Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990469)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990469 advisory. In the Linux kernel, the following vulnerability has been resolved: phy: qcom-qmp: fix struct clk leak on probe errors Make sure to release the pipe clock reference ...

CVE-2025-12683

The service employed by Everything, running as SYSTEM, communicates with the lower privileged Everything GUI via a named pipe. The named pipe has a NULL DACL and thus provides all users full permission over it; leading to potential Service Denial Of Service or Privilege escalationonly if chained...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989587)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989587 advisory. In the Linux kernel, the following vulnerability has been resolved: can: mcbausb: properly check endpoint type Syzbot reported warning in usbsubmiturb which is cause...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989523)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989523 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/msm/mdp5: Return error code in mdp5piperelease when deadlock is detected mdp5getglobalstate...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989326)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989326 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check pipe offset before setting vblank pipectx has a size of MAXPIPES so checki...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989178)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989178 advisory. In the Linux kernel, the following vulnerability has been resolved: phy: qcom-qmp: fix struct clk leak on probe errors Make sure to release the pipe clock reference ...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989066)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989066 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/msm/mdp5: Return error code in mdp5piperelease when deadlock is detected mdp5getglobalstate...

CVE-2025-12683

The service employed by Everything, running as SYSTEM, communicates with the lower privileged Everything GUI via a named pipe. The named pipe has a NULL DACL and thus provides all users full permission over it; leading to potential Service Denial Of Service or Privilege escalationonly if chained...

CVE-2025-12683 NULL DACL assigned to Named Pipe communicating with SYSTEM Service

The service employed by Everything, running as SYSTEM, communicates with the lower privileged Everything GUI via a named pipe. The named pipe has a NULL DACL and thus provides all users full permission over it; leading to potential Service Denial Of Service or Privilege escalationonly if chained...

CVE-2025-12683

Summary: CVE-2025-12683 affects the Everything software stack where a service (running as SYSTEM) communicates with the Everything GUI over a named pipe that has a NULL DACL. This configuration grants all users full permissions on the named pipe, enabling potential privilege escalation for a loca...

CVE-2025-12683 NULL DACL assigned to Named Pipe communicating with SYSTEM Service

The service employed by Everything, running as SYSTEM, communicates with the lower privileged Everything GUI via a named pipe. The named pipe has a NULL DACL and thus provides all users full permission over it; leading to potential Service Denial Of Service or Privilege escalationonly if chained...

PT-2025-44963

Name of the Vulnerable Software and Affected Versions Everything affected versions not specified Description The service used by Everything, running with SYSTEM privileges, communicates with the Everything GUI using a named pipe. This named pipe has a NULL Discretionary Access Control List DACL,...

Everything 安全漏洞

Everything is a file search software from Everything open source. A security vulnerability exists in Everything that stems from a named pipe having a NULL DACL, which could lead to a denial-of-service attack or elevation of privilege by a local, low-privileged user...

SUSE CVE-2025-40090

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix recursive locking in RPC handle list access Since commit 305853cce3794 "ksmbd: Fix race condition in RPC handle list access", ksmbdsessionrpcmethod attempts to lock sess-rpclock. This causes hung connections / tasks wh...

Linux Distros Unpatched Vulnerability : CVE-2025-40090

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix recursive locking in RPC handle list access Since commit 305853cce3794 ksmbd: Fix...

EUVD-2025-36988

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix recursive locking in RPC handle list access Since commit 305853cce3794 "ksmbd: Fix race condition in RPC handle list access", ksmbdsessionrpcmethod attempts to lock sess-rpclock. This causes hung connections / tasks wh...

PT-2025-44380

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel’s ksmbd component contains a flaw related to recursive locking within RPC handle list access. Specifically, the ksmbd session rpc method function attempts to lock sess-r...

Exploit for Race Condition in Canonical Ubuntu_Linux

KernelPWNED - Kernel Exploit Suggester A lightweight, fast ke...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987683)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987683 advisory. In the Linux kernel, the following vulnerability has been resolved: phy: qcom-qmp: fix struct clk leak on probe errors Make sure to release the pipe clock reference ...

There is an OS command injection vulnerability in Ruby Rake < 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character `|`.

...