Redhat
Monthly
In the Linux kernel, the following vulnerability has been resolved: pinmux: fix race causing mux_owner NULL with active mux_usecount commit 5a3e85c3c397 ("pinmux: Use sequential access to access. Rated medium severity (CVSS 4.7).
In the Linux kernel, the following vulnerability has been resolved: clk: imx95-blk-ctl: Fix synchronous abort When enabling runtime PM for clock suppliers that also belong to a power domain, the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
In the Linux kernel, the following vulnerability has been resolved: fbdev: imxfb: Check fb_add_videomode to prevent null-ptr-deref fb_add_videomode() can fail with -ENOMEM when its internal kmalloc(). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb: scarlett2: Fix missing NULL check scarlett2_input_select_ctl_info() sets up the string arrays allocated via kasprintf(),. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.
In the Linux kernel, the following vulnerability has been resolved: vdpa/mlx5: Fix release of uninitialized resources on error path The commit in the fixes tag made sure that mlx5_vdpa_free() is the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.
Use-after-free in the Linux kernel f2fs compression subsystem allows local authenticated attackers to achieve high confidentiality, integrity, and availability impact (CVSS 7.8). The vulnerability permits exploitation through a race condition where an inode can be freed while still referenced by asynchronous decompression work queues, leading to potential arbitrary code execution, information disclosure, or denial of service. With an EPSS score of 0.02% (5th percentile) and no public exploit identified at time of analysis, real-world exploitation risk remains relatively low despite the high severity score.
Linux kernel f2fs file system denial of service via out-of-space panic in LFS mode allows local authenticated users to crash the system by triggering excessive block allocation during parallel asynchronous I/O operations. The vulnerability affects systems mounted with the 'mode=lfs' option and causes a kernel BUG panic in new_curseg() when foreground garbage collection is not triggered proactively during f2fs_map_blocks(). EPSS exploitation probability is low at 0.02% (4th percentile), indicating limited real-world exploitation likelihood despite CVSS 5.5 availability impact rating. Vendor-released patches are available across multiple kernel stable branches.
In the Linux kernel, the following vulnerability has been resolved: vfio/pds: Fix missing detach_ioas op When CONFIG_IOMMUFD is enabled and a device is bound to the pds_vfio_pci driver, the following. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
In the Linux kernel, the following vulnerability has been resolved: PCI: pnv_php: Clean up allocated IRQs on unplug When the root of a nested PCIe bridge configuration is unplugged, the pnv_php. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
In the Linux kernel, the following vulnerability has been resolved: PCI: pnv_php: Fix surprise plug detection and recovery The existing PowerNV hotplug code did not handle surprise plug events. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
In the Linux kernel, the following vulnerability has been resolved: net: drop UFO packets in udp_rcv_segment() When sending a packet with virtio_net_hdr to tun device, if the gso_type in. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
In the Linux kernel, the following vulnerability has been resolved: md: make rdev_addable usable for rcu mode Our testcase trigger panic: BUG: kernel NULL pointer dereference, address:. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
In the Linux kernel, the following vulnerability has been resolved: zloop: fix KASAN use-after-free of tag set When a zoned loop device, or zloop device, is removed, KASAN enabled kernel reports "BUG. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
In the Linux kernel, the following vulnerability has been resolved: media: ti: j721e-csi2rx: fix list_del corruption If ti_csi2rx_start_dma() fails in ti_csi2rx_dma_callback(), the buffer is marked. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.
In the Linux kernel, the following vulnerability has been resolved: vsock: Do not allow binding to VMADDR_PORT_ANY It is possible for a vsock to autobind to VMADDR_PORT_ANY. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
A race condition exists in the Linux kernel's packet socket implementation between the packet_set_ring() and packet_notifier() functions, where a temporary lock release allows a NETDEV_UP event to be processed while the socket is in an inconsistent state. This vulnerability affects all Linux kernel versions from 2.6.12 onwards and requires local privilege (non-root user) with moderately high attack complexity to exploit, resulting in a denial of service through resource exhaustion or system crash. The EPSS score of 0.01% indicates extremely low real-world exploitation probability despite the availability of patches and detailed technical analysis from Google security research.
