🐛 COMMON VULNERABILITIES AND EXPOSURES 272[−]
7 DecCVE-2025-39764 netfilter: ctnetlink: remove refcounting in expectation dumpersInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2025-39779 btrfs: subpage: keep TOWRITE tag until folio is cleanedInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2025-39754 mm/smaps: fix race between smaps_hugetlb_range and migrationInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2025-39746 wifi: ath10k: shutdown driver when hardware is unreliableInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2025-39747 drm/msm: Add error handling for krealloc in metadata setupInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2025-39789 crypto: x86/aegis - Add missing error checksInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2025-39748 bpf: Forget ranges when refining tnum after JSETInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2025-39805 net: macb: fix unregister_netdev call order in macb_remove()Information published.MSRC.MICROSOFT.COM
7 DecCVE-2025-39850 vxlan: Fix NPD in {arp,neigh}_reduce() when using nexthop objectsInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2025-39859 ptp: ocp: fix use-after-free bugs causing by ptp_ocp_watchdogInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2025-58354 Kata Containers coco-tdx malicious host can circumvent initdata verificationInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2025-38717 net: kcm: Fix race condition in kcm_unattach()Information published.MSRC.MICROSOFT.COM
7 DecCVE-2025-38704 rcu/nocb: Fix possible invalid rdp's->nocb_cb_kthread pointer accessInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2025-39705 drm/amd/display: fix a Null pointer dereference vulnerabilityInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2025-39677 net/sched: Fix backlog accounting in qdisc_dequeue_internalInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2025-39707 drm/amdgpu: check if hubbub is NULL in debugfs/amdgpu_dm_capabilitiesInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2025-39851 vxlan: Fix NPD when refreshing an FDB entry with a nexthop objectInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2025-39862 wifi: mt76: mt7915: fix list corruption after hardware restartInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2025-46152 In PyTorch before 2.7.0, bitwise_right_shift produces incorrect output for certain out-of-bounds values of the "other" argument.Information published.MSRC.MICROSOFT.COM
7 DecCVE-2024-26672 drm/amdgpu: Fix variable 'mca_funcs' dereferenced before NULL check in 'amdgpu_mca_smu_get_mca_entry()'Information published.MSRC.MICROSOFT.COM
7 DecCVE-2024-26757 md: Don't ignore read-only array in md_check_recovery()Information published.MSRC.MICROSOFT.COM
7 DecCVE-2024-26758 md: Don't ignore suspended array in md_check_recovery()Information published.MSRC.MICROSOFT.COM
7 DecCVE-2024-26756 md: Don't register sync_thread for reshape directlyInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2024-26914 drm/amd/display: fix incorrect mpc_combine array sizeInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2024-24856 NULL pointer deference in acpi_db_convert_to_package of Linux acpi moduleInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2023-52586 drm/msm/dpu: Add mutex lock in control vblank irqInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2023-52624 drm/amd/display: Wake DMCUB before executing GPINT commandsInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2025-37907 accel/ivpu: Fix locking order in ivpu_job_submitInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2025-37942 HID: pidff: Make sure to fetch pool before checking SIMULTANEOUS_MAXInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2025-37834 mm/vmscan: don't try to reclaim hwpoison folioInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2025-37870 drm/amd/display: prevent hang on link training failInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2025-37920 xsk: Fix race condition in AF_XDP generic RX pathInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2025-37826 scsi: ufs: core: Add NULL check in ufshcd_mcq_compl_pending_transfer()Information published.MSRC.MICROSOFT.COM
7 DecCVE-2025-37745 PM: hibernate: Avoid deadlock in hibernate_compressor_param_set()Information published.MSRC.MICROSOFT.COM
