67 matches found
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: media: venus: Fixed the issue where a use-after-free occurred in vdecclose. It seems that there might be a potential use-after-free when using vdecclose. The firmware will add the buffer release process to the work queue through...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: Media: Venus: HFI parser refactoring of packet parsing logic wordscount represents the number of words in the total payload, while data points to the payload of various properties within it. When wordscount reaches the last word,...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: Media: Venus: HFI – Add a check to handle incorrect queue size. qsize represents the size of the shared queue between the driver and the firmware. The firmware can modify this value to an invalid, large value. In such situations,...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: Media: Venus: HFI parser: added a check to avoid out-of-bound access. There is a possibility that initcodecs may be invoked multiple times during manipulation of the payload from video firmware. In such cases, if codecscount can...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: media: venus: hfi: avoid null dereference in deinit. If venusprobe fails at pmruntimeputsync, it first calls hfiDestroy, and then hficoredeinit. Since hfiDestroy sets core-ops to NULL, hficoredeinit can no longer call the...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-005099)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005099 advisory. In the Linux kernel, the following vulnerability has been resolved: media: venus: fix use after free in vdecclose There appears to be a possible use after free with...
Azure Linux 3.0 Security Update: kernel (CVE-2025-23158)
The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-23158 advisory. - In the Linux kernel, the following vulnerability has been resolved: media: venus: hfi: add check to handle...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989745)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989745 advisory. In the Linux kernel, the following vulnerability has been resolved: media: venus: hfi: avoid null dereference in deinit If venusprobe fails at pmruntimeputsync the...
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987394)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987394 advisory. In the Linux kernel, the following vulnerability has been resolved: media: venus: hfi: avoid null dereference in deinit If venusprobe fails at pmruntimeputsync the...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-986441)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986441 advisory. In the Linux kernel, the following vulnerability has been resolved: media: venus: hfi: avoid null dereference in deinit If venusprobe fails at pmruntimeputsync the...
EUVD-2025-13087
Malicious code in bioql PyPI...
EUVD-2022-54703
Malicious code in bioql PyPI...
EUVD-2025-26790
Malicious code in bioql PyPI...
SUSE CVE-2025-39709
In the Linux kernel, the following vulnerability has been resolved: media: venus: protect against spurious interrupts during probe Make sure the interrupt handler is initialized before the interrupt is registered. If the IRQ is registered before hficreate, it's possible that an interrupt fires...
media: venus: Fix OOB read due to missing payload bound check
...
Linux Distros Unpatched Vulnerability : CVE-2025-38679
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - media: venus: Fix OOB read due to missing payload bound check Currently, The eventseqchanged handler processes a variable number of properties sent by the...
SUSE CVE-2025-39710
In the Linux kernel, the following vulnerability has been resolved: media: venus: Add a check for packet size after reading from shared memory Add a check to ensure that the packet size does not exceed the number of available words after reading the packet header from shared memory. This ensures...
AZL-66929 CVE-2025-39709 affecting package kernel for versions less than 6.6.104.2-1
In the Linux kernel, the following vulnerability has been resolved: media: venus: protect against spurious interrupts during probe Make sure the interrupt handler is initialized before the interrupt is registered. If the IRQ is registered before hficreate, it's possible that an interrupt fires...
AZL-66944 CVE-2025-39710 affecting package kernel for versions less than 6.6.104.2-1
In the Linux kernel, the following vulnerability has been resolved: media: venus: Add a check for packet size after reading from shared memory Add a check to ensure that the packet size does not exceed the number of available words after reading the packet header from shared memory. This ensures...
CVE-2025-39710
In the Linux kernel, the following vulnerability has been resolved: media: venus: Add a check for packet size after reading from shared memory Add a check to ensure that the packet size does not exceed the number of available words after reading the packet header from shared memory. This ensures...