MATLOCK.CA
280Articles
5Categories
2025-12-07Date
πŸ›
CVE-2025-39764 netfilter: ctnetlink: remove refcounting in expectation dumpers
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-39779 btrfs: subpage: keep TOWRITE tag until folio is cleaned
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-39754 mm/smaps: fix race between smaps_hugetlb_range and migration
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-39762 drm/amd/display: add null check
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-39746 wifi: ath10k: shutdown driver when hardware is unreliable
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-39747 drm/msm: Add error handling for krealloc in metadata setup
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-39789 crypto: x86/aegis - Add missing error checks
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-39748 bpf: Forget ranges when refining tnum after JSET
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-39805 net: macb: fix unregister_netdev call order in macb_remove()
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-39850 vxlan: Fix NPD in {arp,neigh}_reduce() when using nexthop objects
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-39859 ptp: ocp: fix use-after-free bugs causing by ptp_ocp_watchdog
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-58354 Kata Containers coco-tdx malicious host can circumvent initdata verification
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-38705 drm/amd/pm: fix null pointer access
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-38722 habanalabs: fix UAF in export_dmabuf()
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-38717 net: kcm: Fix race condition in kcm_unattach()
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-38704 rcu/nocb: Fix possible invalid rdp's->nocb_cb_kthread pointer access
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-39705 drm/amd/display: fix a Null pointer dereference vulnerability
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-39677 net/sched: Fix backlog accounting in qdisc_dequeue_internal
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-39707 drm/amdgpu: check if hubbub is NULL in debugfs/amdgpu_dm_capabilities
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-39851 vxlan: Fix NPD when refreshing an FDB entry with a nexthop object
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-39862 wifi: mt76: mt7915: fix list corruption after hardware restart
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-46152 In PyTorch before 2.7.0, bitwise_right_shift produces incorrect output for certain out-of-bounds values of the "other" argument.
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2024-26672 drm/amdgpu: Fix variable 'mca_funcs' dereferenced before NULL check in 'amdgpu_mca_smu_get_mca_entry()'
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2024-26757 md: Don't ignore read-only array in md_check_recovery()
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2024-26758 md: Don't ignore suspended array in md_check_recovery()
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2024-26756 md: Don't register sync_thread for reshape directly
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2024-26914 drm/amd/display: fix incorrect mpc_combine array size
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2024-24856 NULL pointer deference in acpi_db_convert_to_package of Linux acpi module
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2023-52586 drm/msm/dpu: Add mutex lock in control vblank irq
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2023-52624 drm/amd/display: Wake DMCUB before executing GPINT commands
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-37907 accel/ivpu: Fix locking order in ivpu_job_submit
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-37942 HID: pidff: Make sure to fetch pool before checking SIMULTANEOUS_MAX
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-37834 mm/vmscan: don't try to reclaim hwpoison folio
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-37870 drm/amd/display: prevent hang on link training fail
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-37920 xsk: Fix race condition in AF_XDP generic RX path
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-37877 iommu: Clear iommu-dma ops on cleanup
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-37826 scsi: ufs: core: Add NULL check in ufshcd_mcq_compl_pending_transfer()
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-37745 PM: hibernate: Avoid deadlock in hibernate_compressor_param_set()
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-37856 btrfs: harden block_group::bg_list against list_del() races
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-37882 usb: xhci: Fix isochronous Ring Underrun/Overrun event handling
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-37822 riscv: uprobes: Add missing fence.i after building the XOL buffer
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-37945 net: phy: allow MDIO bus PM ops to start/stop state machine for phylink-controlled PHY
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-37861 scsi: mpi3mr: Synchronous access b/w reset and tm thread for reply queue
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-37807 bpf: Fix kmemleak warning for percpu hashmap
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-37747 perf: Fix hang while freeing sigtrap event
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-37750 smb: client: fix UAF in decryption with multichannel
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2024-35808 md/dm-raid: don't call md_reap_sync_thread() directly
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2024-35931 drm/amdgpu: Skip do PCI error slot reset during RAS recovery
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2024-36024 drm/amd/display: Disable idle reallow as part of command/gpint execution
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2024-35794 dm-raid: really frozen sync_thread during suspend
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2024-57872 scsi: ufs: pltfrm: Dellocate HBA during ufshcd_pltfrm_remove()
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2024-56775 drm/amd/display: Fix handling of plane refcount
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2024-57875 block: RCU protect disk->conv_zones_bitmap
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2024-41932 sched: fix warning in sched_setaffinity
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2024-57804 scsi: mpi3mr: Fix corrupt config pages PHY state is switched in sysfs
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2024-57898 wifi: cfg80211: clear link ID from bitmap during link delete after clean up
