Lucene search
K
UbuntucveRecent

68528 matches found

UbuntuCve
UbuntuCve
added 2025/10/28 9:15 p.m.1 views

CVE-2025-11374

Consul and Consul Enterprise’s “Consul” key/value endpoint is vulnerable to denial of service DoS due to incorrect Content Length header validation. This vulnerability, CVE-2025-11374, is fixed in Consul Community Edition 1.22.0 and Consul Enterprise 1.22.0, 1.21.6, 1.20.8 and 1.18.12...

6.5CVSS5.9AI score0.00402EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2025/10/28 9:15 p.m.2 views

CVE-2025-11375

Consul and Consul Enterprise’s “Consul” event endpoint is vulnerable to denial of service DoS due to lack of maximum value on the Content Length header. This vulnerability, CVE-2025-11375, is fixed in Consul Community Edition 1.22.0 and Consul Enterprise 1.22.0, 1.21.6, 1.20.8 and 1.18.12...

6.5CVSS5.9AI score0.00402EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2025/10/28 3:16 p.m.4 views

CVE-2025-61104

FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the showvtyunknowntlv function at ospfext.c. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted OSPF packet...

7.5CVSS5.9AI score0.00582EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2025/10/28 3:16 p.m.5 views

CVE-2025-61103

FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the showvtyextlinklanadjsid function at ospfext.c. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted OSPF packet...

7.5CVSS5.9AI score0.00582EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2025/10/28 3:16 p.m.5 views

CVE-2025-61107

FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the showvtyextprefprefsid function at ospfext.c. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted LSA Update packet...

7.5CVSS5.9AI score0.00582EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2025/10/28 3:16 p.m.4 views

CVE-2025-61106

FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the showvtyextprefprefsid function at ospfext.c. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted OSPF packet...

7.5CVSS5.9AI score0.00582EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2025/10/28 2:15 p.m.4 views

CVE-2025-12380

Starting with Firefox 142, it was possible for a compromised child process to trigger a use-after-free in the GPU or browser process using WebGPU-related IPC calls. This may have been usable to escape the child process sandbox. This vulnerability was fixed in Firefox 144.0.2...

9.8CVSS7.3AI score0.00308EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2025/10/28 12:15 p.m.1 views

CVE-2025-40060

In the Linux kernel, the following vulnerability has been resolved: coresight: trbe: Return NULL pointer for allocation failures When the TRBE driver fails to allocate a buffer, it currently returns the error code "-ENOMEM". However, the caller etmsetupaux only checks for a NULL pointer, so it...

5.8AI score0.00202EPSS
Exploits0References37
UbuntuCve
UbuntuCve
added 2025/10/28 12:15 p.m.2 views

CVE-2025-40080

In the Linux kernel, the following vulnerability has been resolved: nbd: restrict sockets to TCP and UDP Recently, syzbot started to abuse NBD with all kinds of sockets. Commit cf1b2326b734 "nbd: verify socket is supported during setup" made sure the socket supported a shutdown method. Explicitel...

5.7AI score0.00183EPSS
Exploits0References22
UbuntuCve
UbuntuCve
added 2025/10/28 12:15 p.m.2 views

CVE-2025-40049

In the Linux kernel, the following vulnerability has been resolved: Squashfs: fix uninit-value in squashfsgetparent Syzkaller reports a "KMSAN: uninit-value in squashfsgetparent" bug. This is caused by openbyhandleat being called with a file handle containing an invalid parent inode number. In...

5.7AI score0.00207EPSS
Exploits0References37
UbuntuCve
UbuntuCve
added 2025/10/28 12:15 p.m.3 views

CVE-2025-40062

In the Linux kernel, the following vulnerability has been resolved: crypto: hisilicon/qm - set NULL to qm-debug.qmdiffregs When the initialization of qm-debug.accdiffreg fails, the probe process does not exit. However, after qm-debug.qmdiffregs is freed, it is not set to NULL. This can lead to a...

5.7AI score0.00183EPSS
Exploits0References22
UbuntuCve
UbuntuCve
added 2025/10/28 12:15 p.m.1 views

CVE-2025-40043

In the Linux kernel, the following vulnerability has been resolved: net: nfc: nci: Add parameter validation for packet data Syzbot reported an uninitialized value bug in nciinitreq, which was introduced by commit 5aca7966d2a7 "Merge tag 'perf-tools-fixes-for-v6.17-2025-09-16' of...

5.7AI score0.00202EPSS
Exploits0References37
UbuntuCve
UbuntuCve
added 2025/10/28 12:15 p.m.1 views

CVE-2025-40039

In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fix race condition in RPC handle list access The 'sess-rpchandlelist' XArray manages RPC handles within a ksmbd session. Access to this list is intended to be protected by 'sess-rpclock' an rwsemaphore. However, the lockin...

4.7CVSS5.8AI score0.00124EPSS
Exploits0References16
UbuntuCve
UbuntuCve
added 2025/10/28 12:15 p.m.2 views

CVE-2025-40031

In the Linux kernel, the following vulnerability has been resolved: tee: fix registershmhelper In registershmhelper, fix incorrect error handling for a call to ioviterextractpages. A case is missing for when ioviterextractpages only got some pages and return a number larger than 0, but not the...

5.8AI score0.00194EPSS
Exploits0References20
UbuntuCve
UbuntuCve
added 2025/10/28 12:15 p.m.4 views

CVE-2025-40082

In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix slab-out-of-bounds read in hfsplusuni2asc BUG: KASAN: slab-out-of-bounds in hfsplusuni2asc+0xa71/0xb90 fs/hfsplus/unicode.c:186 Read of size 2 at addr ffff8880289ef218 by task syz.6.248/14290 CPU: 0 UID: 0 PID: 14290...

7.1CVSS5.9AI score0.00182EPSS
Exploits0References15
UbuntuCve
UbuntuCve
added 2025/10/28 12:15 p.m.1 views

CVE-2025-40081

In the Linux kernel, the following vulnerability has been resolved: perf: armspe: Prevent overflow in PERFIDX2OFF Cast nrpages to unsigned long to avoid overflow when handling large AUX buffer sizes = 2 GiB...

5.9AI score0.00193EPSS
Exploits0References37
UbuntuCve
UbuntuCve
added 2025/10/28 12:15 p.m.1 views

CVE-2025-40042

In the Linux kernel, the following vulnerability has been resolved: tracing: Fix race condition in kprobe initialization causing NULL pointer dereference There is a critical race condition in kprobe initialization that can lead to NULL pointer dereference and kernel crash. 1135630.084782 Unable t...

5.8AI score0.00207EPSS
Exploits0References37
UbuntuCve
UbuntuCve
added 2025/10/28 12:15 p.m.2 views

CVE-2025-40048

In the Linux kernel, the following vulnerability has been resolved: uiohvgeneric: Let userspace take care of interrupt mask Remove the logic to set interrupt mask by default in uiohvgeneric driver as the interrupt mask value is supposed to be controlled completely by the user space. If the mask b...

5.9AI score0.00207EPSS
Exploits0References37
UbuntuCve
UbuntuCve
added 2025/10/28 12:15 p.m.2 views

CVE-2025-40040

In the Linux kernel, the following vulnerability has been resolved: mm/ksm: fix flag-dropping behavior in ksmmadvise syzkaller discovered the following crash: kernel BUG 44.607039 ------------ cut here ------------ 44.607422 kernel BUG at mm/userfaultfd.c:2067! 44.608148 Oops: invalid opcode: 000...

5.5CVSS5.9AI score0.00338EPSS
Exploits0References21
UbuntuCve
UbuntuCve
added 2025/10/28 12:15 p.m.3 views

CVE-2025-40055

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix double free in userclusterconnect userclusterdisconnect frees "conn-ccprivate" which is "lc" but then the error handling frees "lc" a second time. Set "lc" to NULL on this path to avoid a double free...

5.7AI score0.00207EPSS
Exploits0References37
UbuntuCve
UbuntuCve
added 2025/10/28 12:15 p.m.1 views

CVE-2025-40029

In the Linux kernel, the following vulnerability has been resolved: bus: fsl-mc: Check return value of platformgetresource platformgetresource returns NULL in case of failure, so check its return value and propagate the error in order to prevent NULL pointer dereference...

