EUVD-2026-38932

In the Linux kernel, the following vulnerability has been resolved: dm cache: fix null-deref with concurrent writes in passthrough mode In passthrough mode, when dm-cache starts to invalidate a cache entry and bio prison cell lock fails due to concurrent write to the same cached block, mg-cell...

EUVD-2026-38930

In the Linux kernel, the following vulnerability has been resolved: dm cache policy smq: fix missing locks in invalidating cache blocks In passthrough mode, the policy invalidatemapping operation is called simultaneously from multiple workers, thus it should be protected by a lock. Otherwise, we...

EUVD-2026-38931

In the Linux kernel, the following vulnerability has been resolved: dm cache: fix write hang in passthrough mode The invalidateremove function has incomplete logic for handling write hit bios after cache invalidation. It sets up the remapping for the overwritebio but then drops it immediately...

EUVD-2026-38929

In the Linux kernel, the following vulnerability has been resolved: dm cache: fix dirty mapping checking in passthrough mode switching As mentioned in commit 9b1cc9f251af "dm cache: share cache-metadata object across inactive and active DM tables", dm-cache assumed table reload occurs after...

CVE-2025-68230 drm/amdgpu: fix gpu page fault after hibernation on PF passthrough

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix gpu page fault after hibernation on PF passthrough On PF passthrough environment, after hibernate and then resume, coralgemm will cause gpu page fault. Mode1 reset happens during hibernate, but partition mode is n...

TYPO3 SQL Injection in dbal

A flaw in the database escaping API results in a SQL injection vulnerability when extension dbal is enabled and configured for MySQL passthrough mode in its extension configuration. All queries which use the DatabaseConnection::sqlquery are vulnerable, even if arguments were properly escaped with...

CVE-2017-14117

The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG589 and NVG599 devices, when IP Passthrough mode is not used, configures an unauthenticated proxy service on WAN TCP port 49152, which allows remote attackers to establish arbitrary TCP connections to intranet hosts by sending \x2a\xce\x01...

CVE-2017-10793

The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG589, NVG599, and unspecified other devices, when IP Passthrough mode is not used, configures an sbdc.ha WAN TCP service on port 61001 with the bdctest account and the bdctest password, which allows remote attackers to obtain sensitive...

CVE-2017-3792

A vulnerability in a proprietary device driver in the kernel of Cisco TelePresence Multipoint Control Unit MCU Software could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service DoS condition. The vulnerability is due to improper size validation when...