Unity Linux 20.1070a Security Update: kernel (UTSA-2025-384653)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-384653 advisory. In the Linux kernel, the following vulnerability has been resolved: usb: musb: sunxi: Fix accessing an released usb phy Commit 6ed05c68cbca usb: musb: sunxi:...

PT-2025-34433

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A flaw exists due to an unstable dma buf field within the drm gem object structure in the Linux kernel. The field can become NULL when user space releases the final GEM handle on the...

DEBIAN-CVE-2025-22072

In the Linux kernel, the following vulnerability has been resolved: spufs: fix gang directory lifetimes prior to "POWERPC spufs: Fix gang destroy leaks" we used to have a problem with gang lifetimes - creation of a gang returns opened gang directory, which normally gets removed when that gets...

CVE-2024-49980 vrf: revert "vrf: Remove unnecessary RCU-bh critical section"

In the Linux kernel, the following vulnerability has been resolved: vrf: revert "vrf: Remove unnecessary RCU-bh critical section" This reverts commit 504fc6f4f7f681d2a03aa5f68aad549d90eab853. devqueuexmitnit is expected to be called with BH disabled. devqueuexmit has the following: / Disable soft...

CVE-2023-52658

In the Linux kernel, the following vulnerability has been resolved: Revert "net/mlx5: Block entering switchdev mode with ns inconsistency" This reverts commit 662404b24a4c4d839839ed25e3097571f5938b9b. The revert is required due to the suspicion it is not good for anything and cause crash...

CVE-2023-52564

In the Linux kernel, the following vulnerability has been resolved: Revert "tty: ngsm: fix UAF in gsmcleanupmux" This reverts commit 9b9c8195f3f0d74a826077fc1c01b9ee74907239. The commit above is reverted as it did not solve the original issue. gsmcleanupmux tries to free up the virtual ttys by...

CVE-2024-26604

In the Linux kernel, the following vulnerability has been resolved: Revert "kobject: Remove redundant checks for whether ktype is NULL" This reverts commit 1b28cb81dab7c1eedc6034206f4e8d644046ad31. It is reported to cause problems, so revert it for now until the root cause can be found...

Some tokens may revert when zero value transfers are made

Lines of code 356, 371, 145, 272, 252, 116, 445, 374, 506, 488https://github.com/Tapioca-DAO/tap-token-audit/blob/59749be5bc2286f0bdbf59d7ddc258ddafd49a9f/contracts/options/TapiocaOptionBroker...

Core function of Ocean contract like doInteraction | doMultipleInteractions | forwardedDoInteraction may revert under certain conditions

Lines of code Vulnerability details Impact Core functions like doInteraction, forwardedDoInteraction, doMultipleInteractions, forwardedDoMultipleInteractions etc, will always revert under certain conditions due to overflow in calculations. Proof of Concept Core external functions like doInteracti...

token.transferFrom signaling failure by returning false may allow for funds to be stolen

Lines of code Vulnerability details Impact ERC20MultiDelegate is expected to work with any ERC20-compliant tokens as long as they provide the same functionality and interface as ERC20Votes from OpenZeppelin. This makes it possible for ERC20MultiDelegate to work with a token that signals...

Insufficient input validation can lead to loss of funds

Lines of code Vulnerability details Impact The VaultBooster.sol contract allows someone to liquidate tokens for a vault and improve the vault's chance of winning. The prizePool.prizeToken is set in the constructor and liquidationPair set in the setBoost function. However, the external deposit...

The FollowNFT.initialize() function will never be executed

Lines of code Vulnerability details Impact This function Initializes the follow NFT. To check if a function has already been initialized use: if initialized revert Errors.Initialized; This condition will always end with revert Errors.Initialized, because in the constructor, when expanding the...

Permit does not revert for tokens that do not implement it.

Lines of code Vulnerability details Impact Callers should not rely on permit to revert for arbitrary tokens especially if permit is used as a security check. Tokens which do not revert on permit either do not implement it or have a non-reverting fallback function. Most notable among them is WETH...

refPerTok() for one asset might revert and break the protocol

Lines of code Vulnerability details Impact It turns out that function refPerTok might revert for some assets. For example for CTokenFiatCollateral an external call might revert. As a result refPerTok also reverts. Function refPerTok is called in a loop for all assets inside...

GSD-2023-1000254 net/mlx5e: Fix use-after-free when reverting termination table

net/mlx5e: Fix use-after-free when reverting termination table This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.158 by commit...

GSD-2023-1000182 net/mlx5e: Fix use-after-free when reverting termination table

net/mlx5e: Fix use-after-free when reverting termination table This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.82 by commit...

GSD-2023-1000094 net/mlx5e: Fix use-after-free when reverting termination table

net/mlx5e: Fix use-after-free when reverting termination table This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.12 by commit...

Users can get free collateral when using non-reverting on failure baseTokens

Lines of code Vulnerability details Impact A user calling Collateral's deposit function when baseToken is a non-reverting on failure ERC20 token, can get an arbitrary amount of collateral without actually depositing a single base token in the contract. function depositaddress recipient, uint256...

Attacker can make any function that relies on _satisfiesScoreRequirement reverts

Lines of code Vulnerability details Impact The NFTScoreRequirement contract have a function that checks the user score which diff it with the requiredScore variable, if it's higher then the function will continues, however the function that sets the requiredScore variable is made public with no...

Calculating project cost is vulnerable to reaching block gas-limit

Lines of code Vulnerability details Impact The function Project.projectCost calculates the project costs by calculating the sum of all project task costs. However, due to the unbound for loop, iterating over a potentially large amount of project tasks, this function can potentially DoS due to...