kernel: scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq

In the Linux kernel, the following vulnerability has been resolved: scsi: storvsc: Remove WQMEMRECLAIM from storvscerrorwq storvscerrorwq workqueue should not be marked as WQMEMRECLAIM as it doesn't need to make forward progress under memory pressure. Marking this workqueue as WQMEMRECLAIM may...

kernel: nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags

A flaw was found in the nvme module in the Linux kernel. A NULL pointer dereference can be triggered due to improper error management when the blkmqinitqueue function fails to set up the queue, resulting in a denial of service...

kernel: md/raid0, raid10: Don't set discard sectors for request queue

In the Linux kernel, the following vulnerability has been resolved: md/raid0, raid10: Don't set discard sectors for request queue It should use diskstacklimits to get a proper maxdiscardsectors rather than setting a value by stack drivers. And there is a bug. If all member disks are rotational...

kernel: netfilter: flowtable_offload: fix using __this_cpu_add in preemptible

In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtableoffload: fix using thiscpuadd in preemptible flowoffloadqueuework can be called in workqueue without bh disabled, like the call trace showed in my actct testing, calling NFFLOWTABLESTATINC there would cause a...

kernel: wifi: mac80211: fix queue selection for mesh/OCB interfaces

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix queue selection for mesh/OCB interfaces When using iTXQ, the code assumes that there is only one vif queue for broadcast packets, using the BE queue. Allowing non-BE queue marking violates that assumption and...

kernel: net: stmmac: fix dma queue left shift overflow issue

In the Linux kernel, the following vulnerability has been resolved: net: stmmac: fix dma queue left shift overflow issue When queue number is 4, left shift overflows due to 32 bits integer variable. Mask calculation is wrong for MTLRXQDMAMAP1. If CONFIGUBSAN is enabled, kernel dumps below warning...

kernel: block: Fix possible memory leak for rq_wb on add_disk failure

In the Linux kernel, the following vulnerability has been resolved: block: Fix possible memory leak for rqwb on adddisk failure kmemleak reported memory leaks in deviceadddisk: kmemleak: 3 new suspected memory leaks unreferenced object 0xffff88800f420800 size 512: comm "modprobe", pid 4275, jiffi...

kernel: driver core: fix deadlock in __device_attach

In the Linux kernel, the following vulnerability has been resolved: driver core: fix deadlock in deviceattach In deviceattach function, The lock holding logic is as follows: ... deviceattach devicelockdev // get lock dev asyncscheduledevdeviceattachasynchelper, dev; // func asyncschedulenode...

PT-2025-41059

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel’s block management queue blk-mq subsystem where a double queue rq call can occur due to early timeouts. This can be triggered in virtual machine use cas...

EasyTor 安全漏洞

EasyTor is a unique queue management system. A security vulnerability exists in EasyTor that originates from allowing authorization to be bypassed via an unspecified method...

Fuzztruction - Prototype Of A Fuzzer That Does Not Directly Mutate Inputs (As Most Fuzzers Do) But Instead Uses A So-Called Generator Application To Produce An Input For Our Fuzzing Target

Fuzztruction is an academic prototype of a fuzzer that does not directly mutate inputs as most fuzzers do but instead uses a so-called generator application to produce an input for our fuzzing target. As programs generating data usually produce the correct representation, our fuzzer mutates the...

CVE-2023-26285

IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS could allow a remote attacker to cause a denial of service due to an error processing invalid data. IBM X-Force ID: 248418...

High Reentrancy Withdrawals can be frontrun

Lines of code Vulnerability details Impact A reentrancy attack on the withdrawal functions could allow an attacker to drain the contract of all funds by repeatedly calling the functions faster than transactions can complete. By calling completeQueuedWithdrawal and withdrawBeaconChainETH multiple...

Slashing can be frontrunned

Lines of code Vulnerability details Proof of Concept When attempting to withdraw funds, the user calls queueWithdrawal first. queueWithdrawal checks that the caller is not frozen, then marks the withdrawal as pending. function queueWithdrawal uint256 calldata strategyIndexes, IStrategy calldata...

Users can queue a withdrawal and potentially withdraw completely if PAUSED_EIGENPODS_VERIFY_OVERCOMMITTED = false

Lines of code Vulnerability details Impact Users can queue a withdrawal and potentially withdraw completely if PAUSEDEIGENPODSVERIFYOVERCOMMITTED = false Proof of Concept We need to look at two functions. The first one is function verifyOvercommittedStake uint40 validatorIndex,...

CVE-2023-1090

The SMTP Mailing Queue WordPress plugin before 2.0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2023-1090

The SMTP Mailing Queue WordPress plugin before 2.0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

Cross site scripting

The SMTP Mailing Queue WordPress plugin before 2.0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

OPENSUSE-SU-2023:0101-1 Security update for pdns-recursor

This update for pdns-recursor fixes the following issues: pdns-recursor was updated to 4.6.6: fixes deterred spoofing attempts can lead to authoritative servers being marked unavailable boo1209897, CVE-2023-26437 Fixes in 4.6.5: When an expired NSEC3 entry is seen, move it to the front of the...

CVE-2023-1090

CVE-2023-1090 affects the WordPress plugin SMTP Mailing Queue, where versions before 2.0.1 fail to sanitize/escape certain settings, enabling stored XSS by high-privilege users (e.g., admin) even if unfiltered_html is disallowed (multisite). Impact is described as Stored XSS with potential user i...