CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
Cyberthreat to Alabama state government ‘neutralized’
Description: After a cyberattack first identified about 10 days ago, Alabama's IT leaders said the "threat has been neutralized and Alabama’s core operations are safe and stable."
Source: The Record
May 20th, 2025 (about 1 month ago)

CVE-2025-37982
wifi: wl1251: fix memory leak in wl1251_tx_work
Description: In the Linux kernel, the following vulnerability has been resolved: wifi: wl1251: fix memory leak in wl1251_tx_work The skb dequeued from tx_queue is lost when wl1251_ps_elp_wakeup fails with a -ETIMEDOUT error. Fix that by queueing the skb back to tx_queue.

EPSS Score: 0.03%

Source: CVE
May 20th, 2025 (about 1 month ago)

CVE-2025-37981
scsi: smartpqi: Use is_kdump_kernel() to check for kdump
Description: In the Linux kernel, the following vulnerability has been resolved: scsi: smartpqi: Use is_kdump_kernel() to check for kdump The smartpqi driver checks the reset_devices variable to determine whether special adjustments need to be made for kdump. This has the effect that after a regular kexec reboot, some driver parameters such as max_transfer_size are much lower than usual. More importantly, kexec reboot tests have revealed memory corruption caused by the driver log being written to system memory after a kexec. Fix this by testing is_kdump_kernel() rather than reset_devices where appropriate.

EPSS Score: 0.02%

Source: CVE
May 20th, 2025 (about 1 month ago)

CVE-2025-37980
block: fix resource leak in blk_register_queue() error path
Description: In the Linux kernel, the following vulnerability has been resolved: block: fix resource leak in blk_register_queue() error path When registering a queue fails after blk_mq_sysfs_register() is successful but the function later encounters an error, we need to clean up the blk_mq_sysfs resources. Add the missing blk_mq_sysfs_unregister() call in the error path to properly clean up these resources and prevent a memory leak.

EPSS Score: 0.02%

Source: CVE
May 20th, 2025 (about 1 month ago)

CVE-2025-37979
ASoC: qcom: Fix sc7280 lpass potential buffer overflow
Description: In the Linux kernel, the following vulnerability has been resolved: ASoC: qcom: Fix sc7280 lpass potential buffer overflow Case values introduced in commit 5f78e1fb7a3e ("ASoC: qcom: Add driver support for audioreach solution") cause out of bounds access in arrays of sc7280 driver data (e.g. in case of RX_CODEC_DMA_RX_0 in sc7280_snd_hw_params()). Redefine LPASS_MAX_PORTS to consider the maximum possible port id for q6dsp as sc7280 driver utilizes some of those values. Found by Linux Verification Center (linuxtesting.org) with SVACE.

EPSS Score: 0.02%

Source: CVE
May 20th, 2025 (about 1 month ago)

CVE-2025-37978
block: integrity: Do not call set_page_dirty_lock()
Description: In the Linux kernel, the following vulnerability has been resolved: block: integrity: Do not call set_page_dirty_lock() Placing multiple protection information buffers inside the same page can lead to oopses because set_page_dirty_lock() can't be called from interrupt context. Since a protection information buffer is not backed by a file there is no point in setting its page dirty, there is nothing to synchronize. Drop the call to set_page_dirty_lock() and remove the last argument to bio_integrity_unpin_bvec().

EPSS Score: 0.02%

Source: CVE
May 20th, 2025 (about 1 month ago)

CVE-2025-37977
scsi: ufs: exynos: Disable iocc if dma-coherent property isn't set
Description: In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: exynos: Disable iocc if dma-coherent property isn't set If dma-coherent property isn't set then descriptors are non-cacheable and the iocc shareability bits should be disabled. Without this UFS can end up in an incompatible configuration and suffer from random cache related stability issues.

EPSS Score: 0.02%

Source: CVE
May 20th, 2025 (about 1 month ago)

CVE-2025-37975
riscv: module: Fix out-of-bounds relocation access
Description: In the Linux kernel, the following vulnerability has been resolved: riscv: module: Fix out-of-bounds relocation access The current code allows rel[j] to access one element past the end of the relocation section. Simplify to num_relocations which is equivalent to the existing size expression.

EPSS Score: 0.02%

Source: CVE
May 20th, 2025 (about 1 month ago)

CVE-2025-37974
s390/pci: Fix missing check for zpci_create_device() error return
Description: In the Linux kernel, the following vulnerability has been resolved: s390/pci: Fix missing check for zpci_create_device() error return The zpci_create_device() function returns an error pointer that needs to be checked before dereferencing it as a struct zpci_dev pointer. Add the missing check in __clp_add() where it was missed when adding the scan_list in the fixed commit. Simply not adding the device to the scan list results in the previous behavior.

EPSS Score: 0.02%

Source: CVE
May 20th, 2025 (about 1 month ago)

CVE-2025-37973
wifi: cfg80211: fix out-of-bounds access during multi-link element defragmentation
Description: In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: fix out-of-bounds access during multi-link element defragmentation Currently during the multi-link element defragmentation process, the multi-link element length added to the total IEs length when calculating the length of remaining IEs after the multi-link element in cfg80211_defrag_mle(). This could lead to out-of-bounds access if the multi-link element or its corresponding fragment elements are the last elements in the IEs buffer. To address this issue, correctly calculate the remaining IEs length by deducting the multi-link element end offset from total IEs end offset.

EPSS Score: 0.02%

Source: CVE
May 20th, 2025 (about 1 month ago)