CVE-2023-53373 crypto: seqiv - Handle EBUSY correctly

In the Linux kernel, the following vulnerability has been resolved: crypto: seqiv - Handle EBUSY correctly As it is seqiv only handles the special return value of EINPROGERSS, which means that in all other cases it will free data related to the request. However, as the caller of seqiv may specify...

CVE-2023-53373

CVE-2023-53373 in the Linux kernel affects the crypto/seqiv path. The vulnerability arises because seqiv only handles EINPROGRESS and does not account for EBUSY, risking a use-after-free for backlogged requests. The fix is to treat EBUSY the same as EINPROGRESS, preventing premature data free on ...

CVE-2022-50378

CVE-2022-50378 is a Linux kernel issue in the DRM Meson driver where unloading the driver could trigger a use-after-free (observed as a KASAN warning on __list_del_entry_valid). The description attributes the bug to the driver deinit sequence and notes that a reorder of the deinitialization steps...

CVE-2022-50378 drm/meson: reorder driver deinit sequence to fix use-after-free bug

In the Linux kernel, the following vulnerability has been resolved: drm/meson: reorder driver deinit sequence to fix use-after-free bug Unloading the driver triggers the following KASAN warning: +0.006275 ============================================================= +0.000029 BUG: KASAN:...

PT-2025-38328

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A null dereference issue was resolved in the Linux kernel related to the /proc/pid/smaps rollup functionality. The issue was introduced by commit 258f669e7e88, which converted the...

SUSE CVE-2023-53333

In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: dccp: copy entire header to stack buffer, not just basic one Eric Dumazet says: nfconntrackdccppacket has an unique: dh = skbheaderpointerskb, dataoff, sizeofdh, &dh; And nothing more is 'pulled' from the...

CVE-2023-53333

In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: dccp: copy entire header to stack buffer, not just basic one Eric Dumazet says: nfconntrackdccppacket has an unique: dh = skbheaderpointerskb, dataoff, sizeofdh, &dh; And nothing more is 'pulled' from the...

CVE-2023-53333

In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: dccp: copy entire header to stack buffer, not just basic one Eric Dumazet says: nfconntrackdccppacket has an unique: dh = skbheaderpointerskb, dataoff, sizeofdh, &dh; And nothing more is 'pulled' from the...

UBUNTU-CVE-2023-53333

In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: dccp: copy entire header to stack buffer, not just basic one Eric Dumazet says: nfconntrackdccppacket has an unique: dh = skbheaderpointerskb, dataoff, sizeofdh, &dh; And nothing more is 'pulled' from the...

CVE-2023-53333 netfilter: conntrack: dccp: copy entire header to stack buffer, not just basic one

In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: dccp: copy entire header to stack buffer, not just basic one Eric Dumazet says: nfconntrackdccppacket has an unique: dh = skbheaderpointerskb, dataoff, sizeofdh, &dh; And nothing more is 'pulled' from the...

CVE-2023-53333 netfilter: conntrack: dccp: copy entire header to stack buffer, not just basic one

In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: dccp: copy entire header to stack buffer, not just basic one Eric Dumazet says: nfconntrackdccppacket has an unique: dh = skbheaderpointerskb, dataoff, sizeofdh, &dh; And nothing more is 'pulled' from the...

Malicious code in @teselagen/sequence-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3a11d947c98673c88f928f02f1c998436f5b00cafcbb36643500a2d0858b8aba Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-47279 Malicious code in @teselagen/sequence-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3a11d947c98673c88f928f02f1c998436f5b00cafcbb36643500a2d0858b8aba Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

EulerOS 2.0 SP13 : kernel (EulerOS-SA-2025-2144)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : x86/fpu: KVM: Set the base guest FPU uABI size to sizeofstruct kvmxsave.CVE-2022-49557 A cross-privilege Spectre v2 vulnerability allows attackers...

EulerOS Virtualization 2.13.1 : nss (EulerOS-SA-2025-2176)

According to the versions of the nss packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : After accepting an untrusted certificate, handling an empty pkcs7 sequence as part of the certificate data could have lead to a crash...

DEBIAN-CVE-2023-53167

In the Linux kernel, the following vulnerability has been resolved: tracing: Fix null pointer dereference in tracingerrlogopen Fix an issue in function 'tracingerrlogopen'. The function doesn't call 'seqopen' if the file is opened only with write permissions, which results in 'file-privatedata'...

CVE-2023-53167

CVE-2023-53167: In the Linux kernel, tracing_err_log_open() can dereference file->private_data if opened with write permissions and then lseek is used, causing a kernel panic via mutex_lock -> seq_lseek. A fix was applied to tracing: Fix null pointer dereference in tracing_err_log_open() fo...

UBUNTU-CVE-2025-39801

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: Remove WARNON for device endpoint command timeouts This commit addresses a rarely observed endpoint command timeout which causes kernel panic due to warn when 'paniconwarn' is enabled and unnecessary call trace prints...

@teselagen/bio-parsers (>=0.1.24 <=0.4.32), @teselagen/ove (>=0.0.18 <=0.8.24) +3 more potentially affected by unknown CVE via @teselagen/range-utils (>=0.1.18 <=0.3.14-beta.3)

@teselagen/range-utils NPM version =0.1.18, =0.1.24, =0.0.18, =0.1.19, =18.2.35, =18.3.6, =18.3.24 Source cves: unknown CVE Source advisory: SNYK:JS-TESELAGENRANGEUTILS-12744521...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...