Security update for xorg-x11-server

This update for xorg-x11-server fixes the following issues: CVE-2025-26594: Use-after-free of the root cursor bsc1237427. CVE-2025-26595: Buffer overflow in XkbVModMaskText bsc1237429. CVE-2025-26596: Heap overflow in XkbWriteKeySyms bsc1237430. CVE-2025-26597: Buffer overflow in...

Security update for xorg-x11-server

This update for xorg-x11-server fixes the following issues: CVE-2025-26594: Use-after-free of the root cursor bsc1237427. CVE-2025-26595: Buffer overflow in XkbVModMaskText bsc1237429. CVE-2025-26596: Heap overflow in XkbWriteKeySyms bsc1237430. CVE-2025-26597: Buffer overflow in...

Security update for xwayland

This update for xwayland fixes the following issues: CVE-2025-26594: Use-after-free of the root cursor bsc1237427. CVE-2025-26595: Buffer overflow in XkbVModMaskText bsc1237429. CVE-2025-26596: Heap overflow in XkbWriteKeySyms bsc1237430. CVE-2025-26597: Buffer overflow in XkbChangeTypesOfKey...

DEBIAN-CVE-2022-49685

In the Linux kernel, the following vulnerability has been resolved: iio: trigger: sysfs: fix use-after-free on remove Ensure that the irqwork has completed before the trigger is freed. ================================================================== BUG: KASAN: use-after-free in irqworkrunlist...

CVE-2022-49685

In the Linux kernel, the following vulnerability has been resolved: iio: trigger: sysfs: fix use-after-free on remove Ensure that the irqwork has completed before the trigger is freed. ================================================================== BUG: KASAN: use-after-free in irqworkrunlist...

DEBIAN-CVE-2022-49318

In the Linux kernel, the following vulnerability has been resolved: f2fs: remove WARNON in f2fsisvalidblkaddr Syzbot triggers two WARNs in f2fsisvalidblkaddr and isbitmapvalid. For example, in f2fsisvalidblkaddr, if type is DATAGENERICENHANCE or DATAGENERICENHANCEREAD, it invokes WARNON if blkadd...

UBUNTU-CVE-2022-49685

In the Linux kernel, the following vulnerability has been resolved: iio: trigger: sysfs: fix use-after-free on remove Ensure that the irqwork has completed before the trigger is freed. ================================================================== BUG: KASAN: use-after-free in irqworkrunlist...

CVE-2022-49220

In the Linux kernel, the following vulnerability has been resolved: dax: make sure inodes are flushed before destroy cache A bug can be triggered by following command $ modprobe ndpmem && modprobe -r ndpmem 10.060014 BUG daxcache Not tainted: Objects remaining in daxcache on kmemcacheshutdown...

CVE-2022-49685 iio: trigger: sysfs: fix use-after-free on remove

In the Linux kernel, the following vulnerability has been resolved: iio: trigger: sysfs: fix use-after-free on remove Ensure that the irqwork has completed before the trigger is freed. ================================================================== BUG: KASAN: use-after-free in irqworkrunlist...

CVE-2022-49685 iio: trigger: sysfs: fix use-after-free on remove

In the Linux kernel, the following vulnerability has been resolved: iio: trigger: sysfs: fix use-after-free on remove Ensure that the irqwork has completed before the trigger is freed. ================================================================== BUG: KASAN: use-after-free in irqworkrunlist...

CVE-2022-49685 iio: trigger: sysfs: fix use-after-free on remove

In the Linux kernel, the following vulnerability has been resolved: iio: trigger: sysfs: fix use-after-free on remove Ensure that the irqwork has completed before the trigger is freed. ================================================================== BUG: KASAN: use-after-free in irqworkrunlist...

CVE-2022-49685

In the Linux kernel, the following vulnerability has been resolved: iio: trigger: sysfs: fix use-after-free on remove Ensure that the irqwork has completed before the trigger is freed. ================================================================== BUG: KASAN: use-after-free in irqworkrunlist...

CVE-2022-49685

CVE-2022-49685 affects the Linux kernel in the iio: trigger: sysfs path, where a use-after-free occurs in irq_work_run_list when removing a trigger. The advisory states the fix is to ensure that irq_work has completed before the trigger is freed, mitigating a use-after-free in the kernel’s IIO sy...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel suffers from a memory misreference vulnerability that stems from a confusion in the instructions responsible for freeing memory when the sysfs trigger is removed. ...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from ext4 not properly handling disk space markers when using inode PA, which could lead to a BUGON trigger...

CVE-2025-26601

A use-after-free flaw was found in X.Org and Xwayland. When changing an alarm, the values of the change mask are evaluated one after the other, changing the trigger values as requested, and eventually, SyncInitTrigger is called. If one of the changes triggers an error, the function will return...

The vulnerability of the soc component in the Linux operating system’s kernel allows a hacker to trigger a service failure.

The vulnerability of the soc component in the Linux operating system’s kernel is related to resource management errors. Exploiting this vulnerability can allow an attacker to cause service failures...

Google chrome 安全漏洞

Google Chrome is a WEB browser developed by Google Inc. Google Chrome V8 suffers from a heap overflow vulnerability that can be exploited by a remote attacker to submit a special Web request that induces the user to parse it, which can be used to execute arbitrary code in the application context...

BIT-GITLAB-2024-7102 Execution with Unnecessary Privileges in GitLab

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.4 prior to 17.5.0 which allows an attacker to trigger a pipeline as another user under certain circumstances...

CVE-2024-8266

An issue was discovered in GitLab CE/EE affecting all versions starting from 17.1 prior to 17.6.0, which allows an attacker with maintainer role to trigger a pipeline as project owner under certain circumstances...