CLSA-2026-1775657929 kernel: Fix of 9 CVEs

ovl: Filter invalid inodes with missing lookup function CVE-2024-56570 - ALSA: aloop: Fix racy access at PCM trigger CVE-2026-23191 - media: imon: reorganize serialization CVE-2025-39993 - usb: xhci: Fix inverted ringxrunevent check in handletxevent CVE-2025-37882 - Revert "VFS: Impose ordering...

CLSA-2026-1775657177 kernel: Fix of 9 CVEs

ovl: Filter invalid inodes with missing lookup function CVE-2024-56570 - ALSA: aloop: Fix racy access at PCM trigger CVE-2026-23191 - media: imon: reorganize serialization CVE-2025-39993 - usb: xhci: Fix inverted ringxrunevent check in handletxevent CVE-2025-37882 - Revert "VFS: Impose ordering...

CLSA-2026-1775655363 kernel: Fix of 9 CVEs

ovl: Filter invalid inodes with missing lookup function CVE-2024-56570 - ALSA: aloop: Fix racy access at PCM trigger CVE-2026-23191 - media: imon: reorganize serialization CVE-2025-39993 - usb: xhci: Fix inverted ringxrunevent check in handletxevent CVE-2025-37882 - Revert "VFS: Impose ordering...

Unbreakable Enterprise kernel security update

5.4.17-2136.353.3 - xfrm: flush all states in xfrmstatefini Sabrina Dubroca Orabug: 38934000 - xfrm: also call xfrmstatedeletetunnel at destroy time for states that were never added Sabrina Dubroca Orabug: 38934000 - Revert 'xfrm: destroy xfrmstate synchronously on net exit path' Sabrina Dubroca...

Unlearning at Scale: Implementing the Right to Be Forgotten in Large Language Models

We study the right to be forgotten GDPR Art. 17 for large language models and frame unlearning as a reproducible systems problem. Our approach treats training as a deterministic program and logs a minimal per-microbatch record ordered ID hash, RNG seed, learning-rate value, optimizer-step counter...

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection through the improper handling of gas limits in precompile executions. An attacker can manipulate the state of the blockchain by causing certain functions to execute with insufficient gas, leading to incomplete...

accrueTokens will revert if any rebase tokens are used

Lines of code Vulnerability details Impact In PrimeLiquidityProvider.sol:accrueTokens we get the current balance of the passed token. If the token is any rebase token AMPL, stETH, RMPL and the current balance has become lower than tokenAmountAccruedtoken, the function will revert. This will lead ...

Missing balance checks in _reserveTokenSpecified()

Lines of code Vulnerability details Impact There is a missing balance check in reserveTokenSpecified, which allows reserve tokens to be withdrawn or deposited into illegal balances, which may cause subsequent transactions to revert. It also allows the pool to be killed by withdrawing all balances...

M-02 Unmitigated

Lines of code Vulnerability details Comments In the previous implementation a malicious user could set arbitrary vault hooks for afterClaimPrize and beforeClaimPrize that could be used to gas grief the claimer or cause other claims in the same call to fail by deliberately reverting Mitigation The...

All the lp tokens will be stuck in the AMO2 contract if CVXStaker.withdrawAllAndUnwrap is called with sendToOperator flag

Lines of code Vulnerability details Impact Loss all the stEth and xEth lp tokens. Proof of Concept The CVXStaker.withdrawAllAndUnwrap can be called by the admin. And if the sendToOperator param is true, all the lp tokens of the CVXStaker contract include lp tokens staked in the CVX and left in th...

Upgraded Q -> 2 from #882 [1683052827510]

Judge has assessed an item in Issue 882 as 2 risk. The relevant finding follows: changeFeeQuote reverts for tokens with decimals less than 4 --- The text was updated successfully, but these errors were encountered: All reactions...

All Transfer Hooks have incomplete checks which might lead to transactions reverting

Lines of code Vulnerability details Impact Due to not checking that the ids array and amounts array are same , if given the two arraya of non-equal length it might lead to incorrect token transfers and unwanted transaction reverts. Proof of Concept According to the EIP specification the ids array...

sellQuote might lead to unexpected reverts when returning zero

Lines of code Vulnerability details Impact the implementation of sellQuote follows the logic of getAmountOut from Uniswap V2 Library. However it doesn't add +1 as the original implementation, this could make the function return zero and lead to reverts. Proof of Concept Tools Used Manual review...

ERC20 approvals may need to be set to 0 beforehand

Lines of code Vulnerability details Impact There are some instances where there is an ERC20 approval for a max uint256 amount. ERC20 tokens such as USDT require the address allowance to be set to 0 beforehand, so this would cause reverts for those tokens. Proof of Concept -Token such as USDT gets...

Function fulfillRandomWords in VRFNFTRandomDraw contract must not revert

Lines of code Vulnerability details The VRFNFTRandomDraw contract implements the Chainlink VFR feature to pull random data to select the raffle winner. As per their security guidelines the implementation of the fulfillRandomWords function must not revert. Impact If the fulfillRandomWords function...

CVE-2022-39242 Incorrect Calculation in Frontier leads to inflated Ethereum chain gas prices

Frontier is an Ethereum compatibility layer for Substrate. Prior to commit d3beddc6911a559a3ecc9b3f08e153dbe37a8658, the worst case weight was always accounted as the block weight for all cases. In case of large EVM gas refunds, this can lead to block spamming attacks -- the adversary can constru...

Not calling approve(0) before setting a new approval might cause reverts when used with Tether (USDT)

Lines of code Vulnerability details Impact Some tokens do not implement the ERC20 standard properly but are still accepted by most code that accepts ERC20 tokens. For example Tether USDT's approve function will revert if the current approval is not zero, to protect against front-running changes o...

RewardHandler.burnFees() will work only once and revert after that if burnedAmount is different.

Lines of code Vulnerability details Impact RewardHandler.burnFees will work only once and revert after that if burnedAmount is different. Proof of Concept OpenZeppelin’s safeApprove will revert if the account already is approved and the new safeApprove is done with a non-zero value. Tools Used...

totalSupply will revert

Lines of code Vulnerability details Impact The line for uint256 i = epochindex - 1; i + 1 != 0; i-- relies on uint256 underflow and overflow, which would revert in solidity ^0.8.0 Proof of Concept function totalSupply external view returns uint256 supply uint256 currentEpoch =...

Deprecated safeApprove() function

Originally submitted by warden Dravee in 146, duplicate of 178 related to the use of safeApprove. This is upgraded from a QA report to standalone issue because it correctly described the revert when trying to call safeApprove on non-zero allowance. QA report that only describe safeApprove as...