CVE-2025-68748

CVE-2025-68748 concerns a Linux kernel UAF race in the DRM panthor component, where panthor_fw_unplug() frees FW memory while pending FW events may still be handled, leading to use-after-free. The fix, as described in the connected sources, is to call disable_work_sync() to drain and prevent furt...

CVE-2025-68748 drm/panthor: Fix UAF race between device unplug and FW event processing

In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Fix UAF race between device unplug and FW event processing The function panthorfwunplug will free the FW memory sections. The problem is that there could still be pending FW events which are yet not handled at this...

WordPress plugin Captivate Sync 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin.... A security...

PT-2025-52925

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition existed between the host1x syncpt alloc and host1x syncpt put functions. The issue was addressed by utilizing kref put mutex instead of kref put combined with manual mut...

PT-2025-53258

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in captivateaudio Captivate Sync captivatesync-trade allows Blind SQL Injection.This issue affects Captivate Sync: from n/a through = 3.2.2...

Linux Distros Unpatched Vulnerability : CVE-2025-68748

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/panthor: Fix UAF race between device unplug and FW event processing The function panthorfwunplug will free the FW memory sections. The problem is that there...

WordPress Captivate Sync plugin <= 3.2.2 - SQL Injection vulnerability

SQL Injection vulnerability discovered by w41bu1 in WordPress Plugin Captivate Sync versions = 3.2.2...

CVE-2025-68324

In the Linux kernel, the following vulnerability has been resolved: scsi: imm: Fix use-after-free bug caused by unfinished delayed work The delayed work item 'immtq' is initialized in immattach and scheduled via immqueuecommand for processing SCSI commands. When the IMM parallel port SCSI host...

UBUNTU-CVE-2025-68324

In the Linux kernel, the following vulnerability has been resolved: scsi: imm: Fix use-after-free bug caused by unfinished delayed work The delayed work item 'immtq' is initialized in immattach and scheduled via immqueuecommand for processing SCSI commands. When the IMM parallel port SCSI host...

Security update for postgresql13

This update for postgresql13 fixes the following issues: Upgraded to 13.23: CVE-2025-12817: Fixed missing check for CREATE privileges on the schema in CREATE STATISTICS bsc1253332 CVE-2025-12818: Fixed integer overflow in allocation-size calculations within libpq bsc1253333 Other fixes: Use...

SUSE-SU-2025:4486-1 Security update for postgresql13

This update for postgresql13 fixes the following issues: Upgraded to 13.23: - CVE-2025-12817: Fixed missing check for CREATE privileges on the schema in CREATE STATISTICS bsc1253332 - CVE-2025-12818: Fixed integer overflow in allocation-size calculations within libpq bsc1253333 Other fixes: - Use...

SUSE-SU-2025:4484-1 Security update for postgresql15

This update for postgresql15 fixes the following issues: Upgraded to 15.15: - CVE-2025-12817: Fixed missing check for CREATE privileges on the schema in CREATE STATISTICS bsc1253332 - CVE-2025-12818: Fixed integer overflow in allocation-size calculations within libpq bsc1253333 Other fixes: - Use...

EUVD-2025-203656

In the Linux kernel, the following vulnerability has been resolved: nilfs2: avoid having an active sctimer before freeing sci Because kthreadstop did not stop sctask properly and returned -EINTR, the sctimer was not properly closed, ultimately causing the problem 1 reported by syzbot when freeing...

CVE-2025-68240

In the Linux kernel, the following vulnerability has been resolved: nilfs2: avoid having an active sctimer before freeing sci Because kthreadstop did not stop sctask properly and returned -EINTR, the sctimer was not properly closed, ultimately causing the problem 1 reported by syzbot when freeing...

UBUNTU-CVE-2025-68240

In the Linux kernel, the following vulnerability has been resolved: nilfs2: avoid having an active sctimer before freeing sci Because kthreadstop did not stop sctask properly and returned -EINTR, the sctimer was not properly closed, ultimately causing the problem 1 reported by syzbot when freeing...

CVE-2025-68214

In the Linux kernel, the following vulnerability has been resolved: timers: Fix NULL function pointer race in timershutdownsync There is a race condition between timershutdownsync and timer expiration that can lead to hitting a WARNON in expiretimers. The issue occurs when timershutdownsync clear...

CVE-2025-68214

In the Linux kernel, the following vulnerability has been resolved: timers: Fix NULL function pointer race in timershutdownsync There is a race condition between timershutdownsync and timer expiration that can lead to hitting a WARNON in expiretimers. The issue occurs when timershutdownsync clear...

CVE-2025-68214 timers: Fix NULL function pointer race in timer_shutdown_sync()

In the Linux kernel, the following vulnerability has been resolved: timers: Fix NULL function pointer race in timershutdownsync There is a race condition between timershutdownsync and timer expiration that can lead to hitting a WARNON in expiretimers. The issue occurs when timershutdownsync clear...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from a competing condition between timershutdownsync and timer expiration, which could result in WARNON being trigger...

PT-2025-51627

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists within the timer subsystem, specifically in the timer shutdown sync function, potentially leading to a kernel warning. This occurs when the timer function pointer...