Azure Linux 3.0 Security Update: kernel (CVE-2025-38115)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-38115 advisory. - In the Linux kernel, the following vulnerability has been resolved: netsched: schsfq: fix a potential crash ...

CVE-2026-22976 net/sched: sch_qfq: Fix NULL deref when deactivating inactive aggregate in qfq_reset

In the Linux kernel, the following vulnerability has been resolved: net/sched: schqfq: Fix NULL deref when deactivating inactive aggregate in qfqreset qfqclass-leafqdisc-q.qlen 0 does not imply that the class itself is active. Two qfqclass objects may point to the same leafqdisc. This happens whe...

CLSA-2026-1768824748 kernel: Fix of 7 CVEs

fs/proc: fix uaf in procreaddirde CVE-2025-40271 - fs: fix UAF/GPF bug in nilfsmdtdestroy CVE-2022-2978 - Bluetooth: L2CAP: fix "bad unlock balance" in l2capdisconnectrsp CVE-2023-53297 - net: sched: sfb: fix null pointer access issue when sfbinit fails CVE-2022-50356 - ALSA: usb-audio: Fix size...

CVE-2025-71073

In the Linux kernel, the following vulnerability has been resolved: Input: lkkbd - disable pending work before freeing device lkkbdinterrupt schedules lk-tq via schedulework, and the work handler lkkbdreinit dereferences the lkkbd structure and its serio/inputdev fields. lkkbddisconnect and error...

CVE-2026-22535

CVE-2026-22535 concerns an attacker with network access and valid credentials who can write to the server topics that control MQTT communications due to unencrypted MQTT protocol. The issue is described across multiple feeds (Red Hat, NVD, CIRCL, CVE lists, EUVD/ENISA, CNNVD, etc.) as a vulnerabi...

PT-2026-4661

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel’s networking scheduler, specifically within the sch qfq Stochastic Fairness Queueing component. The qfq change class function contains an error that can...

PT-2026-27705

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw in the networking subsystem related to traffic queue management. Specifically, a race condition can occur between qdisc reset all tx gt and the dequeue...

CVE-2022-50833

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: use hdev-workqueue when queuing hdev-cmd,ncmdtimer works syzbot is reporting attempt to schedule hdev-cmdwork work from systemwq WQ into hdev-workqueue WQ which is under draining operation 1, for commit c8efcc2589464ac...

CVE-2022-50833 Bluetooth: use hdev->workqueue when queuing hdev->{cmd,ncmd}_timer works

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: use hdev-workqueue when queuing hdev-cmd,ncmdtimer works syzbot is reporting attempt to schedule hdev-cmdwork work from systemwq WQ into hdev-workqueue WQ which is under draining operation 1, for commit c8efcc2589464ac...

sch_hfsc: make hfsc_qlen_notify() idempotent

...

December 18, 2025—KB5074979 (Monthly Rollup) Out-of-band

December 18, 2025—KB5074979 Monthly Rollup Out-of-band Windows Secure Boot certificate expirationImportant: Secure Boot certificates used by most Windows devices are set to expire starting in June 2026. Microsoft has been updating these certificates on consumer and non-managed business devices fo...

December 18, 2025—KB5074977 (Monthly Rollup) Out-of-band

December 18, 2025—KB5074977 Monthly Rollup Out-of-band Windows Secure Boot certificate expirationImportant: Secure Boot certificates used by most Windows devices are set to expire starting in June 2026. Microsoft has been updating these certificates on consumer and non-managed business devices fo...

Man-In-The-Middle (MITM) Attack

MQTT is vulnerable to a Man-in-the-Middle MITM attack. The vulnerability is due to missing hostname verification by default, which allows an attacker to intercept and manipulate communication between clients and servers...

CVE-2025-62455

Improper input validation in Windows Message Queuing allows an authorized attacker to elevate privileges locally...

CVE-2025-62455

Improper input validation in Windows Message Queuing allows an authorized attacker to elevate privileges locally...

CVE-2025-62455

Improper input validation in Windows Message Queuing allows an authorized attacker to elevate privileges locally...

CVE-2025-62455 Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability

...

CVE-2025-62455

CVE-2025-62455 relates to an Elevation of Privilege in Windows Message Queuing (MSMQ). The initial description cites improper input validation in MSMQ that could allow an authorized local attacker to elevate privileges. Connected documents corroborate MSMQ as the affected component and reference ...

EUVD-2025-202231

Improper input validation in Windows Message Queuing allows an authorized attacker to elevate privileges locally...

CVE-2025-62455 Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability

...