In the Linux kernel, the following vulnerability has been resolved: tls: handle data disappearing from under the TLS ULP TLS expects that it owns the receive queue of the TCP socket. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.
In the Linux kernel, the following vulnerability has been resolved: tls: stop recv() if initial process_rx_list gave us non-DATA If we have a non-DATA record on the rx_list and another record of the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Uncontrolled Resource Consumption vulnerability in Legion of the Bouncy Castle Inc. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in markdown-it allows Cross-Site Scripting (XSS). Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability has been found in yarnpkg Yarn up to 1.22.22. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
A flaw was found in org.keycloak/keycloak-model-storage-service. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
vite-plugin-static-copy is rollup-plugin-copy for Vite with dev server support. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A buffer overflow vulnerability exists in libsndfile version 1.2.2 and potentially earlier versions when processing malformed IRCAM audio files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
vLLM is an inference and serving engine for large language models (LLMs). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.
A vulnerability was determined in cmake 4.1.20250725-gb5cce23. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.
Improper Input Validation vulnerability in sha.js allows Input Data Manipulation.js: through 2.4.11. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.
Improper Input Validation vulnerability in cipher-base allows Input Data Manipulation.0.4. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.
In Eclipse Jetty, versions <=9.4.57, <=10.0.25, <=11.0.25, <=12.0.21, <=12.1.0.alpha2, an HTTP/2 client may trigger the server to send RST_STREAM frames, for example by sending frames that are. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Critical XXE in Apache Tika (tika-parser-pdf-module) in Apache Tika 1.13 through and including 3.2.1 on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A vulnerability was found in the Cryostat HTTP API. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable. No vendor patch available.
There's a vulnerability in the libssh package where when a libssh consumer passes in an unexpectedly large input buffer to ssh_get_fingerprint_hash() function. Rated medium severity (CVSS 4.5). No vendor patch available.
There's a vulnerability in the CRI-O application where when container is launched with securityContext.runAsUser specifying a non-existent user, CRI-O attempts to create the user, reading the. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The mirror-registry doesn't properly sanitize the host header HTTP header in HTTP request received, allowing an attacker to perform malicious redirects to attacker-controlled domains or phishing. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
qBit Manage is a tool that helps manage tedious tasks in qBittorrent and automate them. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: cancle set bad inode after removing name fails The reproducer uses a file0 on a ntfs3 file system with a corrupted. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
In the Linux kernel, the following vulnerability has been resolved: eventpoll: Fix semi-unbounded recursion Ensure that epoll instances can never form a graph deeper than EP_MAX_NESTS+1 links. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
In the Linux kernel, the following vulnerability has been resolved: staging: gpib: fix unset padding field copy back to userspace The introduction of a padding field in the gpib_board_info_ioctl is. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.
In the Linux kernel, the following vulnerability has been resolved: staging: fbtft: fix potential memory leak in fbtft_framebuffer_alloc() In the error paths after fb_info structure is successfully. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
In the Linux kernel, the following vulnerability has been resolved: powercap: dtpm_cpu: Fix NULL pointer dereference in get_pd_power_uw() The get_pd_power_uw() function can crash with a NULL pointer. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
In the Linux kernel, the following vulnerability has been resolved: PM / devfreq: Check governor before using governor->name Commit 96ffcdf239de ("PM / devfreq: Remove redundant governor_name from. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.
In the Linux kernel, the following vulnerability has been resolved: bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls When sending plaintext data, we initially calculated the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.
In the Linux kernel, the following vulnerability has been resolved: bpf: handle jset (if a & b ...) as a jump in CFG computation BPF_JSET is a conditional jump and currently verifier.c:can_jump(). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Avoid accessing uninitialized arvif->ar during beacon miss During beacon miss handling, ath12k driver iterates over. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.
