The Linux kernel's ftrace stack trace recording mechanism lacks proper recursion protection, allowing local users with sufficient privileges to trigger an infinite recursion loop when kernel stack trace triggers are enabled on RCU events, resulting in denial of service through system hang or crash. The vulnerability affects systems where tracing is configured to capture stack traces during RCU event monitoring. No patch is currently available to address this medium-severity defect.
Memory leak in the Linux kernel's device tree unittest module allows local users with standard privileges to cause a denial of service by exhausting system memory when the of_resolve_phandles() function fails during unit test execution. The vulnerability stems from improper resource cleanup in the unittest_data_add() function, where allocated memory is not freed on error paths. A patch is not currently available.
The Linux kernel's kmalloc_nolock() function on PREEMPT_RT systems fails to properly validate execution context before acquiring a sleeping lock, causing a kernel panic when BPF programs execute from tracepoints with preemption disabled. A local attacker with ability to run BPF programs can trigger a denial of service by causing the kernel to attempt sleeping operations in invalid contexts. No patch is currently available for this medium-severity vulnerability.
In the Linux kernel, the following vulnerability has been resolved: iommu/sva: invalidate stale IOTLB entries for kernel address space Introduce a new IOMMU interface to flush IOTLB paging cache entries for the CPU kernel address space.
A deadlock condition in the Linux kernel's ath12k WiFi driver occurs when management frame transmission is blocked by the wiphy lock during flush operations, causing the wireless interface to hang and preventing authentication. Local users with sufficient privileges can trigger this condition by initiating WiFi authentication while pending management frames are being flushed, resulting in a denial of service. No patch is currently available for this medium-severity vulnerability.
The Linux kernel's ARM64 hibernation resume function fails to disable Control Flow Integrity (CFI) checking, causing a data abort exception when resuming from hibernation on affected systems. A local attacker with hibernation access could trigger a denial of service by invoking the resume function without proper CFI validation. This affects Linux kernel deployments on ARM64 architecture, though no patch is currently available.
Linux kernel perf subsystem allows local authenticated users to trigger a use-after-free condition via refcount manipulation when creating perf event group members with PERF_FLAG_FD_OUTPUT flag, resulting in denial of service through kernel warnings and potential system instability. This vulnerability requires local access and existing privileges to exploit, with no patch currently available.
The Intel i225/i226 Ethernet controller driver in the Linux kernel is susceptible to TX unit hangs during heavy timestamping operations due to insufficient packet buffer allocation. A local user with low privileges can trigger denial of service by generating sustained timestamped network traffic that exhausts the 7KB per-queue TX buffer, requiring a kernel patch that reduces the buffer to 5KB per hardware specification to mitigate the hang condition.
A NULL pointer dereference in the Linux kernel's ice driver occurs when devlink reload fails and the driver is subsequently removed, affecting systems using Intel ice network adapters. A local privileged user can trigger this denial of service condition by initiating a devlink reinit operation that fails, leaving the hardware in an uninitialized state. The vulnerability stems from a missing ice_deinit_hw() call in the devlink reinit path that leaves control queues uninitialized.
Improper handling of reset and clock masking in the Linux kernel's i.MX8MQ VPU power domain controller can cause system hangs when attempting to independently reset GPU cores. Local attackers with sufficient privileges can trigger this vulnerability by manipulating VPU reset operations, leading to denial of service. A patch is not currently available.
Linux kernel ptrace operations on ARM64 systems without SME support can corrupt SVE register state, causing the kernel to enter an invalid FPSIMD configuration that triggers warnings and potential instability. A local attacker with ptrace privileges can exploit this to cause a denial of service by manipulating SVE register writes on affected systems. The vulnerability requires local access and is present on Linux systems running vulnerable kernel versions without an available patch.
