Vulnerabilities

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net/mlx5e: Fix race between DIM disable and net_dim()<br /> <br /> There&amp;#39;s a race between disabling DIM and NAPI callbacks using the dim<br /> pointer on the RQ or SQ.<br /> <br /> If NAPI checks the DIM state bit and sees it still set, it assumes<br /> `rq-&gt;dim` or `sq-&gt;dim` is valid. But if DIM gets disabled right after<br /> that check, the pointer might already be set to NULL, leading to a NULL<br /> pointer dereference in net_dim().<br /> <br /> Fix this by calling `synchronize_net()` before freeing the DIM context.<br /> This ensures all in-progress NAPI callbacks are finished before the<br /> pointer is cleared.<br /> <br /> Kernel log:<br /> <br /> BUG: kernel NULL pointer dereference, address: 0000000000000000<br /> ...<br /> RIP: 0010:net_dim+0x23/0x190<br /> ...<br /> Call Trace:<br /> <br /> ? __die+0x20/0x60<br /> ? page_fault_oops+0x150/0x3e0<br /> ? common_interrupt+0xf/0xa0<br /> ? sysvec_call_function_single+0xb/0x90<br /> ? exc_page_fault+0x74/0x130<br /> ? asm_exc_page_fault+0x22/0x30<br /> ? net_dim+0x23/0x190<br /> ? mlx5e_poll_ico_cq+0x41/0x6f0 [mlx5_core]<br /> ? sysvec_apic_timer_interrupt+0xb/0x90<br /> mlx5e_handle_rx_dim+0x92/0xd0 [mlx5_core]<br /> mlx5e_napi_poll+0x2cd/0xac0 [mlx5_core]<br /> ? mlx5e_poll_ico_cq+0xe5/0x6f0 [mlx5_core]<br /> busy_poll_stop+0xa2/0x200<br /> ? mlx5e_napi_poll+0x1d9/0xac0 [mlx5_core]<br /> ? mlx5e_trigger_irq+0x130/0x130 [mlx5_core]<br /> __napi_busy_loop+0x345/0x3b0<br /> ? sysvec_call_function_single+0xb/0x90<br /> ? asm_sysvec_call_function_single+0x16/0x20<br /> ? sysvec_apic_timer_interrupt+0xb/0x90<br /> ? pcpu_free_area+0x1e4/0x2e0<br /> napi_busy_loop+0x11/0x20<br /> xsk_recvmsg+0x10c/0x130<br /> sock_recvmsg+0x44/0x70<br /> __sys_recvfrom+0xbc/0x130<br /> ? __schedule+0x398/0x890<br /> __x64_sys_recvfrom+0x20/0x30<br /> do_syscall_64+0x4c/0x100<br /> entry_SYSCALL_64_after_hwframe+0x4b/0x53<br /> ...<br /> ---[ end trace 0000000000000000 ]---<br /> ...<br /> ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]---

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> block: reject bs &gt; ps block devices when THP is disabled<br /> <br /> If THP is disabled and when a block device with logical block size &gt;<br /> page size is present, the following null ptr deref panic happens during<br /> boot:<br /> <br /> [ [13.2 mK AOSAN: null-ptr-deref in range [0x0000000000000000-0x0000000000K0 0 0[07]<br /> [ 13.017749] RIP: 0010:create_empty_buffers+0x3b/0x380<br /> <br /> [ 13.025448] Call Trace:<br /> [ 13.025692] <br /> [ 13.025895] block_read_full_folio+0x610/0x780<br /> [ 13.026379] ? __pfx_blkdev_get_block+0x10/0x10<br /> [ 13.027008] ? __folio_batch_add_and_move+0x1fa/0x2b0<br /> [ 13.027548] ? __pfx_blkdev_read_folio+0x10/0x10<br /> [ 13.028080] filemap_read_folio+0x9b/0x200<br /> [ 13.028526] ? __pfx_filemap_read_folio+0x10/0x10<br /> [ 13.029030] ? __filemap_get_folio+0x43/0x620<br /> [ 13.029497] do_read_cache_folio+0x155/0x3b0<br /> [ 13.029962] ? __pfx_blkdev_read_folio+0x10/0x10<br /> [ 13.030381] read_part_sector+0xb7/0x2a0<br /> [ 13.030805] read_lba+0x174/0x2c0<br /> <br /> [ 13.045348] nvme_scan_ns+0x684/0x850 [nvme_core]<br /> [ 13.045858] ? __pfx_nvme_scan_ns+0x10/0x10 [nvme_core]<br /> [ 13.046414] ? _raw_spin_unlock+0x15/0x40<br /> [ 13.046843] ? __switch_to+0x523/0x10a0<br /> [ 13.047253] ? kvm_clock_get_cycles+0x14/0x30<br /> [ 13.047742] ? __pfx_nvme_scan_ns_async+0x10/0x10 [nvme_core]<br /> [ 13.048353] async_run_entry_fn+0x96/0x4f0<br /> [ 13.048787] process_one_work+0x667/0x10a0<br /> [ 13.049219] worker_thread+0x63c/0xf60<br /> <br /> As large folio support depends on THP, only allow bs &gt; ps block devices<br /> if THP is enabled.