In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Pass ab pointer directly to ath12k_dp_tx_get_encap_type() In ath12k_dp_tx_get_encap_type(), the arvif parameter is. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.
In the Linux kernel, the following vulnerability has been resolved: wifi: rtl818x: Kill URBs before clearing tx status queue In rtl8187_stop() move the call of usb_kill_anchored_urbs() before. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.
In the Linux kernel, the following vulnerability has been resolved: iwlwifi: Add missing check for alloc_ordered_workqueue Add check for the return value of alloc_ordered_workqueue since it may. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: clear initialized flag for deinit-ed srng lists In a number of cases we see kernel panics on resume due to ath11k. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7925: fix off by one in mt7925_mcu_hw_scan() The ssid->ssids[] and sreq->ssids[] arrays have. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7996: Fix possible OOB access in mt7996_tx() Fis possible Out-Of-Boundary access in mt7996_tx routine if link_id is. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix use-after-free in amdgpu_userq_suspend+0x51a/0x5a0 [ +0.000020] BUG: KASAN: slab-use-after-free in. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
In the Linux kernel, the following vulnerability has been resolved: drm/rockchip: vop2: fail cleanly if missing a primary plane for a video-port Each window of a vop2 is usable by a specific set of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.
In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Fix UAF in panthor_gem_create_with_handle() debugfs code The object is potentially already gone after the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
In the Linux kernel, the following vulnerability has been resolved: xen: fix UAF in dmabuf_exp_from_pages() [dma_buf_fd() fixes; no preferences regarding the tree it goes through - up to xen folks]. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix UAF on sva unbind with pending IOPFs Commit 17fce9d2336d ("iommu/vt-d: Put iopf enablement in domain attach path"). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_sync: fix double free in 'hci_discovery_filter_clear()' Function 'hci_discovery_filter_clear()' frees 'uuids' array. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_devcd_dump: fix out-of-bounds via dev_coredumpv Currently both dev_coredumpv and skb_put_data in hci_devcd_dump use. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.
A vulnerability in the Linux kernel's BPF (Berkeley Packet Filter) verifier allows unprivileged local users to trigger a kernel warning and denial of service by performing narrower-than-expected memory access to pointer context fields. The flaw exists in how the verifier handles pointer field access validation in context structures like __sk_buff, where it incorrectly permits sub-byte or misaligned reads that should be rejected. An attacker with local user privileges can craft a malicious BPF program that causes the kernel to emit a verifier warning ("verifier bug: error during ctx access conversion") and potentially crash or destabilize the system, affecting all Linux kernel versions prior to the patched releases.
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Remove skb secpath if xfrm state is not found Hardware returns a unique identifier for a decrypted packet's xfrm state,. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.
In the Linux kernel, the following vulnerability has been resolved: neighbour: Fix null-ptr-deref in neigh_flush_dev(). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.
In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent infinite loop in rt6_nlmsg_size() While testing prior patch, I was able to trigger an infinite loop in. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
In the Linux kernel, the following vulnerability has been resolved: ipv6: fix possible infinite loop in fib6_info_uses_dev() fib6_info_uses_dev() seems to rely on RCU without an explicit protection. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
In the Linux kernel, the following vulnerability has been resolved: bpf, arm64: Fix fp initialization for exception boundary In the ARM64 BPF JIT when prog->aux->exception_boundary is set for a BPF. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.
In the Linux kernel, the following vulnerability has been resolved: staging: media: atomisp: Fix stack buffer overflow in gmin_get_var_int() When gmin_get_config_var() calls efi.get_variable() and. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.
In the Linux kernel, the following vulnerability has been resolved: padata: Fix pd UAF once and for all There is a race condition/UAF in padata_reorder that goes back to the initial commit. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
In the Linux kernel, the following vulnerability has been resolved: clk: xilinx: vcu: unregister pll_post only if registered correctly If registration of pll_post is failed, it will be set to NULL or. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.
