CVE-2022-49264

CVE-2022-49264 is a Linux kernel issue where execve(2) argv handling could lead to an elevation of privilege. The fix injects a single empty string into argv when argc == 0 and updates argc accordingly, preventing argv from being empty or NULL. The description indicates this is a local privilege-...

CVE-2022-49097 NFS: Avoid writeback threads getting stuck in mempool_alloc()

In the Linux kernel, the following vulnerability has been resolved: NFS: Avoid writeback threads getting stuck in mempoolalloc In a low memory situation, allow the NFS writeback code to fail without getting stuck in infinite loops in mempoolalloc...

CVE-2022-49097

In the Linux kernel, the following vulnerability has been resolved: NFS: Avoid writeback threads getting stuck in mempoolalloc In a low memory situation, allow the NFS writeback code to fail without getting stuck in infinite loops in mempoolalloc...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: nfsd: fixed the issue where a leak occurred during nfs4openowner when nfsd4open was performed concurrently. The action force umount-f operation attempts to terminate all rpctask. However, the umount operation may fail if some...

[SECURITY] Fedora 40 Update: stalld-1.19.8-1.fc40

The stalld program monitors the set of system threads, looking for threads that are ready-to-run but have not been given processor time for some threshold period. When a starving thread is found, it is given a temporary boost using the SCHEDDEADLINE policy. The default is to allow 10 microseconds...

CVE-2025-23090

With the aid of the diagnosticschannel utility, an event can be hooked into whenever a worker thread is created. This is not limited only to workers but also exposes internal workers, where an instance of them can be fetched, and its constructor can be grabbed and reinstated for malicious usage...

CVE-2022-22097

Memory corruption in graphic driver due to use after free while calling multiple threads application to driver. in Snapdragon Consumer IOT...

CVE-2025-23083

A flaw was found in the Node.js diagnosticschannel. This vulnerability allows an attacker to reinstate and misuse worker constructors, potentially bypassing the Permission Model via hooking into events when a worker thread is created...

CVE-2025-23090

Rejected reason: This CVE record has been withdrawn due to a duplicate entry CVE-2025-23083...

CVE-2025-23083

With the aid of the diagnosticschannel utility, an event can be hooked into whenever a worker thread is created. This is not limited only to workers but also exposes internal workers, where an instance of them can be fetched, and its constructor can be grabbed and reinstated for malicious usage...

AZL-55922 CVE-2025-23083 affecting package nodejs for versions less than 20.14.0-4

With the aid of the diagnosticschannel utility, an event can be hooked into whenever a worker thread is created. This is not limited only to workers but also exposes internal workers, where an instance of them can be fetched, and its constructor can be grabbed and reinstated for malicious usage...

CVE-2025-23083

With the aid of the diagnosticschannel utility, an event can be hooked into whenever a worker thread is created. This is not limited only to workers but also exposes internal workers, where an instance of them can be fetched, and its constructor can be grabbed and reinstated for malicious usage...

DEBIAN-CVE-2025-23083

With the aid of the diagnosticschannel utility, an event can be hooked into whenever a worker thread is created. This is not limited only to workers but also exposes internal workers, where an instance of them can be fetched, and its constructor can be grabbed and reinstated for malicious usage...

CVE-2025-23083

With the aid of the diagnosticschannel utility, an event can be hooked into whenever a worker thread is created. This is not limited only to workers but also exposes internal workers, where an instance of them can be fetched, and its constructor can be grabbed and reinstated for malicious usage...

CVE-2025-23083

With the aid of the diagnosticschannel utility, an event can be hooked into whenever a worker thread is created. This is not limited only to workers but also exposes internal workers, where an instance of them can be fetched, and its constructor can be grabbed and reinstated for malicious usage...

CVE-2025-23090

...

CVE-2025-23090

CVE-2025-23090 is withdrawn as a duplicate of CVE-2025-23083. Connected records confirm CVE-2025-23083 affects Node.js packages for versions before 20.14.0-4, with patches available in advisory channels (nodejs20). These sources describe the same underlying issue and provide remediation guidance ...

PT-2025-4820 · Node.Js · Node.Js

Name of the Vulnerable Software and Affected Versions: Node.js versions 20, 22, and 23 Description: The issue allows attackers to misuse the diagnostics channel utility, accessing internal worker threads for malicious purposes. This is not limited to workers but also exposes internal workers, whe...

The vulnerability of the Security Account Manager (SAM) on Windows operating systems allows a perpetrator to trigger a service failure.

The vulnerability of the Security Account Manager SAM on Windows operating systems is related to mutual blocking of execution threads. Exploiting this vulnerability can allow a malicious actor to cause service failures...

CVE-2024-56779 nfsd: fix nfs4_openowner leak when concurrent nfsd4_open occur

In the Linux kernel, the following vulnerability has been resolved: nfsd: fix nfs4openowner leak when concurrent nfsd4open occur The action force umountumount -f will attempt to kill all rpctask even umount operation may ultimately fail if some files remain open. Consequently, if an action attemp...