CVE-2022-49537 scsi: lpfc: Fix call trace observed during I/O with CMF enabled

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix call trace observed during I/O with CMF enabled The following was seen with CMF enabled: BUG: using smpprocessorid in preemptible code: systemd-udevd/31711 kernel: caller is lpfcupdatecmfcmd+0x214/0x420 lpfc kerne...

CVE-2022-49391

CVE-2022-49391 — Linux kernel remoteproc mtk_scp double free . The issue concerns the removal path for scp->rproc: it is allocated via devm_rproc_alloc(), so an explicit free in the remove function was unnecessary. The vulnerabilities describe a potential double free in the mtk_scp remoteproc ...

CVE-2022-49203 drm/amd/display: Fix double free during GPU reset on DC streams

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix double free during GPU reset on DC streams Why The issue only occurs during the GPU reset code path. We first backup the current state prior to commiting 0 streams internally from DM to DC. This state backup...

jq 安全漏洞

jq is a lightweight and flexible command-line JSON processor from jqlang open source. A security vulnerability exists in jq v1.7.1, which stems from a stack buffer overflow in the decNumberCopy function...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the devicepmcheckcallbacks function not saving CPU flags under spin lock, which could lead to inconsistent C...

CLSA-2025-1740470712 linux-firmware: Fix of 2 CVEs

Update AMD SEV CPU firmware to address CVE-2023-31356, CVE-2023-20584...

PT-2025-18414

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A resource leak has been identified in the Linux kernel related to the system companion processor SCP on Mediatek devices. The issue arises during firmware initialization when the mtk sc...

The vulnerability of the AmdPspP2CmboxV2 driver of AMD’s microprogramming software allows a hacker to execute arbitrary code.

The vulnerability of the AmdPspP2CmboxV2 microprogramming software driver for AMD processors is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

bind: bind9: Many records in the additional section cause CPU exhaustion

A flaw was found in the bind package where a crafted DNS zone may generate numerous records in the 'Additional' section of the response. This flaw allows an attacker to send a large amount of such queries, which may lead either the authoritative server or an independent resolver to run into an...

bind: bind9: Many records in the additional section cause CPU exhaustion

A flaw was found in the bind package where a crafted DNS zone may generate numerous records in the 'Additional' section of the response. This flaw allows an attacker to send a large amount of such queries, which may lead either the authoritative server or an independent resolver to run into an...

bind: bind9: Many records in the additional section cause CPU exhaustion

A flaw was found in the bind package where a crafted DNS zone may generate numerous records in the 'Additional' section of the response. This flaw allows an attacker to send a large amount of such queries, which may lead either the authoritative server or an independent resolver to run into an...

bind: bind9: Many records in the additional section cause CPU exhaustion

A flaw was found in the bind package where a crafted DNS zone may generate numerous records in the 'Additional' section of the response. This flaw allows an attacker to send a large amount of such queries, which may lead either the authoritative server or an independent resolver to run into an...

ROS-20250219-01

A vulnerability in Intel Xeon processors is related to a bug in hardware logic. Exploitation of the vulnerability could allow an attacker to cause a denial of service Intel Xeon processor vulnerability is related to incorrect error handling in Intel SGX. Exploitation exploitation of the...

The vulnerability of the AmdPlatformRasSspSmm driver of AMD’s microprogramming software allows a hacker to execute arbitrary code.

The vulnerability of the AmdPlatformRasSspSmm microprogramming software driver for AMD processors is related to deficiencies in access control. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

CVE-2024-36293

Improper access control in the EDECCSSA user leaf function for some IntelR Processors with IntelR SGX may allow an authenticated user to potentially enable denial of service via local access...

CVE-2024-46922

An issue was discovered in Samsung Mobile Processor Exynos 1480 and 2400. The absence of a null check leads to a Denial of Service at amdgpucsparserbos in the Xclipse Driver...

CVE-2024-46923

An issue was discovered in Samsung Mobile Processor Exynos 2200, 1480, and 2400. The absence of a null check leads to a Denial of Service at amdgpucsibfill in the Xclipse Driver...

CVE-2023-34212

The JndiJmsConnectionFactoryProvider Controller Service, along with the ConsumeJMS and PublishJMS Processors, in Apache NiFi 1.8.0 through 1.21.0 allow an authenticated and authorized user to configure URL and library properties that enable deserialization of untrusted data from a remote location...

ROS-20250214-05

Intel Xeon processors vulnerability is related to a data protection mechanism violation. Exploitation of the vulnerability could allow an attacker to escalate privileges Vulnerability in SMI transfer monitor STM hypervisor of Intel processors firmware is related to to an improper workflow...

CVE-2024-27374

An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsinanpublishgetnlparams, there is no input validation check on halreq-servicespecificinfolen coming from userspace, which can lead to a heap overwrite...