In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix double destruction of rsv_qp rsv_qp may be double destroyed in error flow, first in free_mr_init(), and then in. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
In the Linux kernel, the following vulnerability has been resolved: crypto: ccp - Fix crash when rebind ccp device for ccp.ko When CONFIG_CRYPTO_DEV_CCP_DEBUGFS is enabled, rebinding the ccp device. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.
In the Linux kernel, the following vulnerability has been resolved: ext4: fix inode use after free in ext4_end_io_rsv_work() In ext4_io_end_defer_completion(), check if io_end->list_vec is empty to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix KMSAN uninit-value in extent_info usage KMSAN reported a use of uninitialized value in `__is_extent_mergeable()` and. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid UAF in f2fs_sync_inode_meta() syzbot reported an UAF issue as below: [1] [2] [1]. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid panic in f2fs_evict_inode As syzbot [1] reported as below: R10: 0000000000000100 R11: 0000000000000206 R12:. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
In the Linux kernel, the following vulnerability has been resolved: powerpc/eeh: Make EEH driver device hotplug safe Multiple race conditions existed between the PCIe hotplug driver and the EEH. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
In the Linux kernel, the following vulnerability has been resolved: pptp: ensure minimal skb length in pptp_xmit() Commit aabc6596ffb3 ("net: ppp: Add bound checking for skb data on ppp_sync_txmung"). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.
In the Linux kernel, the following vulnerability has been resolved: spi: cs42l43: Property entry should be a null-terminated array The software node does not specify a count of property entries, so. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
In the Linux kernel, the following vulnerability has been resolved: ipv6: reject malicious packets in ipv6_gso_segment() syzbot was able to craft a packet with very long IPv6 extension headers. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix client side handling of tls alerts A security exploit was discovered in NFS over TLS in tls_alert_recv due to its. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
In the Linux kernel, the following vulnerability has been resolved: eth: fbnic: unlink NAPIs from queues on error to open CI hit a UaF in fbnic in the AF_XDP portion of the queues.py test. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
In the Linux kernel, the following vulnerability has been resolved: benet: fix BUG when creating VFs benet crashes as soon as SRIOV VFs are created: kernel BUG at mm/vmalloc.c:3457!. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.
In the Linux kernel, the following vulnerability has been resolved: net/sched: mqprio: fix stack out-of-bounds write in tc entry parsing TCA_MQPRIO_TC_ENTRY_INDEX is validated using. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
In the Linux kernel, the following vulnerability has been resolved: nfsd: avoid ref leak in nfsd_open_local_fh() If two calls to nfsd_open_local_fh() race and both successfully call. Rated medium severity (CVSS 4.7).
In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix handling of server side tls alerts Scott Mayhew discovered a security exploit in NFS over TLS in tls_alert_recv() due. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
In the Linux kernel, the following vulnerability has been resolved: perf/core: Exit early on perf_mmap() fail When perf_mmap() fails to allocate a buffer, it still invokes the event_mapped() callback. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
In the Linux kernel, the following vulnerability has been resolved: perf/core: Handle buffer mapping fail correctly in perf_mmap() After successful allocation of a buffer or a successful attachment. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
In the Linux kernel, the following vulnerability has been resolved: perf/core: Prevent VMA split of buffer mappings The perf mmap code is careful about mmap()'ing the user page with the ringbuffer. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix null pointer dereference error in generate_encryptionkey If client send two session setups with krb5 authenticate to. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix Preauh_HashValue race condition If client send multiple session setup requests to ksmbd, Preauh_HashValue race condition. Rated medium severity (CVSS 4.7).
In the Linux kernel, the following vulnerability has been resolved: x86/sev: Evict cache lines during SNP memory validation An SNP cache coherency vulnerability requires a cache line eviction. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
In the Linux kernel, the following vulnerability has been resolved: platform/x86/intel/pmt: fix a crashlog NULL pointer access Usage of the intel_pmt_read() for binary sysfs, requires a pcidev. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: uvc: Initialize frame-based format color matching descriptor Fix NULL pointer crash in uvcg_framebased_make due to. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.
