CVE-2025-48521

Improper input validation in the AMD Secure Processor ASP PCI driver could allow a local attacker to trigger a Use-After-Free UAF condition, potentially resulting in a loss of platform integrity or crash...

CVE-2025-0045

Improper Input validation in the AMD Secure Processor ASP PCI driver may allow a local attacker to create a buffer overflow condition, potentially resulting in a crash or denial of service...

CVE-2025-0045

Improper Input validation in the AMD Secure Processor ASP PCI driver may allow a local attacker to create a buffer overflow condition, potentially resulting in a crash or denial of service...

CVE-2025-48521

The CVE-2025-48521 case affects the AMD Secure Processor (ASP) PCI driver. The vulnerability stems from improper input validation in the ASP PCI driver, enabling a local attacker to trigger a use-after-free condition that could compromise platform integrity or cause a crash. Affected component: A...

AMD Server Software and Embedded Chipset Driver Vulnerabilities Identified in Windows® Environments

CVE Details Refer to Glossary for explanation of terms CVE| CVE Description| CVSS Score ---|---|--- CVE-2026-0432| Incorrect default permissions in the installation directory for the AMD chipset driver could allow an attacker to achieve privilege escalation resulting in arbitrary code execution.|...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: hisiaccvfiopci: fixed the XQE DMA address error. The DMA addresses of EQE and AEQE are incorrect after migration, resulting in failures in the guest kernel-mode encryption services. By comparing the definitions of hardware...

CVE-2022-50756 nvme-pci: fix mempool alloc size

In the Linux kernel, the following vulnerability has been resolved: nvme-pci: fix mempool alloc size Convert the max size to bytes to match the units of the divisor that calculates the worst-case number of PRP entries. The result is used to determine how many PRP Lists are required. The code was...

CVE-2022-50636

The CVE-2022-50636 entry concerns the Linux kernel PCI subsystem and VF handling. The vulnerability stemmed from pci_device_is_present() returning false for virtual functions (VFs) because it relied on Vendor/Device IDs (0xffff for VFs), causing virtio I/O issues during VF removal/unbinding or wh...

kernel: can: m_can: pci: add missing m_can_class_free_dev() in probe/remove methods

In the Linux kernel, the following vulnerability has been resolved: can: mcan: pci: add missing mcanclassfreedev in probe/remove methods In mcanpciremove and error handling path of mcanpciprobe, mcanclassfreedev should be called to free resource allocated by mcanclassallocatedev, otherwise there...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990304)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990304 advisory. In the Linux kernel, the following vulnerability has been resolved: PCI/PM: Drain runtime-idle callbacks before driver removal A race condition between the...

CVE-2025-39956

In the Linux kernel, the following vulnerability has been resolved: igc: don't fail igcprobe on LED setup error When igcledsetup fails, igcprobe fails and triggers kernel panic in freenetdev since unregisternetdev is not called. 1 This behavior can be tested using fault-injection framework,...

UBUNTU-CVE-2025-39956

In the Linux kernel, the following vulnerability has been resolved: igc: don't fail igcprobe on LED setup error When igcledsetup fails, igcprobe fails and triggers kernel panic in freenetdev since unregisternetdev is not called. 1 This behavior can be tested using fault-injection framework,...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-986366)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986366 advisory. In the Linux kernel, the following vulnerability has been resolved: PCI/PM: Drain runtime-idle callbacks before driver removal A race condition between the...

Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities

Summary IBM QRadar SIEM includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details CVEID:CVE-2024-22365 DESCRIPTION: Linux-pam is vulnerable to a denial of service, caused by ...

Security Bulletin: The following vulnerabilities that can affect IBM Storage Scale System are now included in 6.2.3.0 and 6.1.9.7.

Summary The following vulnerabilities that can affect IBM Storage Scale System and could provide weaker than expected security are now fixed in 6.2.3.0 and 6.1.9.7. Vulnerability Details CVEID:CVE-2024-35809 DESCRIPTION: In the Linux kernel, the following vulnerability has been resolved: PCI/PM:...

DEBIAN-CVE-2025-23129

In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: Clear affinity hint before calling ath11kpcicfreeirq in error path If a shared IRQ is used by the driver due to platform limitation, then the IRQ affinity hint is set right after the allocation of IRQ vectors in...

UBUNTU-CVE-2023-52918

In the Linux kernel, the following vulnerability has been resolved: media: pci: cx23885: check cx23885vdevinit return cx23885vdevinit can return a NULL pointer, but that pointer is used in the next line without a check. Add a NULL pointer check and go to the error unwind if it is NULL...

Ubuntu 22.04 LTS : Linux kernel vulnerabilities (USN-7005-2)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7005-2 advisory. Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to caus...

USN-6819-2: Linux kernel vulnerabilities

Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this to cause a denial of service system crash. CVE-2023-6356, CVE-2023-6535, CVE-2023-6536 Chenyuan...

Ubuntu 23.10 : Linux kernel vulnerabilities (USN-6819-2)

The remote Ubuntu 23.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6819-2 advisory. Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference...