CVE-2025-23166

The C++ method SignTraits::DeriveBits may incorrectly call ThrowException based on user-supplied inputs when executing in a background thread, crashing the Node.js process. Such cryptographic operations are commonly applied to untrusted inputs. Thus, this mechanism potentially allows an adversary...

Node.js 安全漏洞

Node.js is an open source, cross-platform JavaScript runtime environment open-sourced by Node.js. A security vulnerability exists in Node.js that stems from an incorrect call to ThrowException by the SignTraits::DeriveBits method in a background thread, which could lead to a process crash...

SUSE CVE-2025-23166

The C++ method SignTraits::DeriveBits may incorrectly call ThrowException based on user-supplied inputs when executing in a background thread, crashing the Node.js process. Such cryptographic operations are commonly applied to untrusted inputs. Thus, this mechanism potentially allows an adversary...

PT-2025-27739

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A race condition exists in the Linux kernel's bpf and sockmap functionality. The issue arises when the sk-sk socket is not locked or referenced in the backlog thread, and during the ca...

kernel: io_uring/sqpoll: zero sqd->thread on tctx errors

No description is available for this CVE...

kernel: scsi: qla2xxx: Fix use after free on unload

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix use after free on unload System crash is observed with stack trace warning of use after free. There are 2 signals to tell dpcthread to terminate UNLOADING flag and kthreadstop. On setting the UNLOADING flag whe...

kernel: dm-raid: Fix WARN_ON_ONCE check for sync_thread in raid_resume

In the Linux kernel, the following vulnerability has been resolved: dm-raid: Fix WARNONONCE check for syncthread in raidresume rm-raid devices will occasionally trigger the following warning when being resumed after a table load because DMRECOVERYRUNNING is set: WARNING: CPU: 7 PID: 5660 at...

CVE-2025-47735

inner::drop in inner.rs in the wgp crate through 0.2.0 for Rust lacks dropslow thread synchronization...

SUSE CVE-2025-37861

In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Synchronous access b/w reset and tm thread for reply queue When the task management thread processes reply queues while the reset thread resets them, the task management thread accesses an invalid queue ID 0xFFFF, s...

CVE-2025-37861

In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Synchronous access b/w reset and tm thread for reply queue When the task management thread processes reply queues while the reset thread resets them, the task management thread accesses an invalid queue ID 0xFFFF, s...

AZL-70144 CVE-2025-37861 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Synchronous access b/w reset and tm thread for reply queue When the task management thread processes reply queues while the reset thread resets them, the task management thread accesses an invalid queue ID 0xFFFF, s...

CVE-2025-37861

The CVE 2025-37861 pertains to the Linux kernel SCSI MPI3MR driver where the TM thread could process reply queues while the reset thread reinitializes them, causing an access to an invalid queue ID (0xFFFF) and a crash. The fix adds a synchronization flag io_admin_reset_sync. Before a reset, the ...

CVE-2025-37861 scsi: mpi3mr: Synchronous access b/w reset and tm thread for reply queue

In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Synchronous access b/w reset and tm thread for reply queue When the task management thread processes reply queues while the reset thread resets them, the task management thread accesses an invalid queue ID 0xFFFF, s...

wgp race condition in inner::drop

inner::drop in inner.rs in the wgp crate through 0.2.0 for Rust lacks dropslow thread synchronization...

GHSA-2W4W-4385-VH4H wgp race condition in inner::drop

inner::drop in inner.rs in the wgp crate through 0.2.0 for Rust lacks dropslow thread synchronization...

CVE-2025-47735

inner::drop in inner.rs in the wgp crate through 0.2.0 for Rust lacks dropslow thread synchronization...

CVE-2025-47735

inner::drop in inner.rs in the wgp crate through 0.2.0 for Rust lacks dropslow thread synchronization...

wgp 安全漏洞

wgp is a library by Nugine Personal Developers. A security vulnerability exists in wgp version 0.2.0, which stems from a lack of thread synchronization in dropslow...

CVE-2025-47735

inner::drop in inner.rs in the wgp crate through 0.2.0 for Rust lacks dropslow thread synchronization...

CVE-2025-47735

CVE-2025-47735 affects the Rust wgp crate (versions 0.2.0 and earlier). The root cause is missing drop_slow thread synchronization in inner::drop (inner.rs), leading to a race condition in multithreaded contexts. Exploit details are not provided in the documents; remediation references suggest av...