vulnerability

The QEMU SR-IOV implementation contains a subtle but meaningful bug: hw/pci/pcie_sriov.c in QEMU through 10.0.3 mishandles the VF Enable bit write mask, a logic error tracked as CVE-2025-54567 that can lead to incorrect registration/unregistration of virtual functions (VFs) and inconsistent...

A new Linux kernel CVE has been published that fixes a straightforward—but dangerous—stack buffer overflow in the Realtek staging driver rtl8723bs; the bug allows a malformed wireless Association Request to overflow a 16‑byte stack buffer when parsing the Supported Rates Information Element...

A newly assigned CVE has landed for the Linux kernel that zeroes in on a subtle sysfs ownership-check logic bug: CVE-2025-40355 addresses a condition where the kernel may attempt to change ownership of a sysfs group attribute that is not visible, triggering kernel WARN_ON traces and possible...

A recently disclosed Linux kernel vulnerability, tracked as CVE-2025-40331, closes a small but significant TOCTOU (time‑of‑check/time‑of‑use) window in the kernel’s SCTP diagnostic path to prevent an out‑of‑bounds write that can crash or destabilize affected systems. The fix is localized to...

A heap-based buffer overflow has been publicly disclosed in HDF5 1.14.6 — tracked as CVE-2025-6818 — rooted in the H5O__chunk_protect routine inside src/H5Ochunk.c, creating a locally exploitable crash and potential memory‑corruption vector that defenders must treat seriously in any environment...

A heap‑buffer overflow in HDF5’s heap-list deserialization routine — H5HL__fl_deserialize in src/H5HLcache.c — was disclosed in March 2025 as CVE‑2025‑2924; the flaw can cause out‑of‑bounds reads and heap corruption when the library processes crafted .h5 files, a proof‑of‑concept was published...

Microsoft has quietly rewritten the rules of engagement for vulnerability research: starting now, any critical flaw that demonstrably impacts Microsoft’s online services is eligible for a bounty — even if the vulnerable code lives in third‑party software or open‑source libraries, and even if no...

A newly disclosed vulnerability in GNOME’s HTTP library libsoup — tracked as CVE-2025-14523 — exposes a subtle but powerful mismatch in how duplicate Host headers are handled, creating a practical vector for virtual-host confusion, cache poisoning, and request‑smuggling–style bypasses when...

A newly assigned vulnerability, CVE‑2025‑14087, affects GLib’s GVariant text parser and can lead to heap corruption when processing specially crafted strings; the flaw stems from signed‑integer counters that can overflow and cause writes before the start of an allocated buffer, yielding crashes...

A newly disclosed use‑after‑free bug in the GRUB2 bootloader — tracked as CVE‑2025‑61663 — arises from a missing unregister call in the normal command module and can cause a local attacker who can invoke GRUB commands to crash the bootloader or the host, prompting immediate patching from...

A serious integer‑overflow bug in the X.Org X server’s Record extension (tracked as CVE-2025-49179) can be abused by a local client to bypass request length checks and force a denial‑of‑service against Xwayland/TigerVNC‑backed sessions, and vendors including Debian and Red Hat have published...

CISA has added a GeoServer XML External Entity (XXE) flaw — tracked as CVE-2025-58360 — to its Known Exploited Vulnerabilities (KEV) catalog, elevating the bug from a vendor patch notice to an operational priority for federal agencies and an urgent remediation signal for the wider community...

The Linux kernel security community disclosed CVE-2025-40336, a vulnerability in the DRM gpusvm code that mishandles hmm_pfn_to_map_order when an HMM range partially covers a huge page; the bug could allow the kernel to map memory outside the intended range (and potentially outside the process’s...

Microsoft’s advisory for CVE-2025-62565 confirms a use‑after‑free bug in the Windows Shell (File Explorer) that can be triggered by an authorized local user to escalate privileges to SYSTEM; the vendor has recorded the issue in its Security Update Guide and independent trackers currently rate it...

CVE-2025-62567 is a newly recorded vulnerability in Microsoft’s Hyper‑V virtualization stack that has been flagged as a Denial of Service (DoS) condition caused by an integer underflow (wrap/wraparound); the entry is listed in public trackers and in Microsoft’s Security Update Guide, but...

Microsoft’s advisory language and public vulnerability metrics are often shorthand for two different concerns: what an attacker can achieve and how the vulnerable code is actually invoked. That distinction lies at the heart of the current public record around CVE-2025-62563 — a Microsoft Excel...

A new kernel fix quietly landed this week that closes a subtle NTFS metadata handling issue in the in‑kernel ntfs3 driver: CVE‑2025‑40313, described as “ntfs3: pretend $Extend records as regular files.” The change is small in code but important in principle — it corrects how the driver...

A small, surgical change to the Linux Bluetooth stack closed a reproducible kernel use‑after‑free (UAF) in the SCO connection destructor — a bug that produced KASAN slab traces and host oopses and that has been tracked as CVE‑2025‑40309. The fix is narrowly scoped, straightforward to backport...

A compact but consequential Linux kernel information‑leak fix has been published under CVE‑2025‑40279: a small change in the traffic‑control connmark action (act_connmark) zero‑initializes a local struct (tc_ife / opt) in tcf_connmark_dump to stop uninitialized padding bytes from being copied...

Microsoft’s brief advisory that “Azure Linux includes this open‑source library and is therefore potentially affected” is accurate — but it is a product‑scoped attestation, not a categorical statement that no other Microsoft product could include the same vulnerable kernel code. Background /...