AZL-68483 CVE-2025-39972 affecting package kernel for versions less than 6.6.112.1-1

In the Linux kernel, the following vulnerability has been resolved: i40e: fix idx validation in i40evalidatequeuemap Ensure idx is within range of active/initialized TCs when iterating over vf-chidx in i40evalidatequeuemap...

UBUNTU-CVE-2025-39972

In the Linux kernel, the following vulnerability has been resolved: i40e: fix idx validation in i40evalidatequeuemap Ensure idx is within range of active/initialized TCs when iterating over vf-chidx in i40evalidatequeuemap...

UBUNTU-CVE-2025-39973

In the Linux kernel, the following vulnerability has been resolved: i40e: add validation for ringlen param The ringlen parameter provided by the virtual function VF is assigned directly to the hardware memory context HMC without any validation. To address this, introduce an upper boundary check f...

CVE-2025-39999

The CVE-2025-39999 issue affects the Linux kernel’s blk-mq path, where tags growth via the sysfs nr_requests attribute can lead to a double free: hctx->sched_tags is freed while et->tags (the allocated tags) has already been freed, risking a kernel panic during elevator exit. The documented...

CVE-2025-39973 i40e: add validation for ring_len param

In the Linux kernel, the following vulnerability has been resolved: i40e: add validation for ringlen param The ringlen parameter provided by the virtual function VF is assigned directly to the hardware memory context HMC without any validation. To address this, introduce an upper boundary check f...

CVE-2025-39973

CVE-2025-39973 is a Linux kernel vulnerability in the i40e driver where the VF-provided ring_len was assigned to hardware context without validation. The fix adds upper-bound checks for Tx/Rx queue lengths (hardware supports 8k–32 descriptors) and enforces alignment: Tx rings must be multiples of...

CVE-2025-39972

CVE-2025-39972 affects the Linux kernel i40e driver. The vulnerability stems from insufficient idx validation in i40e_validate_queue_map(), where idx may reference vf->ch[idx] outside the range of active/initialized TCs, risking out-of-bounds access. The issue has been fixed in the upstream ke...

CVE-2025-39972 i40e: fix idx validation in i40e_validate_queue_map

In the Linux kernel, the following vulnerability has been resolved: i40e: fix idx validation in i40evalidatequeuemap Ensure idx is within range of active/initialized TCs when iterating over vf-chidx in i40evalidatequeuemap...

CVE-2025-39972 i40e: fix idx validation in i40e_validate_queue_map

In the Linux kernel, the following vulnerability has been resolved: i40e: fix idx validation in i40evalidatequeuemap Ensure idx is within range of active/initialized TCs when iterating over vf-chidx in i40evalidatequeuemap...

EUVD-2023-59993

Ruijie RG-UAC Application Management Gateway contains a command injection vulnerability via the 'nmcsync.php' interface. An unauthenticated attacker able to reach the affected endpoint can inject shell commands via crafted request data, causing the application to execute arbitrary commands on the...

PT-2025-42248

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The ring len parameter, received from a virtual function VF, was directly assigned to the hardware memory context HMC without validation. This allowed for potential issues due to...

kernel: idpf: convert control queue mutex to a spinlock

In the Linux kernel, the following vulnerability has been resolved: idpf: convert control queue mutex to a spinlock With VIRTCHNL2CAPMACFILTER enabled, the following warning is generated on module load: 324.701677 BUG: sleeping function called from invalid context at kernel/locking/mutex.c:578...

Malicious Package

Overview private-callout-queue is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

EUVD-2025-34135

Malicious code in private-callout-queue npm...

MAL-2025-48411 Malicious code in private-callout-queue (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7962ea070e8c6d0dc03b62736d3b83c52ac2367d2f5949252c86fa295aac63b2 Any computer that has this package installed or running should be considered...

Malicious code in private-callout-queue (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7962ea070e8c6d0dc03b62736d3b83c52ac2367d2f5949252c86fa295aac63b2 Any computer that has this package installed or running should be considered...

SUSE-SU-2025:03578-1 Security update for the Linux Kernel (Live Patch 39 for SLE 15 SP4)

This update for the Linux Kernel 5.14.21-15040024161 fixes several issues. The following security issues were fixed: - CVE-2024-53168: sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket bsc1243650. - CVE-2025-38477: net/sched: schqfq: Fix race condition on qfqaggregate bsc1247315. -...

SUSE-SU-2025:03563-1 Security update for the Linux Kernel (Live Patch 9 for SLE 15 SP6)

This update for the Linux Kernel 6.4.0-1506002342 fixes several issues. The following security issues were fixed: - CVE-2025-38477: net/sched: schqfq: Fix race condition on qfqaggregate bsc1247315. - CVE-2025-21791: vrf: use RCU protection in l3mdevl3out bsc1240744. - CVE-2025-38089: sunrpc: hand...

SUSE-SU-2025:03559-1 Security update for the Linux Kernel (Live Patch 24 for SLE 15 SP5)

This update for the Linux Kernel 5.14.21-1505005597 fixes several issues. The following security issues were fixed: - CVE-2024-53168: sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket bsc1243650. - CVE-2025-38477: net/sched: schqfq: Fix race condition on qfqaggregate bsc1247315. -...

PT-2025-41731

Name of the Vulnerable Software and Affected Versions Tomofun Furbo 360 versions prior to FB0035 FW 036 Tomofun Furbo Mini versions prior to MC0020 FW 074 Description A security flaw exists in Tomofun Furbo 360 and Furbo Mini devices. The issue involves manipulation of the file /squashfs-root/fur...