CVE-2025-36932

In the Google tracepoint IPC component, specifically in tracepoint_msg_handler of cpm/google/lib/tracepoint/tracepoint_ipc.c, a memory overwrite can occur due to improper input validation. This has the potential for local elevation of privilege without requiring additional execution privileges or...

PT-2025-50713

Name of the Vulnerable Software and Affected Versions versions prior to 2025-36932 Description A flaw exists in the tracepoint msg handler function within cpm/google/lib/tracepoint/tracepoint ipc.c. This issue is due to insufficient input validation, potentially leading to a memory overwrite...

Google Pixel 安全漏洞

Google Pixel is a smartphone from Google USA. A security vulnerability exists in Google Pixel that stems from improper validation of the tracepointmsghandler input in tracepointipc.c, which could lead to local elevation of privilege...

EUVD-2022-55682

In the Linux kernel, the following vulnerability has been resolved: mm: hugetlb: fix UAF in hugetlbhandleuserfault The vmalock and hugetlbfaultmutex are dropped before handling userfault and reacquire them again after handleuserfault, but reacquire the vmalock could lead to UAF1,2 due to the...

UBUNTU-CVE-2025-40324

In the Linux kernel, the following vulnerability has been resolved: NFSD: Fix crash in nfsd4readrelease When tracing is enabled, the tracenfsdreaddone trace point crashes during the pynfs read.testNoFh test...

PUB-A-445162487

In tracepointmsghandler of cpm/google/lib/tracepoint/tracepointipc.c, there is a possible memory overwrite due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

bpf: Prevent bpf program recursion for raw tracepoint probes

...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988815)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988815 advisory. In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Ensure liveliness of nested VM-Enter fail tracepoint message Use the string machinery...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerabilities have been resolved: ftrace: Fixed a UAF issue when looking up kallsym after ftrace is disabled. The following issue occurs with a buggy module: BUG: Unable to handle a page fault for address: ffffffffc05d0218 PGD 1bd66f067 P4D 1bd66f067 PUD...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-380468)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-380468 advisory. In the Linux kernel, the following vulnerability has been resolved: filelock: fix potential use-after-free in posixlockinode Light Hsieh reported a KASAN UAF warning...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987333)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987333 advisory. In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Ensure liveliness of nested VM-Enter fail tracepoint message Use the string machinery...

SUSE CVE-2022-50472

In the Linux kernel, the following vulnerability has been resolved: IB/mad: Don't call to function that might sleep while in atomic context Tracepoints are not allowed to sleep, as such the following splat is generated due to call to ibquerypkey in atomic context. WARNING: CPU: 0 PID: 1888000 at...

CVE-2022-50472

In the Linux kernel, the following vulnerability has been resolved: IB/mad: Don't call to function that might sleep while in atomic context Tracepoints are not allowed to sleep, as such the following splat is generated due to call to ibquerypkey in atomic context. WARNING: CPU: 0 PID: 1888000 at...

EUVD-2025-22871

Malicious code in bioql PyPI...

EUVD-2025-13002

Malicious code in bioql PyPI...

EUVD-2024-53350

Malicious code in bioql PyPI...

CVE-2025-39914

In the Linux kernel, the following vulnerability has been resolved: tracing: Silence warning when chunk allocation fails in tracepidwrite Syzkaller trigger a fault injection warning: WARNING: CPU: 1 PID: 12326 at tracepointaddfunc+0xbfc/0xeb0 Modules linked in: CPU: 1 UID: 0 PID: 12326 Comm:...

CVE-2025-39744 rcu: Fix rcu_read_unlock() deadloop due to IRQ work

In the Linux kernel, the following vulnerability has been resolved: rcu: Fix rcureadunlock deadloop due to IRQ work During rcureadunlockspecial, if this happens during irqexit, we can lockup if an IPI is issued. This is because the IPI itself triggers the irqexit path causing a recursive lock up...

bpf: Fix WARN() in get_bpf_raw_tp_regs

...

Linux Distros Unpatched Vulnerability : CVE-2022-49764

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - bpf: Prevent bpf program recursion for raw tracepoint probes We got report from sysbot 1 about warnings that were caused by bpf program attached to...