473 matches found
Astra Linux – Vulnerability in Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: Venus: pmhelpers: Fixed a warning in the OPP phase during the probe. Fixed the following WARN messages that were triggered during the Venus driver probe in version 5.19.0-rc8-next-20220728: WARNING: CPU: 7 PID: 339 at...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: media: venus: Fixed a bug related to use after free in venusremove due to a race condition. In venusprobe, core-work is bound to venussyserrorhandler, which is used to handle errors. The code uses core-syserrdone to synchronize t...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: media: venus: hfi: avoid null dereference in deinit. If venusprobe fails at pmruntimeputsync, it first calls hfiDestroy, and then hficoredeinit. Since hfiDestroy sets core-ops to NULL, hficoredeinit can no longer call the...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: media: venus: vdec: A possible memory leak issue has been fixed. The implementation of venushelperallocdpbbufs allows for an early return on an error path when checking the ID from idaallocmin. This would prevent the earlier buff...
ROS-20260403-73-0021
A vulnerability in the venus component of the Linux operating system kernel is related to reading outside the allowed data buffer boundaries. Exploitation of the vulnerability allows an attacker to cause a denial of service...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: media: venus: Fixed an issue where OOB reading occurred due to a missing payload-bound check. Currently, the eventseqchanged handler processes a variable number of properties sent by the firmware. The number of properties is...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: media: venus: protection against spurious interrupts during probing. Ensure that the interrupt handler is initialized before the interrupt is registered. If the IRQ is registered before hficreate, it’s possible that an interrupt...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: Media: Venus: HFI parser refactoring of packet parsing logic wordscount represents the total number of words in the payload. data points to the payload of various properties within it. When wordscount reaches the last word, data...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: media: venus: Added a check for the packet size after reading from shared memory. A check was added to ensure that the packet size does not exceed the number of available words after reading the packet header from shared memory...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: Media: Venus: HFI – Add a check to handle incorrect queue size. qsize represents the size of the shared queue between the driver and the firmware. The firmware can modify this value to an invalid, large value. In such situations,...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: Media: Venus: HFI parser: added a check to avoid out-of-bound access. There is a possibility that initcodecs may be invoked multiple times during manipulation of the payload from video firmware. In such cases, if codecscount can...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-005099)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005099 advisory. In the Linux kernel, the following vulnerability has been resolved: media: venus: fix use after free in vdecclose There appears to be a possible use after free with...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-005127)
"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005127 advisory. In the Linux kernel, the following vulnerability has been resolved: media: venus: fix use after free bug in venusremove due to race condition in venusprobe, core-wo...
ROS-20260126-73-0018
A vulnerability in the venus component of the Linux operating system kernel is related to writing beyond buffer boundaries. Exploitation of the vulnerability could allow an attacker to cause a denial of service...
ROS-20260126-73-0017
A vulnerability in the venus component of the Linux operating system kernel is related to writing beyond buffer boundaries. Exploitation of the vulnerability could allow an attacker to cause a denial of service...
Azure Linux 3.0 Security Update: kernel (CVE-2025-23158)
The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-23158 advisory. - In the Linux kernel, the following vulnerability has been resolved: media: venus: hfi: add check to handle...
Azure Linux 3.0 Security Update: kernel (CVE-2025-23159)
The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-23159 advisory. - In the Linux kernel, the following vulnerability has been resolved: media: venus: hfi: add a check to handle...
CLSA-2025-1763989962 Fix of 8 CVEs
CVE-url: https://ubuntu.com/security/CVE-2025-38352 - posix-cpu-timers: fix race between handleposixcputimers and posixcputimerdel CVE-url: https://ubuntu.com/security/CVE-2022-25265 - x86/elf: Add table to document READIMPLIESEXEC - x86/elf: Split READIMPLIESEXEC from executable PTGNUSTACK -...
Malicious code in kronos-lynx-brane-venus (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b4b0fb92e5f1f3a612ab9477511fd26789ef0566213df6d8bc93ee1ffa10bd9b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-179902
Malicious code in callback-typeorm-venus-umbriel npm...