VulniPulse uses Google Ads measurement to understand visits from advertisements and campaign performance. It runs cookie-free until you choose — accepting enables cookies for more accurate attribution. Rejecting keeps it cookie-free and never limits the site.
See exactly what is measuredComplete feed
4111 advisories across 32 monitored vendors.
In the Linux kernel, the following vulnerability has been resolved: net: airoha: Move ndesc initialization at end of airoha_qdma_init_rx_queue() If queue entry or DMA descriptor list allocation fails in airoha_qdma_init_rx_queue routine, airoha_qdma_cleanup() will trigger a NULL pointer dereference running netif_napi_del() for RX queue NAPIs since netif_napi_add() has never been executed to this particular RX NAPI. The issue is due to the early ndesc initialization in airoha_qdma_init_rx_queue() since airoha_qdma_cleanup() relies on ndesc value to check if the queue is properly initialized. Move page_pool allocation after descriptor list allocation in order to avoid memory leaks if desc allocation fails. A flaw was found in the Linux kernel's airoha network driver. An issue with early initialization of the ndesc variable in the airoha_qdma_init_rx_queue() routine can lead to a NULL pointer dereference during cleanup. This can result in a Denial of Service (DoS) condition. Additionally, improper ordering of page pool allocation could lead to memory leaks. Red Hat severity: not rated. Weakness: CWE-476. Red Hat lists Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9 as not affected.
In the Linux kernel, the following vulnerability has been resolved: crypto: eip93 - fix hmac setkey algo selection eip93_hmac_setkey() allocates a temporary ahash transform for computing HMAC ipad/opad key material. The allocation uses the driver-specific cra_driver_name (e.g. "sha256-eip93") but passes CRYPTO_ALG_ASYNC as the mask, which excludes async algorithms. Since the EIP93 hash algorithms are the only ones registered under those driver names and they are inherently async, the lookup is self-contradictory and always fails with -ENOENT. When called from the AEAD setkey path, this failure leaves the SA record partially initialized with zeroed digest fields.
In the Linux kernel, the following vulnerability has been resolved: power: supply: max77705: Free allocated workqueue and fix removal order Use devm interface for allocating workqueue to fix two bugs at the same time: 1. Driver leaks the memory on remove(), because the workqueue is not destroyed. 2. Driver allocates workqueue and then registers interrupt handlers with devm interface. The interrupt handler schedules work on this exact workqueue, thus if interrupt is hit in this short time window - after destroying workqueue, but before devm() frees the interrupt - the schedulled work will lead to use of freed memory. Change is not equivalent in the workqueue itself: use non-legacy API which does not set (__WQ_LEGACY | WQ_MEM_RECLAIM). The workqueue is used to update power supply (power_supply_changed()) status, thus there is no point to run it for memory reclaim. Note that dev_name() is not directly used in second argument to prevent possible unlikely parsing any "%" character in device name as format. Incorrect management of workqueues and interrupt handlers during device removal can lead to a use-after-free vulnerability. This allows for the potential use of freed memory, which could result in system instability or, in certain scenarios, arbitrary code execution. Red Hat severity: not rated. Weakness: CWE-364.
In the Linux kernel, the following vulnerability has been resolved: net: enetc: fix NTMP DMA use-after-free issue The AI-generated review reported a potential DMA use-after-free issue [1]. If netc_xmit_ntmp_cmd() times out and returns an error, the pending command is not explicitly aborted, while ntmp_free_data_mem() unconditionally frees the DMA buffer. If the buffer has already been reallocated elsewhere, this may lead to silent memory corruption. Because the hardware eventually processes the pending command and perform a DMA write of the response to the physical address of the freed buffer. To resolve this issue, this patch does the following modifications: 1. Convert cbdr->ring_lock from a spinlock to a mutex The lock was originally a spinlock in case NTMP operations might be invoked from atomic context. After downstream support for all NTMP tables, no such usage has materialized. A mutex lock is now required because the driver now needs to reclaim used BDs and release associated DMA memory within the lock's context, while dma_free_coherent() might sleep. 2. Introduce software command BD (struct netc_swcbd) The hardware write-back overwrites the addr and len fields of the BD, so the driver cannot rely on the hardware BD to free the associated DMA memory. The driver now maintains a software shadow BD storing the DMA buffer pointer, DMA address, and size.