7 DecCVE-2025-37856 btrfs: harden block_group::bg_list against list_del() racesInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2025-37882 usb: xhci: Fix isochronous Ring Underrun/Overrun event handlingInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2025-37822 riscv: uprobes: Add missing fence.i after building the XOL bufferInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2025-37945 net: phy: allow MDIO bus PM ops to start/stop state machine for phylink-controlled PHYInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2025-37861 scsi: mpi3mr: Synchronous access b/w reset and tm thread for reply queueInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2025-37807 bpf: Fix kmemleak warning for percpu hashmapInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2025-37747 perf: Fix hang while freeing sigtrap eventInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2025-37750 smb: client: fix UAF in decryption with multichannelInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2024-35808 md/dm-raid: don't call md_reap_sync_thread() directlyInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2024-35931 drm/amdgpu: Skip do PCI error slot reset during RAS recoveryInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2024-36024 drm/amd/display: Disable idle reallow as part of command/gpint executionInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2024-35794 dm-raid: really frozen sync_thread during suspendInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2024-57872 scsi: ufs: pltfrm: Dellocate HBA during ufshcd_pltfrm_remove()Information published.MSRC.MICROSOFT.COM
7 DecCVE-2024-56775 drm/amd/display: Fix handling of plane refcountInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2024-57875 block: RCU protect disk->conv_zones_bitmapInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2024-57804 scsi: mpi3mr: Fix corrupt config pages PHY state is switched in sysfsInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2024-57898 wifi: cfg80211: clear link ID from bitmap during link delete after clean upInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2025-21635 rds: sysctl: rds_tcp_{rcv,snd}buf: avoid using current->nsproxyInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2025-21682 eth: bnxt: always recalculate features after XDP clearing, fix null-derefInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2024-57809 PCI: imx6: Fix suspend/resume support on i.MX6QDLInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2024-56782 ACPI: x86: Add adev NULL check to acpi_quirk_skip_serdev_enumeration()Information published.MSRC.MICROSOFT.COM
7 DecCVE-2024-47794 bpf: Prevent tailcall infinite loop caused by freplaceInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2024-57857 RDMA/siw: Remove direct link to net_deviceInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2024-53050 drm/i915/hdcp: Add encoder check in hdcp2_get_capabilityInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2024-53089 LoongArch: KVM: Mark hrtimer to expire in hard interrupt contextInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2024-50177 drm/amd/display: fix a UBSAN warning in DML2.1Information published.MSRC.MICROSOFT.COM
7 DecCVE-2024-50217 btrfs: fix use-after-free of block device file in __btrfs_free_extra_devids()Information published.MSRC.MICROSOFT.COM
7 DecCVE-2025-21696 mm: clear uffd-wp PTE/PMD state on mremap()Information published.MSRC.MICROSOFT.COM
7 DecCVE-2025-21768 net: ipv6: fix dst ref loops in rpl, seg6 and ioam6 lwtunnelsInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2024-57974 udp: Deal with race between UDP socket address change and rehashInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2024-57994 ptr_ring: do not block hard interrupts in ptr_ring_resize_multiple()Information published.MSRC.MICROSOFT.COM
7 DecCVE-2025-21801 net: ravb: Fix missing rtnl lock in suspend/resume pathInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2024-57976 btrfs: do proper folio cleanup when cow_file_range() failedInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2025-21732 RDMA/mlx5: Fix a race for an ODP MR which leads to CQE with errorInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2025-21786 workqueue: Put the pwq after detaching the rescuer from the poolInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2025-21693 mm: zswap: properly synchronize freeing resources during CPU hotunplugInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2024-58006 PCI: dwc: ep: Prevent changing BAR size/flags in pci_epc_set_bar()Information published.MSRC.MICROSOFT.COM
7 DecCVE-2024-23848 In the Linux kernel through 6.7.1, there is a use-after-free in cec_queue_msg_fh, related to drivers/media/cec/core/cec-adap.c and drivers/media/cec/core/cec-api.c.Information published.MSRC.MICROSOFT.COM
