kernel: scsi: smartpqi: Fix smp_processor_id() call trace for preemptible kernels

In the Linux kernel, the following vulnerability has been resolved: scsi: smartpqi: Fix smpprocessorid call trace for preemptible kernels Correct kernel call trace when calling smpprocessorid when called in preemptible kernels by using rawsmpprocessorid. smpprocessorid checks to see if preemption...

kernel: mm: zswap: properly synchronize freeing resources during CPU hotunplug

In the Linux kernel, the following vulnerability has been resolved: mm: zswap: properly synchronize freeing resources during CPU hotunplug In zswapcompress and zswapdecompress, the per-CPU acompctx of the current CPU at the beginning of the operation is retrieved and used throughout. However, sin...

kernel: scsi: smartpqi: Fix smp_processor_id() call trace for preemptible kernels

In the Linux kernel, the following vulnerability has been resolved: scsi: smartpqi: Fix smpprocessorid call trace for preemptible kernels Correct kernel call trace when calling smpprocessorid when called in preemptible kernels by using rawsmpprocessorid. smpprocessorid checks to see if preemption...

Oracle Linux 9 : kernel (ELSA-2025-19930)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-19930 advisory. - x86/vmscape: Add old Intel CPUs to affected list Waiman Long RHEL-114270 CVE-2025-40300 - x86/vmscape: Warn when STIBP is disabled with SMT Waiman...

PT-2025-46405

Name of the Vulnerable Software and Affected Versions IntelR Processor Identification Utility versions prior to 8.0.43 Description The IntelR Processor Identification Utility, before version 8.0.43, has incorrect default permissions within Ring 3, potentially allowing an escalation of privilege. ...

Intel® Processor Identification Utility Software Advisory

Summary: Potential security vulnerabilities in some Intel® Processor Identification Utility software may allow escalation of privilege. Intel is releasing software updates to mitigate these potential vulnerabilities. Vulnerability Details: CVEID: CVE-2025-20010 Description: Use of unmaintained...

Intel Processor Identification Utility 安全漏洞

Intel Processor Identification Utility is a processor identification utility from Intel Corporation USA. The program supports the display of graphics information, chipset information, processor supported technologies, and other information. A security vulnerability exists in Intel Processor...

ZOHO ManageEngine OpManager 安全漏洞

ZOHO ManageEngine OpManager is a comprehensive network monitoring software from ZOHO. It is used to manage routers, firewalls, servers, switches and printers. A cross-site scripting vulnerability exists in ZOHO ManageEngine OpManager, no detailed vulnerability details are available at this time...

PT-2025-46342

Zohocorp ManageEngine OpManager versions 128609 and below are vulnerable to Stored XSS Vulnerability in the SNMP trap processor...

Intel Processor Identification Utility 安全漏洞

Intel Processor Identification Utility is a processor identification utility from Intel Corporation USA. The program supports the display of graphics information, chipset information, processor supported technologies, and other information. A security vulnerability exists in Intel Processor...

PT-2025-46425

Name of the Vulnerable Software and Affected Versions IntelR Processor Identification Utility versions prior to 8.0.43 Description An uncontrolled search path exists in the IntelR Processor Identification Utility before version 8.0.43. This issue, occurring within Ring 3 User Applications, may...

Incorrect Secure Flag Usage in Versal™ Adaptive SoC Arm® Trusted Firmware

Summary The Secure Flag passed to Versal™ Adaptive SoC’s Arm Trusted Firmware for Cortex®-A processors TF-A for Arm’s Power State Coordination Interface PSCI commands were incorrectly set to secure instead of using the processor’s actual security state. This would allow the PSCI requests to appea...

Intel SoC Thermal Innovation Platform Framework Extension Provider 代码问题漏洞

Intel SoC Thermal Innovation Platform Framework Extension Provider is a thermal framework software driver from Intel Corporation USA. A code issue vulnerability exists in versions prior to Intel SoC Thermal Innovation Platform Framework Extension Provider 03.03.1002, which stems from an unquoted...

Intel Processor Identification Utility 代码问题漏洞

Intel Processor Identification Utility is a processor identification utility from Intel Corporation USA. The program supports the display of graphics information, chipset information, processor supported technologies, and other information. A code issue vulnerability exists in Intel Processor...

PT-2025-46378

Name of the Vulnerable Software and Affected Versions IntelR Processor Identification Utility versions prior to 8.0.43 Description The software uses unmaintained third-party components which may allow an escalation of privilege. A system software adversary with an authenticated user and a low...

CVE-2025-64509 Bugsink vulnerable to unauthenticated remote DoS via crafted Brotli input (via CPU)

Bugsink is a self-hosted error tracking tool. In versions prior to 2.0.6, a specially crafted Brotli-compressed envelope can cause Bugsink to spend excessive CPU time in decompression, leading to denial of service. This can be done if the DSN is known, which it is in many common setups JavaScript...

USN-7866-1 intel-microcode vulnerabilities

Barak Gross discovered that some Intel® Xeon® processors with SGX enabled did not properly handle buffer restrictions. A local authenticated user could potentially use this issue to escalate their privileges. CVE-2025-20053 Avinash Maddy discovered that some Intel® processors did not properly...

Parameter-parsing Bypass

Rack is vulnerable to a parameter-parsing Bypass. The vulnerability is due to Rack::QueryParser enforcing its paramslimit only for parameters separated by & while still splitting on both & and ;, which allows an attacker to bypass the parameter count limit by using ; separators to submit excessiv...

Moderate: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: information leak via transient execution vulnerability in some AMD processors CVE-2024-36350 kernel: transient execution vulnerability in some AMD processors CVE-2024-36357 kernel:...

CVE-2025-61724

The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption...