UBUNTU-CVE-2025-40266

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Check the untrusted offset in FF-A memory share Verify the offset to prevent OOB access in the hypervisor FF-A buffer in case an untrusted large enough value U32MAX - sizeofstruct ffacompositememregion + 1, U32MAX is...

CVE-2025-40266

CVE-2025-40266 : Linux kernel KVM for arm64 fixes an issue where the untrusted offset used in FF-A memory sharing was not properly verified, risking out-of-bounds access in the hypervisor. A patch now verifies the offset to prevent OOB accesses when a large value is provided by the host ([U32_MAX...

CVE-2025-22117 ice: fix using untrusted value of pkt_len in ice_vc_fdir_parse_raw()

In the Linux kernel, the following vulnerability has been resolved: ice: fix using untrusted value of pktlen in icevcfdirparseraw Fix using the untrusted value of proto-raw.pktlen in function icevcfdirparseraw by verifying if it does not exceed the VIRTCHNLMAXSIZERAWPACKET value...

CVE-2025-22117

CVE-2025-22117 refers to a Linux kernel issue in the ice driver code path ice_vc_fdir_parse_raw(), where an untrusted proto->raw.pkt_len value was used without bound checks. The vulnerability is resolved by validating pkt_len against the VIRTCHNL_MAX_SIZE_RAW_PACKET limit to prevent processing...

ROS-20240527-02

A vulnerability in the CONNECT v5 component of the Mosquitto message broker is related to a lack of memory release after an effective lifetime. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service. remotely to cause a denial of service A...

Design/Logic Flaw

An exploitable arbitrary write vulnerability exists in the open document format parser of the Atlantis Word Processor, version 3.2.7.2, while trying to null-terminate a string. A specially crafted document can allow an attacker to pass an untrusted value as a length to a constructor. This...