68528 matches found
CVE-2025-11374
Consul and Consul Enterprise’s “Consul” key/value endpoint is vulnerable to denial of service DoS due to incorrect Content Length header validation. This vulnerability, CVE-2025-11374, is fixed in Consul Community Edition 1.22.0 and Consul Enterprise 1.22.0, 1.21.6, 1.20.8 and 1.18.12...
CVE-2025-11375
Consul and Consul Enterprise’s “Consul” event endpoint is vulnerable to denial of service DoS due to lack of maximum value on the Content Length header. This vulnerability, CVE-2025-11375, is fixed in Consul Community Edition 1.22.0 and Consul Enterprise 1.22.0, 1.21.6, 1.20.8 and 1.18.12...
CVE-2025-61104
FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the showvtyunknowntlv function at ospfext.c. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted OSPF packet...
CVE-2025-61103
FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the showvtyextlinklanadjsid function at ospfext.c. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted OSPF packet...
CVE-2025-61107
FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the showvtyextprefprefsid function at ospfext.c. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted LSA Update packet...
CVE-2025-61106
FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the showvtyextprefprefsid function at ospfext.c. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted OSPF packet...
CVE-2025-12380
Starting with Firefox 142, it was possible for a compromised child process to trigger a use-after-free in the GPU or browser process using WebGPU-related IPC calls. This may have been usable to escape the child process sandbox. This vulnerability was fixed in Firefox 144.0.2...
CVE-2025-40060
In the Linux kernel, the following vulnerability has been resolved: coresight: trbe: Return NULL pointer for allocation failures When the TRBE driver fails to allocate a buffer, it currently returns the error code "-ENOMEM". However, the caller etmsetupaux only checks for a NULL pointer, so it...
CVE-2025-40080
In the Linux kernel, the following vulnerability has been resolved: nbd: restrict sockets to TCP and UDP Recently, syzbot started to abuse NBD with all kinds of sockets. Commit cf1b2326b734 "nbd: verify socket is supported during setup" made sure the socket supported a shutdown method. Explicitel...
CVE-2025-40049
In the Linux kernel, the following vulnerability has been resolved: Squashfs: fix uninit-value in squashfsgetparent Syzkaller reports a "KMSAN: uninit-value in squashfsgetparent" bug. This is caused by openbyhandleat being called with a file handle containing an invalid parent inode number. In...
CVE-2025-40062
In the Linux kernel, the following vulnerability has been resolved: crypto: hisilicon/qm - set NULL to qm-debug.qmdiffregs When the initialization of qm-debug.accdiffreg fails, the probe process does not exit. However, after qm-debug.qmdiffregs is freed, it is not set to NULL. This can lead to a...
CVE-2025-40043
In the Linux kernel, the following vulnerability has been resolved: net: nfc: nci: Add parameter validation for packet data Syzbot reported an uninitialized value bug in nciinitreq, which was introduced by commit 5aca7966d2a7 "Merge tag 'perf-tools-fixes-for-v6.17-2025-09-16' of...
CVE-2025-40039
In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fix race condition in RPC handle list access The 'sess-rpchandlelist' XArray manages RPC handles within a ksmbd session. Access to this list is intended to be protected by 'sess-rpclock' an rwsemaphore. However, the lockin...
CVE-2025-40031
In the Linux kernel, the following vulnerability has been resolved: tee: fix registershmhelper In registershmhelper, fix incorrect error handling for a call to ioviterextractpages. A case is missing for when ioviterextractpages only got some pages and return a number larger than 0, but not the...
CVE-2025-40082
In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix slab-out-of-bounds read in hfsplusuni2asc BUG: KASAN: slab-out-of-bounds in hfsplusuni2asc+0xa71/0xb90 fs/hfsplus/unicode.c:186 Read of size 2 at addr ffff8880289ef218 by task syz.6.248/14290 CPU: 0 UID: 0 PID: 14290...
CVE-2025-40081
In the Linux kernel, the following vulnerability has been resolved: perf: armspe: Prevent overflow in PERFIDX2OFF Cast nrpages to unsigned long to avoid overflow when handling large AUX buffer sizes = 2 GiB...
CVE-2025-40042
In the Linux kernel, the following vulnerability has been resolved: tracing: Fix race condition in kprobe initialization causing NULL pointer dereference There is a critical race condition in kprobe initialization that can lead to NULL pointer dereference and kernel crash. 1135630.084782 Unable t...
CVE-2025-40048
In the Linux kernel, the following vulnerability has been resolved: uiohvgeneric: Let userspace take care of interrupt mask Remove the logic to set interrupt mask by default in uiohvgeneric driver as the interrupt mask value is supposed to be controlled completely by the user space. If the mask b...
