OpenTelemetry eBPF Instrumentation: Log enricher writev path can overread and overwrite user buffers

Summary OBI's log enricher mishandles writev buffers by reading only the first iovec entry but using the total ioviter.count as the copy length. When log injection is enabled, a crafted multi-segment writev call can make OBI read and overwrite memory beyond the first segment. Details In...

Ubuntu 24.04 LTS : Linux kernel (Low Latency) vulnerabilities (USN-8052-1)

"The remote Ubuntu 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8052-1 advisory. It was discovered that improper initialization of CPU cache memory could allow a local attacker with hypervisor access to overwrite SEV-SNP guest memory...

EUVD-2022-28197

Malicious code in bioql PyPI...

PT-2025-6742

Name of the Vulnerable Software and Affected Versions Das U-Boot versions prior to 2025.01-rc1 Description An integer overflow occurs in the ext4fs read symlink function in Das U-Boot. This happens when a crafted ext4 filesystem with an inode size of 0xffffffff is used, causing a malloc of zero a...

OESA-2024-2566 arm-trusted-firmware security update

Trusted Firmware-A is a reference implementation of secure world software for Arm A-Profile architectures Armv8-A and Armv7-A, including an Exception Level 3 EL3 Secure Monitor. Security Fixes: Integer Underflow Wrap or Wraparound vulnerability in Renesas arm-trusted-firmware. An integer underflo...