59514 matches found
CVE-2022-50477
In the Linux kernel, the following vulnerability has been resolved: rtc: class: Fix potential memleak in devmrtcallocatedevice devmrtcallocatedevice will alloc a rtcdevice first, and then run devsetname. If devsetname failed, the rtcdevice will memleak. Move devmaddactionorreset in front of...
CVE-2022-50476
In the Linux kernel, the following vulnerability has been resolved: ntbnetdev: Use devkfreeskbany in interrupt context TX/RX callback handlers ntbnetdevtxhandler, ntbnetdevrxhandler can be called in interrupt context via the DMA framework when the respective DMA operations have completed. As such...
CVE-2022-50475
In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Make sure "ibport" is valid when access sysfs node The "ibport" structure must be set before adding the sysfs kobject, and reset after removing it, otherwise it may crash when accessing the sysfs node: Unable to handle...
CVE-2022-50474
In the Linux kernel, the following vulnerability has been resolved: macintosh: fix possible memory leak in macioaddonedevice Afer commit 1fa5ae857bb1 "driver core: get rid of struct device's busid string array", the name of device is allocated dynamically. It needs to be freed when ofdeviceregist...
CVE-2022-50472
In the Linux kernel, the following vulnerability has been resolved: IB/mad: Don't call to function that might sleep while in atomic context Tracepoints are not allowed to sleep, as such the following splat is generated due to call to ibquerypkey in atomic context. WARNING: CPU: 0 PID: 1888000 at...
CVE-2022-50473
In the Linux kernel, the following vulnerability has been resolved: cpufreq: Init completion before kobjectinitandadd In cpufreqpolicyalloc, it will call uninitialed completion in cpufreqsysfsrelease when kobjectinitandadd fails. And that will cause a crash such as the following page fault in...
CVE-2022-50471
In the Linux kernel, the following vulnerability has been resolved: xen/gntdev: Accommodate VMA splitting Prior to this commit, the gntdev driver code did not handle the following scenario correctly with paravirtualized PV Xen domains: User process sets up a gntdev mapping composed of two grant...
CVE-2022-50470
In the Linux kernel, the following vulnerability has been resolved: xhci: Remove device endpoints from bandwidth list when freeing the device Endpoints are normally deleted from the bandwidth list when they are dropped, before the virt device is freed. If xHC host is dying or being removed then t...
CVE-2025-39953
In the Linux kernel, the following vulnerability has been resolved: cgroup: split cgroupdestroywq into 3 workqueues A hung task can occur during 1 LTP cgroup testing when repeatedly mounting/unmounting perfevent and netprio controllers with systemd.unifiedcgrouphierarchy=1. The hang manifests in...
CVE-2025-39952
In the Linux kernel, the following vulnerability has been resolved: wifi: wilc1000: avoid buffer overflow in WID string configuration Fix the following copy overflow warning identified by Smatch checker. drivers/net/wireless/microchip/wilc1000/wlancfg.c:184 wilcwlanparseresponseframe error:...
CVE-2025-39951
In the Linux kernel, the following vulnerability has been resolved: um: virtiouml: Fix use-after-free after putdevice in probe When registervirtiodevice fails in virtioumlprobe, the code sets vudev-registered = 1 even though the device was not successfully registered. This can lead to...
CVE-2025-39950
In the Linux kernel, the following vulnerability has been resolved: net/tcp: Fix a NULL pointer dereference when using TCP-AO with TCPREPAIR A NULL pointer dereference can occur in tcpaofinishconnect during a connect system call on a socket with a TCP-AO key added and TCPREPAIR enabled. The...
CVE-2025-39949
In the Linux kernel, the following vulnerability has been resolved: qed: Don't collect too many protection override GRC elements In the protection override dump path, the firmware can return far too many GRC elements, resulting in attempting to write past the end of the previously-kmalloc'ed dump...
CVE-2025-39948
In the Linux kernel, the following vulnerability has been resolved: ice: fix Rx page leak on multi-buffer frames The iceputrxmbuf function handles calling iceputrxbuf for each buffer in the current frame. This function was introduced as part of handling multi-buffer XDP support in the ice driver...