CVE-2025-40040
In the Linux kernel, the following vulnerability has been resolved: mm/ksm: fix flag-dropping behavior in ksmmadvise syzkaller discovered the following crash: kernel BUG 44.607039 ------------ cut here ------------ 44.607422 kernel BUG at mm/userfaultfd.c:2067! 44.608148 Oops: invalid opcode: 000...
CVE-2025-40055
In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix double free in userclusterconnect userclusterdisconnect frees "conn-ccprivate" which is "lc" but then the error handling frees "lc" a second time. Set "lc" to NULL on this path to avoid a double free...
CVE-2025-40029
In the Linux kernel, the following vulnerability has been resolved: bus: fsl-mc: Check return value of platformgetresource platformgetresource returns NULL in case of failure, so check its return value and propagate the error in order to prevent NULL pointer dereference...
CVE-2025-40074
In the Linux kernel, the following vulnerability has been resolved: ipv4: start using dstdevrcu Change icmpv4xrlimallow, ipdefrag to prevent possible UAF. Change ipmrpreparexmit, ipmrqueuefwdxmit, ipmroutput, ipv4neighlookup to use lockdep enabled dstdevrcu...
CVE-2025-40057
In the Linux kernel, the following vulnerability has been resolved: ptp: Add a upper bound on maxvclocks syzbot reported WARNING in maxvclocksstore. This occurs when the argument max is too large for kcalloc to handle. Extend the guard to guard against values that are too large for kcalloc...
CVE-2025-40076
In the Linux kernel, the following vulnerability has been resolved: PCI: rcar-host: Pass proper IRQ domain to generichandledomainirq Starting with commit dd26c1a23fd5 "PCI: rcar-host: Switch to msicreateparentirqdomain", the MSI parent IRQ domain is NULL because the object of type struct...
CVE-2025-40041
In the Linux kernel, the following vulnerability has been resolved: LoongArch: BPF: Sign-extend struct ops return values properly The nsbpfqdisc selftest triggers a kernel panic: Oops1: CPU 0 Unable to handle kernel paging request at virtual address 0000000000741d58, era == 90000000851b5ac0, ra =...
CVE-2025-40038
In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Skip fastpath emulation on VM-Exit if next RIP isn't valid Skip the WRMSR and HLT fastpaths in SVM's VM-Exit handler if the next RIP isn't valid, e.g. because KVM is running with nrips=false. SVM must decode and emulate...
CVE-2025-40078
In the Linux kernel, the following vulnerability has been resolved: bpf: Explicitly check accesses to bpfsockaddr Syzkaller found a kernel warning on the following sockaddr program: 0: r0 = 0 1: r2 = u32 r1 +60 2: exit which triggers: verifier bug: error during ctx access conversion 0 This is...
CVE-2025-40033
In the Linux kernel, the following vulnerability has been resolved: remoteproc: pru: Fix potential NULL pointer dereference in prurprocsetctable prurprocsetctable accessed rproc-priv before the ISERRORNULL check, which could lead to a null pointer dereference. Move the pru assignment, ensuring we...
CVE-2025-40056
In the Linux kernel, the following vulnerability has been resolved: vhost: vringh: Fix copytoiter return value check The return value of copytoiter can't be negative, check whether the copied length is equal to the requested length instead of checking for negative values...
CVE-2025-40046
In the Linux kernel, the following vulnerability has been resolved: iouring/zcrx: fix overshooting recv limit It's reported that sometimes a zcrx request can receive more than was requested. It's caused by iozcrxrecvskb adjusting desc-count for all received buffers including frag lists, but then...
CVE-2025-40054
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix UAF issue in f2fsmergepagebio As JY reported in bugzilla 1, Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 pc : 0xffffffe51d249484 f2fsiscpguaranteed+0x70/0x98 lr : 0xffffffe51d24ad...
CVE-2025-40052
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix crypto buffers in non-linear memory The crypto API, through the scatterlist API, expects input buffers to be in linear memory. We handle this with the cifssgsetbuf helper that converts vmalloc'd memory to their...
CVE-2025-40073
In the Linux kernel, the following vulnerability has been resolved: drm/msm: Do not validate SSPP when it is not ready Current code will validate current plane and previous plane to confirm they can share a SSPP with multi-rect mode. The SSPP is already allocated for previous plane, while current...
CVE-2025-40072
In the Linux kernel, the following vulnerability has been resolved: fanotify: Validate the return value of mntnsfromdentry before dereferencing The function dofanotifymark does not validate if mntnsfromdentry returns NULL before dereferencing mntns-userns. This causes a NULL pointer dereference i...
