603 matches found
kernel: drm/xe: Use local fence in error path of xe_migrate_clear
In the Linux kernel, the following vulnerability has been resolved: drm/xe: Use local fence in error path of xemigrateclear The intent of the error path in xemigrateclear is to wait on locally generated fence and then return. The code is waiting on m-fence which could be the local fence but this ...
GHSA-FCV2-XGW5-PQXF sigstore legacy TUF client allows for arbitrary file writes with target cache path traversal
Summary The legacy TUF client pkg/tuf/client.go, which supports caching target files to disk, constructs a filesystem path by joining a cache base directory with a target name sourced from signed target metadata, but it does not validate that the resulting path stays within the cache base...
Azure Linux 3.0 Security Update: kernel (CVE-2024-56611)
The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-56611 advisory. - In the Linux kernel, the following vulnerability has been resolved: mm/mempolicy: fix migratetonode assuming...
MiracleLinux 7 : pcp-4.3.2-12.el7 (AXSA:2020-703:06)
The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-703:06 advisory. pcp: Local privilege escalation in pcp spec file %post section CVE-2019-3695 A Improper Control of Generation of Code vulnerability in the packaging ...
kernel: drm/xe: Use local fence in error path of xe_migrate_clear
In the Linux kernel, the following vulnerability has been resolved: drm/xe: Use local fence in error path of xemigrateclear The intent of the error path in xemigrateclear is to wait on locally generated fence and then return. The code is waiting on m-fence which could be the local fence but this ...
RHEL 10 : kernel (RHSA-2026:0747)
The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:0747 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: drm/xe: Use local fence in...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004476)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004476 advisory. An issue was discovered in the Linux kernel before 5.10. drivers/infiniband/core/ucma.c has a use-after- free because the ctx is reached via the ctxlist in some...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003221)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003221 advisory. net/xfrm/xfrmpolicy.c in the Linux kernel through 4.12.3, when CONFIGXFRMMIGRATE is enabled, does not ensure that the dir value of xfrmuserpolicyid is XFRMPOLICYMAX ...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002627)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002627 advisory. The tracewritebackdirtypage implementation in include/trace/events/writeback.h in the Linux kernel before 4.4 improperly interacts with mm/migrate.c, which allows...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002685)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002685 advisory. net/xfrm/xfrmpolicy.c in the Linux kernel through 4.12.3, when CONFIGXFRMMIGRATE is enabled, does not ensure that the dir value of xfrmuserpolicyid is XFRMPOLICYMAX ...
UBUNTU-CVE-2025-71134
In the Linux kernel, the following vulnerability has been resolved: mm/pagealloc: change all pageblocks migrate type on coalescing When a page is freed it coalesces with a buddy into a higher order page while possible. When the buddy page migrate type differs, it is expected to be updated to matc...
CVE-2025-71134 mm/page_alloc: change all pageblocks migrate type on coalescing
In the Linux kernel, the following vulnerability has been resolved: mm/pagealloc: change all pageblocks migrate type on coalescing When a page is freed it coalesces with a buddy into a higher order page while possible. When the buddy page migrate type differs, it is expected to be updated to matc...
CVE-2025-71134
In the Linux kernel, the following vulnerability has been resolved: mm/pagealloc: change all pageblocks migrate type on coalescing When a page is freed it coalesces with a buddy into a higher order page while possible. When the buddy page migrate type differs, it is expected to be updated to matc...
CVE-2025-71134
CVE-2025-71134: In the Linux kernel, mm/page_alloc: when coalescing pages, the migrate type of all pageblocks is not updated, updating only the first pageblock causes inconsistency between the page and its pageblocks. This triggers warnings in expand() and related paths. The issue is resolved in ...
CVE-2025-71134 mm/page_alloc: change all pageblocks migrate type on coalescing
In the Linux kernel, the following vulnerability has been resolved: mm/pagealloc: change all pageblocks migrate type on coalescing When a page is freed it coalesces with a buddy into a higher order page while possible. When the buddy page migrate type differs, it is expected to be updated to matc...
Linux Distros Unpatched Vulnerability : CVE-2025-71134
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: mm/pagealloc: change all pageblocks migrate type on coalescing When a page is freed it...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: arm64: mte: Do not issue a warning if the page is already tagged during copyhighpage. The arm64 copyhighpage function assumes that the destination page has been newly allocated and is not tagged with PGmtetagged. It issues a...
JavaScript SDK v2 users should add validation to the region parameter value in or migrate to v3
CVSSv3.1 Rating: 3.7 LOW Summary This notification is related to the use of specific values for the region input field when calling AWS services. An actor with access to the environment in which the SDK is used could set the region input field to an invalid value. Per the AWS shared responsibilit...
PT-2026-3412
CVSSv3.1 Rating: 3.7 LOW Summary This notification is related to the use of specific values for the region input field when calling AWS services. An actor with access to the environment in which the SDK is used could set the region input field to an invalid value. Per the AWS shared responsibilit...
GHSA-V64R-7WG9-23PR Unauthenticated Craft CMS users can trigger a database backup
Unauthenticated users can trigger database backup operations the updater/backup action, potentially leading to resource exhaustion or information disclosure. Users should update to the patched versions 5.8.21 and 4.16.17 to mitigate the issue. Craft 3 users should update to the latest Craft 4 and...