Security Bulletin: IBM Technical Suppport Appliance - possible security flaws in memory management leading to information disclosure or denial of service

Summary A flaw in the KASAN Kernel Address Sanitizer code may allow memory to be accessed that is already free and a flaw in Virtual Machine Communication Interface VMCI allowed uninitialized kernel memory to be exposed to userspace. Vulnerability Details CVEID:CVE-2022-49058 DESCRIPTION: In the...

EUVD-2023-27856

Malicious code in bioql PyPI...

EUVD-2023-27857

Malicious code in bioql PyPI...

Delta Electronics CNCSoft-G2 安全漏洞

Delta Electronics CNCSoft-G2 is a human-machine interface HMI software from Delta Electronics, China. The Delta Electronics CNCSoft-G2 suffers from a stack buffer overflow vulnerability that originates from improperly restricted memory buffer operations and can be exploited by an attacker to...

Linux Distros Unpatched Vulnerability : CVE-2023-53259

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - VMCI: check context-notifypage after call to getuserpagesfast to avoid GPF The call to getuserpagesfast in vmcihostsetupnotify can return NULL context-notifypag...

CVE-2023-53259 VMCI: check context->notify_page after call to get_user_pages_fast() to avoid GPF

In the Linux kernel, the following vulnerability has been resolved: VMCI: check context-notifypage after call to getuserpagesfast to avoid GPF The call to getuserpagesfast in vmcihostsetupnotify can return NULL context-notifypage causing a GPF. To avoid GPF check if context-notifypage == NULL and...

vmci: Prevent the dispatching of uninitialized payloads

...

CVE-2025-38611

In the Linux kernel, the following vulnerability has been resolved: vmci: Prevent the dispatching of uninitialized payloads The reproducer executes the host's unlockedioctl call in two different tasks. When initcontext fails, the struct vmcieventctx is not fully initialized when executing...

CVE-2025-38611

Removed by vendor...

PT-2025-33809

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The Linux kernel contains a flaw in the vmci subsystem where uninitialized payloads can be dispatched. This occurs when the init context function fails, leading to incomplete...

VMCI: fix race between vmci_host_setup_notify and vmci_ctx_unset_notify

...

AZL-73025 CVE-2025-38403 affecting package kernel for versions less than 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: vsock/vmci: Clear the vmci transport packet properly when initializing it In vmcitransportpacketinit memset the vmcitransportpacket before populating the fields to avoid any uninitialised data being left in the structure...

CVE-2025-38403 vsock/vmci: Clear the vmci transport packet properly when initializing it

In the Linux kernel, the following vulnerability has been resolved: vsock/vmci: Clear the vmci transport packet properly when initializing it In vmcitransportpacketinit memset the vmcitransportpacket before populating the fields to avoid any uninitialised data being left in the structure...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from not properly initializing the vmci transport packet structure, which could result in uninitialized data...

INVT VT-Designer 安全漏洞

INVT VT-Designer is an HMI programming and configuration software from China-based INVT. A security vulnerability exists in INVT VT-Designer that stems from a type confusion when parsing PM3 files, which could lead to remote code execution...

The vulnerability of the Virtual Machine Communication Interface (VMCI) implementation in software products such as VMware ESXi, Workstation, Fusion, and Cloud Foundation allows a perpetrator to execute arbitrary code.

The vulnerability of the Virtual Machine Communication Interface VMCI implementation in software products such as VMware ESXi, Workstation, Fusion, and Cloud Foundation lies in buffer overflow attacks. Exploiting this vulnerability allows an attacker to execute arbitrary code...

AZL-64496 CVE-2025-38102 affecting package kernel for versions less than 6.6.96.1-1

In the Linux kernel, the following vulnerability has been resolved: VMCI: fix race between vmcihostsetupnotify and vmcictxunsetnotify During our test, it is found that a warning can be trigger in trygrabfolio as follow: ------------ cut here ------------ WARNING: CPU: 0 PID: 1678 at mm/gup.c:147...

Contec CONPROSYS HMI System 安全漏洞

Contec CONPROSYS HMI System is an HMI Human Machine Interface/SCADA Supervisory Control and Data Acquisition software product based on HTML5 technology from Contec Japan. A security vulnerability exists in Contec CONPROSYS HMI System versions prior to 3.7.7, which originates from an unauthenticat...

Fuji Electric Smart Editor 安全漏洞

Fuji Electric Smart Editor is an editing software developed by Fuji Electric for configuring and programming Human Machine Interface HMI devices. A buffer overflow vulnerability exists in Fuji Electric Smart Editor, which can be exploited by an attacker to execute arbitrary code...

CVE-2024-27453

In Extreme XOS through 22.6.1.4, a read-only user can escalate privileges to root via a crafted HTTP POST request to the python method of the Machine-to-Machine Interface MMI...