Total
561 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-47813 | 1 Bytecodealliance | 1 Wasmtime | 2025-09-29 | N/A | 2.9 LOW |
| Wasmtime is an open source runtime for WebAssembly. Under certain concurrent event orderings, a `wasmtime::Engine`'s internal type registry was susceptible to double-unregistration bugs due to a race condition, leading to panics and potentially type registry corruption. That registry corruption could, following an additional and particular sequence of concurrent events, lead to violations of WebAssembly's control-flow integrity (CFI) and type safety. Users that do not use `wasmtime::Engine` across multiple threads are not affected. Users that only create new modules across threads over time are additionally not affected. Reproducing this bug requires creating and dropping multiple type instances (such as `wasmtime::FuncType` or `wasmtime::ArrayType`) concurrently on multiple threads, where all types are associated with the same `wasmtime::Engine`. **Wasm guests cannot trigger this bug.** See the "References" section below for a list of Wasmtime types-related APIs that are affected. Wasmtime maintains an internal registry of types within a `wasmtime::Engine` and an engine is shareable across threads. Types can be created and referenced through creation of a `wasmtime::Module`, creation of `wasmtime::FuncType`, or a number of other APIs where the host creates a function (see "References" below). Each of these cases interacts with an engine to deduplicate type information and manage type indices that are used to implement type checks in WebAssembly's `call_indirect` function, for example. This bug is a race condition in this management where the internal type registry could be corrupted to trigger an assert or contain invalid state. Wasmtime's internal representation of a type has individual types (e.g. one-per-host-function) maintain a registration count of how many time it's been used. Types additionally have state within an engine behind a read-write lock such as lookup/deduplication information. The race here is a time-of-check versus time-of-use (TOCTOU) bug where one thread atomically decrements a type entry's registration count, observes zero registrations, and then acquires a lock in order to unregister that entry. However, between when this first thread observed the zero-registration count and when it acquires that lock, another thread could perform the following sequence of events: re-register another copy of the type, which deduplicates to that same entry, resurrecting it and incrementing its registration count; then drop the type and decrement its registration count; observe that the registration count is now zero; acquire the type registry lock; and finally unregister the type. Now, when the original thread finally acquires the lock and unregisters the entry, it is the second time this entry has been unregistered. This bug was originally introduced in Wasmtime 19's development of the WebAssembly GC proposal. This bug affects users who are not using the GC proposal, however, and affects Wasmtime in its default configuration even when the GC proposal is disabled. Wasmtime users using 19.0.0 and after are all affected by this issue. We have released the following Wasmtime versions, all of which have a fix for this bug: * 21.0.2 * 22.0.1 * 23.0.3 * 24.0.1 * 25.0.2. If your application creates and drops Wasmtime types on multiple threads concurrently, there are no known workarounds. Users are encouraged to upgrade to a patched release. | |||||
| CVE-2024-50220 | 1 Linux | 1 Linux Kernel | 2025-09-26 | N/A | 4.7 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: fork: do not invoke uffd on fork if error occurs Patch series "fork: do not expose incomplete mm on fork". During fork we may place the virtual memory address space into an inconsistent state before the fork operation is complete. In addition, we may encounter an error during the fork operation that indicates that the virtual memory address space is invalidated. As a result, we should not be exposing it in any way to external machinery that might interact with the mm or VMAs, machinery that is not designed to deal with incomplete state. We specifically update the fork logic to defer khugepaged and ksm to the end of the operation and only to be invoked if no error arose, and disallow uffd from observing fork events should an error have occurred. This patch (of 2): Currently on fork we expose the virtual address space of a process to userland unconditionally if uffd is registered in VMAs, regardless of whether an error arose in the fork. This is performed in dup_userfaultfd_complete() which is invoked unconditionally, and performs two duties - invoking registered handlers for the UFFD_EVENT_FORK event via dup_fctx(), and clearing down userfaultfd_fork_ctx objects established in dup_userfaultfd(). This is problematic, because the virtual address space may not yet be correctly initialised if an error arose. The change in commit d24062914837 ("fork: use __mt_dup() to duplicate maple tree in dup_mmap()") makes this more pertinent as we may be in a state where entries in the maple tree are not yet consistent. We address this by, on fork error, ensuring that we roll back state that we would otherwise expect to clean up through the event being handled by userland and perform the memory freeing duty otherwise performed by dup_userfaultfd_complete(). We do this by implementing a new function, dup_userfaultfd_fail(), which performs the same loop, only decrementing reference counts. Note that we perform mmgrab() on the parent and child mm's, however userfaultfd_ctx_put() will mmdrop() this once the reference count drops to zero, so we will avoid memory leaks correctly here. | |||||