CVE-2025-39947
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Harden uplink netdev access against device unbind The function mlx5uplinknetdevget gets the uplink netdevice pointer from mdev-mlx5eres.uplinknetdev. However, the netdevice can be removed and its pointer cleared when...
CVE-2025-39945
In the Linux kernel, the following vulnerability has been resolved: cnic: Fix use-after-free bugs in cnicdeletetask The original code uses canceldelayedwork in cniccmstopbnx2xhw, which does not guarantee that the delayed work item 'deletetask' has fully completed if it was already running...
CVE-2025-39946
In the Linux kernel, the following vulnerability has been resolved: tls: make sure to abort the stream if headers are bogus Normally we wait for the socket to buffer up the whole record before we service it. If the socket has a tiny buffer, however, we read out the data sooner, to prevent...
CVE-2025-39944
In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: Fix use-after-free bugs in otx2synctstamp The original code relies on canceldelayedwork in otx2ptpdestroy, which does not ensure that the delayed work item synctstampwork has fully completed if it was already runnin...
CVE-2025-39943
In the Linux kernel, the following vulnerability has been resolved: ksmbd: smbdirect: validate dataoffset and datalength field of smbdirectdatatransfer If dataoffset and datalength of smbdirectdatatransfer struct are invalid, out of bounds issue could happen. This patch validate dataoffset and...
CVE-2025-39942
In the Linux kernel, the following vulnerability has been resolved: ksmbd: smbdirect: verify remainingdatalength respects maxfragmentedrecvsize This is inspired by the check for dataoffset + datalength...
CVE-2025-39941
In the Linux kernel, the following vulnerability has been resolved: zram: fix slot write race condition Parallel concurrent writes to the same zram index result in leaked zsmalloc handles. Schematically we can have something like this: CPU0 CPU1 zramslotlock zsfreehandle zramslotlock zramslotlock...
CVE-2025-39940
In the Linux kernel, the following vulnerability has been resolved: dm-stripe: fix a possible integer overflow There's a possible integer overflow in stripeiohints if we have too large chunk size. Test if the overflow happened, and if it did, don't set limits-iomin and limits-ioopt;...
CVE-2025-39939
In the Linux kernel, the following vulnerability has been resolved: iommu/s390: Fix memory corruption when using identity domain zpcigetiommuctrs returns counter information to be reported as part of device statistics; these counters are stored as part of the s390domain. The problem, however, is...
CVE-2025-39938
In the Linux kernel, the following vulnerability has been resolved: ASoC: qcom: q6apm-lpass-dais: Fix NULL pointer dereference if source graph failed If earlier opening of source graph fails e.g. ADSP rejects due to incorrect audioreach topology, the graph is closed and "daidata-graphdai-id" is...
CVE-2025-39937
In the Linux kernel, the following vulnerability has been resolved: net: rfkill: gpio: Fix crash due to dereferencering uninitialized pointer Since commit 7d5e9737efda "net: rfkill: gpio: get the name and type from device property" rfkillfindtype gets called with the possibly uninitialized "const...
CVE-2025-39936
In the Linux kernel, the following vulnerability has been resolved: crypto: ccp - Always pass in an error pointer to sevplatformshutdownlocked When 9770b428b1a2 "crypto: ccp - Move devinfo/err messages for SEV/SNP init and shutdown" moved the error messages dumping so that they don't need to be...
CVE-2025-39935
In the Linux kernel, the following vulnerability has been resolved: ASoC: codec: sma1307: Fix memory corruption in sma1307settingloaded The sma1307-set.headersize is how many integers are in the header there are 8 of them but instead of allocating space of 8 integers we allocate 8 bytes. This lea...
CVE-2025-39934
In the Linux kernel, the following vulnerability has been resolved: drm: bridge: anx7625: Fix NULL pointer dereference with early IRQ If the interrupt occurs before resource initialization is complete, the interrupt handler/worker may access uninitialized data such as the I2C tcpcclient device,...
