CVE-2024-0391

The check user account lock states feature within the email OTP flow fails to validate user input, allowing an attacker to infer the existence of registered user accounts. The discovery of valid usernames can increase the risk of brute-force and social engineering attacks. Attackers can leverage...

CVE-2026-31676

The CVE-2026-31676 issue concerns the Linux kernel’s rxrpc subsystem. A flaw allowed duplicate or late RESPONSE packets to be processed outside the intended RXRPC_CONN_SERVICE_CHALLENGING state. The fix enforces state-checking under a state_lock before performing response verification and securit...

CVE-2025-54510

A missing lock verification in AMD Secure Processor ASP firmware may permit a locally authenticated attacker with administrative privileges to alter MMIO routing on some Zen 5-based products, potentially compromising guest system integrity...

CVE-2025-54510

The connected documents confirm CVE-2025-54510 affects AMD Zen 5 (and related platforms) via a missing lock verification in the AMD Secure Processor (ASP) firmware that can allow a locally authenticated, high-privilege attacker to alter MMIO routing during boot/init, potentially compromising gues...

CVE-2025-54510

A missing lock verification in AMD Secure Processor ASP firmware may permit a locally authenticated attacker with administrative privileges to alter MMIO routing on some Zen 5-based products, potentially compromising guest system integrity...

RHEL 8 : kernel (RHSA-2026:3360)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:3360 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: RDMA/core: Fix KASAN:...

CVE-2023-53839 dccp: fix data-race around dp->dccps_mss_cache

In the Linux kernel, the following vulnerability has been resolved: dccp: fix data-race around dp-dccpsmsscache dccpsendmsg reads dp-dccpsmsscache before locking the socket. Same thing in dodccpgetsockopt. Add READONCE/WRITEONCE annotations, and change dccpsendmsg to check again dccpsmsscache aft...

CVE-2023-53231 erofs: Fix detection of atomic context

In the Linux kernel, the following vulnerability has been resolved: erofs: Fix detection of atomic context Current check for atomic context is not sufficient as zerofsdecompressqueueendio can be called under rcu lock from blkmqflushpluglist. See the stacktrace 1 In such case we should hand off th...

Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP6 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2019-11135: TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may bsc1139073 CVE-2024-36028: mm/hugetlb: fix DEBUGLOCKSWARNON1 when...

Linux Distros Unpatched Vulnerability : CVE-2025-22093

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: avoid NPD when ASIC does not support DMUB ctx-dmubsrv will de NULL if the...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a recursive lock check in ptpvclockinuse, which could lead to a deadlock...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: schhfsc: Fix qlen accounting bug when using peek in hfscenqueue CVE-2025-38000 In the Linux kernel, the following vulnerability has been resolved: netsched: hfsc: Address reentrant enqueue adding class to eltree...

CVE-2025-38058 __legitimize_mnt(): check for MNT_SYNC_UMOUNT should be under mount_lock

In the Linux kernel, the following vulnerability has been resolved: legitimizemnt: check for MNTSYNCUMOUNT should be under mountlock ... or we risk stealing final mntput from sync umount - raising mntcount after umount2 has verified that victim is not busy, but before it has set MNTSYNCUMOUNT; in...

UBUNTU-CVE-2025-22093

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: avoid NPD when ASIC does not support DMUB ctx-dmubsrv will de NULL if the ASIC does not support DMUB, which is tested in dmdmubswinit. However, it will be dereferenced in dmubhwlockmgrcmd if shouldusedmublock...

Synaptics SynHsaService 安全漏洞

Synaptics SynHsaService is a driver from Synaptics, Inc. A security vulnerability exists in Synaptics SynHsaService that stems from a missing lock check...

CVE-2023-5447 Use-After-Free in Service for Hardware Support App for Fingerprint Driver

Missing lock check in SynHsaService may create a use-after-free condition which causes abnormal termination of the service, resulting in denial of service for the Synaptics Hardware Support App...

CVE-2020-22785

Etherpad 1.8.3 is affected by a missing lock check which could cause a denial of service. Aggressively targeting random pad import endpoints with empty data would flatten all pads due to lack of rate limiting and missing ownership check...

Buffer overflow

Etherpad 1.8.3 is affected by a missing lock check which could cause a denial of service. Aggressively targeting random pad import endpoints with empty data would flatten all pads due to lack of rate limiting and missing ownership check...

CVE-2020-22785

CVE-2020-22785 affects Etherpad-Lite versions prior to 1.8.3 due to a missing lock check, enabling a denial-of-service condition. Aggressively targeting random pad import endpoints with empty data could flatten all pads because of no rate limiting and missing ownership checks. The vulnerability i...

CVE-2020-22785

Etherpad 1.8.3 is affected by a missing lock check which could cause a denial of service. Aggressively targeting random pad import endpoints with empty data would flatten all pads due to lack of rate limiting and missing ownership check...