7 DecCVE-2024-42107 ice: Don't process extts if PTP is disabledInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2024-42064 drm/amd/display: Skip pipe if the pipe idx not set properlyInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2024-42065 drm/xe: Add a NULL check in xe_ttm_stolen_mgr_initInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2024-42066 drm/xe: Fix potential integer overflow in page size calculationInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2024-41045 bpf: Defer work in bpf_timer_cancel_and_freeInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2024-42151 bpf: mark bpf_dummy_struct_ops.test_1 parameter as nullableInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2024-41008 drm/amdgpu: change vm->task_info handlingInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2024-41082 nvme-fabrics: use reserved tag for reg read/write commandInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2024-40999 net: ena: Add validation for completion descriptors consistencyInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2024-42118 drm/amd/display: Do not return negative stream id for arrayInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2024-39478 crypto: starfive - Do not free stack bufferInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2024-41067 btrfs: scrub: handle RST lookup error correctlyInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2024-42081 drm/xe/xe_devcoredump: Check NULL before assignmentsInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2025-38333 f2fs: fix to bail out in get_new_segment()Information published.MSRC.MICROSOFT.COM
7 DecCVE-2025-38201 netfilter: nft_set_pipapo: clamp maximum map bucket size to INT_MAXInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2025-38426 drm/amdgpu: Add basic validation for RAS headerInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2025-38232 NFSD: fix race between nfsd registration and exports_procInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2025-38359 s390/mm: Fix in_atomic() handling in do_secure_storage_access()Information published.MSRC.MICROSOFT.COM
7 DecCVE-2025-38361 drm/amd/display: Check dce_hwseq before dereferencing itInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2025-38264 nvme-tcp: sanitize request list handlingInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2025-38248 bridge: mcast: Fix use-after-free during router port configurationInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2025-38125 net: stmmac: make sure that ptp_rate is not 0 before configuring ESTInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2025-38162 netfilter: nft_set_pipapo: prevent overflow in lookup table allocationInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2025-38303 Bluetooth: eir: Fix possible crashes on eir_create_adv_dataInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2025-38279 bpf: Do not include stack ptr register in precision backtracking bookkeepingInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2025-38269 btrfs: exit after state insertion failure at btrfs_convert_extent_bit()Information published.MSRC.MICROSOFT.COM
7 DecCVE-2025-38096 wifi: iwlwifi: don't warn when if there is a FW errorInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2025-38272 net: dsa: b53: do not enable EEE on bcm63xxInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2024-58266 The shlex crate before 1.2.1 for Rust allows unquoted and unescaped instances of the { and \xa0 characters, which may facilitate command injection.Information published.MSRC.MICROSOFT.COM
7 DecCVE-2025-38140 dm: limit swapping tables for devices with zone write plugsInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2024-43901 drm/amd/display: Fix NULL pointer dereference for DTN log in DCN401Information published.MSRC.MICROSOFT.COM
7 DecCVE-2024-43899 drm/amd/display: Fix null pointer deref in dcn20_resource.cInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2024-43826 nfs: pass explicit offset/count to trace eventsInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2024-43872 RDMA/hns: Fix soft lockup under heavy CEQE loadInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2024-43819 kvm: s390: Reject memory region operations for ucontrol VMsInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2024-42317 mm/huge_memory: avoid PMD-size page cache if neededInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2023-26819 cJSON 1.7.15 might allow a denial of service via a crafted JSON document such as {"a": true, "b": [ null,9999999999999999999999999999999999999999999999912345678901234567]}.Information published.MSRC.MICROSOFT.COM
7 DecCVE-2025-21976 fbdev: hyperv_fb: Allow graceful removal of framebufferInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2025-22107 net: dsa: sja1105: fix kasan out-of-bounds warning in sja1105_table_delete_entry()Information published.MSRC.MICROSOFT.COM
7 DecCVE-2025-22113 ext4: avoid journaling sb update on error if journal is destroyingInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2025-22108 bnxt_en: Mask the bd_cnt field in the TX BD properlyInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2025-22070 fs/9p: fix NULL pointer dereference on mkdirInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2025-21961 eth: bnxt: fix truesize for mb-xdp-pass caseInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2025-22105 bonding: check xdp prog when set bond modeInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2025-21985 drm/amd/display: Fix out-of-bound accessesInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2025-22115 btrfs: fix block group refcount race in btrfs_create_pending_block_groups()Information published.MSRC.MICROSOFT.COM
