0.0
CVE-2025-68189 - drm/msm: Fix GEM free for imported dma-bufs
In the Linux kernel, the following vulnerability has been resolved: drm/msm: Fix GEM free for imported dma-bufs Imported dma-bufs also have obj->resv != &obj->_resv. So we should check both this condition in addition to flags for handling the _NO_SHARE case. Fixes this splat that was reported wโฆ
5.5
CVE-2025-68228 - drm/plane: Fix create_in_format_blob() return value
In the Linux kernel, the following vulnerability has been resolved: drm/plane: Fix create_in_format_blob() return value create_in_format_blob() is either supposed to return a valid pointer or an error, but never NULL. The caller will dereference the blob when it is not an error, and thus will oopโฆ
5.5
CVE-2025-68178 - blk-cgroup: fix possible deadlock while configuring policy
In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: fix possible deadlock while configuring policy Following deadlock can be triggered easily by lockdep: WARNING: possible circular locking dependency detected 6.17.0-rc3-00124-ga12c2658ced0 #1665 Not tainted ----------โฆ
6.1
CVE-2025-65589 -
nopCommerce 4.90.0 is vulnerable to Cross Site Scripting (XSS) via the Attributes functionality.
5.5
CVE-2025-68218 - nvme-multipath: fix lockdep WARN due to partition scan work
In the Linux kernel, the following vulnerability has been resolved: nvme-multipath: fix lockdep WARN due to partition scan work Blktests test cases nvme/014, 057 and 058 fail occasionally due to a lockdep WARN. As reported in the Closes tag URL, the WARN indicates that a deadlock can happen due tโฆ
7.0
CVE-2025-40353 - arm64: mte: Do not warn if the page is already tagged in copy_highpage()
In the Linux kernel, the following vulnerability has been resolved: arm64: mte: Do not warn if the page is already tagged in copy_highpage() The arm64 copy_highpage() assumes that the destination page is newly allocated and not MTE-tagged (PG_mte_tagged unset) and warns accordingly. However, follโฆ
7.0
CVE-2025-68297 - ceph: fix crash in process_v2_sparse_read() for encrypted directories
In the Linux kernel, the following vulnerability has been resolved: ceph: fix crash in process_v2_sparse_read() for encrypted directories The crash in process_v2_sparse_read() for fscrypt-encrypted directories has been reported. Issue takes place for Ceph msgr2 protocol in secure mode. It can be โฆ
0.0
CVE-2025-68260 - rust_binder: fix race condition on death_list
In the Linux kernel, the following vulnerability has been resolved: rust_binder: fix race condition on death_list Rust Binder contains the following unsafe operation: // SAFETY: A `NodeDeath` is never inserted into the death list // of any node other than its owner, so it is either in this //โฆ
0.0
CVE-2025-68252 - misc: fastrpc: Fix dma_buf object leak in fastrpc_map_lookup
In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: Fix dma_buf object leak in fastrpc_map_lookup In fastrpc_map_lookup, dma_buf_get is called to obtain a reference to the dma_buf for comparison purposes. However, this reference is never released when the function rโฆ
0.0
CVE-2025-68322 - parisc: Avoid crash due to unaligned access in unwinder
In the Linux kernel, the following vulnerability has been resolved: parisc: Avoid crash due to unaligned access in unwinder Guenter Roeck reported this kernel crash on his emulated B160L machine: Starting network: udhcpc: started, v1.36.1 Backtrace: [<104320d4>] unwind_once+0x1c/0x5c [<1043โฆ