availability risk

A subtle boundary-checking bug in QEMU’s paravirtual RDMA implementation — tracked as CVE-2023-1544 — can be triggered by a guest to cause an out-of-bounds read in pvrdma_ring_next_elem_read(), crashing the qemu process and producing a host-side denial-of-service that operators and cloud...

A subtle accounting error inside the OCFS2 filesystem’s Direct I/O path has been fixed as CVE-2024-42077 — a bug that could exhaust journaling transaction credits during large or heavily fragmented DIO writes and force the filesystem to abort, producing kernel panics and a complete loss of...

A subtle lifecycle bug in the Linux kernel’s PHY subsystem — tracked as CVE-2025-38149 — can cause a kernel crash when a network port is disabled and later re-enabled, and operators should treat the issue as an availability-first vulnerability that demands prompt, targeted patching and careful...

Oracle’s July 2025 Critical Patch Update disclosed a denial‑of‑service weakness in MySQL Server — tracked as CVE‑2025‑50094 — that can be triggered over the network by a high‑privilege database account to repeatedly crash or hang mysqld, producing sustained or persistent loss of availability...

A compact change in the Linux networking stack — the removal of a debug warning from the FOU/GUE receive path — landed as CVE-2024-44940 and has prompted a surprisingly broad operational conversation: a one-line silence in gue_gro_receive stopped noisy, easily‑constructed packets from triggering...

A subtle parsing bug in Google’s Protocol Buffers Java implementation (protobuf‑java and protobuf‑javalite) — tracked as CVE‑2022‑3510 — can be weaponized to produce prolonged garbage collection stalls and a practical denial‑of‑service against Java services that parse crafted messages using...

Libvirt contains a concurrency-driven null-pointer dereference in the udevConnectListAllInterfaces() path that can crash the libvirt management daemon and produce a denial‑of‑service on affected hosts; vendors and upstream have released small, surgical fixes, but the operational risk to...

A small, surgical change to the Linux kernel this spring closed a latent robustness hole in MediaTek’s PMIC input driver, but the bug and its patch underscore a repeated theme for embedded and mobile Linux users: tiny null-pointer mistakes in low-level drivers can produce outsized availability...

The Linux kernel networking scheduler received a surgical but consequential change that was recorded as CVE‑2025‑37798: maintainers removed the historical check of sch->q.qlen (the qdisc’s queue length) before calling qdisc_tree_reduce_backlog(), after first making all qlen_notify() callbacks...

A short, surgical but consequential change in the Linux kernel has been rolled back after it introduced an unexpected stability regression: maintainers reverted a patch titled "ipmi: fix msg stack when IPMI is disconnected" because the change could cause the IPMI driver to enter an infinite loop...

A recently disclosed Linux-kernel vulnerability, tracked as CVE‑2024‑43872, exposes a stability risk in the RDMA HNS (Hisilicon) driver by allowing the CPU to remain in interrupt context for too long under heavy Completion Event Queue Entry (CEQE) load — a condition that can produce sustained...

A focused, low-level kernel bug in the Qualcomm MSM DRM driver has been assigned CVE‑2025‑40247 after maintainers fixed a faulty error‑path in the page‑table preallocation cleanup that could cause a kernel NULL pointer dereference and host instability; operators who run kernels that include the...

A subtle race in the Linux block multi-queue (blk‑mq) subsystem that could cause a kernel NULL‑pointer dereference has been fixed upstream and catalogued as CVE‑2023‑53292 — a local, availability‑impacting defect that requires kernel updates or vendor-supplied backports to fully remediate...