CVE-2025-46613

OpenPLC 3 through 64f9c11 is affected by a memory corruption vulnerability in server.cpp caused by a thread accessing the handleConnections arguments after the parent stack frame becomes unavailable, i.e., a race condition. This is documented across multiple sources (NVD/Red Hat/CIRCL/CNNVD, PT-S...

GHSA-FR22-5377-F3P7 Mattermost Playbooks fails to properly validate permissions

Mattermost versions 10.4.x = 10.4.2, 10.5.x = 10.5.0, 9.11.x = 9.11.10 fail to properly validate permissions for the API endpoint /plugins/playbooks/api/v0/signal/keywords/ignore-thread, allowing any user or attacker to delete posts containing actions created by the Playbooks bot, even without...

CVE-2025-41423

Mattermost versions 10.4.x = 10.4.2, 10.5.x = 10.5.0, 9.11.x = 9.11.10 fail to properly validate permissions for the API endpoint /plugins/playbooks/api/v0/signal/keywords/ignore-thread, allowing any user or attacker to delete posts containing actions created by the Playbooks bot, even without...

SUSE CVE-2025-22098

In the Linux kernel, the following vulnerability has been resolved: drm: zynqmpdp: Fix a deadlock in zynqmpdpignorehpdset Instead of attempting the same mutex twice, lock and unlock it. This bug has been detected by the Clang thread-safety analyzer...

Security update for iperf

This update for iperf fixes the following issues: Update to 3.18 bsc1234705, CVE-2024-53580: SECURITY NOTE: Thanks to Leonid Krolle Bi.Zone for discovering a JSON type security vulnerability that caused a segmentation fault in the server. CVE-2024-53580 This has now been fixed. PR1810 UDP packets...

SUSE CVE-2025-22074

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix rcount dec/increment mismatch rcount is only increased when there is an oplock break wait, so rcount inc/decrement are not paired. This can cause rcount to become negative, which can lead to a problem where the ksmbd...

SUSE CVE-2025-22078

In the Linux kernel, the following vulnerability has been resolved: staging: vchiqarm: Fix possible NPR of keep-alive thread In case vchiqplatformconnstatechanged is never called or fails before driver removal, kathread won't be a valid pointer to a taskstruct. So do the necessary checks before...

[SECURITY] Fedora 41 Update: mysql8.0-8.0.41-1.fc41

MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon mysqld and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files...

The vulnerability of the stack_depot_save_flags() function in the Linux operating system allows a hacker to trigger a service failure.

The vulnerability of the stackdepotsaveflags function in the Linux operating system is related to errors during thread blocking. Exploiting this vulnerability can allow an attacker to cause a service failure...

CVE-2025-22111

In the Linux kernel, the following vulnerability has been resolved: net: Remove RTNL dance for SIOCBRADDIF and SIOCBRDELIF. SIOCBRDELIF is passed to devioctl first and later forwarded to brioctlcall, which causes unnecessary RTNL dance and the splat below 0 under RTNL pressure. Let's say Thread A...

CVE-2025-22078

In the Linux kernel, the following vulnerability has been resolved: staging: vchiqarm: Fix possible NPR of keep-alive thread In case vchiqplatformconnstatechanged is never called or fails before driver removal, kathread won't be a valid pointer to a taskstruct. So do the necessary checks before...

DEBIAN-CVE-2025-22078

In the Linux kernel, the following vulnerability has been resolved: staging: vchiqarm: Fix possible NPR of keep-alive thread In case vchiqplatformconnstatechanged is never called or fails before driver removal, kathread won't be a valid pointer to a taskstruct. So do the necessary checks before...

CVE-2025-22074

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix rcount dec/increment mismatch rcount is only increased when there is an oplock break wait, so rcount inc/decrement are not paired. This can cause rcount to become negative, which can lead to a problem where the ksmbd...

UBUNTU-CVE-2025-22078

In the Linux kernel, the following vulnerability has been resolved: staging: vchiqarm: Fix possible NPR of keep-alive thread In case vchiqplatformconnstatechanged is never called or fails before driver removal, kathread won't be a valid pointer to a taskstruct. So do the necessary checks before...

CVE-2025-22053

In the Linux kernel, the following vulnerability has been resolved: net: ibmveth: make vethpoolstore stop hanging v2: - Created a single error handling unlock and exit in vethpoolstore - Greatly expanded commit message with previous explanatory-only text Summary: Use rtnlmutex to synchronize...

CVE-2025-22078

CVE-2025-22078 affects the Linux kernel staging/vchiq_arm component. The issue occurs when vchiq_platform_conn_state_changed() is never called or fails before driver removal, causing ka_thread to potentially point to an invalid task_struct and risking a crash. The fix adds necessary guards before...

CVE-2025-22078 staging: vchiq_arm: Fix possible NPR of keep-alive thread

In the Linux kernel, the following vulnerability has been resolved: staging: vchiqarm: Fix possible NPR of keep-alive thread In case vchiqplatformconnstatechanged is never called or fails before driver removal, kathread won't be a valid pointer to a taskstruct. So do the necessary checks before...

CVE-2025-22078 staging: vchiq_arm: Fix possible NPR of keep-alive thread

In the Linux kernel, the following vulnerability has been resolved: staging: vchiqarm: Fix possible NPR of keep-alive thread In case vchiqplatformconnstatechanged is never called or fails before driver removal, kathread won't be a valid pointer to a taskstruct. So do the necessary checks before...

CVE-2025-22078

In the Linux kernel, the following vulnerability has been resolved: staging: vchiqarm: Fix possible NPR of keep-alive thread In case vchiqplatformconnstatechanged is never called or fails before driver removal, kathread won't be a valid pointer to a taskstruct. So do the necessary checks before...

CVE-2025-22074 ksmbd: fix r_count dec/increment mismatch

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix rcount dec/increment mismatch rcount is only increased when there is an oplock break wait, so rcount inc/decrement are not paired. This can cause rcount to become negative, which can lead to a problem where the ksmbd...