security patch

The Linux kernel CVE-2025-38173 has been assigned to a small but consequential fix in the Marvell CESA crypto driver: the kernel now explicitly handles zero‑length skcipher requests by returning 0 instead of dereferencing memory it shouldn't touch. The change is tiny in code — a defensive check...

The Linux kernel received a surgical fix for a subtle JFS bug that could trigger a shift-out-of-bounds in the dbDiscardAG routine — a condition that, if exercised on vulnerable kernels, can cause kernel instability and denial-of-service. The problem is small in code footprint but meaningful in...

FRRouting’s OSPF implementation contains a remotely triggerable NULL-pointer dereference in the show_vty_link_info path of ospf_ext.c that can crash the ospfd process and produce a network-impacting Denial of Service (DoS) when a specially crafted OSPF packet is processed—an issue tracked as...

The discovery and public assignment of CVE-2019-19317 put a spotlight on a subtle but consequential SQLite code-path involving generated columns and the query resolver’s column-usage tracking, with researchers and vendors converging on a short, surgical fix in the SQLite source tree. At a high...

Libvirt contains a concurrency-driven null-pointer dereference in the udevConnectListAllInterfaces() path that can crash the libvirt management daemon and produce a denial‑of‑service on affected hosts; vendors and upstream have released small, surgical fixes, but the operational risk to...

The Linux kernel patch for CVE-2025-37787 fixes a NULL-pointer crash in the Marvell mv88e6xxx Distributed Switch Architecture (DSA) driver by preventing attempts to unregister devlink regions that were never registered, but the practical exposure for enterprises depends on where that driver is...

A subtle arithmetic mistake in the Linux kernel’s NTFS3 driver has been fixed, closing CVE-2024-27407 — a locally exploitable buffer‑overflow vulnerability in the mi_enum_attr() routine that, if triggered on systems that mount NTFS volumes, can corrupt kernel memory, crash the host, and in the...

Arm’s Mbed TLS contained a subtle but consequential side‑channel flaw — tracked as CVE‑2020‑10941 — that allowed a privileged observer to recover RSA private key material by measuring cache usage during an import operation, and the case raises lasting lessons for developers, embedded vendors...

A null-pointer dereference in a compact C JSON library has quietly become a textbook reminder that tiny dependencies can create outsized operational risk: CVE-2024-31755 identifies a segmentation violation in cJSON v1.7.17 that can be triggered when the second parameter to cJSON_SetValuestring...

PHP’s mb_encode_mimeheader() can be weaponized to deny service: the bug tracked as CVE‑2024‑2757 causes the function to enter an endless loop when fed specially crafted header text, allowing an attacker to tie up PHP worker processes and render mail‑handling components or web endpoints...

A small, surgical change to the Linux kernel’s BPF hashtab code fixed a subtle integer‑overflow check that could be triggered on 32‑bit systems and lead to kernel instability or denial‑of‑service; the defect is tracked as CVE‑2024‑26884 and was introduced by a misplaced overflow test that ran...

A heap buffer overflow in the c-ares DNS parsing code — tracked as CVE-2020-22217 — lets a malicious name server craft an SOA reply that can crash or destabilize applications that use the vulnerable library, and in some configurations could lead to remote code execution. The bug was found in the...

Microsoft’s security advisory for CVE-2026-21255 confirms a Windows Hyper‑V vulnerability classed as a Security Feature Bypass and directs administrators to prioritize vendor-supplied updates; the public advisory is intentionally terse on exploit mechanics, so defenders must act on the vendor...

GitHub’s Copilot integration for JetBrains IDEs has been linked to a high‑severity command‑injection / remote code‑execution class flaw that can allow attacker‑controlled content to become executable on a developer’s workstation, and vendor tracking entries (including Microsoft’s Update Guide)...

Microsoft’s January 13, 2026 cumulative update for Windows 11—KB5074109—delivers a heavyweight security rollup and several quality fixes, but it also introduced at least one verified enterprise-impacting regression and a raft of community-reported compatibility problems that make careful rollout...

A high‑confidence elevation‑of‑privilege vulnerability has been recorded in the Azure Connected Machine (azcmagent) / Azure Arc agent ecosystem under CVE‑2026‑21224, touching an agent component that bridges on‑host systems with the Azure management plane — a class of flaws that can convert a...

Microsoft's security track for January 2026 includes an advisory for CVE-2026-20934, a Windows SMB Server Elevation of Privilege vulnerability that Microsoft has cataloged in the Security Update Guide. The entry identifies the affected component as the Server Message Block (SMB) Server and...

The Linux kernel received a targeted repair that closes a robustness hole in the gs_usb CAN-over-USB driver: CVE-2025-68307 fixes improper handling of failed bulk URBs in gs_usb_xmit_callback, a defect that could silently consume transmit URBs and eventually halt CAN transmission on affected...

A late probe failure in the Linux kernel’s MOST USB stack has been tracked as CVE-2025-68290 and patched after maintainers fixed a double-free and related use-after-free paths that could crash systems or, in the worst case, be abused for memory-corruption attacks. Background The vulnerability...

A heap-based buffer overflow has been disclosed in the HDF5 library that can be triggered while flushing object messages: the flaw exists in the function H5O_msg_flush in src/H5Omessage.c (tracked as CVE‑2025‑2912) and affects HDF5 releases up to and including 1.14.6. The issue can be provoked...