CVE-2025-40061
In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix race in dotask when draining When dotask exhausts its iteration budget !ret, it sets the state to TASKSTATEIDLE to reschedule, without a secondary check on the current task-state. This can overwrite the...
CVE-2025-40058
In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Disallow dirty tracking if incoherent page walk Dirty page tracking relies on the IOMMU atomically updating the dirty bit in the paging-structure entry. For this operation to succeed, the paging- structure memory must...
CVE-2025-40059
In the Linux kernel, the following vulnerability has been resolved: coresight: Fix incorrect handling for return value of devmkzalloc The return value of devmkzalloc could be an null pointer, use "!desc.pdata" to fix incorrect handling return value of devmkzalloc...
CVE-2025-40079
In the Linux kernel, the following vulnerability has been resolved: riscv, bpf: Sign extend struct ops return values properly The nsbpfqdisc selftest triggers a kernel panic: Unable to handle kernel paging request at virtual address ffffffffa38dbf58 Current testprogs pgtable: 4K pagesize, 57-bit...
CVE-2025-40035
In the Linux kernel, the following vulnerability has been resolved: Input: uinput - zero-initialize uinputffuploadcompat to avoid info leak Struct ffeffectcompat is embedded twice inside uinputffuploadcompat, contains internal padding. In particular, there is a hole after struct ffreplay to satis...
CVE-2025-40037
In the Linux kernel, the following vulnerability has been resolved: fbdev: simplefb: Fix use after free in simplefbdetachgenpds The pmdomain cleanup can not be devres managed as it uses struct simplefbpar which is allocated within struct fbinfo by framebufferalloc. This allocation is explicitly...
CVE-2025-40034
In the Linux kernel, the following vulnerability has been resolved: PCI/AER: Avoid NULL pointer dereference in aerratelimit When platform firmware supplies error information to the OS, e.g., via the ACPI APEI GHES mechanism, it may identify an error source device that doesn't advertise an AER...
CVE-2025-40030
In the Linux kernel, the following vulnerability has been resolved: pinctrl: check the return value of pinmuxops::getfunctionname While the API contract in docs doesn't specify it explicitly, the generic implementation of the getfunctionname callback from struct pinmuxops -...
CVE-2025-40050
In the Linux kernel, the following vulnerability has been resolved: bpf: Skip scalar adjustment for BPFNEG if dst is a pointer In checkaluop, the verifier currently calls checkregarg and adjustscalarminmaxvals unconditionally for BPFNEG operations. However, if the destination register holds a...
CVE-2025-40047
In the Linux kernel, the following vulnerability has been resolved: iouring/waitid: always prune wait queue entry in iowaitidwait For a successful return, always remove our entry from the wait queue entry list. Previously this was skipped if a cancelation was in progress, but this can race with...
CVE-2025-40068
In the Linux kernel, the following vulnerability has been resolved: fs: ntfs3: Fix integer overflow in rununpack The MFT record relative to the file being opened contains its runlist, an array containing information about the file's location on the physical disk. Analysis of all Call Stack paths...
CVE-2025-40063
In the Linux kernel, the following vulnerability has been resolved: crypto: comp - Use same definition of context alloc and free ops In commit 42d9f6c77479 "crypto: acomp - Move scomp stream allocation code into acomp", the cryptoacompstreams struct was made to rely on having the allocctx and...
CVE-2025-40064
In the Linux kernel, the following vulnerability has been resolved: smc: Fix use-after-free in pnetfindbasendev. syzbot reported use-after-free of netdevice in pnetfindbasendev, which was called during connect. 0 smcpnetfindismresource fetches skdstgetsk-dev and passes down to pnetfindbasendev,...
CVE-2025-40070
In the Linux kernel, the following vulnerability has been resolved: pps: fix warning in ppsregistercdev when register device fail Similar to previous commit 2a934fdb01db "media: v4l2-dev: fix error handling in videoregisterdevice", the release hook should be set before deviceregister. Otherwise,...
CVE-2025-40066
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7996: Check phy before init mstalink in mt7996macstaaddlinks In order to avoid a possible NULL pointer dereference in mt7996macstainitlink routine, move the phy pointer check before running mt7996macstainitlink in...
CVE-2025-40065
In the Linux kernel, the following vulnerability has been resolved: RISC-V: KVM: Write hgatp register with valid mode bits According to the RISC-V Privileged Architecture Spec, when MODE=Bare is selected,software must write zero to the remaining fields of hgatp. We have detected the valid mode...