CVE-2026-53243

In the Linux kernel, the following vulnerability has been resolved: rseq: Fix using an uninitialized stack variable in rseqexituserupdate There is an bug in which an uninitialized stack variable is used in rseqexituserupdate as reported by syzbot: BUG: KMSAN: kernel-infoleak in rseqsetidsgetcsadd...

CVE-2026-48066

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.1, src/log.c contains a process-wide static pointer that is written on every PAM invocation with the address of a stack-local variable. This violates the PAM re-entrancy requirement and creates a data...

CVE-2026-48066

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.1, src/log.c contains a process-wide static pointer that is written on every PAM invocation with the address of a stack-local variable. This violates the PAM re-entrancy requirement and creates a data...

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: clk: zynq – Prevent null pointer dereferencing caused by kmalloc failures The kmalloc function in zynqclksetup will return null if physical memory runs out. As a result, if we use snprintf to write data to a null address, a null...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007305)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007305 advisory. In the Linux kernel, the following vulnerability has been resolved: clk: zynq: Prevent null pointer dereference caused by kmalloc failure The kmalloc in zynqclksetup...

CVE-2026-23071

In the Linux kernel, the following vulnerability has been resolved: regmap: Fix race condition in hwspinlock irqsave routine Previously, the address of the shared member '&map-spinlockflags' was passed directly to 'hwspinlocktimeoutirqsave'. This creates a race condition where multiple contexts...

UBUNTU-CVE-2026-23071

In the Linux kernel, the following vulnerability has been resolved: regmap: Fix race condition in hwspinlock irqsave routine Previously, the address of the shared member '&map-spinlockflags' was passed directly to 'hwspinlocktimeoutirqsave'. This creates a race condition where multiple contexts...

Azure Linux 3.0 Security Update: hyperv-daemons (CVE-2024-27037)

The version of hyperv-daemons installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-27037 advisory. - In the Linux kernel, the following vulnerability has been resolved: clk: zynq: Prevent null pointer...

EUVD-2017-18601

Malware in sbrugna...

EUVD-2020-27269

Malware in sbrugna...

EUVD-2025-14103

Malicious code in bioql PyPI...

EUVD-2025-11218

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2024-47540

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GStreamer is a library for constructing graphs of media-handling components. An uninitialized stack variable vulnerability has been identified in the...

CVE-2024-47017

In ufshcscsicmd of ufs.c, there is a possible stack variable use after free due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2021-21798

An exploitable return of stack variable address vulnerability exists in the JavaScript implementation of Nitro Pro PDF. A specially crafted document can cause a stack variable to go out of scope, resulting in the application dereferencing a stale pointer. This can lead to code execution under the...

Alibaba Cloud Linux 3 : 0282: gstreamer1-plugins-good (ALINUX3-SA-2024:0282)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2024:0282 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2024-47537: GStreamer is a library for...

CVE-2025-37887 pds_core: handle unsupported PDS_CORE_CMD_FW_CONTROL result

In the Linux kernel, the following vulnerability has been resolved: pdscore: handle unsupported PDSCORECMDFWCONTROL result If the FW doesn't support the PDSCORECMDFWCONTROL command the driver might at the least print garbage and at the worst crash when the user runs the "devlink dev info" devlink...

DEBIAN-CVE-2024-47540

GStreamer is a library for constructing graphs of media-handling components. An uninitialized stack variable vulnerability has been identified in the gstmatroskademuxaddwvpkheader function within matroska-demux.c. When size allocator-memunmapfull or mem-allocator-memunmap. This vulnerability coul...

CVE-2024-47540 GHSL-2024-197: GStreamer uses uninitialized stack memory in Matroska/WebM demuxer

GStreamer is a library for constructing graphs of media-handling components. An uninitialized stack variable vulnerability has been identified in the gstmatroskademuxaddwvpkheader function within matroska-demux.c. When size allocator-memunmapfull or mem-allocator-memunmap. This vulnerability coul...

CVE-2024-47017

CVE-2024-47017 affects the ufshc_scsi_cmd function in ufs.c, with a stack variable use-after-free leading to local escalation of privilege. The vulnerability description across Red Hat, NVD, CVE lists, and OSV entries consistently state that no further user interaction is required, and exploitati...