Monthly
Resource access-after-free in the Linux kernel's vfio/pci subsystem allows a local user with device access to read or corrupt PCI device resources during a race window on device shutdown, because vfio_pci_core_close_device() disabled the function before tearing down DMABUF exports. During the window the function's Memory Space Enable bit is cleared and its BARs (and their backing resources) are freed and reassignable to another driver, while stale DMABUF mappings still reference them. EPSS is low (0.14%, 4th percentile) and there is no public exploit identified at time of analysis; the upstream fix reorders cleanup to revoke DMABUF access first.
In the Linux kernel, the following vulnerability has been resolved: xfrm: hold dev ref until after transport_finish NF_HOOK After async crypto completes, xfrm_input_resume() calls dev_put() immediately on re-entry before the skb reaches transport_finish. The skb->dev pointer is then used inside NF_HOOK and its okfn, which can race with device teardown. Remove the dev_put from the async resumption entry and instead drop the reference after the NF_HOOK call in transport_finish, using a saved device pointer since NF_HOOK may consume the skb. This covers NF_DROP, NF_QUEUE and NF_STOLEN paths that skip the okfn. For non-transport exits (decaps, gro, drop) and secondary async return points, release the reference inline when async is set.
In wxWidgets before 3.2.7, a crash can be triggered in wxWidgets apps when connections are refused in wxWebRequestCURL. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
hostapd fails to process crafted RADIUS packets properly. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.
Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x contains a feature that could enable attackers to invalidate a legitimate user's session and cause a denial-of-service attack on a. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Consul and Consul Enterprise's cluster peering implementation contained a flaw whereby a peer cluster with service of the same name as a local service could corrupt Consul state, resulting in denial. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Resource access-after-free in the Linux kernel's vfio/pci subsystem allows a local user with device access to read or corrupt PCI device resources during a race window on device shutdown, because vfio_pci_core_close_device() disabled the function before tearing down DMABUF exports. During the window the function's Memory Space Enable bit is cleared and its BARs (and their backing resources) are freed and reassignable to another driver, while stale DMABUF mappings still reference them. EPSS is low (0.14%, 4th percentile) and there is no public exploit identified at time of analysis; the upstream fix reorders cleanup to revoke DMABUF access first.
In the Linux kernel, the following vulnerability has been resolved: xfrm: hold dev ref until after transport_finish NF_HOOK After async crypto completes, xfrm_input_resume() calls dev_put() immediately on re-entry before the skb reaches transport_finish. The skb->dev pointer is then used inside NF_HOOK and its okfn, which can race with device teardown. Remove the dev_put from the async resumption entry and instead drop the reference after the NF_HOOK call in transport_finish, using a saved device pointer since NF_HOOK may consume the skb. This covers NF_DROP, NF_QUEUE and NF_STOLEN paths that skip the okfn. For non-transport exits (decaps, gro, drop) and secondary async return points, release the reference inline when async is set.
In wxWidgets before 3.2.7, a crash can be triggered in wxWidgets apps when connections are refused in wxWebRequestCURL. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
hostapd fails to process crafted RADIUS packets properly. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.
Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x contains a feature that could enable attackers to invalidate a legitimate user's session and cause a denial-of-service attack on a. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Consul and Consul Enterprise's cluster peering implementation contained a flaw whereby a peer cluster with service of the same name as a local service could corrupt Consul state, resulting in denial. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.