vLLM is vulnerable to DoS in Idefics3 vision models via image payload with ambiguous dimensions

Summary Users can crash the vLLM engine serving multimodal models that use the Idefics3 vision model implementation by sending a specially crafted 1x1 pixel image. This causes a tensor dimension mismatch that results in an unhandled runtime error, leading to complete server termination. Details T...

UBUNTU-CVE-2025-68807

In the Linux kernel, the following vulnerability has been resolved: block: fix race between wbtenabledefault and IO submission When wbtenabledefault is moved out of queue freezing in elevatorchange, it can cause the wbt inflight counter to become negative -1, leading to hung tasks in the writebac...

EUVD-2026-1874

RustCrypto Has Insufficient Length Validation in decrypt in SM2-PKE...

CVE-2026-22700 RustCrypto Has Insufficient Length Validation in decrypt() in SM2-PKE

RustCrypto: Elliptic Curves is general purpose Elliptic Curve Cryptography ECC support, including types and traits for representing various elliptic curve forms, scalars, points, and public/secret keys composed thereof. In versions 0.14.0-pre.0 and 0.14.0-rc.0, a denial-of-service vulnerability...

CVE-2021-33654

When performing the initialization operation of the Split operator, if a dimension in the input shape is 0, it will cause a division by 0 exception...

CVE-2024-34478

btcd before 0.24.0 does not correctly implement the consensus rules outlined in BIP 68 and BIP 112, making it susceptible to consensus failures. Specifically, it uses the transaction version as a signed integer when it is supposed to be treated as unsigned. There can be a chain split and loss of...

CVE-2023-54278

In the Linux kernel, the following vulnerability has been resolved: s390/vmem: split pages when debug pagealloc is enabled Since commit bb1520d581a3 "s390/mm: start kernel with DAT enabled" the kernel crashes early during boot when debug pagealloc is enabled: mem auto-init: stack:off, heap...

CVE-2023-54278 s390/vmem: split pages when debug pagealloc is enabled

In the Linux kernel, the following vulnerability has been resolved: s390/vmem: split pages when debug pagealloc is enabled Since commit bb1520d581a3 "s390/mm: start kernel with DAT enabled" the kernel crashes early during boot when debug pagealloc is enabled: mem auto-init: stack:off, heap...

CVE-2023-54278

In the Linux kernel, the following vulnerability has been resolved: s390/vmem: split pages when debug pagealloc is enabled Since commit bb1520d581a3 "s390/mm: start kernel with DAT enabled" the kernel crashes early during boot when debug pagealloc is enabled: mem auto-init: stack:off, heap...

SUSE CVE-2023-54123

In the Linux kernel, the following vulnerability has been resolved: md/raid10: fix memleak for 'conf-biosplit' In the error path of raid10run, 'conf' need be freed, however, 'conf-biosplit' is missed and memory will be leaked. Since there are 3 places to free 'conf', factor out a helper to fix th...

CVE-2023-54123

In the Linux kernel, the following vulnerability has been resolved: md/raid10: fix memleak for 'conf-biosplit' In the error path of raid10run, 'conf' need be freed, however, 'conf-biosplit' is missed and memory will be leaked. Since there are 3 places to free 'conf', factor out a helper to fix th...

CVE-2023-54121

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix incorrect splitting in btrfsdropextentmaprange In production we were seeing a variety of WARNON's in the extentmap code, specifically in btrfsdropextentmaprange when we have to call addextentmapping for our second spli...

CVE-2023-54123

In the Linux kernel, the following vulnerability has been resolved: md/raid10: fix memleak for 'conf-biosplit' In the error path of raid10run, 'conf' need be freed, however, 'conf-biosplit' is missed and memory will be leaked. Since there are 3 places to free 'conf', factor out a helper to fix th...

CVE-2023-54121

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix incorrect splitting in btrfsdropextentmaprange In production we were seeing a variety of WARNON's in the extentmap code, specifically in btrfsdropextentmaprange when we have to call addextentmapping for our second spli...

UBUNTU-CVE-2023-54123

In the Linux kernel, the following vulnerability has been resolved: md/raid10: fix memleak for 'conf-biosplit' In the error path of raid10run, 'conf' need be freed, however, 'conf-biosplit' is missed and memory will be leaked. Since there are 3 places to free 'conf', factor out a helper to fix th...

UBUNTU-CVE-2023-54121

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix incorrect splitting in btrfsdropextentmaprange In production we were seeing a variety of WARNON's in the extentmap code, specifically in btrfsdropextentmaprange when we have to call addextentmapping for our second spli...

CVE-2023-54123 md/raid10: fix memleak for 'conf->bio_split'

In the Linux kernel, the following vulnerability has been resolved: md/raid10: fix memleak for 'conf-biosplit' In the error path of raid10run, 'conf' need be freed, however, 'conf-biosplit' is missed and memory will be leaked. Since there are 3 places to free 'conf', factor out a helper to fix th...

CVE-2023-54123

The CVE-2023-54123 issue is in the Linux kernel md/raid10 path where, in the error path of raid10_run(), conf is freed but conf->bio_split is not, causing a memory leak. The root cause was that memory allocated for conf->bio_split was not freed in all error-handling paths; three exit points...

CVE-2023-54123 md/raid10: fix memleak for 'conf->bio_split'

In the Linux kernel, the following vulnerability has been resolved: md/raid10: fix memleak for 'conf-biosplit' In the error path of raid10run, 'conf' need be freed, however, 'conf-biosplit' is missed and memory will be leaked. Since there are 3 places to free 'conf', factor out a helper to fix th...

CVE-2023-54121

CVE-2023-54121 concerns the Linux kernel and specifically the btrfs extent map handling. The issue arises in btrfs_drop_extent_map_range when skip_pinned is true; the code incorrectly updates length and start while skipping a pinned extent, causing the computed end (len) to be too large and later...