| CVE-2023-3891 | 1 Lapce | 1 Lapce | 2025-09-25 | N/A | 7.3 HIGH |
| Race condition in Lapce v0.2.8 allows an attacker to elevate privileges on the system | |||||
| CVE-2025-23359 | 2 Linux, Nvidia | 3 Linux Kernel, Nvidia Container Toolkit, Nvidia Gpu Operator | 2025-09-25 | N/A | 8.3 HIGH |
| NVIDIA Container Toolkit for Linux contains a Time-of-Check Time-of-Use (TOCTOU) vulnerability when used with default configuration, where a crafted container image could gain access to the host file system. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. | |||||
| CVE-2025-47290 | 1 Linuxfoundation | 1 Containerd | 2025-09-19 | N/A | 5.9 MEDIUM |
| containerd is a container runtime. A time-of-check to time-of-use (TOCTOU) vulnerability was found in containerd v2.1.0. While unpacking an image during an image pull, specially crafted container images could arbitrarily modify the host file system. The only affected version of containerd is 2.1.0. Other versions of containerd are not affected. This bug has been fixed in containerd 2.1.1. Users should update to this version to resolve the issue. As a workaround, ensure that only trusted images are used and that only trusted users have permissions to import images. | |||||
| CVE-2025-55236 | 1 Microsoft | 10 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 7 more | 2025-09-12 | N/A | 7.3 HIGH |
| Time-of-check time-of-use (toctou) race condition in Graphics Kernel allows an authorized attacker to execute code locally. | |||||
| CVE-2024-2440 | 1 Github | 1 Enterprise Server | 2025-09-02 | N/A | 5.5 MEDIUM |
| A race condition in GitHub Enterprise Server allowed an existing admin to maintain permissions on a detached repository by making a GraphQL mutation to alter repository permissions while the repository is detached. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.13 and was fixed in versions 3.9.13, 3.10.10, 3.11.8 and 3.12.1. This vulnerability was reported via the GitHub Bug Bounty program. | |||||
| CVE-2021-3899 | 1 Canonical | 2 Apport, Ubuntu Linux | 2025-08-26 | N/A | 7.8 HIGH |
| There is a race condition in the 'replaced executable' detection that, with the correct local configuration, allow an attacker to execute arbitrary code as root. | |||||
| CVE-2025-3599 | 1 Broadcom | 2 Symantec Endpoint Protection, Symantec Eraser Engine | 2025-08-21 | N/A | 6.5 MEDIUM |
| Symantec Endpoint Protection Windows Agent, running an ERASER Engine prior to 119.1.7.8, may be susceptible to an Elevation of Privilege vulnerability, which may allow an attacker to delete resources that are normally protected from an application or user. | |||||
| CVE-2024-43067 | 1 Qualcomm | 116 C-v2x 9150, C-v2x 9150 Firmware, Fastconnect 6800 and 113 more | 2025-08-20 | N/A | 7.8 HIGH |
| Memory corruption occurs during the copying of read data from the EEPROM because the IO configuration is exposed as shared memory. | |||||
| CVE-2025-21485 | 1 Qualcomm | 58 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 55 more | 2025-08-20 | N/A | 7.8 HIGH |
| Memory corruption while processing INIT and multimode invoke IOCTL calls on FastRPC. | |||||
| CVE-2024-53018 | 1 Qualcomm | 38 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 35 more | 2025-08-20 | N/A | 6.6 MEDIUM |
| Memory corruption may occur while processing the OIS packet parser. | |||||
| CVE-2024-53016 | 1 Qualcomm | 68 Fastconnect 6800, Fastconnect 6800 Firmware, Fastconnect 6900 and 65 more | 2025-08-20 | N/A | 6.6 MEDIUM |
| Memory corruption while processing I2C settings in Camera driver. | |||||
| CVE-2025-21455 | 1 Qualcomm | 58 Fastconnect 6800, Fastconnect 6800 Firmware, Fastconnect 6900 and 55 more | 2025-08-20 | N/A | 7.8 HIGH |
| Memory corruption while submitting blob data to kernel space though IOCTL. | |||||
| CVE-2025-54655 | 1 Huawei | 1 Harmonyos | 2025-08-20 | N/A | 8.1 HIGH |
| Race condition vulnerability in the virtualization base module. Successful exploitation of this vulnerability may affect the confidentiality and integrity of the virtualization graphics module. | |||||
| CVE-2024-41787 | 1 Ibm | 1 Doors Next | 2025-08-20 | N/A | 9.8 CRITICAL |
| IBM Engineering Requirements Management DOORS Next 7.0.2 and 7.0.3 could allow a remote attacker to bypass security restrictions, caused by a race condition. By sending a specially crafted request, an attacker could exploit this vulnerability to remotely execute code. | |||||
| CVE-2025-21431 | 1 Qualcomm | 72 Qam8255p, Qam8255p Firmware, Qam8295p and 69 more | 2025-08-19 | N/A | 5.5 MEDIUM |
| Information disclosure may be there when a guest VM is connected. | |||||
| CVE-2025-53134 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-08-19 | N/A | 7.0 HIGH |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-21473 | 1 Qualcomm | 12 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 9 more | 2025-08-19 | N/A | 7.8 HIGH |
| Memory corruption when using Virtual cdm (Camera Data Mover) to write registers. | |||||
| CVE-2025-27076 | 1 Qualcomm | 90 Aqt1000, Aqt1000 Firmware, Fastconnect 6200 and 87 more | 2025-08-19 | N/A | 7.8 HIGH |
| Memory corruption while processing simultaneous requests via escape path. | |||||