In the Linux kernel, the following vulnerability has been resolved: pinmux: fix race causing mux_owner NULL with active mux_usecount commit 5a3e85c3c397 ("pinmux: Use sequential access to access. Rated medium severity (CVSS 4.7).
In the Linux kernel, the following vulnerability has been resolved: clk: imx95-blk-ctl: Fix synchronous abort When enabling runtime PM for clock suppliers that also belong to a power domain, the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
In the Linux kernel, the following vulnerability has been resolved: fbdev: imxfb: Check fb_add_videomode to prevent null-ptr-deref fb_add_videomode() can fail with -ENOMEM when its internal kmalloc(). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb: scarlett2: Fix missing NULL check scarlett2_input_select_ctl_info() sets up the string arrays allocated via kasprintf(),. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.
In the Linux kernel, the following vulnerability has been resolved: vdpa/mlx5: Fix release of uninitialized resources on error path The commit in the fixes tag made sure that mlx5_vdpa_free() is the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.
Use-after-free in the Linux kernel f2fs compression subsystem allows local authenticated attackers to achieve high confidentiality, integrity, and availability impact (CVSS 7.8). The vulnerability permits exploitation through a race condition where an inode can be freed while still referenced by asynchronous decompression work queues, leading to potential arbitrary code execution, information disclosure, or denial of service. With an EPSS score of 0.02% (5th percentile) and no public exploit identified at time of analysis, real-world exploitation risk remains relatively low despite the high severity score.
Linux kernel f2fs file system denial of service via out-of-space panic in LFS mode allows local authenticated users to crash the system by triggering excessive block allocation during parallel asynchronous I/O operations. The vulnerability affects systems mounted with the 'mode=lfs' option and causes a kernel BUG panic in new_curseg() when foreground garbage collection is not triggered proactively during f2fs_map_blocks(). EPSS exploitation probability is low at 0.02% (4th percentile), indicating limited real-world exploitation likelihood despite CVSS 5.5 availability impact rating. Vendor-released patches are available across multiple kernel stable branches.
In the Linux kernel, the following vulnerability has been resolved: vfio/pds: Fix missing detach_ioas op When CONFIG_IOMMUFD is enabled and a device is bound to the pds_vfio_pci driver, the following. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
In the Linux kernel, the following vulnerability has been resolved: PCI: pnv_php: Clean up allocated IRQs on unplug When the root of a nested PCIe bridge configuration is unplugged, the pnv_php. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
In the Linux kernel, the following vulnerability has been resolved: PCI: pnv_php: Fix surprise plug detection and recovery The existing PowerNV hotplug code did not handle surprise plug events. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
In the Linux kernel, the following vulnerability has been resolved: net: drop UFO packets in udp_rcv_segment() When sending a packet with virtio_net_hdr to tun device, if the gso_type in. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
In the Linux kernel, the following vulnerability has been resolved: md: make rdev_addable usable for rcu mode Our testcase trigger panic: BUG: kernel NULL pointer dereference, address:. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
In the Linux kernel, the following vulnerability has been resolved: zloop: fix KASAN use-after-free of tag set When a zoned loop device, or zloop device, is removed, KASAN enabled kernel reports "BUG. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
In the Linux kernel, the following vulnerability has been resolved: media: ti: j721e-csi2rx: fix list_del corruption If ti_csi2rx_start_dma() fails in ti_csi2rx_dma_callback(), the buffer is marked. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.
In the Linux kernel, the following vulnerability has been resolved: vsock: Do not allow binding to VMADDR_PORT_ANY It is possible for a vsock to autobind to VMADDR_PORT_ANY. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
A race condition exists in the Linux kernel's packet socket implementation between the packet_set_ring() and packet_notifier() functions, where a temporary lock release allows a NETDEV_UP event to be processed while the socket is in an inconsistent state. This vulnerability affects all Linux kernel versions from 2.6.12 onwards and requires local privilege (non-root user) with moderately high attack complexity to exploit, resulting in a denial of service through resource exhaustion or system crash. The EPSS score of 0.01% indicates extremely low real-world exploitation probability despite the availability of patches and detailed technical analysis from Google security research.
