Oracle Linux 8 / 9 : Unbreakable Enterprise kernel (ELSA-2025-20552)

The remote Oracle Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-20552 advisory. - usb: typec: displayport: Fix potential deadlock Andrei Kuchynski Orabug: 38309912 CVE-2025-38404 - i2c/designware: Fix an initialization issue...

CVE-2025-7709

An integer overflow exists in the FTS5 https://sqlite.org/fts5.html extension. It occurs when the size of an array of tombstone pointers is calculated and truncated into a 32-bit integer. A pointer to partially controlled data can then be written out of bounds...

CVE-2025-7709

An integer overflow exists in the FTS5 https://sqlite.org/fts5.html extension. It occurs when the size of an array of tombstone pointers is calculated and truncated into a 32-bit integer. A pointer to partially controlled data can then be written out of bounds...

DEBIAN-CVE-2025-7709

An integer overflow exists in the FTS5 https://sqlite.org/fts5.html extension. It occurs when the size of an array of tombstone pointers is calculated and truncated into a 32-bit integer. A pointer to partially controlled data can then be written out of bounds...

UBUNTU-CVE-2025-7709

An integer overflow exists in the FTS5 https://sqlite.org/fts5.html extension. It occurs when the size of an array of tombstone pointers is calculated and truncated into a 32-bit integer. A pointer to partially controlled data can then be written out of bounds...

CVE-2025-7709 Out Of Bounds write in FTS5 Extension in SQLite

An integer overflow exists in the FTS5 https://sqlite.org/fts5.html extension. It occurs when the size of an array of tombstone pointers is calculated and truncated into a 32-bit integer. A pointer to partially controlled data can then be written out of bounds...

CVE-2025-7709 Out Of Bounds write in FTS5 Extension in SQLite

An integer overflow exists in the FTS5 https://sqlite.org/fts5.html extension. It occurs when the size of an array of tombstone pointers is calculated and truncated into a 32-bit integer. A pointer to partially controlled data can then be written out of bounds...

CVE-2025-7709

CVE-2025-7709 affects the SQLite FTS5 extension. The issue is an integer overflow when sizing an array of tombstone pointers, truncating a 64-bit size to 32-bit and enabling a write beyond allocated bounds to partially controlled data. Public records reference SQLite

cJSON 1.5.0 through 1.7.18 allows out-of-bounds access via the decode_array_index_from_pointer function in cJSON_Utils.c, allowing remote attackers to bypass array bounds checking and access restricted data via malformed JSON pointer strings containing alphanumeric characters.

...

Linux Distros Unpatched Vulnerability : CVE-2025-39676

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - scsi: qla4xxx: Prevent a potential error pointer dereference The qla4xxxgetepfwdb function is supposed to return NULL on error, but qla4xxxepconnect returns err...

PT-2025-36389

Name of the Vulnerable Software and Affected Versions: AMD Graphics Driver affected versions not specified Description: Improper input validation in the AMD Graphics Driver could allow an attacker to supply a specially crafted pointer, potentially leading to arbitrary writes or denial of service...

DEBIAN-CVE-2025-39676

In the Linux kernel, the following vulnerability has been resolved: scsi: qla4xxx: Prevent a potential error pointer dereference The qla4xxxgetepfwdb function is supposed to return NULL on error, but qla4xxxepconnect returns error pointers. Propagating the error pointers will lead to an Oops in t...

CVE-2025-39676

In the Linux kernel, the following vulnerability has been resolved: scsi: qla4xxx: Prevent a potential error pointer dereference The qla4xxxgetepfwdb function is supposed to return NULL on error, but qla4xxxepconnect returns error pointers. Propagating the error pointers will lead to an Oops in t...

CVE-2025-39676

CVE-2025-39676 affects the Linux kernel in the SCSI qla4xxx path. The issue arises because qla4xxx_ep_connect() can return error pointers, while qla4xxx_get_ep_fwdb() is expected to return NULL on error; propagating error pointers leads to an Oops in the caller. The fix changes error pointers to ...

OESA-2025-2132 libssh security update

The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, transfer files, use a secure and transparent tunnel for your remote...

scsi: lpfc: Validate hdwq pointers before dereferencing in reset/errata paths

...

rose: fix dangling neighbour pointers in rose_rt_device_down()

...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from the AVX-512 state function not checking for NULL pointers...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from hfs not checking for tree pointer null pointers...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from the stacktop function not checking for ABI null pointers...