In the Linux kernel, the following vulnerability has been resolved: nilfs2: reject zero bd_oblocknr in nilfs_ioctl_mark_blocks_dirty() nilfs_ioctl_mark_blocks_dirty() uses bd_oblocknr to detect dead blocks by comparing it with the current block number bd_blocknr. If they differ, the block is considered dead and skipped. However, bd_oblocknr should never be 0 since block 0 typically stores the primary superblock and is never a valid GC target block. A corrupted ioctl request with bd_oblocknr set to 0 causes the comparison to incorrectly match when the lookup returns -ENOENT and sets bd_blocknr to 0, bypassing the dead block check and calling nilfs_bmap_mark() on a non-existent block. This causes nilfs_btree_do_lookup() to return -ENOENT, triggering the WARN_ON(ret == -ENOENT). Fix this by rejecting ioctl requests with bd_oblocknr set to 0 at the beginning of each iteration. [ryusuke: slightly modified the commit message and comments for accuracy] A local attacker could exploit this vulnerability by sending a specially crafted input/output control (ioctl) request to the `nilfs_ioctl_mark_blocks_dirty()` function. By providing a zero block number, the attacker can bypass a critical dead block check, causing the system to attempt operations on a non-existent block. This ultimately leads to a system crash, resulting in a Denial of Service (DoS). Red Hat severity: not rated.
In the Linux kernel, the following vulnerability has been resolved: pinctrl: pinconf-generic: Fully validate 'pinmux' property The pinconf_generic_parse_dt_pinmux() assumes that the 'pinmux' property is not empty when present. This might be not true. With that, the allocator will give a special value in return and not NULL which lead to the crash when trying to access that (invalid) memory. Fix that by fully validating 'pinmux' value, including its length. An attacker could provide an empty 'pinmux' property, which would cause the system to crash due to invalid memory access. This could lead to a denial of service. Red Hat severity: not rated. Weakness: CWE-824. Red Hat lists Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9 as not affected.
In the Linux kernel, the following vulnerability has been resolved: f2fs: protect extension_list reading with sb_lock in f2fs_sbi_show() In f2fs_sbi_show(), the extension_list, extension_count and hot_ext_count are read without holding sbi->sb_lock. If a concurrent sysfs store modifies the extension list via f2fs_update_extension_list(), the show path may read inconsistent count and array contents, potentially leading to out-of-bounds access or displaying stale data. Fix this by holding sb_lock around the entire extension list read and format operation. It occurs because the `extension_list` and related counts are read without proper synchronization, enabling a concurrent system file system (sysfs) store operation to modify the list while it is being accessed. This inconsistency can lead to system instability or incorrect information being presented. Red Hat severity: not rated. Weakness: CWE-366. Red Hat lists Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9 as not affected.
In the Linux kernel, the following vulnerability has been resolved: blk-wbt: remove WARN_ON_ONCE from wbt_init_enable_default() wbt_init_enable_default() uses WARN_ON_ONCE to check for failures from wbt_alloc() and wbt_init(). However, both are expected failure paths: - wbt_alloc() can return NULL under memory pressure (-ENOMEM) - wbt_init() can fail with -EBUSY if wbt is already registered syzbot triggers this by injecting memory allocation failures during MTD partition creation via ioctl(BLKPG), causing a spurious warning. wbt_init_enable_default() is a best-effort initialization called from blk_register_queue() with a void return type. Failure simply means the disk operates without writeback throttling, which is harmless. Replace WARN_ON_ONCE with plain if-checks, consistent with how wbt_set_lat() in the same file already handles these failures. Add a pr_warn() for the wbt_init() failure to retain diagnostic information without triggering a full stack trace. A flaw was found in the Linux kernel's block writeback throttling (blk-wbt) component. The `wbt_init_enable_default()` function used a warning mechanism (WARN_ON_ONCE) for expected failure paths during memory allocation or if writeback throttling was already registered. Red Hat severity: not rated. Weakness: CWE-544.
