The vulnerability of the user_fence_create() function in the drivers/gpu/drm/xe/xe_sync.c kernel of the Linux operating system allows a perpetrator to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the userfencecreate function in the drivers/gpu/drm/xe/xesync.c kernel module of the Linux operating system is related to writing beyond the buffer boundaries. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibilit...

SUSE CVE-2025-38040

In the Linux kernel, the following vulnerability has been resolved: serial: mctrlgpio: split disablems into sync and nosync APIs The following splat has been observed on a SAMA5D27 platform using atmelserial: BUG: sleeping function called from invalid context at kernel/irq/manage.c:738 inatomic: ...

SUSE CVE-2025-38058

In the Linux kernel, the following vulnerability has been resolved: legitimizemnt: check for MNTSYNCUMOUNT should be under mountlock ... or we risk stealing final mntput from sync umount - raising mntcount after umount2 has verified that victim is not busy, but before it has set MNTSYNCUMOUNT; in...

DEBIAN-CVE-2022-50005

In the Linux kernel, the following vulnerability has been resolved: nfc: pn533: Fix use-after-free bugs caused by pn532cmdtimeout When the pn532 uart device is detaching, the pn532uartremove is called. But there are no functions in pn532uartremove that could delete the cmdtimeout timer, which wil...

DEBIAN-CVE-2025-38058

In the Linux kernel, the following vulnerability has been resolved: legitimizemnt: check for MNTSYNCUMOUNT should be under mountlock ... or we risk stealing final mntput from sync umount - raising mntcount after umount2 has verified that victim is not busy, but before it has set MNTSYNCUMOUNT; in...

UBUNTU-CVE-2025-38040

In the Linux kernel, the following vulnerability has been resolved: serial: mctrlgpio: split disablems into sync and nosync APIs The following splat has been observed on a SAMA5D27 platform using atmelserial: BUG: sleeping function called from invalid context at kernel/irq/manage.c:738 inatomic: ...

CVE-2025-38040

CVE-2025-38040 affects the Linux kernel’s serial/mctrl_gpio path. The advisory reports a fix for a denial of service/privilege implications by splitting the disabling of modem lines (disable_ms) into two APIs: sync and no_sync, addressing a sleeping function being called from an atomic context (d...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from not checking the MNTSYNCUMOUNT flag under mountlock protection...

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Synchronous access between the reset thread and the TM thread for reply queues. When the task management thread processes reply queues while the reset thread resets them, the task management thread accesses an inval...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: legitimizemnt. The check for MNTSYNCUMOUNT should be performed under mountlock. … Otherwise, we risk stealing the final mntput from sync umount. This occurs after umount2 verifies that the victim is not busy, but before it sets...

CVE-2024-9512 Time-of-check Time-of-use (TOCTOU) Race Condition in GitLab

An issue has been discovered in GitLab EE affecting all versions prior to 17.10.8, 17.11 prior to 17.11.4, and 18.0 prior to 18.0.2. It may have been possible for private repository to be cloned in case of race condition when a secondary node is out of sync...

The vulnerability of the sync_time() function in the router_command.sh script of Quantenna’s Wi-Fi chip microprogramming software allows a hacker to execute arbitrary commands.

The vulnerability of the synctime function in the routercommand.sh script of Quantenna’s Wi-Fi chip microprogramming software is related to the implementation or modification of arguments. Exploiting this vulnerability could allow an attacker to execute arbitrary commands...

Hidden Backdoors in npm Packages Let Attackers Wipe Entire Systems

Malicious npm packages found with hidden endpoints that wipe systems on command. Devs warned to check dependencies for express-api-sync, system-health-sync-api...

Quantenna Communications Quantenna Wi-Fi chipset 安全漏洞

Quantenna Communications Quantenna Wi-Fi chipset is a WiFi chip from Quantenna Communications, USA. A security vulnerability exists in Quantenna Communications Quantenna Wi-Fi chipset version 8.0.0.28 and earlier, which originates from a command injection in the synctime parameter of the...

[SECURITY] Fedora 41 Update: nextcloud-31.0.5-1.fc41

NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing rig ht on the web. NextCloud is extendable via a simple but powerful API...

Malicious code in express-api-sync (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware efac302be698778eb5fe49cde2fadcf3d675910622eaf3387754f96e332f87f9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in system-health-sync-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 13c337e149bd36fcd54891e550bf7fdb7c1dc36b1bfc1b06e0b1427851d4adde Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-4683 Malicious code in express-api-sync (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware efac302be698778eb5fe49cde2fadcf3d675910622eaf3387754f96e332f87f9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-4695 Malicious code in system-health-sync-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 13c337e149bd36fcd54891e550bf7fdb7c1dc36b1bfc1b06e0b1427851d4adde Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

SAMSUNG Internet 安全漏洞

SAMSUNG Internet is a cell phone application from the South Korean company Samsung SAMSUNG. It provides a browser function. A security vulnerability exists in SAMSUNG Internet versions prior to 28.0.0.59, which stems from mishandling of insufficient privileges in the SyncClientProvider, which cou...