In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7996: Check phy before init msta_link in mt7996_mac_sta_add_links() In order to avoid a possible NULL pointer dereference in mt7996_mac_sta_init_link routine, move the phy pointer check before running mt7996_mac_sta…

In the Linux kernel, the following vulnerability has been resolved: vhost: vringh: Modify the return value check The return value of copy_from_iter and copy_to_iter can't be negative, check whether the copied lengths are equal.

In the Linux kernel, the following vulnerability has been resolved: io_uring/waitid: always prune wait queue entry in io_waitid_wait() For a successful return, always remove our entry from the wait queue entry list. Previously this was skipped if a cancelation was in progress, but this can race w…

In the Linux kernel, the following vulnerability has been resolved: io_uring/zcrx: fix overshooting recv limit It's reported that sometimes a zcrx request can receive more than was requested. It's caused by io_zcrx_recv_skb() adjusting desc->count for all received buffers including frag lists, bu…

The GameDriverX64.sys kernel-mode anti-cheat driver (v7.23.4.7 and earlier) contains an access control vulnerability in one of its IOCTL handlers. A user-mode process can open a handle to the driver device and send specially crafted IOCTL requests. These requests are executed in kernel-mode context…

In the Linux kernel, the following vulnerability has been resolved: fbdev: simplefb: Fix use after free in simplefb_detach_genpds() The pm_domain cleanup can not be devres managed as it uses struct simplefb_par which is allocated within struct fb_info by framebuffer_alloc(). This allocation is ex…

An issue was discovered in Prevx v3.0.5.220 allowing attackers to cause a denial of service via sending IOCTL code 0x22E044 to the pxscan.sys driver. Any processes listed under registry key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\pxscan\Files will be terminated.

Unauthorized modification of arbitrary articles vulnerability exists in blog-vue-springboot.

Bitcoin Core through 29.0 allows Uncontrolled Resource Consumption (issue 2 of 2).

An issue was discovered in BESSystem BES Application Server thru 9.5.x allowing unauthorized attackers to gain sensitive information via the "pre-resource" option in bes-web.xml.