CVE-2022-50867 drm/msm/a6xx: Fix kvzalloc vs state_kcalloc usage

In the Linux kernel, the following vulnerability has been resolved: drm/msm/a6xx: Fix kvzalloc vs statekcalloc usage adrenoshowobject is a trap! It will re-allocate the pointer it is passed on first call, when the data is ascii85 encoded, using kvmalloc/ kvfree. Which means the data passed to it...

CVE-2022-50867 drm/msm/a6xx: Fix kvzalloc vs state_kcalloc usage

In the Linux kernel, the following vulnerability has been resolved: drm/msm/a6xx: Fix kvzalloc vs statekcalloc usage adrenoshowobject is a trap! It will re-allocate the pointer it is passed on first call, when the data is ascii85 encoded, using kvmalloc/ kvfree. Which means the data passed to it...

CVE-2022-50867

CVE-2022-50867 is resolved in the Linux kernel (drm/msm/a6xx). The issue centers on kvzalloc vs state_kcalloc usage in adreno_show_object(), which reallocates the passed pointer on the first call when data is ascii85 encoded, via kvmalloc/kvfree. This caused a memory leak that was previously pres...

CVE-2022-50785

In the Linux kernel, the following vulnerability has been resolved: fsi: occ: Prevent use after free Use getdevice and putdevice in the open and close functions to make sure the device doesn't get freed while a file descriptor is open. Also, lock around the freeing of the device buffer and check...

CVE-2023-54207

In the Linux kernel, the following vulnerability has been resolved: HID: uclogic: Correct devm device reference for hidinput inputdev name Reference the HID device rather than the input device for the devm allocation of the inputdev name. Referencing the inputdev would lead to a use-after-free wh...

CVE-2022-50833 Bluetooth: use hdev->workqueue when queuing hdev->{cmd,ncmd}_timer works

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: use hdev-workqueue when queuing hdev-cmd,ncmdtimer works syzbot is reporting attempt to schedule hdev-cmdwork work from systemwq WQ into hdev-workqueue WQ which is under draining operation 1, for commit c8efcc2589464ac...

CVE-2023-54194 exfat: use kvmalloc_array/kvfree instead of kmalloc_array/kfree

In the Linux kernel, the following vulnerability has been resolved: exfat: use kvmallocarray/kvfree instead of kmallocarray/kfree The call stack shown below is a scenario in the Linux 4.19 kernel. Allocating memory failed where exfat fs use kmallocarray due to system memory fragmentation, while t...

CVE-2023-54194

In the Linux kernel, the following vulnerability has been resolved: exfat: use kvmallocarray/kvfree instead of kmallocarray/kfree The call stack shown below is a scenario in the Linux 4.19 kernel. Allocating memory failed where exfat fs use kmallocarray due to system memory fragmentation, while t...

CVE-2023-54164 Bluetooth: ISO: fix iso_conn related locking and validity issues

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ISO: fix isoconn related locking and validity issues sk-skstate indicates whether isopisk-conn is valid. Operations that check/update skstate and access conn should hold locksock, otherwise they can race. The order of...

GO-2025-4263 Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

Gitea allows XSS because the search input box for creating tags and branches is v-html instead of v-text in code.gitea.io/gitea...

CVE-2025-69217 Coturn has unsafe nonce and relay port randomization due to weak random number generation.

coturn is a free open source implementation of TURN and STUN Server. Versions 4.6.2r5 through 4.7.0-r4 have a bad random number generator for nonces and port randomization after refactoring. Additionally, random numbers aren't generated with openssl's RANDbytes but libc's random if it's not runni...

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft

Microsoft Windows SMBGhost Vulnerability Checker - CVE-2020-07...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992668)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992668 advisory. In the Linux kernel, the following vulnerability has been resolved: amdkfd: use calloc instead of kzalloc to avoid integer overflow This uses calloc instead of doing...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the use of a BUGON instead of an error return, which could result in a buffer overflow...

Linux Distros Unpatched Vulnerability : CVE-2023-54259

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - soundwire: bus: Fix unbalanced pmruntimeput causing usage count underflow This reverts commit 443a98e649b4 soundwire: bus: use pmruntimeresumeandget Change call...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992637)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992637 advisory. In the Linux kernel, the following vulnerability has been resolved: llc: do not use skbget before devqueuexmit syzbot is able to crash hosts 1, using llc and devices...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992349)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992349 advisory. In the Linux kernel, the following vulnerability has been resolved: wifi: rtlwifi: Fix global-out-of-bounds bug in rtl8812aephysettxpowerlimit There is a...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the mishandling of the pmruntimeresumeandget error in the soundwire bus, which could lead to a usage count...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992591)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992591 advisory. In the Linux kernel, the following vulnerability has been resolved: tty: serial: Fix refcount leak bug in uccuart.c In socinfo, offindnodebytype will return a node...

[SECURITY] Fedora 43 Update: duc-1.4.6-1.fc43

Duc is a collection of tools for indexing, inspecting and visualizing disk usage. Duc maintains a database of accumulated sizes of directories of the file system, and allows you to query this database with some tools, or create fancy graphs showing you where your bytes are...