7896 matches found
CVE-2022-50134 RDMA/hfi1: fix potential memory leak in setup_base_ctxt()
In the Linux kernel, the following vulnerability has been resolved: RDMA/hfi1: fix potential memory leak in setupbasectxt setupbasectxt allocates a memory chunk for uctxt-groups with hfi1allocctxtrcvgroups. When inituserctxt fails, uctxt-groups is not released, which will lead to a memory leak. W...
CVE-2022-50134
In the Linux kernel, the following vulnerability has been resolved: RDMA/hfi1: fix potential memory leak in setupbasectxt setupbasectxt allocates a memory chunk for uctxt-groups with hfi1allocctxtrcvgroups. When inituserctxt fails, uctxt-groups is not released, which will lead to a memory leak. W...
CVE-2022-50040
CVE-2022-50040 affects the Linux kernel internal DSA path for sja1105 (net: dsa: sja1105). The vulnerability is a buffer overflow caused when an error occurs in dsa_devlink_region_create(), leading to a negative index (-1) access of priv->regions. The issue has been fixed in the cited commits,...
CVE-2025-38007
In the Linux kernel, the following vulnerability has been resolved: HID: uclogic: Add NULL check in uclogicinputconfigured devmkasprintf returns NULL when memory allocation fails. Currently, uclogicinputconfigured does not check for this case, which results in a NULL pointer dereference. Add NULL...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the axonmsi driver not releasing a node reference in setupmsimsgaddress, which could lead to a reference cou...
PT-2025-35968
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel’s SCSI subsystem, specifically within the lpfc Low-Level Fibre Channel driver. A null pointer dereference may occur during the cleanup of the lpfc vport...
PT-2025-26060 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A potential memory leak has been identified in the setup base ctxt function. This issue arises when init user ctxt fails, causing the allocated memory for uctxt-groups to not be...
CLSA-2025-1750176020 kernel: Fix of 6 CVEs
pfifotailenqueue: Drop new packet when sch-limit == 0 CVE-2025-21702 - xfs: add bounds checking to xlogrecoverprocessdata CVE-2024-41014 - netfilter: validate user input for expected length CVE-2024-35896 - nfs: fix UAF in direct writes CVE-2024-26958 - Squashfs: check the inode number is not the...
CLSA-2025-1750168919 kernel: Fix of 6 CVEs
pfifotailenqueue: Drop new packet when sch-limit == 0 CVE-2025-21702 - xfs: add bounds checking to xlogrecoverprocessdata CVE-2024-41014 - netfilter: validate user input for expected length CVE-2024-35896 - nfs: fix UAF in direct writes CVE-2024-26958 - Squashfs: check the inode number is not the...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fixed the use-of-free issue in session logout. The sess-user object may currently be used by another thread. For example, if another connection sends a session setup request to make the session available for use. The handl...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Fixed the issue of NULL pointer dereferencing during certain command aborts. If a command is queued into the final usable TRB of a ring segment, the enqueue pointer is advanced to the next link TRB and then stops there...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fixed a null pointer dereference in allocpreauthhash. The client sends malformed SMB2 negotiate requests. ksmbd returns an error response. As a result, the client can still send SMB2 session setup requests even when...
CVE-2025-49598
conda-forge-ci-setup is a package installed by conda-forge each time a build is run on CI. The conda-forge-ci-setup-feedstock setup script is vulnerable due to the unsafe use of the eval function when parsing version information from a custom-formatted meta.yaml file. An attacker controlling...
CVE-2025-49598
conda-forge-ci-setup is a package installed by conda-forge each time a build is run on CI. The conda-forge-ci-setup-feedstock setup script is vulnerable due to the unsafe use of the eval function when parsing version information from a custom-formatted meta.yaml file. An attacker controlling...
CVE-2025-49598 conda-forge-ci-setup Allows Arbitrary Code Execution via Insecure Version Parsing
conda-forge-ci-setup is a package installed by conda-forge each time a build is run on CI. The conda-forge-ci-setup-feedstock setup script is vulnerable due to the unsafe use of the eval function when parsing version information from a custom-formatted meta.yaml file. An attacker controlling...
CVE-2025-49598 conda-forge-ci-setup Allows Arbitrary Code Execution via Insecure Version Parsing
conda-forge-ci-setup is a package installed by conda-forge each time a build is run on CI. The conda-forge-ci-setup-feedstock setup script is vulnerable due to the unsafe use of the eval function when parsing version information from a custom-formatted meta.yaml file. An attacker controlling...
CVE-2025-49598
Summary: CVE-2025-49598 affects the conda-forge-ci-setup package (and its feedstock setup script) via an unsafe use of eval when parsing version information from a custom-formatted meta.yaml. An attacker who can modify the recipe (RECIPE_DIR) and supply a malicious meta.yaml can cause arbitrary c...
CVE-2025-49598 conda-forge-ci-setup Allows Arbitrary Code Execution via Insecure Version Parsing
conda-forge-ci-setup is a package installed by conda-forge each time a build is run on CI. The conda-forge-ci-setup-feedstock setup script is vulnerable due to the unsafe use of the eval function when parsing version information from a custom-formatted meta.yaml file. An attacker controlling...
conda forge ci-setup 安全漏洞
conda forge ci-setup is an open source library from the conda forge community. A security vulnerability exists in conda forge ci-setup, which stems from the unsafe use of the eval function and could lead to arbitrary code execution...
PT-2025-25444 · Unknown · Conda-Forge-Ci-Setup
Name of the Vulnerable Software and Affected Versions: conda-forge-ci-setup versions prior to 4.15.0 Description: The conda-forge-ci-setup-feedstock setup script is vulnerable due to the unsafe use of the eval function when parsing version information from a custom-formatted meta.yaml file. An...