EUVD-2023-57231

Malicious code in bioql PyPI...

CVE-2025-39891

CVE-2025-39891 (Linux kernel) affects the wifi: mwifiex driver. The chan_stats[] memory is allocated with vmalloc() and not zeroed, and the array is only partially initialized in mwifiex_update_chan_statistics(). This can allow an information leak if data hasn’t been filled before a user query vi...

Linux Distros Unpatched Vulnerability : CVE-2023-53134

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: bnxten: Avoid order-5 memory allocation for TPA data The driver needs to keep track of all t...

openSUSE Security Advisory (SUSE-SU-2025:02769-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security update for amber-cli

This update for amber-cli fixes the following issues: Update to version 1.13.1+git20250329.c2e3bb8: CVE-2025-30204: Fixed jwt-go excessive memory allocation during header parsing bsc1240511 jwt version upgrade 174 Update policy size limit to 20k 173 Update tenant user model with latest changes 17...

CVE-2025-38395

In the Linux kernel, the following vulnerability has been resolved: regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods drvdata::gpiods is supposed to hold an array of 'gpiodesc' pointers. But the memory is allocated for only one pointer. This will lead to out-of-bounds access later ...

CVE-2025-38274 fpga: fix potential null pointer deref in fpga_mgr_test_img_load_sgt()

In the Linux kernel, the following vulnerability has been resolved: fpga: fix potential null pointer deref in fpgamgrtestimgloadsgt fpgamgrtestimgloadsgt allocates memory for sgt using kunitkzalloc however it does not check if the allocation failed. It then passes sgt to sgalloctable, which passe...

CVE-2022-50219 bpf: Fix KASAN use-after-free Read in compute_effective_progs

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix KASAN use-after-free Read in computeeffectiveprogs Syzbot found a Use After Free bug in computeeffectiveprogs. The reproducer creates a number of BPF links, and causes a fault injected alloc to fail, while calling...

CVE-2025-37965 drm/amd/display: Fix invalid context error in dml helper

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix invalid context error in dml helper Why "BUG: sleeping function called from invalid context" error. after: "drm/amd/display: Protect FPU in dml2validate/dml21validate" The populatedmlplanecfgfromplanestate us...

CVE-2025-37867 RDMA/core: Silence oversized kvmalloc() warning

In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Silence oversized kvmalloc warning syzkaller triggered an oversized kvmalloc warning. Silence it by adding GFPNOWARN. syzkaller log: WARNING: CPU: 7 PID: 518 at mm/util.c:665 kvmallocnodenoprof+0x175/0x180 CPU: 7 UID: ...

PT-2025-14591 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A vulnerability in the Linux kernel has been resolved, related to the registration of efivars in the uefisecapp firmware component. The issue arises from the efivars service being...

Linux Distros Unpatched Vulnerability : CVE-2024-56697

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix the memory allocation issue in amdgpudiscoverygetnpsinfo Fix two issues with...

DEBIAN-CVE-2022-49608

In the Linux kernel, the following vulnerability has been resolved: pinctrl: ralink: Check for null return of devmkcalloc Because of the possible failure of the allocation, data-domains might be NULL pointer and will cause the dereference of the NULL pointer later. Therefore, it might be better t...

CVE-2022-49184

The CVE-2022-49184 issue affects the Linux kernel under net: sparx5: switchdev, where a NULL pointer dereference could occur if devm_kzalloc() returns NULL and the code dereferences the pointer. The description across connected sources indicates the vulnerability was resolved in the Linux kernel ...

CVE-2021-47649

The CVE-2021-47649 entry concerns a Linux kernel udmabuf issue where ubuf->pagecount could be zero if user-space passes list.size==0, leading kmalloc_array() to return ZERO_PTR and triggering a GPF in sg_alloc_append_table_from_pages(). The vulnerability arises from pagecount derived from user...

CVE-2024-56766 mtd: rawnand: fix double free in atmel_pmecc_create_user()

In the Linux kernel, the following vulnerability has been resolved: mtd: rawnand: fix double free in atmelpmecccreateuser The "user" pointer was converted from being allocated with kzalloc to being allocated by devmkzalloc. Calling kfreeuser will lead to a double free...

CVE-2024-56697

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix the memory allocation issue in amdgpudiscoverygetnpsinfo Fix two issues with memory allocation in amdgpudiscoverygetnpsinfo for memranges: - Add a check for allocation failure to avoid dereferencing a null pointer...

CVE-2024-56697 drm/amdgpu: Fix the memory allocation issue in amdgpu_discovery_get_nps_info()

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix the memory allocation issue in amdgpudiscoverygetnpsinfo Fix two issues with memory allocation in amdgpudiscoverygetnpsinfo for memranges: - Add a check for allocation failure to avoid dereferencing a null pointer...

ALSA-2024:9195 Moderate: cyrus-imapd security update

The cyrus-imapd packages contain a high-performance mail server with IMAP, POP3, NNTP, and SIEVE support. Security Fixes: cyrus-imapd: unbounded memory allocation by sending many LITERALs in a single command CVE-2024-34055 For more details about the security issues, including the impact, a CVSS...

CVE-2024-41059 hfsplus: fix uninit-value in copy_name

In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix uninit-value in copyname syzbot reported BUG: KMSAN: uninit-value in sizedstrscpy+0xc4/0x160 sizedstrscpy+0xc4/0x160 copyname+0x2af/0x320 fs/hfsplus/xattr.c:411 hfspluslistxattr+0x11e9/0x1a50 fs/hfsplus/xattr.c:750...