In the Linux kernel, the following vulnerability has been resolved: tls: handle data disappearing from under the TLS ULP TLS expects that it owns the receive queue of the TCP socket. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.
In the Linux kernel, the following vulnerability has been resolved: tls: stop recv() if initial process_rx_list gave us non-DATA If we have a non-DATA record on the rx_list and another record of the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Uncontrolled Resource Consumption vulnerability in Legion of the Bouncy Castle Inc. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in markdown-it allows Cross-Site Scripting (XSS). Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability has been found in yarnpkg Yarn up to 1.22.22. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
A flaw was found in org.keycloak/keycloak-model-storage-service. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
vite-plugin-static-copy is rollup-plugin-copy for Vite with dev server support. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A buffer overflow vulnerability exists in libsndfile version 1.2.2 and potentially earlier versions when processing malformed IRCAM audio files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
vLLM is an inference and serving engine for large language models (LLMs). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.
A vulnerability was determined in cmake 4.1.20250725-gb5cce23. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.
Improper Input Validation vulnerability in sha.js allows Input Data Manipulation.js: through 2.4.11. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.
Improper Input Validation vulnerability in cipher-base allows Input Data Manipulation.0.4. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.
In Eclipse Jetty, versions <=9.4.57, <=10.0.25, <=11.0.25, <=12.0.21, <=12.1.0.alpha2, an HTTP/2 client may trigger the server to send RST_STREAM frames, for example by sending frames that are. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Critical XXE in Apache Tika (tika-parser-pdf-module) in Apache Tika 1.13 through and including 3.2.1 on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A vulnerability was found in the Cryostat HTTP API. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable. No vendor patch available.
There's a vulnerability in the libssh package where when a libssh consumer passes in an unexpectedly large input buffer to ssh_get_fingerprint_hash() function. Rated medium severity (CVSS 4.5). No vendor patch available.
There's a vulnerability in the CRI-O application where when container is launched with securityContext.runAsUser specifying a non-existent user, CRI-O attempts to create the user, reading the. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The mirror-registry doesn't properly sanitize the host header HTTP header in HTTP request received, allowing an attacker to perform malicious redirects to attacker-controlled domains or phishing. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
qBit Manage is a tool that helps manage tedious tasks in qBittorrent and automate them. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: cancle set bad inode after removing name fails The reproducer uses a file0 on a ntfs3 file system with a corrupted. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
In the Linux kernel, the following vulnerability has been resolved: eventpoll: Fix semi-unbounded recursion Ensure that epoll instances can never form a graph deeper than EP_MAX_NESTS+1 links. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
In the Linux kernel, the following vulnerability has been resolved: staging: gpib: fix unset padding field copy back to userspace The introduction of a padding field in the gpib_board_info_ioctl is. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.
In the Linux kernel, the following vulnerability has been resolved: staging: fbtft: fix potential memory leak in fbtft_framebuffer_alloc() In the error paths after fb_info structure is successfully. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
In the Linux kernel, the following vulnerability has been resolved: powercap: dtpm_cpu: Fix NULL pointer dereference in get_pd_power_uw() The get_pd_power_uw() function can crash with a NULL pointer. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
In the Linux kernel, the following vulnerability has been resolved: PM / devfreq: Check governor before using governor->name Commit 96ffcdf239de ("PM / devfreq: Remove redundant governor_name from. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.
In the Linux kernel, the following vulnerability has been resolved: bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls When sending plaintext data, we initially calculated the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.
In the Linux kernel, the following vulnerability has been resolved: bpf: handle jset (if a & b ...) as a jump in CFG computation BPF_JSET is a conditional jump and currently verifier.c:can_jump(). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Avoid accessing uninitialized arvif->ar during beacon miss During beacon miss handling, ath12k driver iterates over. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.
