CVE-2022-50717 nvmet-tcp: add bounds check on Transfer Tag

In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: add bounds check on Transfer Tag ttag is used as an index to get cmd in nvmettcphandleh2cdatapdu, add a bounds check to avoid out-of-bounds access...

CVE-2022-50717

The CVE-2022-50717 vulnerability affects the Linux kernel’s nvmet-tcp path. Specifically, ttag is used as an index to retrieve a command in nvmet_tcp_handle_h2c_data_pdu(), and a bounds check was added to prevent out-of-bounds access. The issue is addressed by a kernel-boundary fix (nvmet-tcp: ad...

CVE-2022-50717 nvmet-tcp: add bounds check on Transfer Tag

In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: add bounds check on Transfer Tag ttag is used as an index to get cmd in nvmettcphandleh2cdatapdu, add a bounds check to avoid out-of-bounds access...

CVE-2025-68746

CVE-2025-68746: In the Linux kernel SPI Tegra210-quad driver, timeout handling was fixed to address a rare case where the IRQ thread could miss the transfer timeout if the CPU handling the QSPI interrupt was busy. The fix clears curr_xfer to NULL upon timeout and checks for this condition when th...

CVE-2025-68359

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix double free of qgroup record after failure to add delayed ref head In the previous code it was possible to incur into a double kfree scenario when calling adddelayedrefhead. This could happen if the record was reported...

CVE-2023-54009

In the Linux kernel, the following vulnerability has been resolved: i2c: cadence: cdnsi2cmasterxfer: Fix runtime PM leak on error path The cdnsi2cmasterxfer function gets a runtime PM reference when the function is entered. This reference is released when the function is exited. There is currentl...

CVE-2025-68352

In the Linux kernel, the following vulnerability has been resolved: spi: ch341: fix out-of-bounds memory access in ch341transferone Discovered by Atuin - Automated Vulnerability Discovery Engine. The 'len' variable is calculated as 'min32, trans-len + 1', which includes the 1-byte command header...

CVE-2025-68359

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix double free of qgroup record after failure to add delayed ref head In the previous code it was possible to incur into a double kfree scenario when calling adddelayedrefhead. This could happen if the record was reported...

UBUNTU-CVE-2023-54009

In the Linux kernel, the following vulnerability has been resolved: i2c: cadence: cdnsi2cmasterxfer: Fix runtime PM leak on error path The cdnsi2cmasterxfer function gets a runtime PM reference when the function is entered. This reference is released when the function is exited. There is currentl...

CVE-2023-54009 i2c: cadence: cdns_i2c_master_xfer(): Fix runtime PM leak on error path

In the Linux kernel, the following vulnerability has been resolved: i2c: cadence: cdnsi2cmasterxfer: Fix runtime PM leak on error path The cdnsi2cmasterxfer function gets a runtime PM reference when the function is entered. This reference is released when the function is exited. There is currentl...

CVE-2025-68359 btrfs: fix double free of qgroup record after failure to add delayed ref head

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix double free of qgroup record after failure to add delayed ref head In the previous code it was possible to incur into a double kfree scenario when calling adddelayedrefhead. This could happen if the record was reported...

CVE-2025-68359

CVE-2025-68359 pertains to the Linux kernel (btrfs) where a double free could occur for a qgroup record during add_delayed_ref_head() failure. The root cause is shared ownership of the qrecord object between the caller and add_delayed_ref_head(); the fix shifts ownership so add_delayed_ref_head()...

CVE-2025-68352 spi: ch341: fix out-of-bounds memory access in ch341_transfer_one

In the Linux kernel, the following vulnerability has been resolved: spi: ch341: fix out-of-bounds memory access in ch341transferone Discovered by Atuin - Automated Vulnerability Discovery Engine. The 'len' variable is calculated as 'min32, trans-len + 1', which includes the 1-byte command header...

CVE-2025-68352

CVE-2025-68352: In the Linux kernel, spi/ch341: the function ch341_transfer_one incorrectly copies data using len = min(32, trans->len + 1), which includes the 1-byte command header. This can cause an out-of-bounds read from trans->tx_buf (size trans->len) and, if len equals CH341_PACKET...

usb: uas: fix urb unmapping issue when the uas device is remove during ongoing data transfer

...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a race condition in the qmu transfer completion interrupt handler, which could cause the kernel to crash...

PT-2025-53229

In the Linux kernel, the following vulnerability has been resolved: can: j1939: prevent deadlock by moving j1939 sk errqueue This commit addresses a deadlock situation that can occur in certain scenarios, such as when running data TP/ETP transfer and subscribing to the error queue while receiving...

PT-2025-53363

Microhard Systems IPn4G 1.1.0 contains a service vulnerability that allows authenticated users to enable a restricted SSH shell with a default 'msshc' user. Attackers can exploit a custom 'ping' command in the NcFTP environment to escape the restricted shell and execute commands with root...

📄 Varnish / Styx HTTP Request Smuggling

Proof of concept exploit that demonstrates an HTTP request smuggling vulnerability between Varnish and Styx / Nginx. ============================================================================================================================================= | Title : HTTP Request Smuggling TE.CL...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from a lack of transfer tag boundary checking, which could lead to out-of-bounds access...