5.7AI score0.00202EPSS
Exploits0References37
UbuntuCve
UbuntuCve
added 2025/10/28 12:15 p.m.1 views

CVE-2025-40074

In the Linux kernel, the following vulnerability has been resolved: ipv4: start using dstdevrcu Change icmpv4xrlimallow, ipdefrag to prevent possible UAF. Change ipmrpreparexmit, ipmrqueuefwdxmit, ipmroutput, ipv4neighlookup to use lockdep enabled dstdevrcu...

5.7AI score0.0017EPSS
Exploits0References9
UbuntuCve
UbuntuCve
added 2025/10/28 12:15 p.m.1 views

CVE-2025-40057

In the Linux kernel, the following vulnerability has been resolved: ptp: Add a upper bound on maxvclocks syzbot reported WARNING in maxvclocksstore. This occurs when the argument max is too large for kcalloc to handle. Extend the guard to guard against values that are too large for kcalloc...

5.7AI score0.00194EPSS
Exploits0References20
UbuntuCve
UbuntuCve
added 2025/10/28 12:15 p.m.3 views

CVE-2025-40076

In the Linux kernel, the following vulnerability has been resolved: PCI: rcar-host: Pass proper IRQ domain to generichandledomainirq Starting with commit dd26c1a23fd5 "PCI: rcar-host: Switch to msicreateparentirqdomain", the MSI parent IRQ domain is NULL because the object of type struct...

5.7AI score0.0017EPSS
Exploits0References9
UbuntuCve
UbuntuCve
added 2025/10/28 12:15 p.m.2 views

CVE-2025-40041

In the Linux kernel, the following vulnerability has been resolved: LoongArch: BPF: Sign-extend struct ops return values properly The nsbpfqdisc selftest triggers a kernel panic: Oops1: CPU 0 Unable to handle kernel paging request at virtual address 0000000000741d58, era == 90000000851b5ac0, ra =...

5.7AI score0.00182EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2025/10/28 12:15 p.m.1 views

CVE-2025-40038

In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Skip fastpath emulation on VM-Exit if next RIP isn't valid Skip the WRMSR and HLT fastpaths in SVM's VM-Exit handler if the next RIP isn't valid, e.g. because KVM is running with nrips=false. SVM must decode and emulate...

5.7AI score0.00197EPSS
Exploits0References21
UbuntuCve
UbuntuCve
added 2025/10/28 12:15 p.m.0 views

CVE-2025-40078

In the Linux kernel, the following vulnerability has been resolved: bpf: Explicitly check accesses to bpfsockaddr Syzkaller found a kernel warning on the following sockaddr program: 0: r0 = 0 1: r2 = u32 r1 +60 2: exit which triggers: verifier bug: error during ctx access conversion 0 This is...

5.7AI score0.00197EPSS
Exploits0References37
UbuntuCve
UbuntuCve
added 2025/10/28 12:15 p.m.1 views

CVE-2025-40033

In the Linux kernel, the following vulnerability has been resolved: remoteproc: pru: Fix potential NULL pointer dereference in prurprocsetctable prurprocsetctable accessed rproc-priv before the ISERRORNULL check, which could lead to a null pointer dereference. Move the pru assignment, ensuring we...

5.7AI score0.00197EPSS
Exploits0References21
UbuntuCve
UbuntuCve
added 2025/10/28 12:15 p.m.10 views

CVE-2025-40056

In the Linux kernel, the following vulnerability has been resolved: vhost: vringh: Fix copytoiter return value check The return value of copytoiter can't be negative, check whether the copied length is equal to the requested length instead of checking for negative values...

5.7AI score0.00197EPSS
Exploits0References22
UbuntuCve
UbuntuCve
added 2025/10/28 12:15 p.m.1 views

CVE-2025-40046

In the Linux kernel, the following vulnerability has been resolved: iouring/zcrx: fix overshooting recv limit It's reported that sometimes a zcrx request can receive more than was requested. It's caused by iozcrxrecvskb adjusting desc-count for all received buffers including frag lists, but then...

5.7AI score0.00182EPSS
Exploits0References9
UbuntuCve
UbuntuCve
added 2025/10/28 12:15 p.m.1 views

CVE-2025-40054

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix UAF issue in f2fsmergepagebio As JY reported in bugzilla 1, Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 pc : 0xffffffe51d249484 f2fsiscpguaranteed+0x70/0x98 lr : 0xffffffe51d24ad...

