CVE-2023-53993 PCI/DOE: Fix memory leak with CONFIG_DEBUG_OBJECTS=y

In the Linux kernel, the following vulnerability has been resolved: PCI/DOE: Fix memory leak with CONFIGDEBUGOBJECTS=y After a pcidoetask completes, its workstruct needs to be destroyed to avoid a memory leak with CONFIGDEBUGOBJECTS=y...

CVE-2023-53993 PCI/DOE: Fix memory leak with CONFIG_DEBUG_OBJECTS=y

In the Linux kernel, the following vulnerability has been resolved: PCI/DOE: Fix memory leak with CONFIGDEBUGOBJECTS=y After a pcidoetask completes, its workstruct needs to be destroyed to avoid a memory leak with CONFIGDEBUGOBJECTS=y...

CVE-2022-50705

CVE-2022-50705 is a Linux kernel issue in the io_uring subsystem where fsnotify callbacks were deferred to task context to avoid invoking them from kiocb completion contexts that may be in IRQ context. The described exploit path is blocked by this deferral, and the fix was applied in the kernel c...

CVE-2022-50705 io_uring/rw: defer fsnotify calls to task context

In the Linux kernel, the following vulnerability has been resolved: iouring/rw: defer fsnotify calls to task context We can't call these off the kiocb completion as that might be off soft/hard irq context. Defer the calls to when we process the taskwork for this request. That avoids valid...

CVE-2022-50705 io_uring/rw: defer fsnotify calls to task context

In the Linux kernel, the following vulnerability has been resolved: iouring/rw: defer fsnotify calls to task context We can't call these off the kiocb completion as that might be off soft/hard irq context. Defer the calls to when we process the taskwork for this request. That avoids valid...

CVE-2025-68733 smack: fix bug: unprivileged task can create labels

In the Linux kernel, the following vulnerability has been resolved: smack: fix bug: unprivileged task can create labels If an unprivileged task is allowed to relabel itself /smack/relabel-self is not empty, it can freely create new labels by writing their names into own /proc/PID/attr/smack/curre...

CVE-2025-68371

CVE-2025-68371 relates to the Linux kernel SCSI smartpqi driver. A race between the abort handler that schedules a LUN reset and device removal via sdev_destroy() could cause the LUN reset to run after the device was removed, leading to use‑after‑free and access to freed resources. The fix, as do...

SUSE CVE-2025-68341

In the Linux kernel, the following vulnerability has been resolved: veth: reduce XDP nodirect return section to fix race As explain in commit fa349e396e48 "veth: Fix race with AFXDP exposing old or uninitialized descriptors" for veth there is a chance after napicompletedone that another CPU can...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from not destroying the workstruct of a completed task, which could lead to a memory leak...

PT-2025-52907

Name of the Vulnerable Software and Affected Versions Linux Kernel affected versions not specified Description A race condition exists in the SmartPQI SCSI driver within the Linux kernel during device removal. Specifically, a scheduled work item to reset a LUN could execute after the device was...

PT-2025-53002

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel landlock subsystem had a flaw in how it handled disconnected directories. These directories could appear when files or directories were accessed through a bind mount but...

📄 macOS 10.12.2 XNU Kernel Privilege Escalation

This proof of concept targets a race‑condition vulnerability in the XNU kernel affecting macOS/iOS. By forcing a use‑after‑free condition on kernel ports, the exploit manipulates freed memory through a controlled spray, allowing a user‑controlled replacement object. Successful exploitation yields...

Linux Distros Unpatched Vulnerability : CVE-2023-54028

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - RDMA/rxe: Fix the error trying to register non-static key in rxecleanuptask In the function rxecreateqp, rxeqpfrominit is called to initialize qp, internally...

PT-2025-52935

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.0.0-rc6-syzkaller-00321-g105a36f3694e Description The Linux kernel contains an issue within the io uring/rw subsystem. Specifically, the code was calling fsnotify functions from an inappropriate context, leadin...

Linux Distros Unpatched Vulnerability : CVE-2025-68733

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - smack: fix bug: unprivileged task can create labels If an unprivileged task is allowed to relabel itself /smack/relabel-self is not empty, it can freely create...

CVE-2022-50689

Cobian Reflector 0.9.93 RC1 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the password input field. Attackers can paste a large 8000-byte buffer into the password field to trigger an application crash during SFTP task configuration...

CVE-2022-50689

Cobian Reflector 0.9.93 RC1 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the password input field. Attackers can paste a large 8000-byte buffer into the password field to trigger an application crash during SFTP task configuration...

CVE-2022-50689

CVE-2022-50689 affects Cobian Reflector 0.9.93 RC1. A denial-of-service can be triggered by overflowing the password input field during SFTP task configuration, e.g., pasting an ~8000-byte buffer into the password field, causing the application to crash. Multiple connected sources (NVD/NVD-derive...

CVE-2022-50689 Cobian Reflector 0.9.93 RC1 Local Denial of Service via Password Field

Cobian Reflector 0.9.93 RC1 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the password input field. Attackers can paste a large 8000-byte buffer into the password field to trigger an application crash during SFTP task configuration...

Cracked Software and YouTube Videos Spread CountLoader and GachiLoader Malware

Cybersecurity researchers have disclosed details of a new campaign that has used cracked software distribution sites as a distribution vector for a new version of a modular and stealthy loader known as CountLoader. The campaign "uses CountLoader as the initial tool in a multistage attack for...