In the Linux kernel, the following vulnerability has been resolved: mmc: sdhci-of-dwcmshc: Prevent illegal clock reduction in HS200/HS400 mode When operating in HS200 or HS400 timing modes, reducing the clock frequency below 52MHz will lead to link broken as the Rockchip DWC MSHC controller requires maintaining a minimum clock of 52MHz in these modes.
CVE-2025-71223 is a security vulnerability (CVSS 5.5). Remediation should follow standard vulnerability management procedures.
CVE-2025-71204 is a security vulnerability (CVSS 5.5). Remediation should follow standard vulnerability management procedures.
A null pointer dereference in the Linux kernel's mlx5e TC steering driver allows local attackers with user privileges to cause a denial of service by triggering improper flow deletion logic that attempts to access non-existent device peers. The vulnerability occurs when deleting TC flows without validating peer existence, leading to kernel crashes. No patch is currently available for this medium-severity flaw affecting Linux systems with Mellanox network drivers.
The Linux kernel amdgpu graphics driver crashes with a NULL pointer dereference on APU platforms (Raven, Renoir) when SVM page fault recovery attempts to access uninitialized interrupt ring buffers that only exist on discrete GPUs. A local authenticated attacker can trigger this denial of service by enabling retry faults on affected APUs. No patch is currently available.
The Linux kernel's octeon_ep driver fails to properly clean up allocated memory and mapped resources when the octep_ctrl_net_init() function fails during device setup, resulting in a local denial of service condition. An authenticated local attacker could trigger this memory leak by causing the initialization to fail, exhausting system memory over time. A patch is not currently available for this vulnerability.
A null pointer dereference in the Linux kernel's perf scheduler functionality causes a denial of service when handling user space stacktraces for certain kernel tasks. Local attackers with low privileges can trigger this crash by exploiting inconsistent task classification logic that fails to properly identify user versus kernel tasks. The vulnerability affects the Linux kernel with no patch currently available.
The Linux kernel's btrfs send functionality fails to validate whether file extent items are inline extents before accessing the disk_bytenr field, potentially causing invalid memory access or metadata corruption on affected systems. A local attacker with file system access could exploit this to trigger a denial of service condition through carefully crafted inline extent items. No patch is currently available for this medium-severity vulnerability.
The Linux kernel ath12k WiFi driver incorrectly frees DMA memory buffers using aligned addresses instead of the original unaligned pointers returned by dma_alloc_coherent(), potentially causing memory management errors and denial of service on systems using affected WiFi hardware. A local attacker with user privileges can trigger this vulnerability through normal WiFi driver operations, leading to system instability or crashes. No patch is currently available for this medium-severity vulnerability.
Uninitialized pointer dereferences in the Linux kernel's interconnect debugfs implementation can cause denial of service when users interact with src_node and dst_node debugfs entries. A local attacker with standard user privileges can trigger memory access violations through reads or writes to these debugfs interfaces, crashing the system or causing kernel instability. No patch is currently available for this medium-severity vulnerability.
The Linux kernel io_uring/io-wq subsystem fails to properly monitor exit signals during work execution loops, allowing a local attacker with user privileges to cause the work queue to hang indefinitely by queuing operations that take excessive time to complete. This denial of service condition prevents the io-wq worker threads from shutting down gracefully, potentially blocking system operations that depend on io_uring. No patch is currently available for this vulnerability.
A null pointer dereference in the CephFS kernel client's MDS authentication matching function (ceph_mds_auth_match()) allows local attackers with low privileges to cause a denial of service by crashing the kernel when the mds_namespace mount option is not specified. This regression affects Linux kernel versions 6.18-rc1 and later, impacting systems using CephFS with default mount configurations. No patch is currently available for this vulnerability.
A NULL pointer dereference in the Intel ice network driver's ice_vsi_set_napi_queues() function can cause a kernel crash on Linux systems during suspend/resume operations when ring queue vectors are improperly initialized. Local users with standard privileges can trigger this denial of service condition through standard power management operations like systemctl suspend. No patch is currently available for this vulnerability affecting Linux kernel v6.18 and the Intel E810 Ethernet adapter family.
