Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: mm: abort vmamodify on merge out of memory failure The remainder of vmamodify relies on the vmg state remaining pristine after a merge attempt. Normally, this assumption holds true. However, in one edge-case scenario, a merge...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: mm/mseal: The end of the current VMA was correctly updated during merging. Previously, we stored the end of the current VMA in currend. When moving to the next VMA, we updated currstart to currend to proceed to the next VMA...

CVE-2018-25306 PDFunite 0.41.0 Buffer Overflow via Malformed PDF

PDFunite 0.41.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by processing malformed PDF files during merge operations. Attackers can trigger a segmentation fault in the XRef::getEntry function within libpoppler by providing a specially crafted PDF...

CVE-2026-23416

In the Linux kernel, the following vulnerability has been resolved: mm/mseal: update VMA end correctly on merge Previously we stored the end of the current VMA in currend, and then upon iterating to the next VMA updated currstart to currend to advance to the next VMA. However, this doesn't take...

CVE-2025-64718 js-yaml has prototype pollution in merge (<<)

js-yaml is a JavaScript YAML parser and dumper. In js-yaml before 4.1.1 and 3.14.2, it's possible for an attacker to modify the prototype of the result of a parsed yaml document via prototype pollution proto. All users who parse untrusted yaml documents may be impacted. The problem is patched in...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-382688)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-382688 advisory. In the Linux kernel, the following vulnerability has been resolved: ext4: fix double brelse the buffer of the extents path In ext4exttrytomergeup, set path1.pbh to...

EUVD-2025-9389

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2025-21932

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: mm: abort vmamodify on merge out of memory failure The remainder of vmamodify relies upon t...

SUSE CVE-2025-21932

In the Linux kernel, the following vulnerability has been resolved: mm: abort vmamodify on merge out of memory failure The remainder of vmamodify relies upon the vmg state remaining pristine after a merge attempt. Usually this is the case, however in the one edge case scenario of a merge attempt...

DEBIAN-CVE-2025-21932

In the Linux kernel, the following vulnerability has been resolved: mm: abort vmamodify on merge out of memory failure The remainder of vmamodify relies upon the vmg state remaining pristine after a merge attempt. Usually this is the case, however in the one edge case scenario of a merge attempt...

CVE-2025-21932 mm: abort vma_modify() on merge out of memory failure

In the Linux kernel, the following vulnerability has been resolved: mm: abort vmamodify on merge out of memory failure The remainder of vmamodify relies upon the vmg state remaining pristine after a merge attempt. Usually this is the case, however in the one edge case scenario of a merge attempt...

CVE-2025-21932

CVE-2025-21932: In the Linux kernel, a merge-forcing path in vma_modify() can corrupt VMG start/end when an out-of-memory occurs during commit of a merge across VMAs. The fix adds a bail-out path and stores start/end in locals to keep VMG state pristine after a failed merge. The issue is tied to ...

CVE-2025-21932

In the Linux kernel, the following vulnerability has been resolved: mm: abort vmamodify on merge out of memory failure The remainder of vmamodify relies upon the vmg state remaining pristine after a merge attempt. Usually this is the case, however in the one edge case scenario of a merge attempt...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a failure of vmamodify to abort a merge operation when there is insufficient memory, which could result in...

SQLite before 3.25.3 when the FTS3 extension is enabled encounters an integer overflow (and resultant buffer overflow) for FTS3 queries in a "merge" operation that occurs after crafted changes to FTS3 shadow tables allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). This is a different vulnerability than CVE-2018-20346.

...

SUSE CVE-2018-20506

SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow and resultant buffer overflow for FTS3 queries in a "merge" operation that occurs after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to...

Important: Red Hat Security Advisory: RHV 4.4 SP1 [ovirt-4.5.3-3] security update

Updated RHV packages that fix several bugs and add various enhancements are now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Use After Free in tremor-script

An issue was discovered in the tremor-script crate before 0.11.6 for Rust. A merge operation may result in a use-after-free...

CVE-2021-45702

An issue was discovered in the tremor-script crate before 0.11.6 for Rust. A merge operation may result in a use-after-free...

CVE-2021-45702

An issue was discovered in the tremor-script crate before 0.11.6 for Rust. A merge operation may result in a use-after-free...