CVE-2025-39933
In the Linux kernel, the following vulnerability has been resolved: smb: client: let recvdone verify dataoffset, datalength and remainingdatalength This is inspired by the related server fixes...
CVE-2025-39932
In the Linux kernel, the following vulnerability has been resolved: smb: client: let smbddestroy call disableworksync&info-postsendcreditswork In smbddestroy we may destroy the memory so we better wait until postsendcreditswork is no longer pending and will never be started again. I actually just...
CVE-2025-39929
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix smbdirectrecvio leak in smbdnegotiate error path During tests of another unrelated patch I was able to trigger this error: Objects remaining on kmemcacheshutdown...
CVE-2025-39931
In the Linux kernel, the following vulnerability has been resolved: crypto: afalg - Set merge to zero early in afalgsendmsg If an error causes afalgsendmsg to abort, ctx-merge may contain a garbage value from the previous loop. This may then trigger a crash on the next entry into afalgsendmsg whe...
CVE-2025-61962
In fetchmail before 6.5.6, the SMTP client can crash when authenticating upon receiving a 334 status code in a malformed context...
CVE-2025-49844
Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to manipulate the garbage collector, trigger a use-after-free and potentially lead to remote code execution. The problem exists in all...
CVE-2025-46819
Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted LUA script to read out-of-bound data or crash the server and subsequent denial of service. The problem exists in all versions of Redis with Lua...
CVE-2025-46818
Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to manipulate different LUA objects and potentially run their own code in the context of another user. The problem exists in all versions o...
CVE-2025-46817
Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to cause an integer overflow and potentially lead to remote code execution The problem exists in all versions of Redis with Lua scripting...
CVE-2025-10729
The module will parse a node which is not a child of a structural node. The node will be deleted after creation but might be accessed later leading to a use after free...
CVE-2025-10728
When the module renders a Svg file that contains a element, it might end up rendering it recursively leading to stack overflow DoS...
CVE-2025-49641
A regular Zabbix user with no permission to the Monitoring - Problems view is still able to call the problem.view.refresh action and therefore still retrieve a list of active problems...
CVE-2025-27237
In Zabbix Agent and Agent 2 on Windows, the OpenSSL configuration file is loaded from a path writable by low-privileged users, allowing malicious modification and potential local privilege escalation by injecting a DLL...
CVE-2025-27236
A regular Zabbix user can search other users in their user group via Zabbix API by select fields the user does not have access to view. This allows data-mining some field values the user does not have access to...
CVE-2025-27231
The LDAP 'Bind password' value cannot be read after saving, but a Super Admin account can leak it by changing LDAP 'Host' to a rogue LDAP server. To mitigate this, the 'Bind password' value is now reset on 'Host' change...
CVE-2025-11234
A flaw was found in QEMU. If the QIOChannelWebsock object is freed while it is waiting to complete a handshake, a GSource is leaked. This can lead to the callback firing later on and triggering a use-after-free in the use of the channel. This can be abused by a malicious client with network acces...
CVE-2025-53881
A UNIX Symbolic Link Symlink Following vulnerability in logrotate config in the exim package allowed privilege escalation from mail user/group to root.This issue affects Tumbleweed: from ? before 4.98.2-lp156.248.1...
CVE-2025-54293
Path Traversal in the log file retrieval function in Canonical LXD 5.0 LTS on Linux allows authenticated remote attackers to read arbitrary files on the host system via crafted log file names or symbolic links...
CVE-2025-54292
Removed by vendor...
CVE-2025-54291
Information disclosure in images API in Canonical LXD before 6.5 and 5.21.4 on all platforms allows unauthenticated remote attackers to determine project existence via differing HTTP status code responses...
CVE-2025-54290
Information disclosure in image export API in Canonical LXD before 6.5 and 5.21.4 on Linux allows network attackers to determine project existence without authentication via crafted requests using wildcard fingerprints...
CVE-2025-54289
Privilege Escalation in operations API in Canonical LXD 6.5 on multiple platforms allows attacker with read permissions to hijack terminal or console sessions and execute arbitrary commands via WebSocket connection hijacking format...