CVE-2025-40146

The CVE-2025-40146 entry refers to a Linux kernel issue in the blk-mq subsystem where deadlock can occur as nr_requests grow. The root cause is described as a conflict between allocating/freeing sched_tags while the I/O queue is frozen, which can lead to a deadlock. The published fix involves all...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989847)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989847 advisory. In the Linux kernel, the following vulnerability has been resolved: virtio-blk: don't keep queue frozen during system suspend Commit 4ce6e2db00de virtio-blk: Ensure ...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerabilities have been resolved: PCI: pnvphp: Fixed issue with surprise plug detection and recovery The existing PowerNV hotplug code did not handle surprise plug events correctly, resulting in a complete failure of the hotplug system after a device was...

EUVD-2025-25578

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2025-38623

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PCI: pnvphp: Fix surprise plug detection and recovery The existing PowerNV hotplug code did not handle surprise plug events correctly, leading to a complete...

CVE-2025-38623

In the Linux kernel, the following vulnerability has been resolved: PCI: pnvphp: Fix surprise plug detection and recovery The existing PowerNV hotplug code did not handle surprise plug events correctly, leading to a complete failure of the hotplug system after device removal and a required reboot...

SUSE CVE-2025-38623

In the Linux kernel, the following vulnerability has been resolved: PCI: pnvphp: Fix surprise plug detection and recovery The existing PowerNV hotplug code did not handle surprise plug events correctly, leading to a complete failure of the hotplug system after device removal and a required reboot...

DEBIAN-CVE-2025-38623

In the Linux kernel, the following vulnerability has been resolved: PCI: pnvphp: Fix surprise plug detection and recovery The existing PowerNV hotplug code did not handle surprise plug events correctly, leading to a complete failure of the hotplug system after device removal and a required reboot...

CVE-2025-38623

In the Linux kernel, the following vulnerability has been resolved: PCI: pnvphp: Fix surprise plug detection and recovery The existing PowerNV hotplug code did not handle surprise plug events correctly, leading to a complete failure of the hotplug system after device removal and a required reboot...

UBUNTU-CVE-2025-38623

In the Linux kernel, the following vulnerability has been resolved: PCI: pnvphp: Fix surprise plug detection and recovery The existing PowerNV hotplug code did not handle surprise plug events correctly, leading to a complete failure of the hotplug system after device removal and a required reboot...

CVE-2025-38623 PCI: pnv_php: Fix surprise plug detection and recovery

In the Linux kernel, the following vulnerability has been resolved: PCI: pnvphp: Fix surprise plug detection and recovery The existing PowerNV hotplug code did not handle surprise plug events correctly, leading to a complete failure of the hotplug system after device removal and a required reboot...

CVE-2025-38623 PCI: pnv_php: Fix surprise plug detection and recovery

In the Linux kernel, the following vulnerability has been resolved: PCI: pnvphp: Fix surprise plug detection and recovery The existing PowerNV hotplug code did not handle surprise plug events correctly, leading to a complete failure of the hotplug system after device removal and a required reboot...

CVE-2025-38623

The CVE-2025-38623 entry describes a Linux kernel fix in PCI: pnv_php hotplug handling. The vulnerability stemmed from improper handling of surprise plug events, enabling a PE bridge to freeze MSI interrupt paths and leaving PHB/PE in a frozen state after removal. Consequences include stalled plu...

DEBIAN-CVE-2024-57946

In the Linux kernel, the following vulnerability has been resolved: virtio-blk: don't keep queue frozen during system suspend Commit 4ce6e2db00de "virtio-blk: Ensure no requests in virtqueues before deleting vqs." replaces queue quiesce with queue freeze in virtio-blk's PM callbacks. And the...

PT-2025-34385

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The PowerNV hotplug code did not handle surprise plug events correctly, leading to a complete failure of the hotplug system after device removal and requiring a reboot to detect new...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that originates in the fs module during an unfreeze operation, which may misleadingly issue a warning if a block device has been...

The vulnerability of the erofs_workgroup_unfreeze() function in the EROFS file system, a enhanced read-only file system, in Linux kernel-based single-processor configurations, allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the erofsworkgroupunfreeze function in the fs/erofs/internal.h file of the EROFS Enhanced Read-Only File System driver in the Linux kernel, in a single-processor configuration, is related to the reutilization of previously freed memory. Exploiting this vulnerability could all...

UBUNTU-CVE-2022-48674

In the Linux kernel, the following vulnerability has been resolved: erofs: fix pcluster use-after-free on UP platforms During stress testing with CONFIGSMP disabled, KASAN reports as below: ================================================================== BUG: KASAN: use-after-free in...

stake before unfreeze can take away most of rsr rewards in the freeze period

Lines of code Vulnerability details If the system is frozen, the only allowed operation is stRST.stake. And the payoutRewards is not called during freeze period: if !main.frozen payoutRewards; function payoutRewards external requireNotFrozen; payoutRewards; So the payoutLastPaid stays before the...

Unbreakable Enterprise kernel security update

5.4.17-2136.314.6.2 - proc: procskipspaces shouldn't think it is working on C strings Linus Torvalds Orabug: 34883034 CVE-2022-4378 - proc: avoid integer type confusion in getproclong Linus Torvalds Orabug: 34883034 CVE-2022-4378 5.4.17-2136.314.6.1 - RDMA/uverbs: Move IBEVENTDEVICEFATAL to...