CVE-2025-40151 LoongArch: BPF: No support of struct argument in trampoline programs

In the Linux kernel, the following vulnerability has been resolved: LoongArch: BPF: No support of struct argument in trampoline programs The current implementation does not support struct argument. This causes a oops when running bpf selftest: $ ./testprogs -a tracingstruct Oops1: CPU -1 Unable t...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-990749)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990749 advisory. In the Linux kernel, the following vulnerability has been resolved: net/mlx5: E-Switch, Fix an Oops in error handling code The error handling dereferences vport. The...

MAL-2025-116136 Malicious code in ocha-enting4-miaww (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3212c4b18f90e22e562a458469f9bb5267c4d6ed743d94cf4221f2619b59e441 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

kernel: ipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init()

In the Linux kernel, the following vulnerability has been resolved: ipvs: fix UB due to uninitialized stack access in ipvsprotocolinit Under certain kernel configurations when building with Clang/LLVM, the compiler does not generate a return or jump as the terminator instruction for...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990408)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990408 advisory. In the Linux kernel, the following vulnerability has been resolved: tracing: Make sure traceprintk can output as soon as it can be used Currently traceprintk can be...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990453)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990453 advisory. In the Linux kernel, the following vulnerability has been resolved: extcon: Modify extcon device to be created after driver data is set Currently, someone can invoke...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989351)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989351 advisory. In the Linux kernel, the following vulnerability has been resolved: extcon: Modify extcon device to be created after driver data is set Currently, someone can invoke...

Unity Linux 20.1050e Security Update: kernel (UTSA-2025-990116)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990116 advisory. In the Linux kernel, the following vulnerability has been resolved: extcon: Modify extcon device to be created after driver data is set Currently, someone can invoke...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989136)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989136 advisory. In the Linux kernel, the following vulnerability has been resolved: xprtrdma: fix pointer derefs in error cases of rpcrdmaepcreate If there are failures then we must...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989329)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989329 advisory. In the Linux kernel, the following vulnerability has been resolved: extcon: Modify extcon device to be created after driver data is set Currently, someone can invoke...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988860)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988860 advisory. In the Linux kernel, the following vulnerability has been resolved: riscv: fix oops caused by irqsoff latency tracer The tracehardirqson,off require the caller to...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989515)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989515 advisory. In the Linux kernel, the following vulnerability has been resolved: x86/mm: Disallow vsyscall page read for copyfromkernelnofault When trying to use...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988723)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988723 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/cs: make commands with 0 chunks illegal behaviour. Submitting a cs with 0 chunks, caus...

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: ksmbd: Added freetransport operations in ksmbd connections. The freetransport function for TCP connections can be called from smdbdirect. This could lead to a kernel error. This patch adds freetransport operations in ksmbd...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: xfs: Do not propagate ENODATA disk errors into the xattr code. ENODATA also known as ENOATTR has a very specific meaning in the xfs xattr code: it indicates that the requested attribute name could not be found. However, a medium...

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Avoid NULL pointer dereferencing in v3djobupdatestats The following kernel error was recently reported by Mesa CI: 800.139824 Unable to handle NULL pointer dereferencing at virtual address 0000000000000588 800.148619...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerabilities have been resolved: powerpc/eeh: Made the EEH driver’s device hotplug operations safe. Multiple race conditions existed between the PCIe hotplug driver and the EEH driver, leading to various kernel errors of the same general nature: A second type...

EUVD-2023-60043

Nagios XI versions prior to 5.11.3 are vulnerable to cross-site scripting XSS via the Bulk Modifications tool. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...

SUSE CVE-2023-53718

In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Do not swap cpubuffer during resize process When ringbufferswapcpu was called during resize process, the cpu buffer was swapped in the middle, resulting in incorrect state. Continuing to run in the wrong state will...

EUVD-2023-60037

In the Linux kernel, the following vulnerability has been resolved: net: sched: clsu32: Undo tcfbindfilter if u32replacehwknode When u32replacehwknode fails, we need to undo the tcfbindfilter operation done at u32setparms...