SUSE CVE-2025-38187

In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: fix a use-after-free in r535gsprpcpush The RPC container is released after being passed to r535gsprpcsend. When sending the initial fragment of a large RPC and passing the caller's RPC container, the container will b...

AZL-70430 CVE-2025-38234 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: sched/rt: Fix race in pushrttask Overview ======== When a CPU chooses to call pushrttask and picks a task to push to another CPU's runqueue then it will call findlocklowestrq method which would take a double lock on both CPUs'...

CVE-2025-38234

In the Linux kernel, the following vulnerability has been resolved: sched/rt: Fix race in pushrttask Overview ======== When a CPU chooses to call pushrttask and picks a task to push to another CPU's runqueue then it will call findlocklowestrq method which would take a double lock on both CPUs'...

DEBIAN-CVE-2025-38187

In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: fix a use-after-free in r535gsprpcpush The RPC container is released after being passed to r535gsprpcsend. When sending the initial fragment of a large RPC and passing the caller's RPC container, the container will b...

UBUNTU-CVE-2025-38187

In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: fix a use-after-free in r535gsprpcpush The RPC container is released after being passed to r535gsprpcsend. When sending the initial fragment of a large RPC and passing the caller's RPC container, the container will b...

UBUNTU-CVE-2025-38234

In the Linux kernel, the following vulnerability has been resolved: sched/rt: Fix race in pushrttask Overview ======== When a CPU chooses to call pushrttask and picks a task to push to another CPU's runqueue then it will call findlocklowestrq method which would take a double lock on both CPUs'...

CVE-2025-5924

The WP Firebase Push Notification plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.0. This is due to missing or incorrect nonce validation on the wfpnbrodcastnotificationmessage function. This makes it possible for unauthenticated attacker...

CVE-2025-5924

CVE-2025-5924 concerns the WP Firebase Push Notification WordPress plugin (versions

CVE-2025-5924 WP Firebase Push Notification <= 1.2.0 - Cross-Site Request Forgery to Broadcast Notification

The WP Firebase Push Notification plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.0. This is due to missing or incorrect nonce validation on the wfpnbrodcastnotificationmessage function. This makes it possible for unauthenticated attacker...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the presence of a race condition in pushrttask, which could lead to inconsistent task states...

WordPress plugin WP Firebase Push Notification 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

web-push crate 安全漏洞

web-push crate is a library for Rust by the individual developer Julius de Bruijn. A security vulnerability exists in web-push crate versions prior to 0.10.3, which stems from a large integer in the Content-Length header that could lead to a denial of service...

PT-2025-27841 · WordPress · Wp Firebase Push Notification

Name of the Vulnerable Software and Affected Versions: WP Firebase Push Notification plugin for WordPress versions prior to 1.2.1 Description: The issue is due to missing or incorrect nonce validation on the wfpn brodcast notification message function, making it possible for unauthenticated...

AZL-72760 CVE-2025-38166 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: bpf: fix ktls panic with sockmap 2172.936997 ------------ cut here ------------ 2172.936999 kernel BUG at lib/ioviter.c:629! ...... 2172.944996 PKRU: 55555554 2172.945155 Call Trace: 2172.945299 2172.945428 ? die+0x36/0x90...

PT-2025-33558

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A race condition exists between the spsc queue push function and the run-job worker, potentially causing job scheduling to halt and leading to hangs while waiting on DMA fences. This...

kernel: sched/rt: Fix race in push_rt_task

In the Linux kernel, the following vulnerability has been resolved: sched/rt: Fix race in pushrttask Overview ======== When a CPU chooses to call pushrttask and picks a task to push to another CPU's runqueue then it will call findlocklowestrq method which would take a double lock on both CPUs'...

UBUNTU-CVE-2022-49973

In the Linux kernel, the following vulnerability has been resolved: skmsg: Fix wrong last sg check in skmsgrecvmsg Fix one kernel NULL pointer dereference as below: 224.462334 Call Trace: 224.462394 tcpbpfrecvmsg+0xd3/0x380 224.462441 ? sockhasperm+0x78/0xa0 224.462463 tcpbpfrecvmsg+0x12e/0x220...

TencentOS Server 3: curl (TSSA-2024:0408)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0408 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

The vulnerability of the virtio-scsi, virtio-blk, and virtio-crypt components of the QEMU hardware emulation driver’s virtqueue_push() function allows a attacker to disclose sensitive information.

The vulnerability of the virtio-scsi, virtio-blk, and virtio-crypt components of the QEMU hardware emulation driver’s virtqueuepush function is related to insufficient protection of service data. Exploiting this vulnerability can allow an attacker to disclose protected information through the...

kernel: sched/rt: Fix race in push_rt_task

In the Linux kernel, the following vulnerability has been resolved: sched/rt: Fix race in pushrttask Overview ======== When a CPU chooses to call pushrttask and picks a task to push to another CPU's runqueue then it will call findlocklowestrq method which would take a double lock on both CPUs'...