Use after free in AdFilter. Red Hat rates this important (CVSS 9.6). Weakness: CWE-825.
Package Import Signature Validation Bypass Allows Self-Signed Packages. Red Hat rates this important (CVSS 8.8). Weakness: CWE-347.
Integer overflow in Mojo. Red Hat rates this important (CVSS 8.7). Weakness: CWE-190.
A flaw was found in Rekor. The `Package.Unmarshal()` function, which processes Alpine Package Keep (APK) files, decompresses gzip streams without limiting the total decompressed size. A remote attacker can exploit this by crafting a malicious APK file with a high compression ratio, causing the server to consume excessive memory. This leads to a Denial of Service (DoS) through an out-of-memory (OOM) error, and can be triggered via unauthenticated API endpoints. The Alpine APK parsing logic decompresses gzip members without bounding total decompressed size, allowing a decompression bomb to cause out-of-memory conditions via unauthenticated API endpoints. This vulnerability is server-side only, affecting the Rekor server's APK entry processing. Products that import github.com/sigstore/rekor as a Go client library are not affected, as the vulnerable code path (Package.Unmarshal in pkg/types/alpine/apk.go) is only reachable through the Rekor server's HTTP API handlers. Red Hat severity: Important — CVSS 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Weakness: CWE-770. Affected Red Hat products: Red Hat Hardened Images; Red Hat Trusted Artifact Signer. Under investigation: Multicluster Engine for Kubernetes.
Remote Code Execution via NTLM Authentication Stack Buffer Overflow. Red Hat rates this important (CVSS 7.5). Weakness: CWE-120.
pnpm is a package manager. Prior to 10.33.4 and 11.0.7, a malicious codeload.github.com server can serve whatever tarball it wants and pnpm will install it regardless of the lockfile. The lockfile does not store the hash of the dependencies from https://codeload.github.com. This means that if this server was compromised or a person's machine configuration was compromised, pnpm would download and install these dependencies. This vulnerability is fixed in 10.33.4 and 11.0.7. This vulnerability allows a remote attacker to serve malicious software packages if the `codeload.github.com` server is compromised or a user's machine configuration is tampered with. This could lead to the installation of unverified and potentially malicious code, resulting in arbitrary code execution on the affected system. This Important vulnerability in pnpm, as shipped in Red Hat products, exposes users to supply chain attacks by failing to verify the integrity of dependencies sourced from `codeload.github.com`. This risk is heightened in environments where developers rely on GitHub git dependencies without additional integrity checks. Red Hat severity: Important — CVSS 7.5 (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H). Weakness: CWE-494. Affected Red Hat products: Red Hat Build of Keycloak.
pnpm is a package manager. During install, pnpm later uses that alias as a filesystem path when linking dependency nodes. This vulnerability is fixed in 10.34.0 and 11.4.0. This vulnerability allows a malicious registry package to include specially crafted dependency aliases that contain path traversal segments. During the installation process, pnpm incorrectly processes these aliases, which can lead to the replacement of legitimate project paths with symbolic links (symlinks) pointing to directories controlled by an attacker. This could enable an attacker to execute arbitrary code or manipulate project files, severely impacting the integrity and security of the project. During installation, even with `--ignore-scripts`, specially crafted dependency aliases can lead to path traversal, replacing legitimate project files with symlinks to attacker-controlled directories. This bypasses expected security measures and can compromise the integrity of a project when subsequent commands are executed. Red Hat severity: Important — CVSS 8 (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H). Weakness: CWE-22. Affected Red Hat products: Red Hat Build of Keycloak. Red Hat lists Red Hat AMQ Broker 7; Red Hat JBoss Enterprise Application Platform 8; Red Hat JBoss Enterprise Application Platform Expansion Pack as not affected. Red Hat does not currently list a fixing RHSA for this CVE.
