The vulnerability of the recvSlaveUpgstatus() function in the MQTT service of the TOTOLink T6 microprogramming system allows a attacker to execute arbitrary code.

The vulnerability of the recvSlaveUpgstatus function in the MQTT service of the TOTOLink T6 mesh-system’s micro-programming system is related to the issue of operations going out of the buffer in memory when processing the parameter s. Exploiting this vulnerability allows a malicious actor to...

CVE-2025-7913

A vulnerability, which was classified as critical, was found in TOTOLINK T6 4.1.5cu.748B20211015. Affected is the function updateWifiInfo of the component MQTT Service. The manipulation of the argument serverIp leads to buffer overflow. It is possible to launch the attack remotely. The exploit ha...

AZL-72593 CVE-2025-38350 affecting package kernel for versions less than 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: net/sched: Always pass notifications when child class becomes empty Certain classful qdiscs may invoke their classes' dequeue handler on an enqueue operation. This may unexpectedly empty the child qdisc and thus make an in-flight...

net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc

...

net_sched: qfq: Fix double list add in class with netem as child qdisc

...

UBUNTU-CVE-2025-38193

In the Linux kernel, the following vulnerability has been resolved: netsched: schsfq: reject invalid perturb period Gerrard Tai reported that SFQ perturbperiod has no range check yet, and this can be used to trigger a race condition fixed in a separate patch. We want to make sure ctl-perturbperio...

K000152389: golang: net/http, x/net/http2 vulnerability CVE-2023-39325

Security Advisory Description A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allo...

CVE-2025-38115

In the Linux kernel, the following vulnerability has been resolved: netsched: schsfq: fix a potential crash on gsoskb handling SFQ has an assumption of always being able to queue at least one packet. However, after the blamed commit, sch-q.len can be inflated by packets in sch-gsoskb, and an...

PT-2025-30120

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw in the networking scheduler where certain classful qdiscs may unexpectedly empty a child qdisc, leading to a use-after-free condition. This can occur whe...

SUSE-SU-2025:02075-1 Security update for the Linux Kernel (Live Patch 59 for SLE 12 SP5)

This update for the Linux Kernel 4.12.14-122225 fixes several issues. The following security issues were fixed: - CVE-2024-56601: net: inet: do not leave a dangling sk pointer in inetcreate bsc1235231. - CVE-2024-50279: dm cache: fix out-of-bounds access to the dirty bitset when resizing...

CVE-2022-50070

In the Linux kernel, the following vulnerability has been resolved: mptcp: do not queue data on closed subflows Dipanjan reported a syzbot splat at close time: WARNING: CPU: 1 PID: 10818 at net/ipv4/afinet.c:153 inetsockdestruct+0x6d0/0x8e0 net/ipv4/afinet.c:153 Modules linked in: uioivshmemOE ui...

DEBIAN-CVE-2022-49958

In the Linux kernel, the following vulnerability has been resolved: net/sched: fix netdevice reference leaks in attachdefaultqdiscs In attachdefaultqdiscs, if a dev has multiple queues and queue 0 fails to attach qdisc because there is no memory in attachonedefaultqdisc. Then dev-qdisc will be...

UBUNTU-CVE-2022-50070

In the Linux kernel, the following vulnerability has been resolved: mptcp: do not queue data on closed subflows Dipanjan reported a syzbot splat at close time: WARNING: CPU: 1 PID: 10818 at net/ipv4/afinet.c:153 inetsockdestruct+0x6d0/0x8e0 net/ipv4/afinet.c:153 Modules linked in: uioivshmemOE ui...

CVE-2022-50070

CVE-2022-50070 affects the Linux kernel and relates to the mptcp datapath: a transmit could race with mptcp_close(), causing a closed subflow (ssk) to be re-transmitted. The root cause is a subflow-state check performed before acquiring the socket lock, enabling re-transmission on an already clos...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from MPTCP queuing data even after shutting down a subflow resulting in post-release reuse...

Security update for the Linux Kernel (Live Patch 54 for SLE 15 SP3)

This update for the Linux Kernel 5.3.18-15030059195 fixes several issues. The following security issues were fixed: CVE-2022-49080: mm/mempolicy: fix mpolnew leak in sharedpolicyreplace bsc1238324. CVE-2024-57996: netsched: schsfq: do not allow 1 packet limit bsc1239077. CVE-2022-49563: crypto: q...

Security update for the Linux Kernel (Live Patch 29 for SLE 15 SP4)

This update for the Linux Kernel 5.14.21-15040024128 fixes several issues. The following security issues were fixed: CVE-2022-49080: mm/mempolicy: fix mpolnew leak in sharedpolicyreplace bsc1238324. CVE-2024-57996: netsched: schsfq: do not allow 1 packet limit bsc1239077. Patch Instructions: To...

Sungrow iSolarCloud 安全漏洞

Sungrow iSolarCloud Sunshine Cloud is a software for monitoring and managing PV power plants from China's Sunny Power Sungrow. A security vulnerability exists in Sungrow iSolarCloud, which stems from an under-restricted MQTT service that could result in subscribing to arbitrary topics and...

UBUNTU-CVE-2025-38000

In the Linux kernel, the following vulnerability has been resolved: schhfsc: Fix qlen accounting bug when using peek in hfscenqueue When enqueuing the first packet to an HFSC class, hfscenqueue calls the child qdisc's peek operation before incrementing sch-q.qlen and sch-qstats.backlog. If the...

DEBIAN-CVE-2025-37992

In the Linux kernel, the following vulnerability has been resolved: netsched: Flush gsoskb list too during -change Previously, when reducing a qdisc's limit via the -change operation, only the main skb queue was trimmed, potentially leaving packets in the gsoskb list. This could result in NULL...