37 matches found
CVE-2025-71300 Revert "arm64: zynqmp: Add an OP-TEE node to the device tree"
In the Linux kernel, the following vulnerability has been resolved: Revert "arm64: zynqmp: Add an OP-TEE node to the device tree" This reverts commit 06d22ed6b6635b17551f386b50bb5aaff9b75fbe. OP-TEE logic in U-Boot automatically injects a reserved-memory node along with optee firmware node to...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: usb: musb: sunxi: Fixing the issue of accessing a released USB PHY. The commit 6ed05c68cbca “usb: musb: sunxi: Explicitly releasing the USB PHY upon exit” causes the USB PHY @glue-xceiv to be accessed after it has been released...
Astra Linux - уязвимость в linux-5.15
In the Linux kernel, the following vulnerability has been resolved: dmaengine: qcom: bamdma: fix runtime PM underflow The commit dbad41e7bb5f “dmaengine: qcom: bamdma: check if the runtime pm enabled” caused unbalanced pmruntimeget/put calls when the bam was controlled remotely. This commit rever...
Astra Linux - уязвимость в linux-5.10, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: In usbnet, there is a flaw where unregisternetdev is called before unbind. The commit with the commit ID 2c9d6c2b871d “usbnet: run unbind before unregisternetdev” was intended to fix a use-after-free issue when disconnecting USB...
Cross-site Scripting (XSS)
Overview mantisbt/mantisbt is a mantis bug tracker. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Tag Delete Confirmation. An attacker can execute arbitrary JavaScript in the application's context by injecting malicious HTML into the tag name, which is then...
CVE-2025-68818
In the Linux kernel, the following vulnerability has been resolved: scsi: Revert "scsi: qla2xxx: Perform lockless command completion in abort path" This reverts commit 0367076b0817d5c75dfb83001ce7ce5c64d803a9. The commit being reverted added code to qla2x00abortallcmds to call sp-done without...
EUVD-2023-60422
In the Linux kernel, the following vulnerability has been resolved: Revert "IB/isert: Fix incorrect release of isert connection" Commit: 699826f4e30a "IB/isert: Fix incorrect release of isert connection" is causing problems on OPA when DEVICEREMOVAL is happening. ------------ cut here -----------...
CVE-2023-54217
In the Linux kernel, the following vulnerability has been resolved: Revert "drm/msm: Add missing check and destroy for allocorderedworkqueue" This reverts commit 643b7d0869cc7f1f7a5ac7ca6bd25d88f54e31d0. A recent patch that tried to fix up the msmdrminit paths with respect to the workqueue but on...
CVE-2023-54217 Revert "drm/msm: Add missing check and destroy for alloc_ordered_workqueue"
In the Linux kernel, the following vulnerability has been resolved: Revert "drm/msm: Add missing check and destroy for allocorderedworkqueue" This reverts commit 643b7d0869cc7f1f7a5ac7ca6bd25d88f54e31d0. A recent patch that tried to fix up the msmdrminit paths with respect to the workqueue but on...
CVE-2025-40108
CVE-2025-40108 concerns the Linux kernel’s serial driver for Qualcomm GenI (qcom-geni). The issue manifested as a hang of a worker task (kworker) on Qualcomm RB1/QRB2210 during normal boot when PM runtime support was enabled by commits enabling PM runtime for the serial driver. The regression was...
EUVD-2023-59999
In the Linux kernel, the following vulnerability has been resolved: soc: qcom: qmiencdec: Restrict string length in decode The QMI TLV value for strings in a lot of qmi element info structures account for null terminated strings with MAXLEN + 1. If a string is actually MAXLEN + 1 length, this wil...
EUVD-2024-53769
Malicious code in bioql PyPI...
EUVD-2025-22712
Malicious code in bioql PyPI...
CVE-2025-38672
CVE-2025-38672 concerns a Linux kernel issue where the dma_buf field in struct drm_gem_object is not stable over a GEM object’s lifetime, leading to NULL-pointer dereference when the final GEM handle is released. The fix reverts the earlier change by reverting drm/gem-dma: Use dma_buf from GEM ob...
DEBIAN-CVE-2022-49944
In the Linux kernel, the following vulnerability has been resolved: Revert "usb: typec: ucsi: add a common function ucsiunregisterconnectors" The recent commit 87d0e2f41b8c "usb: typec: ucsi: add a common function ucsiunregisterconnectors" introduced a regression that caused NULL dereference at...
UBUNTU-CVE-2022-50217
In the Linux kernel, the following vulnerability has been resolved: fuse: write inode in fuserelease A race between write2 and close2 allows pages to be dirtied after fuseflush - writeinodenow. If these pages are not flushed from fuserelease, then there might not be a writable open file later. So...
CVE-2025-21958 Revert "openvswitch: switch to per-action label counting in conntrack"
In the Linux kernel, the following vulnerability has been resolved: Revert "openvswitch: switch to per-action label counting in conntrack" Currently, ovsctsetlabels is only called for confirmed conntrack entries ct within ovsctcommit. However, if the conntrack entry does not have the labelsext...
SUSE CVE-2022-49648
In the Linux kernel, the following vulnerability has been resolved: tracing/histograms: Fix memory leak problem This reverts commit 46bbe5c671e06f070428b9be142cc4ee5cedebac. As commit 46bbe5c671e0 "tracing: fix double free" said, the "double free" problem reported by clang static analyzer is: In...
CVE-2024-57952 Revert "libfs: fix infinite directory reads for offset dir"
In the Linux kernel, the following vulnerability has been resolved: Revert "libfs: fix infinite directory reads for offset dir" The current directory offset allocator based on mtreealloccyclic stores the next offset value to return in octx-nextoffset. This mechanism typically returns values that...
DEBIAN-CVE-2024-57839
In the Linux kernel, the following vulnerability has been resolved: Revert "readahead: properly shorten readahead when falling back to dopagecachera" This reverts commit 7c877586da3178974a8a94577b6045a48377ff25. Anders and Philippe have reported that recent kernels occasionally hang when used wit...