In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Pass ab pointer directly to ath12k_dp_tx_get_encap_type() In ath12k_dp_tx_get_encap_type(), the arvif parameter is. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.
In the Linux kernel, the following vulnerability has been resolved: wifi: rtl818x: Kill URBs before clearing tx status queue In rtl8187_stop() move the call of usb_kill_anchored_urbs() before. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.
In the Linux kernel, the following vulnerability has been resolved: iwlwifi: Add missing check for alloc_ordered_workqueue Add check for the return value of alloc_ordered_workqueue since it may. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: clear initialized flag for deinit-ed srng lists In a number of cases we see kernel panics on resume due to ath11k. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7925: fix off by one in mt7925_mcu_hw_scan() The ssid->ssids[] and sreq->ssids[] arrays have. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7996: Fix possible OOB access in mt7996_tx() Fis possible Out-Of-Boundary access in mt7996_tx routine if link_id is. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix use-after-free in amdgpu_userq_suspend+0x51a/0x5a0 [ +0.000020] BUG: KASAN: slab-use-after-free in. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
In the Linux kernel, the following vulnerability has been resolved: drm/rockchip: vop2: fail cleanly if missing a primary plane for a video-port Each window of a vop2 is usable by a specific set of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.
In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Fix UAF in panthor_gem_create_with_handle() debugfs code The object is potentially already gone after the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
In the Linux kernel, the following vulnerability has been resolved: xen: fix UAF in dmabuf_exp_from_pages() [dma_buf_fd() fixes; no preferences regarding the tree it goes through - up to xen folks]. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix UAF on sva unbind with pending IOPFs Commit 17fce9d2336d ("iommu/vt-d: Put iopf enablement in domain attach path"). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_sync: fix double free in 'hci_discovery_filter_clear()' Function 'hci_discovery_filter_clear()' frees 'uuids' array. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_devcd_dump: fix out-of-bounds via dev_coredumpv Currently both dev_coredumpv and skb_put_data in hci_devcd_dump use. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.
A vulnerability in the Linux kernel's BPF (Berkeley Packet Filter) verifier allows unprivileged local users to trigger a kernel warning and denial of service by performing narrower-than-expected memory access to pointer context fields. The flaw exists in how the verifier handles pointer field access validation in context structures like __sk_buff, where it incorrectly permits sub-byte or misaligned reads that should be rejected. An attacker with local user privileges can craft a malicious BPF program that causes the kernel to emit a verifier warning ("verifier bug: error during ctx access conversion") and potentially crash or destabilize the system, affecting all Linux kernel versions prior to the patched releases.
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Remove skb secpath if xfrm state is not found Hardware returns a unique identifier for a decrypted packet's xfrm state,. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.
In the Linux kernel, the following vulnerability has been resolved: neighbour: Fix null-ptr-deref in neigh_flush_dev(). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.
In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent infinite loop in rt6_nlmsg_size() While testing prior patch, I was able to trigger an infinite loop in. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
In the Linux kernel, the following vulnerability has been resolved: ipv6: fix possible infinite loop in fib6_info_uses_dev() fib6_info_uses_dev() seems to rely on RCU without an explicit protection. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
In the Linux kernel, the following vulnerability has been resolved: bpf, arm64: Fix fp initialization for exception boundary In the ARM64 BPF JIT when prog->aux->exception_boundary is set for a BPF. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.
In the Linux kernel, the following vulnerability has been resolved: staging: media: atomisp: Fix stack buffer overflow in gmin_get_var_int() When gmin_get_config_var() calls efi.get_variable() and. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.
In the Linux kernel, the following vulnerability has been resolved: padata: Fix pd UAF once and for all There is a race condition/UAF in padata_reorder that goes back to the initial commit. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
In the Linux kernel, the following vulnerability has been resolved: clk: xilinx: vcu: unregister pll_post only if registered correctly If registration of pll_post is failed, it will be set to NULL or. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.