7 DecCVE-2025-22111 net: Remove RTNL dance for SIOCBRADDIF and SIOCBRDELIF.Information published.MSRC.MICROSOFT.COM
7 DecCVE-2025-21927 nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu()Information published.MSRC.MICROSOFT.COM
7 DecCVE-2025-21949 LoongArch: Set hugetlb mmap base address aligned with pmd sizeInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2025-22022 usb: xhci: Apply the link chain quirk on NEC isoc endpointsInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2025-23131 dlm: prevent NPD when writing a positive value to event_doneInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2025-21907 mm: memory-failure: update ttu flag inside unmap_poisoned_folioInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2025-22124 md/md-bitmap: fix wrong bitmap_limit for clustermd when write sbInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2025-23135 RISC-V: KVM: Teardown riscv specific bits after kvm_exitInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2025-46327 Go Snowflake Driver has race condition when checking access to Easy Logging configuration fileInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2025-22121 ext4: fix out-of-bound read in ext4_xattr_inode_dec_ref_all()Information published.MSRC.MICROSOFT.COM
7 DecCVE-2025-22026 nfsd: don't ignore the return code of svc_proc_register()Information published.MSRC.MICROSOFT.COM
7 DecCVE-2025-40325 md/raid10: wait barrier before returning discard request with REQ_NOWAITInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2024-58251 In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv[0] containing an ANSI terminal escape sequence, leading to a denial of service (terminal locked up) when netstat is used by a victim.Information published.MSRC.MICROSOFT.COM
7 DecCVE-2025-46394 In tar in BusyBox through 1.37.0, a TAR archive can have filenames hidden from a listing through the use of terminal escape sequences.Information published.MSRC.MICROSOFT.COM
7 DecCVE-2025-37860 sfc: fix NULL dereferences in ef100_process_design_param()Information published.MSRC.MICROSOFT.COM
7 DecCVE-2025-38104 drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to avoid Priority Inversion in SRIOVInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2025-39932 smb: client: let smbd_destroy() call disable_work_sync(&info->post_send_credits_work)Information published.MSRC.MICROSOFT.COM
7 DecCVE-2025-40084 ksmbd: transport_ipc: validate payload size before reading handleInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2025-40083 net/sched: sch_qfq: Fix null-deref in agg_dequeueInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2025-40104 ixgbevf: fix mailbox API compatibility by negotiating supported featuresInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2025-12464 Qemu-kvm: stack buffer overflow in e1000 device via short frames in loopback modeInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2025-39927 ceph: fix race condition validating r_parent before applying stateInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2025-39901 i40e: remove read access to debugfs filesInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2025-39905 net: phylink: add lock for serializing concurrent pl->phydev writes with resolverInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2025-39940 dm-stripe: fix a possible integer overflowInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2025-39990 bpf: Check the helper function is valid in get_helper_protoInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2025-40003 net: mscc: ocelot: Fix use-after-free caused by cyclic delayed workInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2025-40001 scsi: mvsas: Fix use-after-free bugs in mvs_work_queueInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2025-40019 crypto: essiv - Check ssize for decryption and in-place encryptionInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2025-40085 ALSA: usb-audio: Fix NULL pointer deference in try_to_register_cardInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2025-61725 Excessive CPU consumption in ParseAddress in net/mailInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2025-58187 Quadratic complexity when checking name constraints in crypto/x509Information published.MSRC.MICROSOFT.COM