5.7AI score0.00182EPSS
Exploits0References9
UbuntuCve
UbuntuCve
added 2025/10/28 12:15 p.m.1 views

CVE-2025-40052

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix crypto buffers in non-linear memory The crypto API, through the scatterlist API, expects input buffers to be in linear memory. We handle this with the cifssgsetbuf helper that converts vmalloc'd memory to their...

5.9AI score0.00197EPSS
Exploits0References21
UbuntuCve
UbuntuCve
added 2025/10/28 12:15 p.m.3 views

CVE-2025-40073

In the Linux kernel, the following vulnerability has been resolved: drm/msm: Do not validate SSPP when it is not ready Current code will validate current plane and previous plane to confirm they can share a SSPP with multi-rect mode. The SSPP is already allocated for previous plane, while current...

5.8AI score0.0017EPSS
Exploits0References9
UbuntuCve
UbuntuCve
added 2025/10/28 12:15 p.m.2 views

CVE-2025-40072

In the Linux kernel, the following vulnerability has been resolved: fanotify: Validate the return value of mntnsfromdentry before dereferencing The function dofanotifymark does not validate if mntnsfromdentry returns NULL before dereferencing mntns-userns. This causes a NULL pointer dereference i...

5.7AI score0.0017EPSS
Exploits0References9
UbuntuCve
UbuntuCve
added 2025/10/28 12:15 p.m.1 views

CVE-2025-40061

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix race in dotask when draining When dotask exhausts its iteration budget !ret, it sets the state to TASKSTATEIDLE to reschedule, without a secondary check on the current task-state. This can overwrite the...

5.7AI score0.00183EPSS
Exploits0References21
UbuntuCve
UbuntuCve
added 2025/10/28 12:15 p.m.2 views

CVE-2025-40058

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Disallow dirty tracking if incoherent page walk Dirty page tracking relies on the IOMMU atomically updating the dirty bit in the paging-structure entry. For this operation to succeed, the paging- structure memory must...

5.7AI score0.00194EPSS
Exploits0References20
UbuntuCve
UbuntuCve
added 2025/10/28 12:15 p.m.1 views

CVE-2025-40059

In the Linux kernel, the following vulnerability has been resolved: coresight: Fix incorrect handling for return value of devmkzalloc The return value of devmkzalloc could be an null pointer, use "!desc.pdata" to fix incorrect handling return value of devmkzalloc...

5.7AI score0.00194EPSS
Exploits0References20
UbuntuCve
UbuntuCve
added 2025/10/28 12:15 p.m.3 views

CVE-2025-40079

In the Linux kernel, the following vulnerability has been resolved: riscv, bpf: Sign extend struct ops return values properly The nsbpfqdisc selftest triggers a kernel panic: Unable to handle kernel paging request at virtual address ffffffffa38dbf58 Current testprogs pgtable: 4K pagesize, 57-bit...

5.7AI score0.00181EPSS
Exploits0References20
UbuntuCve
UbuntuCve
added 2025/10/28 12:15 p.m.1 views

CVE-2025-40035

In the Linux kernel, the following vulnerability has been resolved: Input: uinput - zero-initialize uinputffuploadcompat to avoid info leak Struct ffeffectcompat is embedded twice inside uinputffuploadcompat, contains internal padding. In particular, there is a hole after struct ffreplay to satis...

5.7AI score0.00211EPSS
Exploits0References37
UbuntuCve
UbuntuCve
added 2025/10/28 12:15 p.m.1 views

CVE-2025-40037

In the Linux kernel, the following vulnerability has been resolved: fbdev: simplefb: Fix use after free in simplefbdetachgenpds The pmdomain cleanup can not be devres managed as it uses struct simplefbpar which is allocated within struct fbinfo by framebufferalloc. This allocation is explicitly...

5.7AI score0.00194EPSS
Exploits0References20
UbuntuCve
UbuntuCve
added 2025/10/28 12:15 p.m.1 views

CVE-2025-40034

In the Linux kernel, the following vulnerability has been resolved: PCI/AER: Avoid NULL pointer dereference in aerratelimit When platform firmware supplies error information to the OS, e.g., via the ACPI APEI GHES mechanism, it may identify an error source device that doesn't advertise an AER...

