54839 matches found
CVE-2023-53756 KVM: VMX: Fix crash due to uninitialized current_vmcs
In the Linux kernel, the following vulnerability has been resolved: KVM: VMX: Fix crash due to uninitialized currentvmcs KVM enables 'Enlightened VMCS' and 'Enlightened MSR Bitmap' when running as a nested hypervisor on top of Hyper-V. When MSR bitmap is updated, evmcstouchmsrbitmap function uses...
CVE-2022-50628 drm/gud: Fix UBSAN warning
In the Linux kernel, the following vulnerability has been resolved: drm/gud: Fix UBSAN warning UBSAN complains about invalid value for bool: 101.165172 drm Initialized gud 1.0.0 20200422 for 2-3.2:1.0 on minor 1 101.213360 gud 2-3.2:1.0: drm fb1: guddrmfb frame buffer device 101.213426 usbcore:...
CVE-2022-50624 net: netsec: fix error handling in netsec_register_mdio()
In the Linux kernel, the following vulnerability has been resolved: net: netsec: fix error handling in netsecregistermdio If phydeviceregister fails, phydevicefree need be called to put refcount, so memory of phy device and device name can be freed in callback function. If getphydevice fails,...
CVE-2022-50619 drm/amdkfd: Fix memory leak in kfd_mem_dmamap_userptr()
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix memory leak in kfdmemdmamapuserptr If the number of pages from the userptr BO differs from the SG BO then the allocated memory for the SG table doesn't get freed before returning -EINVAL, which may lead to a memor...
CVE-2025-40299 gve: Implement gettimex64 with -EOPNOTSUPP
In the Linux kernel, the following vulnerability has been resolved: gve: Implement gettimex64 with -EOPNOTSUPP gve implemented a ptpclock for sole use of doauxwork at this time. ptpclockgettime and ptpsysoffset assume every ptpclock has implemented either gettimex64 or gettime64. Stub gettimex64...
PT-2025-49520
Name of the Vulnerable Software and Affected Versions versions prior to 2025-66323 Description An issue exists in the card module due to an improper criterion security check. Successful exploitation could affect availability. There are no reports of real-world incidents or affected devices. The...
Huawei HarmonyOS 安全漏洞
Huawei HarmonyOS is a distributed operating system developed independently by Huawei Technologies Co. Huawei HarmonyOS suffers from a competitive condition vulnerability, which originates from a competitive condition vulnerability in the audio module, and can be exploited by an attacker to affect...
Huawei HarmonyOS 安全漏洞
Huawei HarmonyOS is a distributed operating system developed independently by Huawei Technologies Co. Huawei HarmonyOS suffers from an Improper Security Check vulnerability that originates from a vulnerability in the improper standard security check in the card module, which can be exploited by a...
PT-2025-49523
Name of the Vulnerable Software and Affected Versions affected versions not specified Description A race condition exists within the network module. Successful exploitation could compromise the confidentiality of the service. Recommendations At the moment, there is no information about a newer...
Medium: rsync
Issue Overview: A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array index. The malicious rsync client requires at least read access to the remote rsync module in order to trigger the issue. CVE-2025-101...
PT-2025-49518
Name of the Vulnerable Software and Affected Versions Versions prior to 2025-66321 Description A multi-thread race condition exists in the camera framework module. Successful exploitation of this issue may affect system availability. Recommendations At the moment, there is no information about a...
PT-2025-49517
Name of the Vulnerable Software and Affected Versions versions prior to 2025-66320 Description A multi-thread race condition exists within the camera framework module. Successful exploitation of this issue may affect system availability. Recommendations At the moment, there is no information abou...
PT-2025-49533
Name of the Vulnerable Software and Affected Versions affected versions not specified Description A permission control issue exists in the window management module that may affect availability. Successful exploitation of this issue could impact system availability. Recommendations At the moment,...
PT-2025-49519
Name of the Vulnerable Software and Affected Versions versions prior to 2025-66322 Description A multi-thread race condition exists in the camera framework module. Successful exploitation of this issue may affect availability. Recommendations At the moment, there is no information about a newer...
PT-2025-49522
Race condition vulnerability in the audio module. Impact: Successful exploitation of this vulnerability may affect availability...
Amazon Linux 2 : audiofile, --advisory ALAS2-2025-3087 (ALAS-2025-3087)
The version of audiofile installed on the remote host is prior to 0.3.6-10. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3087 advisory. Audiofile v0.3.7 was discovered to contain a NULL pointer dereference via the ModuleState::setup function. CVE-2025-50950 Tenabl...
PT-2025-49521
Name of the Vulnerable Software and Affected Versions affected versions not specified Description An input verification issue exists in the compression and decompression module. Successful exploitation could impact app data integrity. Recommendations At the moment, there is no information about a...
kernel security update
4.18.0-553.89.1 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug: 24817676 - Conflict with shim-ia32 and...
EUVD-2025-201606
A security vulnerability has been detected in Verysync 微力同步 up to 2.21.3. The impacted element is an unknown function of the file /rest/f/api/resources/f96956469e7be39d of the component Web Administration Module. Such manipulation leads to information disclosure. The attack can be executed...
EUVD-2025-201609
A vulnerability was detected in Verysync 微力同步 2.21.3. This affects an unknown function of the file /safebrowsing/clientreport/download?key=dummytoken of the component Web Administration Module. Performing manipulation results in information disclosure. The attack is possible to be carried out...