CVE-2025-2296

EDK2 contains a vulnerability in BIOS where an attacker may cause “ Improper Input Validation” by local access. Successful exploitation of this vulnerability could alter control flow in unexpected ways, potentially allowing arbitrary command execution and impacting Confidentiality, Integrity, and...

CVE-2024-38798

EDK2 contains a vulnerability in BIOS where an attacker may cause “Exposure of Sensitive Information to an Unauthorized Actor” by local access. Successful exploitation of this vulnerability will lead to possible information disclosure or escalation of privilege and impact Confidentiality...

CVE-2025-14333

Memory safety bugs present in Firefox ESR 140.5, Thunderbird ESR 140.5, Firefox 145 and Thunderbird 145. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in...

CVE-2025-14332

Memory safety bugs present in Firefox 145 and Thunderbird 145. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 146 and Thunderbird 146...

CVE-2025-14331

Same-origin policy bypass in the Request Handling component. This vulnerability was fixed in Firefox 146, Firefox ESR 115.31, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6...

CVE-2025-14330

JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 146, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6...

CVE-2025-14329

Privilege escalation in the Netmonitor component. This vulnerability was fixed in Firefox 146, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6...

CVE-2025-14328

Privilege escalation in the Netmonitor component. This vulnerability was fixed in Firefox 146, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6...

CVE-2025-14327

Spoofing issue in the Downloads Panel component. This vulnerability was fixed in Firefox 146, Thunderbird 146, Firefox ESR 140.7, and Thunderbird 140.7...

CVE-2025-14326

Use-after-free in the Audio/Video: GMP component. This vulnerability was fixed in Firefox 146 and Thunderbird 146...

CVE-2025-14325

JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 146, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6...

CVE-2025-14324

JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 146, Firefox ESR 115.31, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6...

CVE-2025-14323

Privilege escalation in the DOM: Notifications component. This vulnerability was fixed in Firefox 146, Firefox ESR 115.31, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6...

CVE-2025-14322

Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability was fixed in Firefox 146, Firefox ESR 115.31, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6...

CVE-2025-14321

Use-after-free in the WebRTC: Signaling component. This vulnerability was fixed in Firefox 146, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6...

CVE-2025-59029

An attacker can trigger an assertion failure by requesting crafted DNS records, waiting for them to be inserted into the records cache, then send a query with qtype set to ANY...

CVE-2025-59030

An attacker can trigger the removal of cached records by sending a NOTIFY query over TCP...

CVE-2025-14308

An integer overflow vulnerability exists in the write method of the Buffer class in Robocode version 1.9.3.6. The method fails to properly validate the length of data being written, allowing attackers to cause an overflow, potentially leading to buffer overflows and arbitrary code execution. This...

CVE-2025-14307

An insecure temporary file creation vulnerability exists in the AutoExtract component of Robocode version 1.9.3.6. The createTempFile method fails to securely create temporary files, allowing attackers to exploit race conditions and potentially execute arbitrary code or overwrite critical files...

CVE-2025-14306

A directory traversal vulnerability exists in the CacheCleaner component of Robocode version 1.9.3.6. The recursivelyDelete method fails to properly sanitize file paths, allowing attackers to traverse directories and delete arbitrary files on the system. This vulnerability can be exploited by...

CVE-2025-40344

In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: avs: Disable periods-elapsed work when closing PCM avsdaifeshutdown handles the shutdown procedure for HOST HDAudio stream while period-elapsed work services its IRQs. As the former frees the DAI's private context,...

CVE-2025-40343

In the Linux kernel, the following vulnerability has been resolved: nvmet-fc: avoid scheduling association deletion twice When forcefully shutting down a port via the configfs interface, nvmetportsubsysdroplink first calls nvmetportdelctrls and then nvmetdisableport. Both functions will eventuall...

CVE-2025-40342

In the Linux kernel, the following vulnerability has been resolved: nvme-fc: use lock accessing portstate and rport state nvmefcunregisterremote removes the remote port on a lport object at any point in time when there is no active association. This races with with the reconnect logic, because...

CVE-2025-40341

In the Linux kernel, the following vulnerability has been resolved: futex: Don't leak robustlist pointer on exec race sysgetrobustlist and compatgetrobustlist use ptracemayaccess to check if the calling task is allowed to access another task's robustlist pointer. This check is racy against a...

CVE-2025-40340

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix oops in xegemfault when running corehotunplug test. I saw an oops in xegemfault when running the xe-fast-feedback testlist against the realtime kernel without debug options enabled. The panic happens after corehotunpl...

CVE-2025-40339

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix nullptr err of vmhandlemoved If a amdgpubova is fpriv-prtva, the bo of this one is always NULL. So, such kind of amdgpubova should be updated separately before amdgpuvmhandlemoved...

CVE-2025-40338

In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: avs: Do not share the name pointer between components By sharing 'name' directly, tearing down components may lead to use-after-free errors. Duplicate the name to avoid that. At the same time, update the order of...

CVE-2025-40337

In the Linux kernel, the following vulnerability has been resolved: net: stmmac: Correctly handle Rx checksum offload errors The stmmacrx function would previously set skb-ipsummed to CHECKSUMUNNECESSARY if hardware checksum offload CoE was enabled and the packet was of a known IP ethertype...

CVE-2025-40336

In the Linux kernel, the following vulnerability has been resolved: drm/gpusvm: fix hmmpfntomaporder usage Handle the case where the hmm range partially covers a huge page like 2M, otherwise we can potentially end up doing something nasty like mapping memory which is outside the range, and maybe...

CVE-2025-40334

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate userq buffer virtual address and size It needs to validate the userq object virtual address to determine whether it is residented in a valid vm mapping...