7 DecCVE-2025-40103 smb: client: Fix refcount leak for cifs_sb_tlinkInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2025-40087 NFSD: Define a proc_layoutcommit for the FlexFiles layout typeInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2025-40096 drm/sched: Fix potential double free in drm_sched_job_add_resv_dependenciesInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2025-40102 KVM: arm64: Prevent access to vCPU events before initInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2025-40100 btrfs: do not assert we found block group item when creating free space treeInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2025-40105 vfs: Don't leak disconnected dentries on umountInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2025-40099 cifs: parse_dfs_referrals: prevent oob on malformed inputInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2024-46834 ethtool: fail closed if we can't get max channel used in indirection tablesInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2024-44951 serial: sc16is7xx: fix TX fifo corruptionInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2024-46730 drm/amd/display: Ensure array index tg_inst won't be -1Information published.MSRC.MICROSOFT.COM
7 DecCVE-2024-46727 drm/amd/display: Add otg_master NULL check within resource_log_pipe_topology_updateInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2024-46754 bpf: Remove tst_run from lwt_seg6local_prog_ops.Information published.MSRC.MICROSOFT.COM
7 DecCVE-2022-4543 A flaw named "EntryBleed" was found in the Linux Kernel Page Table Isolation (KPTI). This issue could allow a local attacker to leak KASLR base via prefetch side-channels based on TLB timing for Intel systems.Information published.MSRC.MICROSOFT.COM
7 DecCVE-2024-38595 net/mlx5: Fix peer devlink set for SF representor devlink portInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2024-47702 bpf: Fail verification for sign-extension of packet data/data_end/data_metaInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2024-47662 drm/amd/display: Remove register from DCN35 DMCUB diagnostic collectionInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2024-49940 l2tp: prevent possible tunnel refcount underflowInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2024-49932 btrfs: don't readahead the relocation inode on RSTInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2024-49893 drm/amd/display: Check stream_status before it is usedInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2024-49972 drm/amd/display: Deallocate DML memory if allocation failsInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2024-49945 net/ncsi: Disable the ncsi work before freeing the associated structureInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2024-49920 drm/amd/display: Check null pointers before multiple usesInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2024-47661 drm/amd/display: Avoid overflow from uint32_t to uint8_tInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2024-49904 drm/amdgpu: add list empty check to avoid null pointer issueInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2024-50028 thermal: core: Reference count the zone in thermal_zone_get_by_id()Information published.MSRC.MICROSOFT.COM
7 DecCVE-2024-49968 ext4: filesystems without casefold feature cannot be mounted with siphashInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2024-49922 drm/amd/display: Check null pointers before using themInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2024-46870 drm/amd/display: Disable DMCUB timeout for DCN35Information published.MSRC.MICROSOFT.COM
7 DecCVE-2024-49971 drm/amd/display: Increase array size of dummy_booleanInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2024-49921 drm/amd/display: Check null pointers before usedInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2025-38660 [ceph] parse_longname(): strrchr() expects NUL-terminated stringInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2025-38627 f2fs: compress: fix UAF of f2fs_inode_info in f2fs_free_dicInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2025-38636 rv: Use strings in da monitors tracepointsInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2025-38531 iio: common: st_sensors: Fix use of uninitialize device structsInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2025-38591 bpf: Reject narrower access to pointer ctx fieldsInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2025-38656 wifi: iwlwifi: Fix error code in iwl_op_mode_dvm_start()Information published.MSRC.MICROSOFT.COM
7 DecCVE-2025-38585 staging: media: atomisp: Fix stack buffer overflow in gmin_get_var_int()Information published.MSRC.MICROSOFT.COM
7 DecCVE-2025-38556 HID: core: Harden s32ton() against conversion to 0 bitsInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2023-52485 drm/amd/display: Wake DMCUB before sending a commandInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2024-25740 A memory leak flaw was found in the UBI driver in drivers/mtd/ubi/attach.c in the Linux kernel through 6.7.4 for UBI_IOCATT, because kobj->name is not released.Information published.MSRC.MICROSOFT.COM
