954 matches found
PT-2025-26000 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A memory leak issue has been identified in the Linux kernel, specifically in the apparmor module. The issue occurs when the copy from user function fails, causing a memory leak due to...
Astra Linux - уязвимость в linux-6.12
In the Linux kernel, the following vulnerability has been resolved: s390/ism: add release function for struct device According to devicerelease in /drivers/base/core.c, a device without a release function is a broken device and must be fixed. The current code directly frees the device after calli...
Astra Linux - уязвимость в linux-6.12
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in ksmbdfreeworkstruct -interimentry of ksmbdwork could be deleted after oplock is freed. We don't need to manage it with linked list. The interim request could be immediately sent whenever a oplock brea...
CVE-2023-28448
Versionize is a framework for version tolerant serializion/deserialization of Rust data structures, designed for usecases that need fast deserialization times and minimal size overhead. An issue was discovered in the ‘Versionize::deserialize’ implementation provided by the ‘versionize’ crate for...
Malicious code in struct-logger (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 003b22b8443887007116728f7f9a376db94e966dfeafcd33be4bc445e10bffc2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
SUSE CVE-2025-37900
In the Linux kernel, the following vulnerability has been resolved: iommu: Fix two issues in iommucopystructfromuser In the review for iommucopystructtouser helper, Matt pointed out that a NULL pointer should be rejected prior to dereferencing it:...
DEBIAN-CVE-2025-37972
In the Linux kernel, the following vulnerability has been resolved: Input: mtk-pmic-keys - fix possible null pointer dereference In mtkpmickeysprobe, the regs parameter is only set if the button is parsed in the device tree. However, on hardware where the button is left floating, that node will...
UBUNTU-CVE-2025-37972
In the Linux kernel, the following vulnerability has been resolved: Input: mtk-pmic-keys - fix possible null pointer dereference In mtkpmickeysprobe, the regs parameter is only set if the button is parsed in the device tree. However, on hardware where the button is left floating, that node will...
UBUNTU-CVE-2025-37900
In the Linux kernel, the following vulnerability has been resolved: iommu: Fix two issues in iommucopystructfromuser In the review for iommucopystructtouser helper, Matt pointed out that a NULL pointer should be rejected prior to dereferencing it:...
CVE-2025-37900 iommu: Fix two issues in iommu_copy_struct_from_user()
In the Linux kernel, the following vulnerability has been resolved: iommu: Fix two issues in iommucopystructfromuser In the review for iommucopystructtouser helper, Matt pointed out that a NULL pointer should be rejected prior to dereferencing it:...
CVE-2025-37886
In the Linux kernel, the following vulnerability has been resolved: pdscore: make waitcontext part of qinfo Make the waitcontext a full part of the qinfo struct rather than a stack variable that goes away after pdscadminqpost is done so that the context is still available after the wait loop has...
CVE-2025-37840
In the Linux kernel, the following vulnerability has been resolved: mtd: rawnand: brcmnand: fix PM resume warning Fixed warning on PM resume as shown below caused due to uninitialized struct nandoperation that checks chip select field : WARNONop-cs = nanddevntargets&chip-base 14.588522 ----------...
CVE-2025-37886 pds_core: make wait_context part of q_info
In the Linux kernel, the following vulnerability has been resolved: pdscore: make waitcontext part of qinfo Make the waitcontext a full part of the qinfo struct rather than a stack variable that goes away after pdscadminqpost is done so that the context is still available after the wait loop has...
CVE-2025-37840
CVE-2025-37840 concerns the Linux kernel MTD NAND code, specifically brcmnand, where a PM-resume path could trigger a WARN due to an uninitialized nand_operation that checks the chip select. The connected advisories confirm this as a fix: during platform suspend/resume, the code now calls a highe...
DEBIAN-CVE-2025-37816
In the Linux kernel, the following vulnerability has been resolved: mei: vsc: Fix fortify-panic caused by invalid countedby use gcc 15 honors the countedbylen attribute on vsctppacket.buf and the vsc-tp.c code is using this in a wrong way. len does not contain the available size in the buffer, it...
CVE-2025-37805
In the Linux kernel, the following vulnerability has been resolved: sound/virtio: Fix cancelsync warnings on uninitialized workstructs Betty reported hitting the following warning: 8.709131 T221 WARNING: CPU: 2 PID: 221 at kernel/workqueue.c:4182 ... 8.713282 T221 Call trace: 8.713365 T221...
CVE-2025-37805 sound/virtio: Fix cancel_sync warnings on uninitialized work_structs
In the Linux kernel, the following vulnerability has been resolved: sound/virtio: Fix cancelsync warnings on uninitialized workstructs Betty reported hitting the following warning: 8.709131 T221 WARNING: CPU: 2 PID: 221 at kernel/workqueue.c:4182 ... 8.713282 T221 Call trace: 8.713365 T221...
PT-2025-20334
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A vulnerability has been resolved in the Linux kernel related to the sound/virtio module. The issue arises when the virtsnd probe function triggers an error path, leading to a call to...
ksmbd: fix use-after-free in ksmbd_free_work_struct
...
CVE-2023-53136
In the Linux kernel, the following vulnerability has been resolved: afunix: fix struct pid leaks in OOB support syzbot reported struct pid leak 1. Issue is that queueoob calls maybeaddcreds which potentially holds a reference on a pid. But skb-destructor is not set either directly or by calling...