Amazon Linux 2 : python3-tornado (ALAS-2025-2725)

The version of python3-tornado installed on the remote host is prior to 5.0.2-4. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2725 advisory. Tornado is a Python web framework and asynchronous networking library. The algorithm used for parsing HTTP cookies in Torna...

CVE-2024-45553

Memory corruption can occur when process-specific maps are added to the global list. If a map is removed from the global list while another thread is using it for a process-specific task, issues may arise...

CVE-2024-45553 Use After Free in DSP Services

Memory corruption can occur when process-specific maps are added to the global list. If a map is removed from the global list while another thread is using it for a process-specific task, issues may arise...

PT-2025-5657 · Git +1 · Libavif

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A heap-buffer-overflow READ 8 crash has been reported, with the crash state indicating an issue related to interceptor pthread create. No information is...

PT-2026-2896

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw in the md/raid5 component where null-pointer dereferences can occur in the raid5 store group thread cnt function. This happens when the mddev-private...

PT-2026-5506

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.18.0-rc1+git Description The Linux kernel contains a flaw related to interrupt handling. Specifically, the issue involves dropping the IRQF NO THREAD flag in the counter module, potentially leading to a BUG:...

PT-2025-52656

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains an issue related to the stratix10-svc firmware. The problem stems from incorrect usage of the platform set drvdata and dev set drvdata functions, which both...

PT-2025-54486

Name of the Vulnerable Software and Affected Versions libcurl versions prior to 7.87.0-150400.7.26.1 openSUSE Leap 15.6 affected versions not specified SUSE Linux Enterprise Server 15 SP4 affected versions not specified Description The issue relates to libcurl's handling of TLS options during...

SUSE CVE-2024-56709

In the Linux kernel, the following vulnerability has been resolved: iouring: check if iowq is killed before queuing task work can be executed after the task has gone through iouring termination, whether it's the final taskwork run or the fallback path. In this case, task work will find -iowq bein...

UBUNTU-CVE-2024-56709

In the Linux kernel, the following vulnerability has been resolved: iouring: check if iowq is killed before queuing task work can be executed after the task has gone through iouring termination, whether it's the final taskwork run or the fallback path. In this case, task work will find -iowq bein...

CVE-2024-56623

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix use after free on unload System crash is observed with stack trace warning of use after free. There are 2 signals to tell dpcthread to terminate UNLOADING flag and kthreadstop. On setting the UNLOADING flag whe...

AZL-55237 CVE-2024-56623 affecting package kernel for versions less than 5.15.176.3-1

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix use after free on unload System crash is observed with stack trace warning of use after free. There are 2 signals to tell dpcthread to terminate UNLOADING flag and kthreadstop. On setting the UNLOADING flag whe...

AZL-55172 CVE-2024-56613 affecting package kernel for versions less than 6.6.76.1-1

In the Linux kernel, the following vulnerability has been resolved: sched/numa: fix memory leak due to the overwritten vma-numabstate Problem Description When running the hackbench program of LTP, the following memory leak is reported by kmemleak. /opt/ltp/testcases/bin/hackbench 20 thread 1000...

CVE-2024-56670

CVE-2024-56670 : Linux kernel vulnerability in the usb gadget u_serial driver where a NULL dereference could occur when port->port_usb is NULL during multi-threaded access. The description documents a race between gs_open/gs_start_io and disconnect paths (gserial_disconnect/composite_disconnec...

CVE-2024-56670 usb: gadget: u_serial: Fix the issue that gs_start_io crashed due to accessing null pointer

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: userial: Fix the issue that gsstartio crashed due to accessing null pointer Considering that in some extreme cases, when userial driver is accessed by multiple threads, Thread A is executing the open operation and...

CVE-2024-56670 usb: gadget: u_serial: Fix the issue that gs_start_io crashed due to accessing null pointer

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: userial: Fix the issue that gsstartio crashed due to accessing null pointer Considering that in some extreme cases, when userial driver is accessed by multiple threads, Thread A is executing the open operation and...

CVE-2024-53173

In the Linux kernel, the following vulnerability has been resolved: NFSv4.0: Fix a use-after-free problem in the asynchronous open Yang Erkun reports that when two threads are opening files at the same time, and are forced to abort before a reply is seen, then the call to nfsreleaseseqid in...

CVE-2024-53218

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix race in concurrent f2fsstopgcthread In my test case, concurrent calls to f2fs shutdown report the following stack trace: Oops: general protection fault, probably for non-canonical address 0xc6cfff63bb5513fc: 0000 1...

USN-7166-1 linux, linux-gcp, linux-gcp-5.15, linux-gke, linux-gkeop, linux-ibm, linux-ibm-5.15, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux-oracle, linux-oracle-5.15, linux-raspi vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM32 architecture; - RISC-V architecture; - S390 architecture; - x86 architecture; - Block layer subsystem; - ACPI...

CVE-2024-11144

The server lacks thread safety and can be crashed by anomalous data sent by an anonymous user from a remote network. The crash causes the FTP service to become unavailable, affecting all users and processes that rely on it for file transfers. If the crash occurs during file upload or download, it...