7 DecCVE-2024-1151 Kernel: stack overflow problem in open vswitch kernel module leading to dosInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2024-53201 drm/amd/display: Fix null check for pipe_ctx->plane_state in dcn20_program_pipeInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2024-56647 net: Fix icmp host relookup triggering ip_rt_bugInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2024-53114 x86/CPU/AMD: Clear virtualized VMLOAD/VMSAVE on Zen4 clientInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2024-53219 virtiofs: use pages instead of pointer for kernel direct IOInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2024-56712 udmabuf: fix memory leak on last export_udmabuf() error pathInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2024-56591 Bluetooth: hci_conn: Use disable_delayed_work_syncInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2024-53133 drm/amd/display: Handle dml allocation failure to avoid crashInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2025-38022 RDMA/core: Fix "KASAN: slab-use-after-free Read in ib_register_device" problemInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2025-38041 clk: sunxi-ng: h616: Reparent GPU clock during frequency changesInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2025-38011 drm/amdgpu: csa unmap use uninterruptible lockInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2025-38029 kasan: avoid sleepable page allocation from atomic contextInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2025-38073 block: fix race between set_blocksize and read pathsInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2025-38064 virtio: break and reset virtio devices on device_shutdown()Information published.MSRC.MICROSOFT.COM
7 DecCVE-2025-21825 bpf: Cancel the running bpf_timer through kworker for PREEMPT_RTInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2024-58089 btrfs: fix double accounting race when btrfs_run_delalloc_range() failedInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2025-21892 RDMA/mlx5: Fix the recovery flow of the UMR QPInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2025-21885 RDMA/bnxt_re: Fix the page details for the srq created by kernel consumersInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2024-7598 Network restriction bypass via race condition during namespace terminationInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2025-29923 go-redis allows potential out of order responses when `CLIENT SETINFO` times out during connection establishmentInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2025-21888 RDMA/mlx5: Fix a WARN during dereg_mr for DM typeInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2025-21870 ASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiersInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2025-52881 runc: LSM labels can be bypassed with malicious config using dummy procfs filesInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2025-40149 tls: Use __sk_dst_get() and dst_dev_rcu() in get_netdev_for_sock().Information published.MSRC.MICROSOFT.COM
7 DecCVE-2025-64329 containerd CRI server: Host memory exhaustion through Attach goroutine leakInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2025-40110 drm/vmwgfx: Fix a null-ptr access in the cursor snooperInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2025-40111 drm/vmwgfx: Fix Use-after-free in validationInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2025-60876 BusyBox wget thru 1.3.7 accepted raw CR (0x0D)/LF (0x0A) and other C0 control bytes in the HTTP request-target (path/query), allowing the request line to be split and attacker-controlled headers to be injected. To preserve the HTTP/1.1 request-line shape METHOD SP request-target SP HTTP/1.1, a raw space (0x20) in the request-target must also be rejected (clients should use %20).Information published.MSRC.MICROSOFT.COM
7 DecCVE-2025-40167 ext4: detect invalid INLINE_DATA + EXTENTS flag combinationInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2025-40139 smc: Use __sk_dst_get() and dst_dev_rcu() in in smc_clc_prfx_set().Information published.MSRC.MICROSOFT.COM
7 DecCVE-2025-40146 blk-mq: fix potential deadlock while nr_requests grownInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2025-40164 usbnet: Fix using smp_processor_id() in preemptible code warningsInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2025-40168 smc: Use __sk_dst_get() and dst_dev_rcu() in smc_clc_prfx_match().Information published.MSRC.MICROSOFT.COM
7 DecCVE-2025-40173 net/ip6_tunnel: Prevent perpetual tunnel growthInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2025-40170 net: use dst_dev_rcu() in sk_setup_caps()Information published.MSRC.MICROSOFT.COM
