AZL-67526 CVE-2025-39845 affecting package kernel for versions less than 6.6.112.1-1

In the Linux kernel, the following vulnerability has been resolved: x86/mm/64: define ARCHPAGETABLESYNCMASK and archsynckernelmappings Define ARCHPAGETABLESYNCMASK and archsynckernelmappings to ensure page tables are properly synchronized when calling pdpopulatekernel. For 5-level paging,...

AZL-67557 CVE-2025-39844 affecting package kernel for versions less than 6.6.112.1-1

In the Linux kernel, the following vulnerability has been resolved: mm: move page table sync declarations to linux/pgtable.h During our internal testing, we started observing intermittent boot failures when the machine uses 4-level paging and has a large amount of persistent memory: BUG: unable t...

AZL-74832 CVE-2025-39844 affecting package kernel for versions less than 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: mm: move page table sync declarations to linux/pgtable.h During our internal testing, we started observing intermittent boot failures when the machine uses 4-level paging and has a large amount of persistent memory: BUG: unable t...

AZL-74835 CVE-2025-39845 affecting package kernel for versions less than 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: x86/mm/64: define ARCHPAGETABLESYNCMASK and archsynckernelmappings Define ARCHPAGETABLESYNCMASK and archsynckernelmappings to ensure page tables are properly synchronized when calling pdpopulatekernel. For 5-level paging,...

UBUNTU-CVE-2025-39844

In the Linux kernel, the following vulnerability has been resolved: mm: move page table sync declarations to linux/pgtable.h During our internal testing, we started observing intermittent boot failures when the machine uses 4-level paging and has a large amount of persistent memory: BUG: unable t...

UBUNTU-CVE-2025-39859

In the Linux kernel, the following vulnerability has been resolved: ptp: ocp: fix use-after-free bugs causing by ptpocpwatchdog The ptpocpdetach only shuts down the watchdog timer if it is pending. However, if the timer handler is already running, the timerdeletesync is not called. This leads to...

CVE-2025-39859

CVE-2025-39859 : In the Linux kernel, a race condition can cause a use-after-free when the timer watchdog used by ptp_ocp_watchdog is running during devlink deallocation. The flaw occurs because ptp_ocp_detach() only cancels the watchdog if it is pending; if the timer handler is active, timer_del...

CVE-2025-39857 net/smc: fix one NULL pointer dereference in smc_ib_is_sg_need_sync()

In the Linux kernel, the following vulnerability has been resolved: net/smc: fix one NULL pointer dereference in smcibissgneedsync BUG: kernel NULL pointer dereference, address: 00000000000002ec PGD 0 P4D 0 Oops: Oops: 0000 1 SMP PTI CPU: 28 UID: 0 PID: 343 Comm: kworker/28:1 Kdump: loaded Tainte...

CVE-2025-39857

In the Linux kernel, the following vulnerability has been resolved: net/smc: fix one NULL pointer dereference in smcibissgneedsync BUG: kernel NULL pointer dereference, address: 00000000000002ec PGD 0 P4D 0 Oops: Oops: 0000 1 SMP PTI CPU: 28 UID: 0 PID: 343 Comm: kworker/28:1 Kdump: loaded Tainte...

CVE-2025-39857 net/smc: fix one NULL pointer dereference in smc_ib_is_sg_need_sync()

In the Linux kernel, the following vulnerability has been resolved: net/smc: fix one NULL pointer dereference in smcibissgneedsync BUG: kernel NULL pointer dereference, address: 00000000000002ec PGD 0 P4D 0 Oops: Oops: 0000 1 SMP PTI CPU: 28 UID: 0 PID: 343 Comm: kworker/28:1 Kdump: loaded Tainte...

CVE-2025-39845

CVE-2025-39845 : In the Linux kernel, the patch defines ARCH_PAGE_TABLE_SYNC_MASK and arch_sync_kernel_mappings() to ensure page-table synchronization when calling p*d_populate_kernel(). For 5-level paging, synchronization uses pgd_populate_kernel(); for 4-level paging, pgd_populate() is a no-op ...

CVE-2025-39844 mm: move page table sync declarations to linux/pgtable.h

In the Linux kernel, the following vulnerability has been resolved: mm: move page table sync declarations to linux/pgtable.h During our internal testing, we started observing intermittent boot failures when the machine uses 4-level paging and has a large amount of persistent memory: BUG: unable t...

CVE-2025-9891

The User Sync – Remote User Sync plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.2. This is due to missing or incorrect nonce validation on the mousersyncformhandler function. This makes it possible for unauthenticated attackers to...

PT-2025-38551

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel related to page table synchronization during vmemmap initialization. Specifically, the optimized path within vmemmap populate compound pages skips...

CVE-2025-56869

CVE-2025-56869 describes a directory traversal vulnerability in the Sync In server (up to version 1.1.1). The issue affects the files-management code paths: FilesManager.saveMultipart and FilesManager.compress in backend/src/applications/files/services/files-manager.service.ts, enabling authentic...

PT-2025-38583

Name of the Vulnerable Software and Affected Versions Sync In versions through 1.1.1 Description A directory traversal issue exists in Sync In server. Authenticated attackers can achieve read and write access to the system through the FilesManager.saveMultipart function located in...

Sync in 安全漏洞

Sync in is a server synchronization platform from Sync-in open source. A security vulnerability exists in Sync in 1.1.1 and earlier versions, which stems from a directory traversal issue in the FilesManager.saveMultipart and FilesManager.compress functions that could allow an authenticated attack...

CVE-2025-56869

Directory traversal vulnerability in Sync In server thru 1.1.1 allowing authenticated attackers to gain read and write access to the system via FilesManager.saveMultipart function in backend/src/applications/files/services/files-manager.service.ts, and FilesManager.compress function in...

CVE-2023-53380

In the Linux kernel, the following vulnerability has been resolved: md/raid10: fix null-ptr-deref of mreplace in raid10syncrequest There are two check of 'mreplace' in raid10syncrequest. In the first check, 'needreplace' will be set and 'mreplace' will be used later if no-Faulty 'mreplace' exists...

CVE-2023-53421 blk-cgroup: Reinit blkg_iostat_set after clearing in blkcg_reset_stats()

In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: Reinit blkgiostatset after clearing in blkcgresetstats When blkgalloc is called to allocate a blkcggq structure with the associated blkgiostatset's, there are 2 fields within blkgiostatset that requires proper...