Fedora 43 : linux-firmware (2026-16c8693020)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-16c8693020 advisory. Update to 20260519: ASoC: tas2783: Add Firmware files for tas2783A projects add firmware for MT7927 WiFi device Add HP ISH firmware for Intel Panther Lake...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: Firmware: qcom: uefisecapp: fixed the race condition in efivars registration. Since the transition to using the TZ allocator, the efivars service is registered before the memory pool has been allocated. This can lead to a NULL...

Fedora 42 : linux-firmware (2025-a45a370014)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-a45a370014 advisory. Update to 20251125: Revert amdgpu: update GC 11.0.1 firmware QCA: Add Bluetooth firmware for WCN685x uart interface qcom: Add ADSP firmware for...

Fedora 43 : linux-firmware (2025-698dc1bbfa)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-698dc1bbfa advisory. Update to 20251125: Revert amdgpu: update GC 11.0.1 firmware QCA: Add Bluetooth firmware for WCN685x uart interface qcom: Add ADSP firmware for...

CVE-2025-40113

CVE-2025-40113 concerns the Linux kernel remoteproc/qcom PAS handling for the X1E ADSP, where the lite DTB firmware was left running after preparing to load new ADSP firmware. The issue stemmed from not shutting down the lite_dtb_pas_id for the DTB, leaving a memory region (&adsp_boot_dtb_mem) ac...

firmware: qcom: scm: smc: Handle missing SCM device

...

PT-2025-50082

Name of the Vulnerable Software and Affected Versions Qualcomm embedded platform firmware affected versions not specified Description An information disclosure issue exists when processing system calls with invalid parameters. The issue is related to an unreliable pointer dereference in the...

PT-2025-50083

Name of the Vulnerable Software and Affected Versions Qualcomm embedded platform firmware affected versions not specified Description A flaw exists in the Qualcomm embedded platform firmware related to improper pointer dereferencing during IOCTL processing. This issue can lead to a denial of...

Linux Distros Unpatched Vulnerability : CVE-2025-37918

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btusb: avoid NULL pointer dereference in skbdequeue A NULL pointer dereference ca...

Linux Distros Unpatched Vulnerability : CVE-2024-46868

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: firmware: qcom: uefisecapp: Fix deadlock in qcuefiacquire If the qcuefi pointer is not set,...

PT-2025-28434 · Qualcomm · 215 Mobile Firmware +241

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: A transient denial-of-service DOS issue occurs when importing a PKCS8-encoded RSA private key that has a zero-sized modulus. Recommendations: At the moment, there is no information about a...

USN-7605-2: Linux kernel (Low Latency) vulnerabilities

It was discovered that the CIFS network file system implementation in the Linux kernel did not properly verify the target namespace when handling upcalls. An attacker could use this to expose sensitive information. CVE-2025-2312 Several security issues were discovered in the Linux kernel. An...

PT-2025-50084

Name of the Vulnerable Software and Affected Versions Qualcomm embedded platform firmware affected versions not specified Description A flaw exists in the Qualcomm embedded platform firmware related to an integer overflow. Exploitation may allow an attacker to cause a denial-of-service condition...

PT-2025-50081

Name of the Vulnerable Software and Affected Versions Qualcomm embedded platform firmware affected versions not specified Description An issue exists in Qualcomm embedded platform firmware related to the disclosure of system data to a controlled area. Exploitation of this issue may allow an...

USN-7521-3 linux-lowlatency, linux-lowlatency-hwe-6.11, linux-oracle vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - x86 architecture; - Block layer subsystem; - Serial ATA and Parallel...

CVE-2019-2343

Out of bound read and information disclosure in firmware due to insufficient checking of an embedded structure that can be sent from a kernel driver in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon...

kernel: Bluetooth: qca: add missing firmware sanity checks

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: qca: add missing firmware sanity checks Add the missing sanity checks when parsing the firmware files before downloading them to avoid accessing and corrupting memory beyond the vmalloced buffer...

kernel: firmware: qcom: scm: smc: Handle missing SCM device

In the Linux kernel, the following vulnerability has been resolved: firmware: qcom: scm: smc: Handle missing SCM device Commit ca61d6836e6f "firmware: qcom: scm: fix a NULL-pointer dereference" makes it explicit that qcomscmgettzmempool can return NULL, therefore its users should handle this...

Exploit for Classic Buffer Overflow in Qualcomm Qca9367_Firmware

CVE-2024-53027-WIP Work in Progress for POC CVE-2024-53027:...

SUSE CVE-2024-57852

In the Linux kernel, the following vulnerability has been resolved: firmware: qcom: scm: smc: Handle missing SCM device Commit ca61d6836e6f "firmware: qcom: scm: fix a NULL-pointer dereference" makes it explicit that qcomscmgettzmempool can return NULL, therefore its users should handle this...