52 matches found
K000161578: Linux kernel vulnerability CVE-2025-38085
Security Advisory Description In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: fix hugepmdunshare vs GUP-fast race hugepmdunshare drops a reference on a page table that may have previously been shared across processes, potentially turning it into a normal page table...
RHCOS 4 : OpenShift Container Platform 4.5.20 packages and golang (RHSA-2020:5119)
The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:5119 advisory. - golang: data race in certain net/http servers including ReverseProxy can lead to DoS CVE-2020-15586 - golang: ReadUvarint and...
Security update for the Linux Kernel RT (Live Patch 2 for SUSE Linux Enterprise 15 SP7)
This update for the SUSE Linux Enterprise kernel 6.4.0-150700.7.8 fixes various security issues The following security issues were fixed: CVE-2025-38375: virtio-net: ensure the received length does not exceed allocated size bsc1258073. CVE-2025-39977: futex: Prevent use-after-free during requeue-...
Google Chrome < 144.0.7559.96 Vulnerability
The version of Google Chrome installed on the remote Windows host is prior to 144.0.7559.96. It is, therefore, affected by a vulnerability as referenced in the 202601stable-channel-update-for-desktop20 advisory. - Race in V8. CVE-2026-1220 Note that Nessus has not tested for this issue but has...
MiracleLinux 8 : go-toolset:rhel8 (AXSA:2020-942:01)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-942:01 advisory. golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash CVE-2020-14040 golang: data race in certain net/ht...
Fedora 43 : cef (2025-6e776254bf)
The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-6e776254bf advisory. Update to cef-143.0.10+g8aed01b + chromium-143.0.7499.146 rhbz2423482 High CVE-2025-14765: Use after free in WebGPU High CVE-2025-14766: Out of boun...
Linux Distros Unpatched Vulnerability : CVE-2025-40341
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - futex: Don't leak robustlist pointer on exec race sysgetrobustlist and compatgetrobustlist use ptracemayaccess to check if the calling task is allowed to access...
EUVD-2024-51796
Malicious code in bioql PyPI...
CVE-2025-21998
In the Linux kernel, the following vulnerability has been resolved: firmware: qcom: uefisecapp: fix efivars registration race Since the conversion to using the TZ allocator, the efivars service is registered before the memory pool has been allocated, something which can lead to a NULL-pointer...
CVE-2022-49443
In the Linux kernel, the following vulnerability has been resolved: list: fix a data-race around ep-rdllist eppoll first calls epeventsavailable with no lock held and checks if ep-rdllist is empty by listemptycareful, which reads rdllist-prev. Thus all accesses to it need some protection to avoid...
CVE-2024-50174 drm/panthor: Fix race when converting group handle to group object
In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Fix race when converting group handle to group object XArray provides it's own internal lock which protects the internal array when entries are being simultaneously added and removed. However there is still a race...
CVE-2022-49001
In the Linux kernel, the following vulnerability has been resolved: riscv: fix race when vmap stack overflow Currently, when detecting vmap stack overflow, riscv firstly switches to the so called shadow stack, then use this shadow stack to call the getoverflowstack to get the overflow stack...
CVE-2024-47741 btrfs: fix race setting file private on concurrent lseek using same fd
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix race setting file private on concurrent lseek using same fd When doing concurrent lseek2 system calls against the same file descriptor, using multiple threads belonging to the same process, we have a short time window...
CVE-2024-47668
In the Linux kernel, the following vulnerability has been resolved: lib/generic-radix-tree.c: Fix rare race in genradixptralloc If we need to increase the tree depth, allocate a new node, and then race with another thread that increased the tree depth before us, we'll still have a preallocated no...
CVE-2024-46850 drm/amd/display: Avoid race between dcn35_set_drr() and dc_state_destruct()
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Avoid race between dcn35setdrr and dcstatedestruct dcstatedestruct nulls the resource context of the DC state. The pipe context passed to dcn35setdrr is a member of this resource context. If dcstatedestruct is...
CVE-2024-42300
In the Linux kernel, the following vulnerability has been resolved: erofs: fix race in zerofsgetgbuf In zerofsgetgbuf, the current task may be migrated to another CPU between zerofsgbufid and spinlock&gbuf-lock. Therefore, zerofsputgbuf will trigger the following issue which was found by stress...
CVE-2024-42300
The CVE concerns the Linux kernel’s erofs subsystem, specifically a race in z_erofs_get_gbuf() that can migrate the current task between z_erofs_gbuf_id() and spin_lock(&gbuf->lock). This race can cause z_erofs_put_gbuf() to trigger a kernel BUG in fs/erofs/zutil.c, as observed during stress t...
CVE-2024-42300 erofs: fix race in z_erofs_get_gbuf()
In the Linux kernel, the following vulnerability has been resolved: erofs: fix race in zerofsgetgbuf In zerofsgetgbuf, the current task may be migrated to another CPU between zerofsgbufid and spinlock&gbuf-lock. Therefore, zerofsputgbuf will trigger the following issue which was found by stress...
CVE-2024-6996
Race in Frames in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...
CVE-2024-6778
Race in DevTools in Google Chrome prior to 126.0.6478.182 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. Chromium security severity: High...