Medium
CVSS: 5.5
Yayın: 2025-01-06 17:15:44
In the Linux kernel, the following vulnerability has been resolved:
media: dvb-frontends: dib3000mb: fix uninit-value in dib3000_write_reg
Syzbot reports [1] an uninitialized value issue found by KMSAN in
dib3000_read_reg().
Local u8 rb[2] is used…
Medium
CVSS: 5.5
Yayın: 2025-01-06 17:15:43
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix bpf_get_smp_processor_id() on !CONFIG_SMP
On x86-64 calling bpf_get_smp_processor_id() in a kernel with CONFIG_SMP
disabled can trigger the following bug, as pcpu_hot is u…
Medium
CVSS: 5.5
Yayın: 2025-01-06 17:15:43
In the Linux kernel, the following vulnerability has been resolved:
dmaengine: at_xdmac: avoid null_prt_deref in at_xdmac_prep_dma_memset
The at_xdmac_memset_create_desc may return NULL, which will lead to a
null pointer dereference. For example, t…
High
CVSS: 7.8
Yayın: 2025-01-06 17:15:43
In the Linux kernel, the following vulnerability has been resolved:
mtd: rawnand: fix double free in atmel_pmecc_create_user()
The "user" pointer was converted from being allocated with kzalloc() to
being allocated by devm_kzalloc(). Calling kfree…
High
CVSS: 7.8
Yayın: 2025-01-06 17:15:42
In the Linux kernel, the following vulnerability has been resolved:
powerpc/pseries/vas: Add close() callback in vas_vm_ops struct
The mapping VMA address is saved in VAS window struct when the
paste address is mapped. This VMA address is used duri…
High
CVSS: 7.8
Yayın: 2025-01-06 17:15:42
In the Linux kernel, the following vulnerability has been resolved:
ublk: detach gendisk from ublk device if add_disk() fails
Inside ublk_abort_requests(), gendisk is grabbed for aborting all
inflight requests. And ublk_abort_requests() is called w…
Medium
CVSS: 5.5
Yayın: 2025-01-06 17:15:42
In the Linux kernel, the following vulnerability has been resolved:
tracing: Prevent bad count for tracing_cpumask_write
If a large count is provided, it will trigger a warning in bitmap_parse_user.
Also check zero for it.
Unknown
CVSS: -
Yayın: 2025-01-06 17:15:41
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Medium
CVSS: 5.5
Yayın: 2025-01-06 17:15:41
In the Linux kernel, the following vulnerability has been resolved:
x86/fred: Clear WFE in missing-ENDBRANCH #CPs
An indirect branch instruction sets the CPU indirect branch tracker
(IBT) into WAIT_FOR_ENDBRANCH (WFE) state and WFE stays asserted
a…
Medium
CVSS: 5.5
Yayın: 2025-01-06 17:15:41
In the Linux kernel, the following vulnerability has been resolved:
PCI/MSI: Handle lack of irqdomain gracefully
Alexandre observed a warning emitted from pci_msi_setup_msi_irqs() on a
RISCV platform which does not provide PCI/MSI support:
WARNIN…
High
CVSS: 7.8
Yayın: 2025-01-06 17:15:40
In the Linux kernel, the following vulnerability has been resolved:
btrfs: fix use-after-free when COWing tree bock and tracing is enabled
When a COWing a tree block, at btrfs_cow_block(), and we have the
tracepoint trace_btrfs_cow_block() enabled…
Medium
CVSS: 5.5
Yayın: 2025-01-06 17:15:40
In the Linux kernel, the following vulnerability has been resolved:
btrfs: check folio mapping after unlock in relocate_one_folio()
When we call btrfs_read_folio() to bring a folio uptodate, we unlock the
folio. The result of that is that a differe…
Medium
CVSS: 5.5
Yayın: 2025-01-06 17:15:40
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: btusb: mediatek: add intf release flow when usb disconnect
MediaTek claim an special usb intr interface for ISO data transmission.
The interface need to be released befo…
High
CVSS: 7.5
Yayın: 2025-01-06 17:15:39
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.8, a large input buffer to the to_lowercase, to_uppercase, strip_whitespace, compress_whitespace, dotprefix, header_low…
Low
CVSS: 3.1
Yayın: 2025-01-06 17:15:38
IBM UrbanCode Deploy (UCD) 7.2 through 7.2.3.13, 7.3 through 7.3.2.8, and IBM DevOps Deploy 8.0 through 8.0.1.3 are vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to se…
Medium
CVSS: 5.0
Yayın: 2025-01-06 17:15:37
Dell PowerScale OneFS 8.2.2.x through 9.8.0.x contains an incorrect permission assignment for critical resource vulnerability. A locally authenticated attacker could potentially exploit this vulnerability, leading to denial of service.
High
CVSS: 7.2
Yayın: 2025-01-06 17:15:14
A flaw was found in FFmpeg's DASH playlist support. This vulnerability allows arbitrary HTTP GET requests to be made on behalf of the machine running FFmpeg via a crafted DASH playlist containing malicious URLs.
Medium
CVSS: 5.3
Yayın: 2025-01-06 17:15:14
A flaw was found in FFmpeg. This vulnerability allows unexpected additional CPU load and storage consumption, potentially leading to degraded performance or denial of service via the demuxing of arbitrary data as XBIN-formatted data without proper fo…
Medium
CVSS: 4.7
Yayın: 2025-01-06 17:15:14
A flaw was found in FFmpeg's HLS demuxer. This vulnerability allows bypassing unsafe file extension checks and triggering arbitrary demuxers via base64-encoded data URIs appended with specific file extensions.
High
CVSS: 8.6
Yayın: 2025-01-06 16:15:31
TabberNeue is a MediaWiki extension that allows the wiki to create tabs. Prior to 2.7.2, TabberTransclude.php doesn't escape the user-supplied page name when outputting, so an XSS payload as the page name can be used here. This vulnerability is fixed…