DEBIAN-CVE-2025-39704

In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Fix stack protector issue in sendipidata Function kvmiobusread is called in function sendipidata, buffer size of parameter val should be at least 8 bytes. Since some emulation functions like loongarchipireadl and...

UBUNTU-CVE-2025-39704

In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Fix stack protector issue in sendipidata Function kvmiobusread is called in function sendipidata, buffer size of parameter val should be at least 8 bytes. Since some emulation functions like loongarchipireadl and...

CVE-2025-39704

CVE-2025-39704 relates to a Linux kernel issue for LoongArch KVM where send_ipi_data() may trigger a stack-protector based panic if kvm_io_bus_read() writes an 8-byte value regardless of the declared length. The root cause is a buffer handling mismatch in certain emulation paths (e.g., loongarch_...

CVE-2025-39704 LoongArch: KVM: Fix stack protector issue in send_ipi_data()

In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Fix stack protector issue in sendipidata Function kvmiobusread is called in function sendipidata, buffer size of parameter val should be at least 8 bytes. Since some emulation functions like loongarchipireadl and...

CVE-2025-39704 LoongArch: KVM: Fix stack protector issue in send_ipi_data()

In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Fix stack protector issue in sendipidata Function kvmiobusread is called in function sendipidata, buffer size of parameter val should be at least 8 bytes. Since some emulation functions like loongarchipireadl and...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a stack protection issue in the LoongArch/KVM module in sendipidata...

PT-2025-36298

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.17.0-rc1+ 102 Description: A stack buffer overflow issue exists in the send ipi data function within the Linux kernel, specifically related to the LoongArch architecture and KVM functionality. The kvm io bus...

CVE-2025-48539

In SendPacketToPeer of aclarbiter.cc, there is a possible out of bounds read due to a use after free. This could lead to remote proximal/adjacent code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-48539

In SendPacketToPeer of aclarbiter.cc, there is a possible out of bounds read due to a use after free. This could lead to remote proximal/adjacent code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-48539

CVE-2025-48539: In SendPacketToPeer of acl_arbiter.cc there is a possible out-of-bounds read due to a use-after-free, which could enable remote code execution with no additional privileges and no user interaction. Connected documents identify this as an Android System component issue with high se...

CVE-2025-48539

In SendPacketToPeer of aclarbiter.cc, there is a possible out of bounds read due to a use after free. This could lead to remote proximal/adjacent code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-21029

CVE-2025-21029 concerns Samsung Mobile/Samsung System UI prior to SMR Sep-2025 Release 1. The issue is described as improper handling of insufficient permissions in System UI, enabling local attackers to send arbitrary replies to messages from the cover display. Connected sources confirm affected...

PocketMine-MP `ResourcePackDataInfoPacket` amplification vulnerability due to lack of resource pack sequence status checking

Summary A denial-of-service / out-of-memory vulnerability exists in the STATUSSENDPACKS handling of ResourcePackClientResponsePacket. PocketMine-MP processes the packIds array without verifying that all entries are unique. A malicious non-standard Bedrock client can send multiple duplicate valid...

kernel: ipv6: mcast: extend RCU protection in igmp6_send()

In the Linux kernel, the following vulnerability has been resolved: ipv6: mcast: extend RCU protection in igmp6send igmp6send can be called without RTNL or RCU being held. Extend RCU protection so that we can safely fetch the net pointer and avoid a potential UAF. Note that we no longer can use...

Linux Distros Unpatched Vulnerability : CVE-2021-41456

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There is a stack buffer overflow in MP4Box v1.0.1 at src/filters/dmxnhml.c:1004 in the nhmldmxsendsample function szXmlTo parameter which leads to a denial of...

Linux Distros Unpatched Vulnerability : CVE-2017-16667

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - backintime aka Back in Time before 1.1.24 did improper escaping/quoting of file paths used as arguments to the 'notify-send' command, leading to some parts of...

Google Android Memory Misreference Vulnerability (CNVD-2025-19922)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from a memory misreference vulnerability that stems from a mix-up in the bneputils.cc instruction bnepuchecksendpacket responsible for freeing memory, which can be exploited by an attacker to elevate...

PT-2025-44139

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the tty subsystem, specifically in the n gsm component. The issue arises from the potential to block the input queue while waiting for a Modem...

CVE-2025-22409

In rfcsendbufuih of rfctsframes.cc, there is a possible way to execute arbitrary code due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-22408

In rfcchecksendcmd of rfcutils.cc, there is a possible way to execute arbitrary code due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...