CVE-2025-40145

CVE-2025-40145 concerns the Linux kernel, where the PCI/pwrctrl path had a double-cleanup issue on failure of devm_add_action_or_reset(). The root cause is that when devm_add_action_or_reset() fails, it invokes the provided cleanup function, so the caller must not perform a second cleanup. The fi...

EUVD-2025-93506

Improper control of dynamically-managed code resources for some IntelR NPU Drivers within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may...

Bitdefender Named a Representative Vendor in the 2025 Gartner® Market Guide for Managed Detection and Response

Bitdefender has once again been recognized as a Representative Vendor in the Gartner® Market Guide for Managed Detection and Response MDR — marking the fourth consecutive year of inclusion. According to Gartner, more than 600 providers globally claim to deliver MDR services, yet only a select few...

Securing the Open Android Ecosystem with Samsung Knox

Raise your hand if you've heard the myth, "Android isn't secure." Android phones, such as the Samsung Galaxy, unlock new ways of working. But, as an IT admin, you may worry about the security—after all, work data is critical. However, outdated concerns can hold your business back from unlocking i...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989321)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989321 advisory. In the Linux kernel, the following vulnerability has been resolved: mtd: rawnand: denali: Use managed device resources All of the resources used by this driver has...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989218)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989218 advisory. In the Linux kernel, the following vulnerability has been resolved: spi: Fix use-after-free with devmspialloc We can't rely on the contents of the devres list during...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990012)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990012 advisory. In the Linux kernel, the following vulnerability has been resolved: memory: fslifc: fix leak of private memory on probe failure On probe error the driver should free...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989697)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989697 advisory. In the Linux kernel, the following vulnerability has been resolved: mtd: rawnand: denali: Use managed device resources All of the resources used by this driver has...

The MSP Cybersecurity Readiness Guide: Turning Security into Growth

MSPs are facing rising client expectations for strong cybersecurity and compliance outcomes, while threats grow more complex and regulatory demands evolve. Meanwhile, clients are increasingly seeking comprehensive protection without taking on the burden of managing security themselves. This shift...

Why Organizations Are Abandoning Static Secrets for Managed Identities

As machine identities explode across cloud environments, enterprises report dramatic productivity gains from eliminating static credentials. And only legacy systems remain the weak link. For decades, organizations have relied on static secrets, such as API keys, passwords, and tokens, as unique...

Eclipse BlueChi 安全漏洞

Eclipse BlueChi is an open source service control and state management software for Eclipse. A security vulnerability exists in Eclipse BlueChi that originates from a user with root privileges being able to create or overwrite systemd service unit files on managed nodes, which could lead to...

SUSE CVE-2023-53704

In the Linux kernel, the following vulnerability has been resolved: clk: imx: clk-imx8mp: improve error handling in imx8mpclocksprobe Replace ofiomap and kzalloc with devmofiomap and devmkzalloc which can automatically release the related memory when the device or driver is removed or unloaded to...

SUSE CVE-2023-53725

In the Linux kernel, the following vulnerability has been resolved: clocksource/drivers/cadence-ttc: Fix memory leak in ttctimerprobe Smatch reports: drivers/clocksource/timer-cadence-ttc.c:529 ttctimerprobe warn: 'timerbaseaddr' from ofiomap not released on lines: 498,508,516. timerbaseaddr may...

EUVD-2023-60012

In the Linux kernel, the following vulnerability has been resolved: net: fix skb leak in skbtstamptx Commit 50749f2dd685 "tcp/udp: Fix memleaks of sk and zerocopy skbs with TX timestamp." added a call to skborphanfragsrx to fix leaks with zerocopy skbs. But it ended up adding a leak of its own...

DEBIAN-CVE-2023-53725

In the Linux kernel, the following vulnerability has been resolved: clocksource/drivers/cadence-ttc: Fix memory leak in ttctimerprobe Smatch reports: drivers/clocksource/timer-cadence-ttc.c:529 ttctimerprobe warn: 'timerbaseaddr' from ofiomap not released on lines: 498,508,516. timerbaseaddr may...

DEBIAN-CVE-2023-53704

In the Linux kernel, the following vulnerability has been resolved: clk: imx: clk-imx8mp: improve error handling in imx8mpclocksprobe Replace ofiomap and kzalloc with devmofiomap and devmkzalloc which can automatically release the related memory when the device or driver is removed or unloaded to...

CVE-2023-53704 clk: imx: clk-imx8mp: improve error handling in imx8mp_clocks_probe()

In the Linux kernel, the following vulnerability has been resolved: clk: imx: clk-imx8mp: improve error handling in imx8mpclocksprobe Replace ofiomap and kzalloc with devmofiomap and devmkzalloc which can automatically release the related memory when the device or driver is removed or unloaded to...

CVE-2023-53704

CVE-2023-53704 affects the Linux kernel in clk-imx clock driver paths (e.g., clk-imx8mp/clk-imx8mq). The issue involves memory management during probe/setup, where memory was previously released manually and iounmap’d regions could leak. The published fix replaces of_iomap() and kzalloc() with de...

EUVD-2022-54717

In the Linux kernel, the following vulnerability has been resolved: mtd: rawnand: denali: Use managed device resources All of the resources used by this driver has managed interfaces, so use them. Otherwise we will get the following splat: 4.472703 denali-nand-pci 0000:00:05.0: timeout while...

Fortra GoAnywhere MFT License Servlet Deserialization Vulnerability

Fortra GoAnywhere MFT is a Managed File Transfer MFT solution helping organizations build both internal and external data transfer exchanges. GoAnyWhere MFT versions before 7.8.4 and before 7.6.3 suffer from a deserialization vulnerabilty. By crafting a specific payload, a remote and...