Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001630)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001630 advisory. The vmwgbsurfacedefineioctl function accessible via DRMIOCTLVMWGBSURFACECREATE in drivers/gpu/drm/vmwgfx/vmwgfxsurface.c in the Linux kernel through 4.11.4 defines a...

UBUNTU-CVE-2025-68222

In the Linux kernel, the following vulnerability has been resolved: pinctrl: s32cc: fix uninitialized memory in s32pinctrldesc s32pinctrldesc is allocated with devmkmalloc, but not all of its fields are initialized. Notably, numcustomparams is used in pinconfgenericparsedtconfig, resulting in...

Direct Ring Buffer has uninitialized memory exposure in create_ring_buffer

The safe function createringbuffer allocates a buffer using Vec::withcapacity followed by setlen, creating a Box containing uninitialized memory. This leads to undefined behavior when functions like writeslices create typed slices e.g., &mut bool over the uninitialized memory, violating Rust's...

CVE-2025-39904 arm64: kexec: initialize kexec_buf struct in load_other_segments()

In the Linux kernel, the following vulnerability has been resolved: arm64: kexec: initialize kexecbuf struct in loadothersegments Patch series "kexec: Fix invalid field access". The kexecbuf structure was previously declared without initialization. commit bf454ec31add "kexecfile: allow to place...

The vulnerability of the nf_reject_ip6_tcphdr_put() function in the netfilter component of the Linux operating system allows a attacker to compromise the confidentiality and accessibility of the protected information.

The vulnerability of the nfrejectip6tcphdrput function in the net/ipv6/netfilter/nfrejectipv6.c file of the netfilter component in the Linux kernel is related to the use of uninitialized memory. Exploiting this vulnerability could allow an attacker to compromise the confidentiality and...

SUSE CVE-2024-0340

A vulnerability was found in vhostnewmsg in drivers/vhost/vhost.c in the Linux kernel, which does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhostnewmsg function. This issue can allow local privileged users to read...

Rust messagepack-rs crate安全漏洞

Rust messagepack-rs crate is messagepack-rs is a pure Rust MessagePack implementation. A security vulnerability exists in Rust messagepack-rs crate in versions prior to 2021-01-26, which stems from the fact that deserializeextensionothers can read data from uninitialized memory locations...

CVE-2010-1633

RSA verification recovery in the EVPPKEYverifyrecover function in OpenSSL 1.x before 1.0.0a, as used by pkeyutl and possibly other applications, returns uninitialized memory upon failure, which might allow context-dependent attackers to bypass intended key requirements or obtain sensitive...