pnpm is a package manager. An attacker who contributes a malicious patch file via a pull request can write attacker-controlled content to or delete arbitrary files on the filesystem during pnpm install, as the user running the install. The diff --git header paths containing ../../ sequences traverse out of the package directory, and the traversal is difficult to catch in code review because patch file diff headers are opaque to most reviewers. This vulnerability is fixed in 10.34.0 and 11.4.0. A flaw was found in pnpm. During the pnpm install process, the patch application pipeline fails to validate file paths extracted from these patch files. This allows the attacker to write or delete arbitrary files on the filesystem, potentially leading to arbitrary code execution or privilege escalation on the system where pnpm install is executed. This is due to insufficient path validation within the patch application pipeline, allowing directory traversal and potentially leading to arbitrary code execution or privilege escalation on the system where the installation is performed. Red Hat severity: Important — CVSS 7.3 (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H). Weakness: CWE-22. Affected Red Hat products: Red Hat Build of Keycloak.
pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm's tarball extraction worker skips integrity verification when the integrity field is absent from the lockfile resolution. This vulnerability is fixed in 10.34.0 and 11.4.0. This can lead to the execution of arbitrary code or other malicious activities on the system. This poses a significant risk in environments where both lockfile modification and registry control are possible, leading to potential arbitrary code execution. Red Hat severity: Important — CVSS 7.5 (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H). Weakness: CWE-494. Affected Red Hat products: Red Hat Build of Keycloak. Red Hat lists Red Hat AMQ Broker 7; Red Hat JBoss Enterprise Application Platform 8; Red Hat JBoss Enterprise Application Platform Expansion Pack as not affected. Red Hat does not currently list a fixing RHSA for this CVE.
Unauthorized file modification via crafted package manifest. Red Hat rates this important (CVSS 7.1). Weakness: CWE-22.
pnpm is a package manager. Before the patch, direct pnpm execution trusted an already resolved packageManagerDependencies entry when the committed env lockfile contained matching pnpm and @pnpm/exe versions. This vulnerability is fixed in 10.34.2 and 11.5.3. This can cause pnpm to install and execute attacker-controlled code during automatic version switching. This can lead to the execution of attacker-controlled code when pnpm is used to install dependencies from such a repository, posing a significant supply chain risk. Red Hat severity: Important — CVSS 8.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). Weakness: CWE-502. Affected Red Hat products: Red Hat Build of Keycloak. Red Hat lists Red Hat AMQ Broker 7; Red Hat JBoss Enterprise Application Platform 8; Red Hat JBoss Enterprise Application Platform Expansion Pack as not affected. Red Hat does not currently list a fixing RHSA for this CVE.
pnpm is a package manager. Prior to 10.34.2 and 11.5.3, pnpm can install configDependencies declared in pnpm-workspace.yaml before command dispatch. Before the patch, a repository could declare pacquet or @pnpm/pacquet as a config dependency and pnpm treated that repository-controlled dependency as an install-engine opt-in. During install, pnpm resolved a platform-specific @pacquet/<platform>-<arch>/pacquet binary from node_modules/.pnpm-config/<packageName> and spawned it as the developer or CI user. This vulnerability is fixed in 10.34.2 and 11.5.3. A remote attacker could exploit this vulnerability by crafting a malicious repository that declares a configDependency in its pnpm-workspace.yaml file. When a user installs packages from this repository, pnpm improperly treats the declared dependency as an install-engine opt-in, leading to the execution of a malicious binary. This allows for arbitrary code execution on the system of the developer or continuous integration (CI) user. A remote attacker could exploit this by crafting a malicious repository that, when used by a developer or CI system, leads to the execution of a malicious binary. This vulnerability arises from pnpm's improper handling of `configDependencies` declared in `pnpm-workspace.yaml`, allowing an untrusted repository to opt into a native install engine.