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-21635 rds: sysctl: rds_tcp_{rcv,snd}buf: avoid using current->nsproxy
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-21682 eth: bnxt: always recalculate features after XDP clearing, fix null-deref
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2024-57809 PCI: imx6: Fix suspend/resume support on i.MX6QDL
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2024-56782 ACPI: x86: Add adev NULL check to acpi_quirk_skip_serdev_enumeration()
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2024-47794 bpf: Prevent tailcall infinite loop caused by freplace
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2024-57857 RDMA/siw: Remove direct link to net_device
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2024-53050 drm/i915/hdcp: Add encoder check in hdcp2_get_capability
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2024-53090 afs: Fix lock recursion
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2024-53089 LoongArch: KVM: Mark hrtimer to expire in hard interrupt context
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2024-50177 drm/amd/display: fix a UBSAN warning in DML2.1
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2024-50277 dm: fix a crash if blk_alloc_disk fails
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2024-50217 btrfs: fix use-after-free of block device file in __btrfs_free_extra_devids()
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-21696 mm: clear uffd-wp PTE/PMD state on mremap()
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-21768 net: ipv6: fix dst ref loops in rpl, seg6 and ioam6 lwtunnels
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2024-57974 udp: Deal with race between UDP socket address change and rehash
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2024-57994 ptr_ring: do not block hard interrupts in ptr_ring_resize_multiple()
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-21801 net: ravb: Fix missing rtnl lock in suspend/resume path
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2024-57976 btrfs: do proper folio cleanup when cow_file_range() failed
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-21732 RDMA/mlx5: Fix a race for an ODP MR which leads to CQE with error
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-21786 workqueue: Put the pwq after detaching the rescuer from the pool
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-21693 mm: zswap: properly synchronize freeing resources during CPU hotunplug
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2024-58006 PCI: dwc: ep: Prevent changing BAR size/flags in pci_epc_set_bar()
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2023-27043 The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2024-23848 In the Linux kernel through 6.7.1, there is a use-after-free in cec_queue_msg_fh, related to drivers/media/cec/core/cec-adap.c and drivers/media/cec/core/cec-api.c.
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2024-42107 ice: Don't process extts if PTP is disabled
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2024-42064 drm/amd/display: Skip pipe if the pipe idx not set properly
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2024-42065 drm/xe: Add a NULL check in xe_ttm_stolen_mgr_init
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2024-42066 drm/xe: Fix potential integer overflow in page size calculation
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2024-41045 bpf: Defer work in bpf_timer_cancel_and_free
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2024-42151 bpf: mark bpf_dummy_struct_ops.test_1 parameter as nullable
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2024-41008 drm/amdgpu: change vm->task_info handling
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2024-41082 nvme-fabrics: use reserved tag for reg read/write command
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2024-42134 virtio-pci: Check if is_avq is NULL
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2024-40999 net: ena: Add validation for completion descriptors consistency
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2024-42118 drm/amd/display: Do not return negative stream id for array
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2024-39478 crypto: starfive - Do not free stack buffer
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2024-41067 btrfs: scrub: handle RST lookup error correctly
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2024-42081 drm/xe/xe_devcoredump: Check NULL before assignments
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-38333 f2fs: fix to bail out in get_new_segment()
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-38201 netfilter: nft_set_pipapo: clamp maximum map bucket size to INT_MAX
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-38234 sched/rt: Fix race in push_rt_task
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-38426 drm/amdgpu: Add basic validation for RAS header
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-38232 NFSD: fix race between nfsd registration and exports_proc
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-38359 s390/mm: Fix in_atomic() handling in do_secure_storage_access()
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-38361 drm/amd/display: Check dce_hwseq before dereferencing it
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-38264 nvme-tcp: sanitize request list handling
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-38248 bridge: mcast: Fix use-after-free during router port configuration
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-38125 net: stmmac: make sure that ptp_rate is not 0 before configuring EST
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-38162 netfilter: nft_set_pipapo: prevent overflow in lookup table allocation
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-38303 Bluetooth: eir: Fix possible crashes on eir_create_adv_data
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-38279 bpf: Do not include stack ptr register in precision backtracking bookkeeping
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-38269 btrfs: exit after state insertion failure at btrfs_convert_extent_bit()
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-38096 wifi: iwlwifi: don't warn when if there is a FW error
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-38272 net: dsa: b53: do not enable EEE on bcm63xx
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2024-58266 The shlex crate before 1.2.1 for Rust allows unquoted and unescaped instances of the { and \xa0 characters, which may facilitate command injection.
