Monthly
Text::CSV_XS versions before 1.62 for Perl have a use-after-free when registered callbacks extend the Perl argument stack, which may enable type confusion or memory corruption. The Parse, print, getline, and getline_all methods invoke registered callbacks (for example after_parse, before_print, or on_error) and cache the Perl argument stack pointer across the call. If a callback extends the argument stack enough to trigger a reallocation, the return value is written through the stale pointer into the freed buffer, and the caller reads the original $self argument as the return value instead. Calling code that expects parsed data from getline_all receives the Text::CSV_XS object in its place, leading to logic errors or crashes. Text::CSV_XS objects used without any registered callbacks are not affected.
A flaw was found in the X.Org X server. This use-after-free vulnerability occurs in the XSYNC fence triggering logic, specifically within the miSyncTriggerFence() function. An attacker with access to the X11 server can exploit this without user interaction, leading to a server crash and potentially enabling memory corruption. This could result in a denial of service or further compromise of the system.
A stack-use-after-return issue exists in the Arduino_Core_STM32 library prior to version 1.7.0. The pwm_start() function allocates a TIM_HandleTypeDef structure on the stack and passes its address to HAL initialization routines, where it is stored in a global timer handle registry. After the function returns, interrupt service routines may dereference this dangling pointer, resulting in memory corruption.
Libinput versions prior to 1.26.0 contain a dangling pointer vulnerability in Lua plugin garbage collection that allows local authenticated attackers to read sensitive data from system logs, requiring the ability to deploy malicious Lua plugin files to system directories and Lua plugin support to be enabled in the compositor. The vulnerability has a CVSS score of 3.3 (low severity) with confirmed patch availability, and poses minimal real-world risk due to high prerequisites including local file write access and plugin enablement.
VirtIO Block device driver in virtio-win fails to properly release memory during device reset, enabling a use-after-free vulnerability that allows high-privileged local attackers to corrupt kernel memory and cause system instability or denial of service. Affected versions span Red Hat Enterprise Linux 8, 9, and 10; no public exploit code or active exploitation has been identified at time of analysis, though upstream fix is available via GitHub PR.
libsoup's SoupServer contains a use-after-free vulnerability in the soup_server_disconnect() function that prematurely frees connection objects while TLS handshakes are pending, allowing remote unauthenticated attackers to trigger a server crash via denial of service when a handshake completes after memory deallocation. The vulnerability affects Red Hat Enterprise Linux versions 6, 7, 8, 9, and 10, as well as Ubuntu and Debian distributions across multiple releases. No public exploit code or active exploitation has been confirmed at the time of analysis.
The ewe Gleam web server contains an infinite loop vulnerability in the handle_trailers function that permanently wedges the BEAM process at 100% CPU when processing rejected trailer headers in chunked HTTP requests. Versions 0.8.0 through 3.0.4 are affected, and any unauthenticated remote attacker can exploit this before application code executes, making mitigation at the application level impossible. The vulnerability is patched in version 3.0.5, and while no active exploitation (KEV) or EPSS score is reported, the low attack complexity and network accessibility make this a readily exploitable denial-of-service condition.
A mongoc_bulk_operation_t may read invalid memory if large options are passed. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.
A vulnerability in the GRUB2 bootloader has been identified in the normal module. Rated medium severity (CVSS 4.9), this vulnerability is no authentication required. No vendor patch available.
A vulnerability has been identified in the GRUB2 bootloader's normal command that poses an immediate Denial of Service (DoS) risk. Rated medium severity (CVSS 4.9), this vulnerability is no authentication required. No vendor patch available.
Text::CSV_XS versions before 1.62 for Perl have a use-after-free when registered callbacks extend the Perl argument stack, which may enable type confusion or memory corruption. The Parse, print, getline, and getline_all methods invoke registered callbacks (for example after_parse, before_print, or on_error) and cache the Perl argument stack pointer across the call. If a callback extends the argument stack enough to trigger a reallocation, the return value is written through the stale pointer into the freed buffer, and the caller reads the original $self argument as the return value instead. Calling code that expects parsed data from getline_all receives the Text::CSV_XS object in its place, leading to logic errors or crashes. Text::CSV_XS objects used without any registered callbacks are not affected.
A flaw was found in the X.Org X server. This use-after-free vulnerability occurs in the XSYNC fence triggering logic, specifically within the miSyncTriggerFence() function. An attacker with access to the X11 server can exploit this without user interaction, leading to a server crash and potentially enabling memory corruption. This could result in a denial of service or further compromise of the system.
A stack-use-after-return issue exists in the Arduino_Core_STM32 library prior to version 1.7.0. The pwm_start() function allocates a TIM_HandleTypeDef structure on the stack and passes its address to HAL initialization routines, where it is stored in a global timer handle registry. After the function returns, interrupt service routines may dereference this dangling pointer, resulting in memory corruption.
Libinput versions prior to 1.26.0 contain a dangling pointer vulnerability in Lua plugin garbage collection that allows local authenticated attackers to read sensitive data from system logs, requiring the ability to deploy malicious Lua plugin files to system directories and Lua plugin support to be enabled in the compositor. The vulnerability has a CVSS score of 3.3 (low severity) with confirmed patch availability, and poses minimal real-world risk due to high prerequisites including local file write access and plugin enablement.
VirtIO Block device driver in virtio-win fails to properly release memory during device reset, enabling a use-after-free vulnerability that allows high-privileged local attackers to corrupt kernel memory and cause system instability or denial of service. Affected versions span Red Hat Enterprise Linux 8, 9, and 10; no public exploit code or active exploitation has been identified at time of analysis, though upstream fix is available via GitHub PR.
libsoup's SoupServer contains a use-after-free vulnerability in the soup_server_disconnect() function that prematurely frees connection objects while TLS handshakes are pending, allowing remote unauthenticated attackers to trigger a server crash via denial of service when a handshake completes after memory deallocation. The vulnerability affects Red Hat Enterprise Linux versions 6, 7, 8, 9, and 10, as well as Ubuntu and Debian distributions across multiple releases. No public exploit code or active exploitation has been confirmed at the time of analysis.
The ewe Gleam web server contains an infinite loop vulnerability in the handle_trailers function that permanently wedges the BEAM process at 100% CPU when processing rejected trailer headers in chunked HTTP requests. Versions 0.8.0 through 3.0.4 are affected, and any unauthenticated remote attacker can exploit this before application code executes, making mitigation at the application level impossible. The vulnerability is patched in version 3.0.5, and while no active exploitation (KEV) or EPSS score is reported, the low attack complexity and network accessibility make this a readily exploitable denial-of-service condition.
A mongoc_bulk_operation_t may read invalid memory if large options are passed. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.
A vulnerability in the GRUB2 bootloader has been identified in the normal module. Rated medium severity (CVSS 4.9), this vulnerability is no authentication required. No vendor patch available.
A vulnerability has been identified in the GRUB2 bootloader's normal command that poses an immediate Denial of Service (DoS) risk. Rated medium severity (CVSS 4.9), this vulnerability is no authentication required. No vendor patch available.