EUVD-2023-60357

In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: hold queuelock when removing blkg-qnode When blkg is removed from q-blkglist from blkgfreeworkfn, queuelock has to be held, otherwise, all kinds of bugslist corruption, hard lockup, .. can be triggered from...

@actbase/react-native-kakao-channel contains malware after npm account takeover

On November 24th 2025, a new supply chain attack called Shai-Hulud 2.0 was launched. This package contains the malicious code that attempts to harvest credentials and infect GitHub and npm repositories. The malicious software executes during the pre-install phase and attempts to harvest credentia...

02-echo contains malware after npm account takeover

On November 24th 2025, a new supply chain attack called Shai-Hulud 2.0 was launched. This package contains the malicious code that attempts to harvest credentials and infect GitHub and npm repositories. The malicious software executes during the pre-install phase and attempts to harvest credentia...

@actbase/react-native-less-transformer contains malware after npm account takeover

On November 24th 2025, a new supply chain attack called Shai-Hulud 2.0 was launched. This package contains the malicious code that attempts to harvest credentials and infect GitHub and npm repositories. The malicious software executes during the pre-install phase and attempts to harvest credentia...

@actbase/native contains malware after npm account takeover

On November 24th 2025, a new supply chain attack called Shai-Hulud 2.0 was launched. This package contains the malicious code that attempts to harvest credentials and infect GitHub and npm repositories. The malicious software executes during the pre-install phase and attempts to harvest credentia...

kernel: sch_hfsc: make hfsc_qlen_notify() idempotent

In the Linux kernel, the following vulnerability has been resolved: schhfsc: make hfscqlennotify idempotent hfscqlennotify is not idempotent either and not friendly to its callers, like fqcodeldequeue. Let's make it idempotent to ease qdisctreereducebacklog callers' life: 1. updatevf decreases...

PT-2025-37972

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contained an issue in the networking component net: rose related to reference counting of rose neigh structures. The implementation maintained separate reference counts ...

PT-2022-9122 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions prior to the fixed version Description: The issue is related to a use after free bug in the dllist remove node function due to a race condition. This could lead to local escalation of privilege with no additional execution...

Google Pixel 资源管理错误漏洞

Google Pixel is a smartphone from the U.S. company Google Google. Google Pixel has a security vulnerability that stems from a use-after-release flaw in the dllistremovenode in TBD caused by a competing condition, which can be exploited by local attackers to escalate privileges...