security patch

A small, surgical patch landed upstream this month to fix CVE-2023-53248 — a Linux kernel flaw in the AMDGPU DRM driver that could let the kernel hit a NULL dereference when waiting on page-table update fences, producing a denial-of-service condition on affected systems; the remediation is...

A critical unauthenticated data-injection flaw in Fluent Bit’s forward input plugin has been publicly cataloged as CVE-2025-12969; the bug lets an attacker who can reach a Fluent Bit forward listener send unauthenticated records by bypassing the configured security.users control, enabling forged...

A newly disclosed high‑severity vulnerability in the popular JavaScript cryptography library node‑forge (tracked as CVE‑2025‑66031) enables unbounded ASN.1 recursion that can be trivially abused to crash Node.js processes parsing untrusted DER inputs — and the fix landed quickly in node‑forge...

OpenPrinting’s CUPS received a security update on November 27–29, 2025 after a stack-based out‑of‑bounds write (CWE‑124 / CWE‑129) was found in the cupsd configuration parser that lets a local lpadmin user inject a malicious IPv6 fragment into cupsd.conf through the web UI — an input‑validation...

A new Microsoft Security Response Center advisory published on November 11, 2025, documents CVE‑2025‑59510 — a local denial‑of‑service (DoS) vulnerability in Windows Routing and Remote Access Service (RRAS) that stems from improper link resolution (symlink or "link following") before file...

Microsoft has recorded CVE-2025-62213 as a use‑after‑free elevation‑of‑privilege in the Windows Ancillary Function Driver for WinSock (afd.sys), a kernel‑mode networking component, and administrators are urged to apply the vendor's security update immediately to close a local post‑compromise...

Microsoft’s advisory for a spoofing vulnerability affecting Dynamics 365 Field Service (online) is terse, dynamically rendered in the Microsoft Security Update Guide, and — as currently available in public mirrors — leaves important technical details unconfirmed; administrators must treat the...

Microsoft has published an advisory for CVE-2025-47179, a Configuration Manager elevation‑of‑privilege issue that affects on‑premises Microsoft Configuration Manager installations and requires immediate attention from administrators responsible for management‑plane infrastructure. Overview...

Microsoft’s advisory listing for CVE-2025-62216 describes a Microsoft Office vulnerability that can result in remote code execution when a crafted Office document is processed on an endpoint — a serious finding that demands immediate, prioritized mitigation across both corporate and consumer...

The Linux kernel received a small but important defensive patch addressing CVE-2025-40033: a potential NULL-pointer dereference in the remoteproc PRU driver’s pru_rproc_set_ctable that, if triggered on an affected system, can cause a kernel oops and an availability outage. The fix is a surgical...

The Linux kernel has received a small but important defensive fix for a potential NULL‑pointer dereference in the pin control (pinctrl) subsystem: CVE‑2025‑40030 corrects a missing NULL check when calling the pinmux_ops::get_function_name callback so that a returned NULL pointer cannot be passed...

The Linux kernel received a surgical but important fix for a subtle BPF verifier bug that could cause verifier failures and kernel warnings when eBPF programs accessed an implicit padding field inside the bpf_sock_addr context; the upstream patch explicitly tightens validation in...

Microsoft has released an out‑of‑band emergency patch to fix a critical remote code execution vulnerability in Windows Server Update Services (WSUS) — tracked as CVE‑2025‑59287 — and every WSUS host must be treated as a top‑tier remediation priority until it is patched or isolated. The flaw is a...

A newly reported elevation‑of‑privilege issue tied to Azure’s notification infrastructure — tracked as CVE‑2025‑59500 in some community notes — has raised urgent operational questions for administrators and security teams, but the public evidence for this exact CVE number is limited and the...

Microsoft has released emergency fixes for a severe ASP.NET Core vulnerability — a Kestrel HTTP request‑smuggling/security‑feature bypass tracked as CVE‑2025‑55315 and flagged with a near‑maximum CVSS v3.1 score of 9.9 — and developers and operators are being urged to patch immediately, assess...

Microsoft has confirmed CVE-2025-59260 as a local information‑disclosure vulnerability in the Microsoft Failover Cluster virtual driver that can write sensitive cluster state into log files or otherwise expose privileged configuration data to low‑privileged local actors, and Microsoft has...

Microsoft confirmed a Windows kernel elevation‑of‑privilege vulnerability tracked as CVE‑2025‑59194, describing it as a use of uninitialized resource in kernel code that an authorized local attacker can exploit to gain elevated privileges; Microsoft published the advisory and security update...

Microsoft has confirmed and patched CVE-2025-58734 — an Inbox COM Objects (Global Memory) vulnerability that can be leveraged for local remote code execution and elevation of privilege in specific hosting contexts, and administrators must treat it as a high-priority fix for exposed and...

Microsoft’s October security rollup includes a newly cataloged Windows Kernel elevation‑of‑privilege tracked as CVE‑2025‑59187, a confirmed local flaw that Microsoft classifies as improper input validation and that carries a CVSS v3.1 base score of 7.8 (High) — administrators should treat this...

Microsoft has recorded CVE-2025-55699 as a Windows Kernel information‑disclosure vulnerability and published a security update on October 14, 2025 that Microsoft says fixes an issue where an authorized local actor can disclose sensitive kernel memory under certain conditions — administrators...