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-38311 iavf: get rid of the crit lock
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-38140 dm: limit swapping tables for devices with zone write plugs
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2024-43901 drm/amd/display: Fix NULL pointer dereference for DTN log in DCN401
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2024-43899 drm/amd/display: Fix null pointer deref in dcn20_resource.c
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2024-43826 nfs: pass explicit offset/count to trace events
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2024-43872 RDMA/hns: Fix soft lockup under heavy CEQE load
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2024-43819 kvm: s390: Reject memory region operations for ucontrol VMs
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2024-42317 mm/huge_memory: avoid PMD-size page cache if needed
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2023-26819 cJSON 1.7.15 might allow a denial of service via a crafted JSON document such as {"a": true, "b": [ null,9999999999999999999999999999999999999999999999912345678901234567]}.
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-22125 md/raid1,raid10: don't ignore IO flags
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-21976 fbdev: hyperv_fb: Allow graceful removal of framebuffer
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-22107 net: dsa: sja1105: fix kasan out-of-bounds warning in sja1105_table_delete_entry()
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-22113 ext4: avoid journaling sb update on error if journal is destroying
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-22108 bnxt_en: Mask the bd_cnt field in the TX BD properly
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-22070 fs/9p: fix NULL pointer dereference on mkdir
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-21961 eth: bnxt: fix truesize for mb-xdp-pass case
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-22105 bonding: check xdp prog when set bond mode
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-21985 drm/amd/display: Fix out-of-bound accesses
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-22115 btrfs: fix block group refcount race in btrfs_create_pending_block_groups()
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-22111 net: Remove RTNL dance for SIOCBRADDIF and SIOCBRDELIF.
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-21927 nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu()
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-21949 LoongArch: Set hugetlb mmap base address aligned with pmd size
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-22022 usb: xhci: Apply the link chain quirk on NEC isoc endpoints
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-23131 dlm: prevent NPD when writing a positive value to event_done
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-21907 mm: memory-failure: update ttu flag inside unmap_poisoned_folio
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-22124 md/md-bitmap: fix wrong bitmap_limit for clustermd when write sb
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-23135 RISC-V: KVM: Teardown riscv specific bits after kvm_exit
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-46327 Go Snowflake Driver has race condition when checking access to Easy Logging configuration file
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-22109 ax25: Remove broken autobind
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-22121 ext4: fix out-of-bound read in ext4_xattr_inode_dec_ref_all()
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-22026 nfsd: don't ignore the return code of svc_proc_register()
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-40325 md/raid10: wait barrier before returning discard request with REQ_NOWAIT
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2024-58251 In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv[0] containing an ANSI terminal escape sequence, leading to a denial of service (terminal locked up) when netstat is used by a victim.
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-46394 In tar in BusyBox through 1.37.0, a TAR archive can have filenames hidden from a listing through the use of terminal escape sequences.
