kernel: mm/page_alloc: clear page->private in free_pages_prepare()

A flaw was found in the Linux kernel's memory management subsystem. When pages are freed, the page-private field is not properly cleared. If these pages are later reallocated as high-order pages and split, the tail pages can retain stale page-private values. This can lead to a use-after-free...

Linux Distros Unpatched Vulnerability : CVE-2026-43303

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mm/pagealloc: clear page-private in freepagesprepare Several subsystems slub, shmem, ttm, etc. use page-private but don't clear it before freeing pages. When...

CVE-2025-68167

In the Linux kernel, the following vulnerability has been resolved: gpiolib: fix invalid pointer access in debugfs If the memory allocation in gpiolibseqstart fails, the s-private field remains uninitialized and is later dereferenced without checking in gpiolibseqstop. Initialize s-private to NUL...

CVE-2025-68167

In the Linux kernel, the following vulnerability has been resolved: gpiolib: fix invalid pointer access in debugfs If the memory allocation in gpiolibseqstart fails, the s-private field remains uninitialized and is later dereferenced without checking in gpiolibseqstop. Initialize s-private to NUL...

CVE-2025-68167 gpiolib: fix invalid pointer access in debugfs

In the Linux kernel, the following vulnerability has been resolved: gpiolib: fix invalid pointer access in debugfs If the memory allocation in gpiolibseqstart fails, the s-private field remains uninitialized and is later dereferenced without checking in gpiolibseqstop. Initialize s-private to NUL...

Malicious code in sonic-ijos-aaaf (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 67f73621e614fb3c63feaf4177bc8ae9890f8b437d21bae59b357ea17e0a5fda This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

kernel: fs: fix UAF/GPF bug in nilfs_mdt_destroy

In the Linux kernel, the following vulnerability has been resolved: fs: fix UAF/GPF bug in nilfsmdtdestroy In allocinode, inodeinitalways could return -ENOMEM if securityinodealloc fails, which causes inode-iprivate uninitialized. Then nilfsismetadatafileinode returns true and nilfsfreeinode...

MAL-2025-57038 Malicious code in joko-lepet19-sukiwir (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a2f078c27458898d3991f8bcdb86c860c30e5140213db8b9adb256f2c763cae1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-54416 Malicious code in putri-rojak84-sukiwir (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7d52308bcc58e389356ea7c635ad0c3d7cb4d1be4644ea7b952183a8009722bd This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from accessing rproc-priv before the ISERRORNULL check, which could result in a null pointer dereference...

EUVD-2025-32762

In the Linux kernel, the following vulnerability has been resolved: perf trace: Really free the evsel-priv area In 3cb4d5e00e037c70 "perf trace: Free syscall tp fields in evsel-priv" it only was freeing if strcmpevsel-tpformat-system, "syscalls" returned zero, while the corresponding initializati...

CVE-2023-34235

Strapi is an open-source headless content management system. Prior to version 4.10.8, it is possible to leak private fields if one is using the tnumber prefix. Knex query allows users to change the default prefix. For example, if someone changes the prefix to be the same as it was before or to...

ForgeRock OpenIDM 安全漏洞

ForgeRock OpenIDM is an identity management system from ForgeRock USA. A security vulnerability exists in ForgeRock OpenIDM that stems from improper input validation of query search results for private field data, allowing an attacker to cause an information disclosure through the use of...

SUSE CVE-2023-52639

In the Linux kernel, the following vulnerability has been resolved: KVM: s390: vsie: fix race during shadow creation Right now it is possible to see gmap-private being zero in kvms390vsiegmapnotifier resulting in a crash. This is due to the fact that we add gmap-private == kvm after creation:...

DEBIAN-CVE-2023-52639

In the Linux kernel, the following vulnerability has been resolved: KVM: s390: vsie: fix race during shadow creation Right now it is possible to see gmap-private being zero in kvms390vsiegmapnotifier resulting in a crash. This is due to the fact that we add gmap-private == kvm after creation:...

CVE-2023-52639

In the Linux kernel, the following vulnerability has been resolved: KVM: s390: vsie: fix race during shadow creation Right now it is possible to see gmap-private being zero in kvms390vsiegmapnotifier resulting in a crash. This is due to the fact that we add gmap-private == kvm after creation:...

CVE-2023-52639

CVE-2023-52639 affects the Linux kernel KVM s390: vsie shadow creation. The issue is a race where gmap->private can be observed as zero in kvm_s390_vsie_gmap_notifier due to adding gmap->private == kvm after creation. The root cause is a race during shadow creation in acquire_gmap_shadow(),...

CVE-2023-52639 KVM: s390: vsie: fix race during shadow creation

In the Linux kernel, the following vulnerability has been resolved: KVM: s390: vsie: fix race during shadow creation Right now it is possible to see gmap-private being zero in kvms390vsiegmapnotifier resulting in a crash. This is due to the fact that we add gmap-private == kvm after creation:...

Keystone-5 信息泄露漏洞

Keystone-5 is open source an extensible platform . It is used to rapidly create highly customizable CMS and APIs. is a complete re-imagining of the future of KeystoneJS. Keystone-5 suffers from an information disclosure vulnerability that can directly or indirectly disclose the value of a private...