Linux Distros Unpatched Vulnerability : CVE-2025-40278

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: sched: actife: initialize struct tcife to fix KMSAN kernel-infoleak Fix a KMSAN kernel-infoleak detected by the syzbot . net? KMSAN: kernel-infoleak in...

CVE-2025-37840

CVE-2025-37840 concerns the Linux kernel MTD NAND code, specifically brcmnand, where a PM-resume path could trigger a WARN due to an uninitialized nand_operation that checks the chip select. The connected advisories confirm this as a fix: during platform suspend/resume, the code now calls a highe...

CVE-2024-57912

In the Linux kernel, the following vulnerability has been resolved: iio: pressure: zpa2326: fix information leak in triggered buffer The 'sample' local struct is used to push data to user space from a triggered buffer, but it has a hole between the temperature and the timestamp u32 pressure, u16...

Linux < 4.16.9 / < 4.14.41 - 4-byte Infoleak via Uninitialized Struct Field Exploit

Exploit for linux platform in category dos / poc / Linux tai. If doadjtimex doesn't write to -tai e.g. because the arguments are invalid, compatputtimex then copies the uninitialized -tai field to userspace. Demo: $ cat leak32.c / include include include include include include include / from...

Linux 4.16.9 4.14.41 - 4-byte Infoleak via Uninitialized Struct Field in compat adjtimex Syscall

Linux 4.16.9 4.14.41 - 4-byte Infoleak via Uninitialized Struct Field in compat adjtimex Syscall / Commit 3a4d44b61625 "ntp: Move adjtimex related compat syscalls to native counterparts" removed the memset in compatgettimex. Since then, the compat adjtimex syscall can invoke doadjtimex with an...