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-37860 sfc: fix NULL dereferences in ef100_process_design_param()
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-38104 drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to avoid Priority Inversion in SRIOV
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2018-7159 The HTTP parser in all current versions of Node.js ignores spaces in the `Content-Length` header, allowing input such as `Content-Length: 1 2` to be interpreted as having a value of `12`. The HTTP specification does not allow for spaces in the `Content-Length` value and the Node.js HTTP parser has been brought into line on this particular difference. The security risk of this flaw to Node.js users is considered to be VERY LOW as it is difficult, and may be impossible, to craft an attack that makes use of this flaw in a way that could not already be achieved by supplying an incorrect value for `Content-Length`. Vulnerabilities may exist in user-code that make incorrect assumptions about the potential accuracy of this value compared to the actual length of the data supplied. Node.js users crafting lower-level HTTP utilities are advised to re-check the length of any input supplied after parsing is complete.
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-39932 smb: client: let smbd_destroy() call disable_work_sync(&info->post_send_credits_work)
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-39981 Bluetooth: MGMT: Fix possible UAFs
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-40084 ksmbd: transport_ipc: validate payload size before reading handle
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-40083 net/sched: sch_qfq: Fix null-deref in agg_dequeue
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-40104 ixgbevf: fix mailbox API compatibility by negotiating supported features
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-12464 Qemu-kvm: stack buffer overflow in e1000 device via short frames in loopback mode
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-39927 ceph: fix race condition validating r_parent before applying state
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-39901 i40e: remove read access to debugfs files
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-39905 net: phylink: add lock for serializing concurrent pl->phydev writes with resolver
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-39940 dm-stripe: fix a possible integer overflow
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-39990 bpf: Check the helper function is valid in get_helper_proto
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-40003 net: mscc: ocelot: Fix use-after-free caused by cyclic delayed work
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-40001 scsi: mvsas: Fix use-after-free bugs in mvs_work_queue
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-40019 crypto: essiv - Check ssize for decryption and in-place encryption
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-40085 ALSA: usb-audio: Fix NULL pointer deference in try_to_register_card
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-61725 Excessive CPU consumption in ParseAddress in net/mail
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-58187 Quadratic complexity when checking name constraints in crypto/x509
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-40103 smb: client: Fix refcount leak for cifs_sb_tlink
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-40087 NFSD: Define a proc_layoutcommit for the FlexFiles layout type
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-40096 drm/sched: Fix potential double free in drm_sched_job_add_resv_dependencies
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-40102 KVM: arm64: Prevent access to vCPU events before init
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-40100 btrfs: do not assert we found block group item when creating free space tree
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-40105 vfs: Don't leak disconnected dentries on umount
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-40099 cifs: parse_dfs_referrals: prevent oob on malformed input
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2024-46834 ethtool: fail closed if we can't get max channel used in indirection tables
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2024-44951 serial: sc16is7xx: fix TX fifo corruption
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2024-46730 drm/amd/display: Ensure array index tg_inst won't be -1
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2024-46727 drm/amd/display: Add otg_master NULL check within resource_log_pipe_topology_update
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2024-46754 bpf: Remove tst_run from lwt_seg6local_prog_ops.
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2022-4543 A flaw named "EntryBleed" was found in the Linux Kernel Page Table Isolation (KPTI). This issue could allow a local attacker to leak KASLR base via prefetch side-channels based on TLB timing for Intel systems.
