE vdagent incorrectly...

CVE-2017-14140

The movepages system call in mm/migrate.c in the Linux kernel before 4.12.9 doesn't check the effective uid of the target process, enabling a local attacker to learn the memory layout of a setuid executable despite ASLR...