MiracleLinux 9 : kernel-5.14.0-570.32.1.el9_6 (AXSA:2025-10781:59)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10781:59 advisory. kernel: padata: fix UAF in padatareorder CVE-2025-21727 kernel: HID: intel-ish-hid: Fix use-after-free issue in ishtphidremove CVE-2025-21928 kerne...

MiracleLinux 7 : kernel-3.10.0-1160.119.1.0.12.el7.AXS7 (AXSA:2025-10504:42)

"The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10504:42 advisory. pfifotailenqueue: Drop new packet when sch-limit == 0 CVE-2025-21702 xfs: add bounds checking to xlogrecoverprocessdata CVE-2024-41014 netfilter:...

MiracleLinux 9 : kernel-5.14.0-611.5.1.el9_7 (AXSA:2025-11493:94)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-11493:94 advisory. kernel: can: isotp: fix potential CAN frame reception race in isotprcv CVE-2022-48830 kernel: soc: qcom: cmd-db: Map shared memory as WC, not WB...

Unbreakable Enterprise kernel security update

5.15.0-316.196.4.1 - tipc: Fix use-after-free in tipcmonreinitself. Kuniyuki Iwashima Orabug: 38788585 CVE-2025-40280 - fs/proc: fix uaf in procreaddirde Wei Yang Orabug: 38788587 CVE-2025-40271 - vsock: Ignore signal/timeout on connect if already established Michal Luczaj Orabug: 38788594...

Linux Distros Unpatched Vulnerability : CVE-2025-68784

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: xfs: fix a UAF problem in xattr repair The xchksetupxattrbuf function can allocate a new val...

MiracleLinux 9 : kernel-5.14.0-611.13.1.el9_7 (AXSA:2025-11544:99)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-11544:99 advisory. kernel: can: j1939: implement NETDEVUNREGISTER notification handler CVE-2025-39925 kernel: net/mlx5: fs, fix UAF in flow counter release...

CVE-2023-40077

In multiple functions of MetaDataBase.cpp, there is a possible UAF write due to a race condition. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2021-22478

The interface of a certain HarmonyOS module has a UAF vulnerability. Successful exploitation of this vulnerability may lead to information leakage...

RHEL 10 : kernel (RHSA-2026:0271)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:0271 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: x86/vmscape: Add conditional...

Amazon Linux 2023 : ecs-service-connect-agent (ALAS2023-2025-1357)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1357 advisory. There exists a denial of service through Data corruption in gRPC-C++ - gRPC-C++ servers with transmit zero copy enabled through the channel arg GRPCARGTCPTXZEROCOPYENABLED can experience data...

Important: ecs-service-connect-agent

Issue Overview: There exists a denial of service through Data corruption in gRPC-C++ - gRPC-C++ servers with transmit zero copy enabled through the channel arg GRPCARGTCPTXZEROCOPYENABLED can experience data corruption issues. The data sent by the application may be corrupted before transmission...

Important: ecs-service-connect-agent

Issue Overview: There exists a denial of service through Data corruption in gRPC-C++ - gRPC-C++ servers with transmit zero copy enabled through the channel arg GRPCARGTCPTXZEROCOPYENABLED can experience data corruption issues. The data sent by the application may be corrupted before transmission...

Amazon Linux 2 : ecs-service-connect-agent, --advisory ALAS2ECS-2025-093 (ALASECS-2025-093)

The version of ecs-service-connect-agent installed on the remote host is prior to v1.34.4.2-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2025-093 advisory. There exists a denial of service through Data corruption in gRPC-C++ - gRPC-C++ servers with...

K000158972: Linux kernel (nilfs) vulnerability CVE-2022-50367

Security Advisory Description In the Linux kernel, the following vulnerability has been resolved: fs: fix UAF/GPF bug in nilfsmdtdestroy In allocinode, inodeinitalways could return -ENOMEM if securityinodealloc fails, which causes inode-iprivate uninitialized. Then nilfsismetadatafileinode return...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992512)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992512 advisory. In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix user-after-free This uses l2capchanholdunlesszero after calling...

CVE-2025-68748 drm/panthor: Fix UAF race between device unplug and FW event processing

In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Fix UAF race between device unplug and FW event processing The function panthorfwunplug will free the FW memory sections. The problem is that there could still be pending FW events which are yet not handled at this...

AlmaLinux 9 : kernel (ALSA-2025:22865)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:22865 advisory. kernel: can: j1939: implement NETDEVUNREGISTER notification handler CVE-2025-39925 kernel: net/mlx5: fs, fix UAF in flow counter release CVE-2025-39979...

Oracle Linux 7 : kernel (ELSA-2025-21063)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-21063 advisory. - HID: core: fix shift-out-of-bounds in hidreportrawevent CVE-2022-48978 Orabug: 38644370 - crypto: seqiv - Handle EBUSY correctly CVE-2023-53373...

CVE-2025-68304 Bluetooth: hci_core: lookup hci_conn on RX path on protocol side

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcicore: lookup hciconn on RX path on protocol side The hdev lock/lookup/unlock/use pattern in the packet RX path doesn't ensure hciconn is not concurrently modified/deleted. This locking appears to be leftover from...

kernel security update

An update is available for kernel. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel packages contain the Linux kernel, the core of any Linux operating...