CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-21685
platform/x86: lenovo-yoga-tab2-pro-1380-fastcharger: fix serdev race
Description: In the Linux kernel, the following vulnerability has been resolved: platform/x86: lenovo-yoga-tab2-pro-1380-fastcharger: fix serdev race The yt2_1380_fc_serdev_probe() function calls devm_serdev_device_open() before setting the client ops via serdev_device_set_client_ops(). This ordering can trigger a NULL pointer dereference in the serdev controller's receive_buf handler, as it assumes serdev->ops is valid when SERPORT_ACTIVE is set. This is similar to the issue fixed in commit 5e700b384ec1 ("platform/chrome: cros_ec_uart: properly fix race condition") where devm_serdev_device_open() was called before fully initializing the device. Fix the race by ensuring client ops are set before enabling the port via devm_serdev_device_open(). Note, serdev_device_set_baudrate() and serdev_device_set_flow_control() calls should be after the devm_serdev_device_open() call.

EPSS Score: 0.04%

Source: CVE
February 10th, 2025 (5 months ago)

CVE-2025-21684
gpio: xilinx: Convert gpio_lock to raw spinlock
Description: In the Linux kernel, the following vulnerability has been resolved: gpio: xilinx: Convert gpio_lock to raw spinlock irq_chip functions may be called in raw spinlock context. Therefore, we must also use a raw spinlock for our own internal locking. This fixes the following lockdep splat: [ 5.349336] ============================= [ 5.353349] [ BUG: Invalid wait context ] [ 5.357361] 6.13.0-rc5+ #69 Tainted: G W [ 5.363031] ----------------------------- [ 5.367045] kworker/u17:1/44 is trying to lock: [ 5.371587] ffffff88018b02c0 (&chip->gpio_lock){....}-{3:3}, at: xgpio_irq_unmask (drivers/gpio/gpio-xilinx.c:433 (discriminator 8)) [ 5.380079] other info that might help us debug this: [ 5.385138] context-{5:5} [ 5.387762] 5 locks held by kworker/u17:1/44: [ 5.392123] #0: ffffff8800014958 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work (kernel/workqueue.c:3204) [ 5.402260] #1: ffffffc082fcbdd8 (deferred_probe_work){+.+.}-{0:0}, at: process_one_work (kernel/workqueue.c:3205) [ 5.411528] #2: ffffff880172c900 (&dev->mutex){....}-{4:4}, at: __device_attach (drivers/base/dd.c:1006) [ 5.419929] #3: ffffff88039c8268 (request_class#2){+.+.}-{4:4}, at: __setup_irq (kernel/irq/internals.h:156 kernel/irq/manage.c:1596) [ 5.428331] #4: ffffff88039c80c8 (lock_class#2){....}-{2:2}, at: __setup_irq (kernel/irq/manage.c:1614) [ 5.436472] stack backtrace: [ 5.439359] CPU: 2 UID: 0 PID: 44 Comm: kworker/u17:1 Tainted: G ...

EPSS Score: 0.04%

Source: CVE
February 10th, 2025 (5 months ago)

CVE-2024-57949
irqchip/gic-v3-its: Don't enable interrupts in its_irq_set_vcpu_affinity()
Description: In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v3-its: Don't enable interrupts in its_irq_set_vcpu_affinity() The following call-chain leads to enabling interrupts in a nested interrupt disabled section: irq_set_vcpu_affinity() irq_get_desc_lock() raw_spin_lock_irqsave() <--- Disable interrupts its_irq_set_vcpu_affinity() guard(raw_spinlock_irq) <--- Enables interrupts when leaving the guard() irq_put_desc_unlock() <--- Warns because interrupts are enabled This was broken in commit b97e8a2f7130, which replaced the original raw_spin_[un]lock() pair with guard(raw_spinlock_irq). Fix the issue by using guard(raw_spinlock). [ tglx: Massaged change log ]

EPSS Score: 0.04%

Source: CVE
February 10th, 2025 (5 months ago)
Huawei revenue growing fast, suggesting China's scoffing at sanctions
Source: TheRegister
February 10th, 2025 (5 months ago)
Handala Claims to have Breached Israel Police
Description: Handala Claims to have Breached Israel Police
Source: DarkWebInformer
February 9th, 2025 (5 months ago)
Fedora 40 : vaultwarden (2025-7fd2f66440)
Description: Nessus Plugin ID 215158 with High Severity Synopsis The remote Fedora host is missing one or more security updates. Description The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-7fd2f66440 advisory. update to 1.33.0Tenable has extracted the preceding description block directly from the Fedora security advisory.Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. Solution Update the affected vaultwarden package. Read more at https://www.tenable.com/plugins/nessus/215158
Source: Tenable Plugins
February 9th, 2025 (5 months ago)
Fedora 41 : python3-docs / python3.13 (2025-e911f71d99)
Description: Nessus Plugin ID 215159 with Medium Severity Synopsis The remote Fedora host is missing one or more security updates. Description The remote Fedora 41 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2025-e911f71d99 advisory. Update to 3.13.2 ---- Statically build the `_datetime` module into libpython. This fixes a segfault when importing it from Python 3.13.0 updated to 3.13.1+ while running.Tenable has extracted the preceding description block directly from the Fedora security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Update the affected python3-docs and / or python3.13 packages. Read more at https://www.tenable.com/plugins/nessus/215159
Source: Tenable Plugins
February 9th, 2025 (5 months ago)
Youthmanual - 937,912 breached accounts
Description: In January 2019, the Indonesian college and career platform Youthmanual suffered a data breach that exposed 1.1M records of data. The breached included 938k unique email addresses along with extensive personal information including names, genders, dates and places of birth, phone numbers, physical addresses and salted SHA-1 password hashes.
Source: HaveIBeenPwnedLatestBreaches
February 9th, 2025 (5 months ago)

CVE-2024-1454
Opensc: memory use after free in authentic driver when updating token info
Description: The use-after-free vulnerability was found in the AuthentIC driver in OpenSC packages, occuring in the card enrolment process using pkcs15-init when a user or administrator enrols or modifies cards. An attacker must have physical access to the computer system and requires a crafted USB device or smart card to present the system with specially crafted responses to the APDUs, which are considered high complexity and low severity. This manipulation can allow for compromised card management operations during enrolment.

EPSS Score: 0.05%

Source: CVE
February 9th, 2025 (5 months ago)
Keymous Targeted the Website of Polish Police
Description: Keymous Targeted the Website of Polish Police
Source: DarkWebInformer
February 8th, 2025 (5 months ago)