EUVD-2023-2830

Malicious code in bioql PyPI...

EUVD-2025-11208

Malicious code in bioql PyPI...

EUVD-2025-15440

Malicious code in bioql PyPI...

AZL-67650 CVE-2025-39873 affecting package kernel for versions less than 6.6.112.1-1

In the Linux kernel, the following vulnerability has been resolved: can: xilinxcan: xcanwriteframe: fix use-after-free of transmitted SKB canputechoskb takes ownership of the SKB and it may be freed during or after the call. However, xilinxcan xcanwriteframe keeps using SKB after the call. Fix th...

CVE-2025-39855

In the Linux kernel, the following vulnerability has been resolved: ice: fix NULL access of tx-inuse in iceptptsirq The E810 device has support for a "low latency" firmware interface to access and read the Tx timestamps. This interface does not use the standard Tx timestamp logic, due to the...

CLSA-2025-1758292868 Fix CVE(s): CVE-2025-7425

SECURITY UPDATE: memory corruption vulnerability in attribute type flags - debian/patches/CVE-2025-7425.patch: Fix heap-use-after-free caused by atype corruption - CVE-2025-7425...

UBUNTU-CVE-2023-53239

In the Linux kernel, the following vulnerability has been resolved: drm/msm/mdp5: Add check for kzalloc As kzalloc may fail and return NULL pointer, it should be better to check the return value in order to avoid the NULL pointer dereference. Patchwork:...

CVE-2022-50243

CVE-2022-50243 – Linux kernel SCTP use-after-free (summary from connected advisories) The vulnerability arises in SCTP when an error is returned from sctp_auth_asoc_init_active_key(): the old sh_key could be freed while still in use as the active key, leading to a use-after-free during packet sen...

DEBIAN-CVE-2025-39744

In the Linux kernel, the following vulnerability has been resolved: rcu: Fix rcureadunlock deadloop due to IRQ work During rcureadunlockspecial, if this happens during irqexit, we can lockup if an IPI is issued. This is because the IPI itself triggers the irqexit path causing a recursive lock up...

CVE-2025-38528

In the Linux kernel, the following vulnerability has been resolved: bpf: Reject %p% format string in bprintf-like helpers static const char fmt = "%p%"; bpftraceprintkfmt, sizeoffmt; The above BPF program isn't rejected and causes a kernel warning at runtime: Please remove unsupported %\x00 in...

UBUNTU-CVE-2025-38525

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix irq-disabled in localbhenable The rxrpcassessMTUsize function calls down into the IP layer to find out the MTU size for a route. When accepting an incoming call, this is called from rxrpcnewincomingcall which holds...

AZL-66377 CVE-2025-38513 affecting package kernel for versions less than 6.6.104.2-1

In the Linux kernel, the following vulnerability has been resolved: wifi: zd1211rw: Fix potential NULL pointer dereference in zdmactxtodev There is a potential NULL pointer dereference in zdmactxtodev. For example, the following is possible: T0 T1 zdmactxtodev / len == skbqueuelenq / while len...

CVE-2025-38528

In the Linux kernel, the following vulnerability has been resolved: bpf: Reject %p% format string in bprintf-like helpers static const char fmt = "%p%"; bpftraceprintkfmt, sizeoffmt; The above BPF program isn't rejected and causes a kernel warning at runtime: Please remove unsupported %\x00 in...

AZL-66168 CVE-2025-8837 affecting package jasper for versions less than 4.2.1-3

A vulnerability was identified in JasPer up to 4.2.5. This affects the function jpcdecdump of the file src/libjasper/jpc/jpcdec.c of the component JPEG2000 File Handler. The manipulation leads to use after free. An attack has to be approached locally. The exploit has been disclosed to the public...

Linux Distros Unpatched Vulnerability : CVE-2024-50097

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: net: fec: don't save PTP state if PTP is unsupported Some platforms such as i.MX25 and i.MX2...

Linux Distros Unpatched Vulnerability : CVE-2022-49826

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: ata: libata-transport: fix double atahostput in atatportadd In the error path in atatportadd...

Linux Distros Unpatched Vulnerability : CVE-2025-23156

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - media: venus: hfiparser: refactor hfi packet parsing logic wordscount denotes the number of words in total payload, while data points to payload of various...

UBUNTU-CVE-2025-38477

In the Linux kernel, the following vulnerability has been resolved: net/sched: schqfq: Fix race condition on qfqaggregate A race condition can occur when 'agg' is modified in qfqchangeagg called during qfqenqueue while other threads access it concurrently. For example, qfqdumpclass may trigger a...

CVE-2025-38443 nbd: fix uaf in nbd_genl_connect() error path

In the Linux kernel, the following vulnerability has been resolved: nbd: fix uaf in nbdgenlconnect error path There is a use-after-free issue in nbd: block nbd6: Receive control failed result -104 block nbd6: shutting down sockets ==================================================================...

CVE-2025-38409 drm/msm: Fix another leak in the submit error path

In the Linux kernel, the following vulnerability has been resolved: drm/msm: Fix another leak in the submit error path putunusedfd doesn't free the installed file, if we've already done fdinstall. So we need to also free the syncfile. Patchwork: https://patchwork.freedesktop.org/patch/653583/...