VulniPulse uses Google Ads measurement to understand visits from advertisements and campaign performance. It runs cookie-free until you choose — accepting enables cookies for more accurate attribution. Rejecting keeps it cookie-free and never limits the site.
See exactly what is measuredComplete feed
Advisories the vendor has revised
fix off-by-one in multicast context address compression. Red Hat rates this moderate (CVSS 5.5). Weakness: CWE-193.
Fix NULL pointer dereference. Red Hat rates this low (CVSS 5.5).
fix leak if split 6 GHz scanning fails. Red Hat rates this low (CVSS 5.5).
Fix the ACK parser to extract the SACK table for parsing. Red Hat rates this moderate (CVSS 5.5). Weakness: CWE-125.
use kmap_local_page in netvsc_copy_to_send_buf. Red Hat rates this moderate (CVSS 5.5). Weakness: CWE-468.
fix sleep-inside-lock in __smc_setsockopt() causing local DoS. Red Hat rates this low (CVSS 5.5). Weakness: CWE-821.
don't try to setup PHY-driven SFP cages when using genphy. Red Hat rates this low (CVSS 5.5).
fix NULL dereference in get_queue_ids(). Red Hat rates this moderate (CVSS 5.5).
fix uninit-value in __sctp_rcv_asconf_lookup(). Red Hat rates this moderate (CVSS 5.5). Weakness: CWE-130.
Fix global performance monitor reference counting. Red Hat rates this moderate (CVSS 5.5).
fix use-after-free on sbi->sync_decompress. Red Hat rates this moderate (CVSS 5.5).
Release nested relation on devlink free. Red Hat rates this low (CVSS 5.5). Weakness: CWE-772.
Denial of Service via heap use-after-free. Red Hat rates this low (CVSS 3.7). Weakness: CWE-1287.
Denial of Service due to use-after-free when replacing XML attribute values. Red Hat rates this low (CVSS 3.7). Weakness: CWE-825.
Denial of Service via NULL pointer dereference. Red Hat rates this low (CVSS 2.9). Weakness: CWE-476.
Remember-me cookie isn't checked for expiry on the server. Red Hat rates this low (CVSS 3). Weakness: CWE-294.
A flaw was found in KubeVirt's downward metrics virtio-serial server. The server reads guest requests using textproto.Reader.ReadLine(), which buffers input indefinitely until a newline character is received, with no length limit or read deadline. Red Hat has rated this issue as having Low security impact. The vulnerable code runs in virt-handler, a node-level DaemonSet; however, in OpenShift Virtualization, cgroup memory limits ensure the OOM kill is contained to the virt-handler pod and does not affect the node kernel or kubelet. Running VM workloads (QEMU processes) survive independently and continue operating — only management operations (live migration, graceful shutdown, monitoring updates) are temporarily disrupted. An administrator can recover by deleting the offending VirtualMachineInstance, after which virt-handler resumes normal operation on its next restart. The attack surface is limited to VMIs that explicitly configure a downwardMetrics virtio-serial device, which is not part of the default VM configuration. The blast radius is confined to a single node. Red Hat severity: Low — CVSS 3.8 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L). Weakness: CWE-770. Affected Red Hat products: Red Hat OpenShift Virtualization 4. Red Hat does not currently list a fixing RHSA for this CVE.
In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: fix DMA address corruption due to find_vma misuse fastrpc_get_args() uses find_vma() to look up the VMA for a user-provided pointer and compute a DMA address offset. When the address falls in a gap before the returned VMA, (ptr & PAGE_MASK) - vma->vm_start underflows, corrupting the DMA address sent to the DSP. Replace find_vma() with vma_lookup(), which returns NULL when the address is not contained within any VMA. The `fastrpc_get_args()` function incorrectly calculates a Direct Memory Access (DMA) address offset for user-provided pointers. This can lead to an underflow, corrupting the DMA address sent to the Digital Signal Processor (DSP). This corruption could result in system instability or other undefined behavior. Red Hat severity: not rated. Weakness: CWE-191. Red Hat lists Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9 as not affected.
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix NULL-deref of opinfo->conn in oplock/lease break notifiers smb2_oplock_break_noti() and smb2_lease_break_noti() read opinfo->conn into a local with neither READ_ONCE() nor a NULL check. Both run from oplock_break() after opinfo_get_list() has dropped ci->m_lock, so a concurrent SMB2 LOGOFF (session_fd_check()) can set op->conn = NULL under ci->m_lock within that window. ksmbd_conn_r_count_inc(conn) then writes through NULL at offset 0xc4 -- a remotely triggerable oops. Guard both reads the way compare_guid_key() already does: read opinfo->conn with READ_ONCE() and return early if it is NULL, before allocating the work struct so nothing leaks. A NULL conn means the client is gone and the break is moot, so return 0; oplock_break() treats that as success and runs the normal teardown. This occurs because `opinfo->conn` is read without proper checks, allowing a concurrent Server Message Block (SMB2) LOGOFF to set `op->conn` to NULL. Successful exploitation leads to a kernel oops, resulting in a Denial of Service (DoS). Red Hat severity: not rated. Weakness: CWE-476. Red Hat lists Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9 as not affected.
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Clamp HDMI HDCP2 rx_id_list read to buffer size [Why & How] During HDCP 2.x repeater authentication over HDMI, the driver reads the sink's RxStatus register and extracts a 10-bit message size field (max value 1023). This value is used as the read length for the ReceiverID list without being clamped to the size of the destination buffer rx_id_list[177]. A malicious HDMI repeater could advertise a message size larger than the buffer, causing an out-of-bounds write during the I2C read. Clamp the read length in mod_hdcp_read_rx_id_list() to the size of the rx_id_list buffer, matching the approach already used in the DP branch. (cherry picked from commit 229212219e4247d9486f8ba41ef087358490be09) This could lead to an out-of-bounds write, potentially causing a denial of service or other unpredictable system behavior. Red Hat severity: not rated. Weakness: CWE-787. Red Hat lists Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9 as not affected.