GSO segmentation when forwarding GRO packets containing a frag_list. The function skb_segment_list cannot correctly process GRO skbs contains a security vulnerability.
The Linux kernel's Bluetooth MGMT subsystem fails to properly deallocate memory structures in the set_ssp_complete() function, resulting in a memory leak for each completed SSP command. A local attacker with unprivileged user access can exploit this to cause denial of service through memory exhaustion over time. No patch is currently available.
The Linux kernel's DPLL subsystem fails to prevent duplicate pin registrations, allowing callers to register the same pin multiple times and causing memory management issues during unregistration. A local attacker with unprivileged access could trigger this condition to cause a denial of service through kernel warnings or crashes. No patch is currently available for this vulnerability.
Linux kernel dirty page throttling can cause system hangs when cgroup memory limits are restrictive, as processes become stuck waiting on balance_dirty_pages() io_schedule_timeout() calls. A local user with write permissions can trigger a denial of service by exhausting dirty page limits through intensive file operations, potentially freezing the system. No patch is currently available for affected kernels prior to v6.18.
Scheduler Widget (WordPress plugin) versions up to 0.1.6. is affected by authorization bypass through user-controlled key (CVSS 5.4).
Authenticated attackers with contributor-level access to WordPress sites can bypass authorization checks in the Accordion and Accordion Slider plugin (versions up to 1.4.5) to read and modify attachment metadata across the entire site. The vulnerability exists in improper permission validation within the attachment data handling functions, allowing unauthorized access to file paths, titles, captions, alt text, and custom links. No patch is currently available.
Unauthenticated attackers can modify the CallbackKiller service widget plugin's site ID settings in WordPress versions up to 1.2 due to missing capability checks in the AJAX handler, allowing unauthorized data manipulation without authentication. The vulnerability requires no user interaction and can be exploited remotely, though no patch is currently available.
One to one user Chat by WPGuppy (WordPress plugin) is affected by missing authentication for critical function (CVSS 5.3).
The StickEasy Protected Contact Form plugin for WordPress is vulnerable to Sensitive Information Disclosure in all versions up to, and including, 1.0.2. The plugin stores spam detection logs at a predictable publicly accessible location (wp-content/uploads/stickeasy-protected-contact-form/spcf-log.txt). This makes it possible for unauthenticated attackers to download the log file and access sensitive information including visitor IP addresses, email addresses, and comment snippets from contac...
The WP Last Modified Info plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.9.5. This is due to the plugin not validating a user's access to a post before modifying its metadata in the 'bulk_save' AJAX action. This makes it possible for authenticated attackers, with Author-level access and above, to update the last modified metadata and lock the modification date of arbitrary posts, including those created by Administrators via the ...
Easy Form Builder (WordPress plugin) versions up to 3.9.3. is affected by missing authorization (CVSS 5.3).
The MailChimp Campaigns WordPress plugin through version 3.2.4 lacks proper authorization checks on an AJAX function, allowing authenticated subscribers to disconnect the site's MailChimp integration. This capability bypass enables low-privileged users to disrupt automated email campaigns and marketing workflows. No patch is currently available.
Unauthenticated attackers can modify appointment statuses in the Bookr WordPress plugin (versions up to 1.0.2) due to a missing capability check on the REST API endpoint. This allows unauthorized data manipulation without authentication or user interaction. No patch is currently available for this vulnerability.
The MP3 Audio Player plugin for WordPress versions 5.3-5.10 contains a server-side request forgery vulnerability in the lyrics loading function that allows authenticated users with author privileges to initiate arbitrary web requests from the affected server. This capability enables attackers to interact with internal services and potentially access or modify sensitive data on systems reachable from the web application.