CVE-2025-40335

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate userq input args This will help on validating the userq input args, and rejecting for the invalid userq request at the IOCTLs first place...

CVE-2025-40333

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix infinite loop in insertextenttree When we get wrong extent info data, and look up extentnode in rb tree, it will cause infinite loop CONFIGF2FSCHECKFS=n. Avoiding this by return NULL and print some kernel messages in th...

CVE-2025-40332

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix mmap write lock not release If mmap write lock is taken while draining retry fault, mmap write lock is not released because svmrangerestorepages calls mmapreadunlock then returns. This causes deadlock and system...

CVE-2025-40331

In the Linux kernel, the following vulnerability has been resolved: sctp: Prevent TOCTOU out-of-bounds write For the following path not holding the sock lock, sctpdiagdump - sctpforeachendpoint - sctpepdump make sure not to exceed bounds in case the address list has grown between buffer allocatio...

CVE-2025-40330

In the Linux kernel, the following vulnerability has been resolved: bnxten: Shutdown FW DMA in bnxtshutdown The netifclose call in bnxtshutdown only stops packet DMA. There may be FW DMA for trace logging recently added that will continue. If we kexec to a new kernel, the DMA will corrupt memory ...

CVE-2025-40329

In the Linux kernel, the following vulnerability has been resolved: drm/sched: Fix deadlock in drmschedentitykilljobscb The Mesa issue referenced below pointed out a possible deadlock: 1231.611031 Possible interrupt unsafe locking scenario: 1231.611033 CPU0 CPU1 1231.611034 ---- ---- 1231.611035...

CVE-2025-40328

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF in smb2closecachedfid findorcreatecacheddir could grab a new reference after krefput had seen the refcount drop to zero but before cfidlistlock is acquired in smb2closecachedfid, leading to...

CVE-2025-40327

In the Linux kernel, the following vulnerability has been resolved: perf/core: Fix system hang caused by cpu-clock usage cpu-clock usage by the async-profiler tool can trigger a system hang, which got bisected back to the following commit by Octavia Togami: 18dbcbfabfff "perf: Fix the POLLHUP...

CVE-2025-66568

The ruby-saml library implements the client side of an SAML authorization. Versions up to and including 1.12.4, are vulnerable to authentication bypass through the libxml2 canonicalization process used by Nokogiri for document transformation, which allows an attacker to execute a Signature Wrappi...

CVE-2025-66567

The ruby-saml library is for implementing the client side of a SAML authorization. ruby-saml versions up to and including 1.12.4 contain an authentication bypass vulnerability due to an incomplete fix for CVE-2025-25292. ReXML and Nokogiri parse XML differently, generating entirely different...

CVE-2023-53866

In the Linux kernel, the following vulnerability has been resolved: ASoC: soc-compress: Reposition and add pcmmutex If paniconwarn is set and compress streamDPCM is started, then kernel panic occurred because card-pcmmutex isn't held appropriately. In the following functions, warning were issued ...

CVE-2023-53865

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix warning when putting transaction with qgroups enabled after abort If we have a transaction abort with qgroups enabled we get a warning triggered when doing the final put on the transaction, like this: 552.6789...

CVE-2023-53864

In the Linux kernel, the following vulnerability has been resolved: drm/mxsfb: Disable overlay plane in mxsfbplaneoverlayatomicdisable When disabling overlay plane in mxsfbplaneoverlayatomicupdate, overlay plane's framebuffer pointer is NULL. So, dereferencing it would cause a kernel OopsNULL...

CVE-2023-53863

In the Linux kernel, the following vulnerability has been resolved: netlink: do not hard code device address lenth in fdb dumps syzbot reports that some netdev devices do not have a six bytes address 1 Replace ETHALEN by dev-addrlen. 1 Case of a device where dev-addrlen = 4 BUG: KMSAN:...

CVE-2023-53862

In the Linux kernel, the following vulnerability has been resolved: hfs: fix missing hfsbnodeget in hfsbnodecreate Syzbot found a kernel BUG in hfsbnodeput: kernel BUG at fs/hfs/bnode.c:466! invalid opcode: 0000 1 PREEMPT SMP KASAN CPU: 0 PID: 3634 Comm: kworker/u4:5 Not tainted...

CVE-2023-53861

In the Linux kernel, the following vulnerability has been resolved: ext4: correct grp validation in ext4mbgoodgroup Group corruption check will access memory of grp and will trigger kernel crash if grp is NULL. So do NULL check before corruption check...

CVE-2023-53860

In the Linux kernel, the following vulnerability has been resolved: dm: don't attempt to queue IO under RCU protection dm looks up the table for IO based on the request type, with an assumption that if the request is marked REQNOWAIT, it's fine to attempt to submit that IO while under RCU read lo...

CVE-2023-53859

In the Linux kernel, the following vulnerability has been resolved: s390/idle: mark archcpuidle noinstr linux-next commit "cpuidle: tracing: Warn about !rcuiswatching" adds a new warning which hits on s390's archcpuidle function: RCU not on for: archcpuidle+0x0/0x28 WARNING: CPU: 2 PID: 0 at...

CVE-2023-53858

In the Linux kernel, the following vulnerability has been resolved: tty: serial: samsungtty: Fix a memory leak in s3c24xxserialgetclk in case of error If clkgetrate fails, the clk that has just been allocated needs to be freed...

CVE-2023-53857

In the Linux kernel, the following vulnerability has been resolved: bpf: bpfskstorage: Fix invalid wait context lockdep report './testprogs -t testlocalstorage' reported a splat: 27.137569 ============================= 27.138122 BUG: Invalid wait context 27.138650 6.5.0-03980-gd11ae1b16b0a 247...