CVE-2023-54274 RDMA/srpt: Add a check for valid 'mad_agent' pointer

In the Linux kernel, the following vulnerability has been resolved: RDMA/srpt: Add a check for valid 'madagent' pointer When unregistering MAD agent, srpt module has a non-null check for 'madagent' pointer before invoking ibunregistermadagent. This check can pass if 'madagent' variable holds an...

CVE-2023-54255 sh: dma: Fix DMA channel offset calculation

In the Linux kernel, the following vulnerability has been resolved: sh: dma: Fix DMA channel offset calculation Various SoCs of the SH3, SH4 and SH4A family, which use this driver, feature a differing number of DMA channels, which can be distributed between up to two DMAC modules. The existing...

CVE-2022-50871

The CVE-2022-50871 entry concerns the Linux kernel component wifi: ath11k, specifically the qmi_msg_handler data structure initialization. The issue could allow an infinite loop while searching for a handler when a msg-id handler is missing from the handlers array, leading to out-of-bounds access...

CVE-2022-50855

In the Linux kernel, the following vulnerability has been resolved: bpf: prevent leak of lsm program after failed attach In 0, we added the ability to bpfprogattach LSM programs to cgroups, but in our validation to make sure the prog is meant to be attached to BPFLSMCGROUP, we return too early if...

CVE-2023-54233

The CVE-2023-54233 issue affects the Linux kernel ASoC/SOF path, where IPC4 topologies containing an unsupported widget could leave the .module_info field unset, leading to a NULL dereference in sof_ipc4_route_setup() and a kernel Oops. A fix adds a guard to handle such cases. Connected sources c...

CVE-2023-54233 ASoC: SOF: avoid a NULL dereference with unsupported widgets

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: avoid a NULL dereference with unsupported widgets If an IPC4 topology contains an unsupported widget, its .moduleinfo field won't be set, then sofipc4routesetup will cause a kernel Oops trying to dereference it. Add a...

CVE-2023-54184

Summary (CVE-2023-54184) The vulnerability affects the Linux kernel SCSI target (iscsi_target_mod) where recovery entries for iSCSI sessions are freed after the session is closed, leading to use-after-free or NULL dereference during command free due to a late cleanup. The root cause is the cleanu...

CVE-2023-54184 scsi: target: iscsit: Free cmds before session free

In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsit: Free cmds before session free Commands from recovery entries are freed after session has been closed. That leads to use-after-free at command free or NPE with such call trace: Time2Retain timer expired for...

CVE-2023-54167

The CVE-2023-54167 issue concerns the Linux kernel on m68k where phys_to_virt handling for the initrd was performed before paging_init, causing an access fault on boot with an initial ramdisk on non-zero start memory architectures (e.g., Amiga). The fix postpones phys_to_virt initialization until...

CVE-2022-50814

CVE-2022-50814 affects the Linux kernel crypto driver hisilicon/zip, where a mismatch in the sgl_sge_nr variable (type u16) occurs when reading/writing via param_get/set_int, triggering a KASAN global-out-of-bounds read. The documented fix is to replace param_get/set_int with param_get/set_ushort...

CVE-2025-65442

DOM-based Cross-Site Scripting XSS vulnerability in 201206030 novel V3.5.0 allows remote attackers to execute arbitrary JavaScript code or disclose sensitive information e.g., user session cookies via a crafted "wvstest" parameter in the URL or malicious script injection into window.localStorage...

PT-2025-53973

In the Linux kernel, the following vulnerability has been resolved: bpf: prevent leak of lsm program after failed attach In 0, we added the ability to bpf prog attach LSM programs to cgroups, but in our validation to make sure the prog is meant to be attached to BPF LSM CGROUP, we return too earl...

snap7-rs 安全漏洞

snap7-rs is a library for C++ by the individual developer gmg137. A security vulnerability exists in snap7-rs, which stems from an incorrect operation of the function snap7rs::client::S7Client::download in the file client.rs, which could result in a heap buffer overflow...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the failure to decrement the reference count when the bpfprogattach LSM program fails, which could lead to a...

PT-2025-54169

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists in the CXL/PMEM subsystem during NVMe DIMM NVDIMM registration. Specifically, the issue occurs when the lower half of asynchronous NVDIMM device registration runs...

PT-2025-53968

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.1.0-rc1-00190-g39508d23b672 Description The Linux kernel contains an issue in the ipr init function within the SCSI subsystem. Specifically, ipr init does not call unregister reboot notifier when pci register...

PT-2025-54073

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel related to ACPI Embedded Controller EC query handlers. Specifically, removing custom query handlers could lead to a kernel oops if the module containing...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992362)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992362 advisory. In the Linux kernel, the following vulnerability has been resolved: ext4: Fix function prototype mismatch for ext4featktype With clang's kernel control flow integrit...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992400)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992400 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: fcoe: Fix transport not deattached when fcoeifinit fails fcoeinit calls...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992396)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992396 advisory. In the Linux kernel, the following vulnerability has been resolved: tpm: tpmcrb: Add the missed acpiputtable to fix memory leak In crbacpiadd, we get the TPM2 table ...