In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix double destruction of rsv_qp rsv_qp may be double destroyed in error flow, first in free_mr_init(), and then in. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
In the Linux kernel, the following vulnerability has been resolved: crypto: ccp - Fix crash when rebind ccp device for ccp.ko When CONFIG_CRYPTO_DEV_CCP_DEBUGFS is enabled, rebinding the ccp device. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.
In the Linux kernel, the following vulnerability has been resolved: ext4: fix inode use after free in ext4_end_io_rsv_work() In ext4_io_end_defer_completion(), check if io_end->list_vec is empty to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix KMSAN uninit-value in extent_info usage KMSAN reported a use of uninitialized value in `__is_extent_mergeable()` and. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid UAF in f2fs_sync_inode_meta() syzbot reported an UAF issue as below: [1] [2] [1]. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid panic in f2fs_evict_inode As syzbot [1] reported as below: R10: 0000000000000100 R11: 0000000000000206 R12:. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
In the Linux kernel, the following vulnerability has been resolved: powerpc/eeh: Make EEH driver device hotplug safe Multiple race conditions existed between the PCIe hotplug driver and the EEH. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
In the Linux kernel, the following vulnerability has been resolved: pptp: ensure minimal skb length in pptp_xmit() Commit aabc6596ffb3 ("net: ppp: Add bound checking for skb data on ppp_sync_txmung"). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.
In the Linux kernel, the following vulnerability has been resolved: spi: cs42l43: Property entry should be a null-terminated array The software node does not specify a count of property entries, so. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
In the Linux kernel, the following vulnerability has been resolved: ipv6: reject malicious packets in ipv6_gso_segment() syzbot was able to craft a packet with very long IPv6 extension headers. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix client side handling of tls alerts A security exploit was discovered in NFS over TLS in tls_alert_recv due to its. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
In the Linux kernel, the following vulnerability has been resolved: eth: fbnic: unlink NAPIs from queues on error to open CI hit a UaF in fbnic in the AF_XDP portion of the queues.py test. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
In the Linux kernel, the following vulnerability has been resolved: benet: fix BUG when creating VFs benet crashes as soon as SRIOV VFs are created: kernel BUG at mm/vmalloc.c:3457!. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.
In the Linux kernel, the following vulnerability has been resolved: net/sched: mqprio: fix stack out-of-bounds write in tc entry parsing TCA_MQPRIO_TC_ENTRY_INDEX is validated using. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
In the Linux kernel, the following vulnerability has been resolved: nfsd: avoid ref leak in nfsd_open_local_fh() If two calls to nfsd_open_local_fh() race and both successfully call. Rated medium severity (CVSS 4.7).
In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix handling of server side tls alerts Scott Mayhew discovered a security exploit in NFS over TLS in tls_alert_recv() due. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
In the Linux kernel, the following vulnerability has been resolved: perf/core: Exit early on perf_mmap() fail When perf_mmap() fails to allocate a buffer, it still invokes the event_mapped() callback. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
In the Linux kernel, the following vulnerability has been resolved: perf/core: Handle buffer mapping fail correctly in perf_mmap() After successful allocation of a buffer or a successful attachment. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
In the Linux kernel, the following vulnerability has been resolved: perf/core: Prevent VMA split of buffer mappings The perf mmap code is careful about mmap()'ing the user page with the ringbuffer. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix null pointer dereference error in generate_encryptionkey If client send two session setups with krb5 authenticate to. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix Preauh_HashValue race condition If client send multiple session setup requests to ksmbd, Preauh_HashValue race condition. Rated medium severity (CVSS 4.7).
In the Linux kernel, the following vulnerability has been resolved: x86/sev: Evict cache lines during SNP memory validation An SNP cache coherency vulnerability requires a cache line eviction. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
In the Linux kernel, the following vulnerability has been resolved: platform/x86/intel/pmt: fix a crashlog NULL pointer access Usage of the intel_pmt_read() for binary sysfs, requires a pcidev. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: uvc: Initialize frame-based format color matching descriptor Fix NULL pointer crash in uvcg_framebased_make due to. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.