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2024-38608 net/mlx5e: Fix netif state handling
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2024-38595 net/mlx5: Fix peer devlink set for SF representor devlink port
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2024-47702 bpf: Fail verification for sign-extension of packet data/data_end/data_meta
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2024-49888 bpf: Fix a sdiv overflow issue
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2024-47662 drm/amd/display: Remove register from DCN35 DMCUB diagnostic collection
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2024-49940 l2tp: prevent possible tunnel refcount underflow
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2024-49932 btrfs: don't readahead the relocation inode on RST
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2024-49893 drm/amd/display: Check stream_status before it is used
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2024-49885 mm, slub: avoid zeroing kmalloc redzone
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2024-49972 drm/amd/display: Deallocate DML memory if allocation fails
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2024-49945 net/ncsi: Disable the ncsi work before freeing the associated structure
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2024-49920 drm/amd/display: Check null pointers before multiple uses
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2024-47661 drm/amd/display: Avoid overflow from uint32_t to uint8_t
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2024-49904 drm/amdgpu: add list empty check to avoid null pointer issue
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2024-50028 thermal: core: Reference count the zone in thermal_zone_get_by_id()
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2024-49968 ext4: filesystems without casefold feature cannot be mounted with siphash
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2024-49922 drm/amd/display: Check null pointers before using them
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2024-46870 drm/amd/display: Disable DMCUB timeout for DCN35
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2024-49971 drm/amd/display: Increase array size of dummy_boolean
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2024-49921 drm/amd/display: Check null pointers before used
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-38660 [ceph] parse_longname(): strrchr() expects NUL-terminated string
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-38627 f2fs: compress: fix UAF of f2fs_inode_info in f2fs_free_dic
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-38636 rv: Use strings in da monitors tracepoints
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-38531 iio: common: st_sensors: Fix use of uninitialize device structs
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-38591 bpf: Reject narrower access to pointer ctx fields
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-38656 wifi: iwlwifi: Fix error code in iwl_op_mode_dvm_start()
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-38585 staging: media: atomisp: Fix stack buffer overflow in gmin_get_var_int()
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-38556 HID: core: Harden s32ton() against conversion to 0 bits
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-38584 padata: Fix pd UAF once and for all
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2023-52485 drm/amd/display: Wake DMCUB before sending a command
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2024-25740 A memory leak flaw was found in the UBI driver in drivers/mtd/ubi/attach.c in the Linux kernel through 6.7.4 for UBI_IOCATT, because kobj->name is not released.
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2024-1151 Kernel: stack overflow problem in open vswitch kernel module leading to dos
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2024-53201 drm/amd/display: Fix null check for pipe_ctx->plane_state in dcn20_program_pipe
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2024-56647 net: Fix icmp host relookup triggering ip_rt_bug
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2024-53114 x86/CPU/AMD: Clear virtualized VMLOAD/VMSAVE on Zen4 client
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2024-53219 virtiofs: use pages instead of pointer for kernel direct IO
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2024-56712 udmabuf: fix memory leak on last export_udmabuf() error path
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2024-56591 Bluetooth: hci_conn: Use disable_delayed_work_sync
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2024-53133 drm/amd/display: Handle dml allocation failure to avoid crash
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-38022 RDMA/core: Fix "KASAN: slab-use-after-free Read in ib_register_device" problem
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-38041 clk: sunxi-ng: h616: Reparent GPU clock during frequency changes
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-38011 drm/amdgpu: csa unmap use uninterruptible lock
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-38029 kasan: avoid sleepable page allocation from atomic context
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-38073 block: fix race between set_blocksize and read paths
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-38064 virtio: break and reset virtio devices on device_shutdown()
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-21825 bpf: Cancel the running bpf_timer through kworker for PREEMPT_RT
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2024-58089 btrfs: fix double accounting race when btrfs_run_delalloc_range() failed
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-21892 RDMA/mlx5: Fix the recovery flow of the UMR QP
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-21885 RDMA/bnxt_re: Fix the page details for the srq created by kernel consumers
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2024-7598 Network restriction bypass via race condition during namespace termination
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-29923 go-redis allows potential out of order responses when `CLIENT SETINFO` times out during connection establishment
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-21888 RDMA/mlx5: Fix a WARN during dereg_mr for DM type
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-21870 ASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-52881 runc: LSM labels can be bypassed with malicious config using dummy procfs files
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-40149 tls: Use __sk_dst_get() and dst_dev_rcu() in get_netdev_for_sock().
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-64329 containerd CRI server: Host memory exhaustion through Attach goroutine leak
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-40110 drm/vmwgfx: Fix a null-ptr access in the cursor snooper
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-40111 drm/vmwgfx: Fix Use-after-free in validation
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-60876 BusyBox wget thru 1.3.7 accepted raw CR (0x0D)/LF (0x0A) and other C0 control bytes in the HTTP request-target (path/query), allowing the request line to be split and attacker-controlled headers to be injected. To preserve the HTTP/1.1 request-line shape METHOD SP request-target SP HTTP/1.1, a raw space (0x20) in the request-target must also be rejected (clients should use %20).
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-40167 ext4: detect invalid INLINE_DATA + EXTENTS flag combination
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-40135 ipv6: use RCU in ip6_xmit()
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-40139 smc: Use __sk_dst_get() and dst_dev_rcu() in in smc_clc_prfx_set().