5.9AI score0.00182EPSS
Exploits0References9
UbuntuCve
UbuntuCve
added 2025/10/28 12:15 p.m.1 views

CVE-2025-40030

In the Linux kernel, the following vulnerability has been resolved: pinctrl: check the return value of pinmuxops::getfunctionname While the API contract in docs doesn't specify it explicitly, the generic implementation of the getfunctionname callback from struct pinmuxops -...

5.7AI score0.00207EPSS
Exploits0References37
UbuntuCve
UbuntuCve
added 2025/10/28 12:15 p.m.1 views

CVE-2025-40050

In the Linux kernel, the following vulnerability has been resolved: bpf: Skip scalar adjustment for BPFNEG if dst is a pointer In checkaluop, the verifier currently calls checkregarg and adjustscalarminmaxvals unconditionally for BPFNEG operations. However, if the destination register holds a...

5.8AI score0.00202EPSS
Exploits0References9
UbuntuCve
UbuntuCve
added 2025/10/28 12:15 p.m.1 views

CVE-2025-40047

In the Linux kernel, the following vulnerability has been resolved: iouring/waitid: always prune wait queue entry in iowaitidwait For a successful return, always remove our entry from the wait queue entry list. Previously this was skipped if a cancelation was in progress, but this can race with...

5.7AI score0.00194EPSS
Exploits0References20
UbuntuCve
UbuntuCve
added 2025/10/28 12:15 p.m.3 views

CVE-2025-40068

In the Linux kernel, the following vulnerability has been resolved: fs: ntfs3: Fix integer overflow in rununpack The MFT record relative to the file being opened contains its runlist, an array containing information about the file's location on the physical disk. Analysis of all Call Stack paths...

5.8AI score0.00202EPSS
Exploits0References37
UbuntuCve
UbuntuCve
added 2025/10/28 12:15 p.m.5 views

CVE-2025-40063

In the Linux kernel, the following vulnerability has been resolved: crypto: comp - Use same definition of context alloc and free ops In commit 42d9f6c77479 "crypto: acomp - Move scomp stream allocation code into acomp", the cryptoacompstreams struct was made to rely on having the allocctx and...

5.7AI score0.0017EPSS
Exploits0References9
UbuntuCve
UbuntuCve
added 2025/10/28 12:15 p.m.1 views

CVE-2025-40064

In the Linux kernel, the following vulnerability has been resolved: smc: Fix use-after-free in pnetfindbasendev. syzbot reported use-after-free of netdevice in pnetfindbasendev, which was called during connect. 0 smcpnetfindismresource fetches skdstgetsk-dev and passes down to pnetfindbasendev,...

5.7AI score0.0017EPSS
Exploits0References9
UbuntuCve
UbuntuCve
added 2025/10/28 12:15 p.m.3 views

CVE-2025-40070

In the Linux kernel, the following vulnerability has been resolved: pps: fix warning in ppsregistercdev when register device fail Similar to previous commit 2a934fdb01db "media: v4l2-dev: fix error handling in videoregisterdevice", the release hook should be set before deviceregister. Otherwise,...

5.7AI score0.00193EPSS
Exploits0References37
UbuntuCve
UbuntuCve
added 2025/10/28 12:15 p.m.1 views

CVE-2025-40066

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7996: Check phy before init mstalink in mt7996macstaaddlinks In order to avoid a possible NULL pointer dereference in mt7996macstainitlink routine, move the phy pointer check before running mt7996macstainitlink in...

5.7AI score0.0017EPSS
Exploits0References9
UbuntuCve
UbuntuCve
added 2025/10/28 12:15 p.m.1 views

CVE-2025-40065

In the Linux kernel, the following vulnerability has been resolved: RISC-V: KVM: Write hgatp register with valid mode bits According to the RISC-V Privileged Architecture Spec, when MODE=Bare is selected,software must write zero to the remaining fields of hgatp. We have detected the valid mode...

5.7AI score0.0017EPSS
Exploits0References9
Total number of security vulnerabilities68528