EUVD-2015-3328

Malware in sbrugna...

EUVD-2010-0994

Malware in sbrugna...

Agentic Misalignment: How LLMs Could Be Insider Threats

We stress-tested 16 leading models from multiple developers in hypothetical corporate environments to identify potentially risky agentic behaviors before they cause real harm. In the scenarios, we allowed models to autonomously send emails and access sensitive information. They were assigned only...

EUVD-2022-35615

Malicious code in bioql PyPI...

EUVD-2023-47962

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2024-24199

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - smartdns commit 54b4dc was discovered to contain a misaligned address at smartdns/src/dns.c. CVE-2024-24199 Note that Nessus relies on the presence of the packa...

Linux Distros Unpatched Vulnerability : CVE-2024-24198

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - smartdns commit 54b4dc was discovered to contain a misaligned address at smartdns/src/util.c. CVE-2024-24198 Note that Nessus relies on the presence of the...

PT-2025-35963

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The Linux kernel contains a flaw within the drm/xe/migrate component that could lead to infinite recursion and a potential kernel panic. This occurs when handling memory alignment duri...

Linux Distros Unpatched Vulnerability : CVE-2020-25576

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in the randcore crate before 0.4.2 for Rust. Casting of byte slices to integer slices mishandles alignment constraints. CVE-2020-25576...

Emergent Misalignment As Prompt Sensitivity: a Research Note

Betley et al. 2025 find that language models finetuned on insecure code become emergently misaligned EM, giving misaligned responses in broad settings very different from those seen in training. However, it remains unclear as to why emergent misalignment occurs. We evaluate insecure models across...

Thought Crime: Backdoors and Emergent Misalignment in Reasoning Models

Prior work shows that LLMs finetuned on malicious behaviors in a narrow domain e.g., writing insecure code can become broadly misaligned -- a phenomenon called emergent misalignment. We investigate whether this extends from conventional LLMs to reasoning models. We finetune reasoning models on...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a buffer size not being upwardly aligned, which could lead to out-of-bounds memory accesses...

Security Concerns for Large Language Models: a Survey

Large Language Models LLMs such as GPT-4 and its recent iterations, Google's Gemini, Anthropic's Claude 3 models, and xAI's Grok have caused a revolution in natural language processing, but their capabilities also introduce new security vulnerabilities. In this survey, we provide a comprehensive...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the LoongArch architecture not aligning large page-mapped base addresses...

USN-7370-1 smartdns vulnerabilities

It was discovered that SmartDNS did not correctly align certain objects in memory, leading to undefined behaviour. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. CVE-2024-24198, CVE-2024-24199 It was...

“Emergent Misalignment” in LLMs

Interesting research: "Emergent Misalignment: Narrow finetuning can produce broadly misaligned LLMs": Abstract: We present a surprising result regarding LLMs and alignment. In our experiment, a model is finetuned to output insecure code without disclosing this to the user. The resulting model act...

GHSA-H6XM-C6R4-VMWF Unsound usages of `u8` type casting in spl-token-swap

The library provides a safe public API unpack to cast u8 array to arbitrary types, which can cause to undefined behaviors. The length check of array can only prevent out-of-bound access on the return type. However, it can't prevent misaligned pointer when casting u8 pointer to a type aligned to...

Unsound usages of `core::slice::from_raw_parts_mut`

The library breaks the safety assumptions when using unsafe API slice::fromrawpartsmut. The pointer passed to fromrawpartsmut is misaligned by casting u8 to u16 raw pointer directly, which is unsound. The bug is patched by using alignoffset, which could make sure the memory address is aligned to ...

Unsound usages of `std::slice::from_raw_parts`

The library breaks the safety assumptions when using unsafe API std::slice::fromrawparts. First, when using the API in iterator implementation TempFdArrayIterator.next, generic type could be any type, which would create and pass a misaligned pointer to the unsafe API. Second, when validating the...

kernel: pstore/ram: Fix crash when setting number of cpus to an odd number

A vulnerability was found in the pstore/ram component of the Linux kernel, which caused crashes when the number of CPU cores was set to an odd number. This issue occurs because the odd-numbered zones became misaligned. This flaw allows a local, authenticated attacker to cause a denial of service...