495 matches found
Siemens SIMATIC S7-1500 Missing Cryptographic Step (CVE-2025-69418)
Issue summary: When using the low-level OCB API directly with AES-NI orother hardware-accelerated code paths, inputs whose length is not a multipleof 16 bytes can leave the final partial block unencrypted and unauthenticated.Impact summary: The trailing 1-15 bytes of a message may be exposed...
SUSE CVE-2025-71131
In the Linux kernel, the following vulnerability has been resolved: crypto: seqiv - Do not use req-iv after cryptoaeadencrypt As soon as cryptoaeadencrypt is called, the underlying request may be freed by an asynchronous completion. Thus dereferencing req-iv after it returns is invalid. Instead o...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001516)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001516 advisory. A data leak flaw was found in the way XFSIOCALLOCSP IOCTL in the XFS filesystem allowed for size increase of files with unaligned size. A local attacker could use th...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000855)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000855 advisory. A non-privileged user is able to mount a fuse filesystem on RHEL 6 or 7 and crash a system if an application punches a hole in a file that does not end aligned to a...
CVE-2025-71131
In the Linux kernel, the following vulnerability has been resolved: crypto: seqiv - Do not use req-iv after cryptoaeadencrypt As soon as cryptoaeadencrypt is called, the underlying request may be freed by an asynchronous completion. Thus dereferencing req-iv after it returns is invalid. Instead o...
CVE-2025-71131
In the Linux kernel, the following vulnerability has been resolved: crypto: seqiv - Do not use req-iv after cryptoaeadencrypt As soon as cryptoaeadencrypt is called, the underlying request may be freed by an asynchronous completion. Thus dereferencing req-iv after it returns is invalid. Instead o...
UBUNTU-CVE-2025-71131
In the Linux kernel, the following vulnerability has been resolved: crypto: seqiv - Do not use req-iv after cryptoaeadencrypt As soon as cryptoaeadencrypt is called, the underlying request may be freed by an asynchronous completion. Thus dereferencing req-iv after it returns is invalid. Instead o...
CVE-2025-71131 crypto: seqiv - Do not use req->iv after crypto_aead_encrypt
In the Linux kernel, the following vulnerability has been resolved: crypto: seqiv - Do not use req-iv after cryptoaeadencrypt As soon as cryptoaeadencrypt is called, the underlying request may be freed by an asynchronous completion. Thus dereferencing req-iv after it returns is invalid. Instead o...
CVE-2025-71131 crypto: seqiv - Do not use req->iv after crypto_aead_encrypt
In the Linux kernel, the following vulnerability has been resolved: crypto: seqiv - Do not use req-iv after cryptoaeadencrypt As soon as cryptoaeadencrypt is called, the underlying request may be freed by an asynchronous completion. Thus dereferencing req-iv after it returns is invalid. Instead o...
CVE-2025-71131
In the Linux kernel, the following vulnerability has been resolved: crypto: seqiv - Do not use req-iv after cryptoaeadencrypt As soon as cryptoaeadencrypt is called, the underlying request may be freed by an asynchronous completion. Thus dereferencing req-iv after it returns is invalid. Instead o...
CVE-2025-71131 crypto: seqiv - Do not use req->iv after crypto_aead_encrypt
In the Linux kernel, the following vulnerability has been resolved: crypto: seqiv - Do not use req-iv after cryptoaeadencrypt As soon as cryptoaeadencrypt is called, the underlying request may be freed by an asynchronous completion. Thus dereferencing req-iv after it returns is invalid. Instead o...
CVE-2025-71131
The CVE-2025-71131 in the Linux kernel is resolved. The issue was in crypto: seqiv where a request’s iv could be dereferenced after async completion of crypto_aead_encrypt, because the underlying request may be freed. The fix creates a new variable unaligned_info and uses it for the iv check, pre...
CVE-2025-71131
In the Linux kernel, the following vulnerability has been resolved: crypto: seqiv - Do not use req-iv after cryptoaeadencrypt As soon as cryptoaeadencrypt is called, the underlying request may be freed by an asynchronous completion. Thus dereferencing req-iv after it returns is invalid. Instead o...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: kmsan: fixed an issue where out-of-bounds access to shadow memory occurred. Running sha224kunit on a KMSAN-enabled kernel results in a crash in kmsaninternalsetshadoworigin: BUG: Unable to handle a page fault for the address:...
CVE-2025-47388
Memory corruption while passing pages to DSP with an unaligned starting address...
CVE-2025-47388
Memory corruption while passing pages to DSP with an unaligned starting address...
Qualcomm Chipsets 安全漏洞
Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets that stems from an unaligned start address when passing a page to the DSP, which could lead to memory corruption...
CVE-2025-47388
CVE-2025-47388 : Qualcomm chipsets memory corruption occurs when passing pages to the DSP with an unaligned starting address, as described in multiple feeds. The vulnerability affects the DSP service path and could enable a local attacker to corrupt memory, with high impact on confidentiality, in...
CVE-2025-47388 Buffer Copy without Checking Size of Input in DSP Service
Memory corruption while passing pages to DSP with an unaligned starting address...
CVE-2025-47388 Buffer Copy without Checking Size of Input in DSP Service
Memory corruption while passing pages to DSP with an unaligned starting address...