In high traffic environments, a Silicon Labs OpenThread RCP (see impacted versions) fails to clear the SPI transmit buffer and may send a corrupt packet over SPI to its host,  causing the host to reset the RCP which results in a denial of service.

A client-side security misconfiguration vulnerability exists in OpenBlow whistleblowing platform across multiple versions and default deployments, due to the absence of critical HTTP response headers including Content-Security-Policy, Referrer-Policy, Permissions-Policy, Cross-Origin-Embedder-Policy, and Cross-Origin-Resource-Policy. This omission weakens browser-level defenses and exposes users to cross-site scripting (XSS), clickjacking, and referer leakage. Although some instances attempt to enforce CSP via HTML tags, this method is ineffective, as modern browsers rely on header-based enforcement to reliably block inline scripts and untrusted resources.

An SQL injection vulnerability exists in Commvault 11.32.0 - 11.32.93, 11.36.0 - 11.36.51, and 11.38.0 - 11.38.19 Web Server component that allows a remote, unauthenticated attacker to perform SQL Injection. The vulnerability impacts systems where the CommServe and Web Server roles are installed. Other Commvault components deployed in the same environment are not affected.

A vulnerability exists in Sitecore Experience Manager (XM), Experience Platform (XP), Experience Commerce (XC), and Managed Cloud that could allow an unauthenticated attacker to read arbitrary files. This vulnerability affects all Experience Platform topologies (XM, XP, XC) from 8.0 Initial Release through 10.4 Initial Release and later. This issue affects Content Management (CM) and standalone instances. PaaS and containerized solutions are also affected.

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority, as it is a duplicate of CVE-2025-53692 and CVE-2025-53694.

An information disclosure vulnerability exits in Sitecore JSS React Sample Application 11.0.0 - 14.0.1 that may cause page content intended for one user to be shown to another user.

A cross-site scripting (XSS) vulnerability exists in Sitecore Experience Platform (XP) 7.5 - 10.2 and CMS 7.2 - 7.2 Update-6 that may allow authenticated Sitecore Shell users to be tricked into executing custom JS code. Managed Cloud Standard customers who run the affected Sitecore Experience Platform / CMS versions are also affected.

A local privilege escalation vulnerability exists in Commvault for Windows versions 11.20.0, 11.28.0, 11.32.0, 11.34.0, and 11.36.0. In affected configurations, a local attacker who owns a client system with the file server agent installed can compromise any assigned Windows access nodes. This may allow unauthorized access or lateral movement within the backup infrastructure. The issue has been resolved in versions 11.32.60, 11.34.34, and 11.36.8.

A DLL injection vulnerability exists in Commvault for Windows 11.20.0, 11.28.0, 11.32.0, 11.34.0, and 11.36.0. During the installation of maintenance updates, an attacker with local access may exploit uncontrolled search path or DLL loading behavior to execute arbitrary code with elevated privileges. The vulnerability has been resolved in versions 11.20.202, 11.28.124, 11.32.65, 11.34.37, and 11.36.15.

A remote code execution vulnerability exists in HybridAuth versions 2.0.9 through 2.2.2 due to insecure use of the install.php installation script. The script remains accessible after deployment and fails to sanitize input before writing to the application’s config.php file. An unauthenticated attacker can inject arbitrary PHP code into config.php, which is later executed when the file is loaded. This allows attackers to achieve remote code execution on the server. Exploitation of this issue will overwrite the existing configuration, rendering the application non-functional.