security patch

A small but consequential defensive change landed in the Linux kernel’s AMD DRM display stack to eliminate a reliable kernel crash primitive: the patch adds a null check for pipe_ctx->plane_state inside dcn20_program_pipe, preventing a NULL-pointer dereference that could produce a driver oops...

A small, surgical change to the AMD display driver in the Linux kernel patched a deterministic NULL-pointer dereference that could crash systems when specific display code paths were exercised, and the fix — while tiny in code — is operationally significant because it removes a reliable...

The Linux kernel fix for CVE-2025-21786 corrects a subtle but dangerous ordering error in the workqueue cleanup path that created a use-after-free window: the patch moves the code that drops the workqueue pool reference (pwq) so it happens only after the rescuer thread has been detached from the...

A subtle NULL-pointer bug in the Linux ACPI code — tracked as CVE-2024-56782 — has been patched upstream but remains a live operational concern for many deployments because it can trigger kernel crashes and sustained denial-of-service conditions when certain local device paths are exercised...

A carefully placed mutex change in the Qualcomm MSM display driver (drm/msm/dpu) fixed a subtle — but high-impact — race that could let unprivileged code crash the kernel by toggling vblank handling from multiple threads, and the fix should be treated as a high-priority kernel update for any...

The Linux kernel has closed a small but consequential memory‑safety gap in the HFS driver: CVE‑2025‑40243 fixes a KMSAN‑reported uninitialized‑value read in hfs_find_set_zero_bits by ensuring the HFS volume bitmap is allocated zeroed (kzalloc) instead of with kmalloc, removing a source of...

A recently disclosed Linux kernel vulnerability, tracked as CVE‑2025‑40251, stems from a small but consequential oversight in devlink’s rate node teardown logic: the function devl_rate_nodes_destroy failed to clear the devlink_rate->parent pointer after decrementing the parent's reference count...

A newly disclosed Linux kernel vulnerability, tracked as CVE-2025-40219, fixes a long-standing race and locking gap in the kernel’s PCI I/O virtualization (PCI/IOV) SR-IOV code: enabling and disabling SR-IOV did not take the global PCI “rescan‑remove” serialization lock, allowing concurrent...

A small, surgical patch landed upstream this month to fix CVE-2023-53248 — a Linux kernel flaw in the AMDGPU DRM driver that could let the kernel hit a NULL dereference when waiting on page-table update fences, producing a denial-of-service condition on affected systems; the remediation is...

A critical unauthenticated data-injection flaw in Fluent Bit’s forward input plugin has been publicly cataloged as CVE-2025-12969; the bug lets an attacker who can reach a Fluent Bit forward listener send unauthenticated records by bypassing the configured security.users control, enabling forged...

A newly disclosed high‑severity vulnerability in the popular JavaScript cryptography library node‑forge (tracked as CVE‑2025‑66031) enables unbounded ASN.1 recursion that can be trivially abused to crash Node.js processes parsing untrusted DER inputs — and the fix landed quickly in node‑forge...

OpenPrinting’s CUPS received a security update on November 27–29, 2025 after a stack-based out‑of‑bounds write (CWE‑124 / CWE‑129) was found in the cupsd configuration parser that lets a local lpadmin user inject a malicious IPv6 fragment into cupsd.conf through the web UI — an input‑validation...

A new Microsoft Security Response Center advisory published on November 11, 2025, documents CVE‑2025‑59510 — a local denial‑of‑service (DoS) vulnerability in Windows Routing and Remote Access Service (RRAS) that stems from improper link resolution (symlink or "link following") before file...

Microsoft has recorded CVE-2025-62213 as a use‑after‑free elevation‑of‑privilege in the Windows Ancillary Function Driver for WinSock (afd.sys), a kernel‑mode networking component, and administrators are urged to apply the vendor's security update immediately to close a local post‑compromise...

Microsoft’s advisory for a spoofing vulnerability affecting Dynamics 365 Field Service (online) is terse, dynamically rendered in the Microsoft Security Update Guide, and — as currently available in public mirrors — leaves important technical details unconfirmed; administrators must treat the...

Microsoft has published an advisory for CVE-2025-47179, a Configuration Manager elevation‑of‑privilege issue that affects on‑premises Microsoft Configuration Manager installations and requires immediate attention from administrators responsible for management‑plane infrastructure. Overview...

Microsoft’s advisory listing for CVE-2025-62216 describes a Microsoft Office vulnerability that can result in remote code execution when a crafted Office document is processed on an endpoint — a serious finding that demands immediate, prioritized mitigation across both corporate and consumer...

The Linux kernel received a small but important defensive patch addressing CVE-2025-40033: a potential NULL-pointer dereference in the remoteproc PRU driver’s pru_rproc_set_ctable that, if triggered on an affected system, can cause a kernel oops and an availability outage. The fix is a surgical...

The Linux kernel has received a small but important defensive fix for a potential NULL‑pointer dereference in the pin control (pinctrl) subsystem: CVE‑2025‑40030 corrects a missing NULL check when calling the pinmux_ops::get_function_name callback so that a returned NULL pointer cannot be passed...

The Linux kernel received a surgical but important fix for a subtle BPF verifier bug that could cause verifier failures and kernel warnings when eBPF programs accessed an implicit padding field inside the bpf_sock_addr context; the upstream patch explicitly tightens validation in...