CLSA-2025-1758009294 kernel: Fix of 3 CVEs

posix-cpu-timers: fix race between handleposixcputimers and posixcputimerdel CVE-2025-38352 - schqfq: make qfqqlennotify idempotent CVE-2025-38177 - schhfsc: make hfscqlennotify idempotent CVE-2025-38177 - schdrr: make drrqlennotify idempotent CVE-2025-38177 - schhtb: make htbqlennotify...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the mtkdpauxtransfer function's use of improper logging, which could lead to a null pointer dereference...

PT-2025-44100

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw in the PCI endpoint functionality pci-epf-test. Specifically, the dma chan tx and dma chan rx fields within the pci epf test structure can be NULL after...

PT-2025-38025

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The Linux kernel contains a use-after-free issue in the do rbd add function when rbd dev create fails. This occurs when ownership of structures like rbd dev-rbd client, rbd dev-spec, a...

Linux Distros Unpatched Vulnerability : CVE-2023-53220

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - media: az6007: Fix null-ptr-deref in az6007i2cxfer In az6007i2cxfer, msg is controlled by user. When msgi.buf is null and msgi.len is zero, former checks on...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package version contains malicious code that monitors network traffic when run in a browser and targets crypto transactions. The injected malicious code activates a hook whenever a Web3 wallet is present...

GHSA-G5CG-6C7V-MMPW HackMD MCP Server has Server-Side Request Forgery (SSRF) vulnerability

Impact A Server-Side Request Forgery SSRF vulnerability that affects all users running the HackMD MCP server in HTTP mode. Attackers could exploit this vulnerability by passing arbitrary hackmdApiUrl values through HTTP headers Hackmd-Api-Url or base64-encoded JSON query parameters. This allows...

Embedded Malicious Code

Overview debug is a small debugging utility. Affected versions of this package are vulnerable to Embedded Malicious Code. This package version contains malicious code that monitors network traffic when run in a browser and targets crypto transactions. The injected malicious code activates a hook...

CVE-2023-53220

In the Linux kernel, the following vulnerability has been resolved: media: az6007: Fix null-ptr-deref in az6007i2cxfer In az6007i2cxfer, msg is controlled by user. When msgi.buf is null and msgi.len is zero, former checks on msgi.buf would be passed. Malicious data finally reach az6007i2cxfer. If...

DEBIAN-CVE-2022-50272

In the Linux kernel, the following vulnerability has been resolved: media: dvb-usb: az6027: fix null-ptr-deref in az6027i2cxfer Wei Chen reports a kernel bug as blew: general protection fault, probably for non-canonical address KASAN: null-ptr-deref in range 0x0000000000000010-0x0000000000000017...

DEBIAN-CVE-2022-50271

In the Linux kernel, the following vulnerability has been resolved: vhost/vsock: Use kvmalloc/kvfree for larger packets. When copying a large file over sftp over vsock, data size is usually 32kB, and kmalloc seems to fail to try to allocate 32 32kB regions. vhost-5837: page allocation failure:...

UBUNTU-CVE-2023-53220

In the Linux kernel, the following vulnerability has been resolved: media: az6007: Fix null-ptr-deref in az6007i2cxfer In az6007i2cxfer, msg is controlled by user. When msgi.buf is null and msgi.len is zero, former checks on msgi.buf would be passed. Malicious data finally reach az6007i2cxfer. If...

CVE-2023-53220 media: az6007: Fix null-ptr-deref in az6007_i2c_xfer()

In the Linux kernel, the following vulnerability has been resolved: media: az6007: Fix null-ptr-deref in az6007i2cxfer In az6007i2cxfer, msg is controlled by user. When msgi.buf is null and msgi.len is zero, former checks on msgi.buf would be passed. Malicious data finally reach az6007i2cxfer. If...

CVE-2023-53220 media: az6007: Fix null-ptr-deref in az6007_i2c_xfer()

In the Linux kernel, the following vulnerability has been resolved: media: az6007: Fix null-ptr-deref in az6007i2cxfer In az6007i2cxfer, msg is controlled by user. When msgi.buf is null and msgi.len is zero, former checks on msgi.buf would be passed. Malicious data finally reach az6007i2cxfer. If...

CVE-2023-53220

CVE-2023-53220 affects the Linux kernel, specifically the media/az6007 driver. The vulnerability arises in az6007_i2c_xfer where user-controlled msg[i].buf could be dereferenced if msg[i].buf is null and msg[i].len is zero, bypassing previous checks and potentially crashing. The root cause is mis...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the az6027i2cxfer function not handling null pointers correctly, which could lead to null pointer...

PT-2025-37573

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A flaw was discovered in the Linux kernel's vhost/vsock implementation. The issue relates to page allocation failures when copying large files over sftp over vsock, specifically when...

PT-2025-37574

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A null-pointer dereference issue exists in the az6027 i2c xfer function when msgi.addr is 0x99, specifically when msgi.len is 0 and msgi.buf is null. This can lead to a general...

smbmap

This is a Python script for a tool called SMBMap, which is designed to enumerate Samba share drives across an entire domain. The tool allows users to list share drives, drive permissions, share contents, upload/download functionality, file name auto-download pattern matching, and even execute...

CVE-2025-59139

Hono is a Web application framework that provides support for any JavaScript runtime. In versions prior to 4.9.7, a flaw in the bodyLimit middleware could allow bypassing the configured request body size limit when conflicting HTTP headers were present. The middleware previously prioritized the...