The BFG Tools - Extension Zipper plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.0.7. This is due to insufficient input validation on the user-supplied `first_file` parameter in the `zip()` function. [CVSS 4.9 MEDIUM]
SQL injection in Mail Mint plugin for WordPress (versions up to 1.19.2) allows authenticated administrators to execute arbitrary SQL queries through improperly sanitized parameters in multiple API endpoints. An attacker with admin-level access could exploit insufficient input escaping on 'order-by', 'order-type', and 'selectedCourses' parameters to extract sensitive data from the WordPress database. No patch is currently available for this vulnerability.
A race condition in the Linux kernel NFC subsystem allows local attackers with low privileges to cause a denial of service by triggering a use-after-free condition between rfkill device unregistration and NCI command queue destruction. An attacker can exploit this by closing a virtual NCI device file while rfkill operations are in progress, causing the kernel to access a destroyed work queue. No patch is currently available for this vulnerability.
The Linux kernel's ice driver contains a race condition in PTP (Precision Time Protocol) handling where periodic work can execute while the Virtual Station Interface (VSI) is being rebuilt, causing a NULL pointer dereference when accessing rx_rings. A local attacker with low privileges can trigger this vulnerability to cause a denial of service by crashing the kernel. No patch is currently available for this medium-severity vulnerability.
The Tegra210-QSPI driver in the Linux kernel is vulnerable to a race condition where an unprotected NULL pointer check in the interrupt handler can be exploited by a local attacker with low privileges to cause a denial of service through kernel panic. The vulnerability occurs when the timeout path clears the curr_xfer pointer while the ISR thread is simultaneously accessing it, resulting in a NULL dereference. A patch is available to resolve this issue by properly synchronizing access with spinlock protection.
A race condition in the Linux kernel's FireWire core transaction handling allows local attackers with low privileges to cause a denial of service by triggering concurrent processing of AR response and AT request completion events without proper synchronization. The vulnerability stems from transaction list enumeration occurring outside the card lock scope, enabling memory corruption or system crashes when exploited. No patch is currently available for this issue.
The Linux kernel netdevsim driver contains a race condition in the bpf_bound_progs list operations where concurrent calls to nsim_bpf_create_prog() and nsim_bpf_destroy_prog() can corrupt the list and trigger kernel crashes. A local attacker with limited privileges can exploit this vulnerability to cause a denial of service by manipulating eBPF program creation and destruction. No patch is currently available for this issue.
A race condition in the Linux kernel's serial driver allows local attackers with low privileges to bypass TTY device linkage during console configuration, potentially enabling unauthorized access to serial console interfaces on Qualcomm SoCs and other affected systems. The vulnerability stems from improper initialization ordering that fails to configure tty->port before uart_configure_port() is called, creating a window where user-space applications can open the console without proper driver linkage. No patch is currently available.
A race condition in the Linux kernel's rxrpc subsystem allows local attackers with limited privileges to cause a denial of service by exploiting unsynchronized access to the last_tx_at timestamp variable, potentially triggering load/store tearing on 32-bit architectures. The vulnerability requires local access and specific timing conditions to trigger, but can result in system instability or crash when successfully exploited. No patch is currently available.
AMP Enhancer plugin for WordPress versions up to 1.0.49 allows authenticated administrators to inject stored XSS payloads through the Custom CSS setting due to insufficient input sanitization, affecting multi-site installations and those with unfiltered_html disabled. An attacker with admin-level access can execute arbitrary JavaScript in the context of user browsers visiting affected pages. A security patch is not yet available.
Stored XSS in the WordPress User Language Switch plugin through the 'tab_color_picker_language_switch' parameter allows authenticated administrators to inject malicious scripts on multi-site installations or when unfiltered_html is disabled. The injected scripts execute in the context of other users accessing affected pages. This vulnerability affects all versions up to 1.6.10, with no patch currently available.
Allow HTML in Category Descriptions (WordPress plugin) is affected by cross-site scripting (xss) (CVSS 4.4).