7 DecCVE-2025-40176 tls: wait for pending async decryptions if tls_strp_msg_hold failsInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2025-40179 ext4: verify orphan file size is not too bigInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2025-40180 mailbox: zynqmp-ipi: Fix out-of-bounds access in mailbox cleanup loopInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2025-40198 ext4: avoid potential buffer over-read in parse_apply_sb_mount_options()Information published.MSRC.MICROSOFT.COM
7 DecCVE-2025-40207 media: v4l2-subdev: Fix alloc failure check in v4l2_subdev_call_state_try()Information published.MSRC.MICROSOFT.COM
7 DecCVE-2025-40200 Squashfs: reject negative file sizes in squashfs_read_inode()Information published.MSRC.MICROSOFT.COM
7 DecCVE-2025-40195 mount: handle NULL values in mnt_ns_release()Information published.MSRC.MICROSOFT.COM
7 DecCVE-2025-40187 net/sctp: fix a null dereference in sctp_disposition sctp_sf_do_5_1D_ce()Information published.MSRC.MICROSOFT.COM
7 DecCVE-2025-40178 pid: Add a judgment for ns null in pid_nr_nsInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2025-40201 kernel/sys.c: fix the racy usage of task_lock(tsk->group_leader) in sys_prlimit64() pathsInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2025-40190 ext4: guard against EA inode refcount underflow in xattr updateInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2025-40194 cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request()Information published.MSRC.MICROSOFT.COM
7 DecCVE-2025-40205 btrfs: avoid potential out-of-bounds in btrfs_encode_fh()Information published.MSRC.MICROSOFT.COM
7 DecCVE-2025-40206 netfilter: nft_objref: validate objref and objrefmap expressionsInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2025-40197 media: mc: Clear minor number before put deviceInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2025-40192 Revert "ipmi: fix msg stack when IPMI is disconnected"Information published.MSRC.MICROSOFT.COM
7 DecCVE-2025-40193 xtensa: simdisk: add input size check in proc_write_simdiskInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2025-40204 sctp: Fix MAC comparison to be constant-timeInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2025-40202 ipmi: Rework user message limit handlingInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2025-12748 Libvirt: denial of service in xml parsingInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2025-64324 KubeVirt Vulnerable to Arbitrary Host File Read and WriteInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2025-13193 Libvirt: information disclosure via world-readable vm snapshotsInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2025-65082 Apache HTTP Server: CGI environment variable overrideInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2025-59775 Apache HTTP Server: NTLM Leakage on Windows through UNC SSRFInformation published.MSRC.MICROSOFT.COM
7 DecCVE-2025-66200 Apache HTTP Server: mod_userdir+suexec bypass via AllowOverride FileInfoInformation published.MSRC.MICROSOFT.COM
⚠️ VULNERABILITY DISCLOSURE 1[−]
🔥 INCIDENT REPORTING 2[−]
7 DecInside Shanya, a packer-as-a-service fueling modern attacksThe ransomware scene gains another would-be EDR killerSOPHOS.COM
7 DecCISO's Top AI Threat: RansomwareJessica Hoffman and Sandy Dunn delve into the challenges faced by CISOs in defending against AI adversaries. Sandy highlights the persistent threat of ransomware and the emerging concerns around LLM-enabled malware, as demonstrated at DEFCON. Discover how a simple power cable can…YOUTUBE.COM
🕵️ THREAT INTELLIGENCE 3[−]
7 DecTalk: AI Coding & Cybersecurity — Why AI coding tools aren’t ready for production yet | Michele Magrisubmitted by boredsquirrel to cybersecurity 2 points | 0 comments https://www.youtube.com/watch?v=w5izvNoA3wISH.ITJUST.WORKS
7 DecHow bad is this?submitted by PriorityMotif to cybersecurity 4 points | 1 comments On a job application site for my local government it reveals if a specific social security has been used or not on that site. The site is very outdated.SH.ITJUST.WORKS
7 DecDon’t use ‘admin’: UK’s top 20 most-used passwords revealed as scams soarsubmitted by cyrano to cybersecurity 2 points | 0 comments https://www.theguardian.com/money/2025/dec/07/uk-top-20-most-used-passwords-scams-cybersecurity cross-posted from: sh.itjust.works/post/51134999 It is a hacker’s dream. Even in the face of repeated warnings to protect onl…SH.ITJUST.WORKS
📡 INFOSEC NEWS 2[−]
7 DecPortugal updates cybercrime law to exempt security researchersPortugal has modified its cybercrime law to establish a legal safe harbor for good-faith security research and to make hacking non-punishable under certain strict conditions. [...]BLEEPINGCOMPUTER.COM
7 DecOpenAI denies rolling out ads on ChatGPT paid plansChatGPT is allegedly showing ads to those who pay $20 for the Plus subscription, but OpenAI says this is an app recommendation feature, not an ad. [...]BLEEPINGCOMPUTER.COM