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-40146 blk-mq: fix potential deadlock while nr_requests grown
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-40164 usbnet: Fix using smp_processor_id() in preemptible code warnings
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-40168 smc: Use __sk_dst_get() and dst_dev_rcu() in smc_clc_prfx_match().
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-40173 net/ip6_tunnel: Prevent perpetual tunnel growth
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-40170 net: use dst_dev_rcu() in sk_setup_caps()
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-40158 ipv6: use RCU in ip6_output()
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-40176 tls: wait for pending async decryptions if tls_strp_msg_hold fails
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-40179 ext4: verify orphan file size is not too big
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-40180 mailbox: zynqmp-ipi: Fix out-of-bounds access in mailbox cleanup loop
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-40198 ext4: avoid potential buffer over-read in parse_apply_sb_mount_options()
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-40207 media: v4l2-subdev: Fix alloc failure check in v4l2_subdev_call_state_try()
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-40200 Squashfs: reject negative file sizes in squashfs_read_inode()
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-40195 mount: handle NULL values in mnt_ns_release()
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-40187 net/sctp: fix a null dereference in sctp_disposition sctp_sf_do_5_1D_ce()
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-40178 pid: Add a judgment for ns null in pid_nr_ns
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-40201 kernel/sys.c: fix the racy usage of task_lock(tsk->group_leader) in sys_prlimit64() paths
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-40190 ext4: guard against EA inode refcount underflow in xattr update
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-40194 cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request()
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-40205 btrfs: avoid potential out-of-bounds in btrfs_encode_fh()
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-40206 netfilter: nft_objref: validate objref and objrefmap expressions
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-40197 media: mc: Clear minor number before put device
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-40192 Revert "ipmi: fix msg stack when IPMI is disconnected"
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-40193 xtensa: simdisk: add input size check in proc_write_simdisk
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-40204 sctp: Fix MAC comparison to be constant-time
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-40202 ipmi: Rework user message limit handling
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-12748 Libvirt: denial of service in xml parsing
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-64324 KubeVirt Vulnerable to Arbitrary Host File Read and Write
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-13193 Libvirt: information disclosure via world-readable vm snapshots
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-65637 A denial-of-service vulnerability exists in github.com/sirupsen/logrus when using Entry.Writer() to log a single-line payload larger than 64KB without newline characters. Due to limitations in the internal bufio.Scanner, the read fails with "token too long" and the writer pipe is closed, leaving Writer() unusable and causing application unavailability (DoS). This affects versions < 1.8.3, 1.9.0, and 1.9.2. The issue is fixed in 1.8.3, 1.9.1, and 1.9.3+, where the input is chunked and the writer continues to function even if an error is logged.
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-65082 Apache HTTP Server: CGI environment variable override
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-59775 Apache HTTP Server: NTLM Leakage on Windows through UNC SSRF
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ›
CVE-2025-66200 Apache HTTP Server: mod_userdir+suexec bypass via AllowOverride FileInfo
MSRC.MICROSOFT.COM — 07 Dec 2025
⚠️
Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
MSRC.MICROSOFT.COM — 07 Dec 2025
πŸ”₯
Inside Shanya, a packer-as-a-service fueling modern attacks
SOPHOS.COM — 07 Dec 2025
πŸ”₯
CISO's Top AI Threat: Ransomware
YOUTUBE.COM — 2025-12-07
πŸ•΅οΈ
Talk: AI Coding & Cybersecurity β€” Why AI coding tools aren’t ready for production yet | Michele Magri
SH.ITJUST.WORKS — 7 Dec 2025
πŸ•΅οΈ
How bad is this?
SH.ITJUST.WORKS — 7 Dec 2025
πŸ•΅οΈ
Don’t use β€˜admin’: UK’s top 20 most-used passwords revealed as scams soar
SH.ITJUST.WORKS — 7 Dec 2025
πŸ“‘
Portugal updates cybercrime law to exempt security researchers
BLEEPINGCOMPUTER.COM — 07 Dec 2025
πŸ“‘
OpenAI denies rolling out ads on ChatGPT paid plans
BLEEPINGCOMPUTER.COM — 07 Dec 2025