ISHACK AI BOT

Rocky Linux: CVE-2025-21613: grafana (RLSA-2025-0401) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/06/2025 Created 02/15/2025 Added 02/14/2025 Modified 02/14/2025 Description go-git is a highly extensible git implementation library written in pure Go. An argument injection vulnerability was discovered in go-git versions prior to v5.13. Successful exploitation of this vulnerability could allow an attacker to set arbitrary values to git-upload-pack flags. This only happens when the file transport protocol is being used, as that is the only protocol that shells out to git binaries. This vulnerability is fixed in 5.13.0. Solution(s) rocky-upgrade-grafana rocky-upgrade-grafana-debuginfo rocky-upgrade-grafana-debugsource rocky-upgrade-grafana-selinux References https://attackerkb.com/topics/cve-2025-21613 CVE - 2025-21613 https://errata.rockylinux.org/RLSA-2025:0401

Rocky Linux: CVE-2024-46981: redis-6 (RLSA-2025-0595) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/06/2025 Created 02/15/2025 Added 02/14/2025 Modified 02/14/2025 Description Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to manipulate the garbage collector and potentially lead to remote code execution. The problem is fixed in 7.4.2, 7.2.7, and 6.2.17. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to restrict EVAL and EVALSHA commands. Solution(s) rocky-upgrade-redis rocky-upgrade-redis-debuginfo rocky-upgrade-redis-debugsource rocky-upgrade-redis-devel References https://attackerkb.com/topics/cve-2024-46981 CVE - 2024-46981 https://errata.rockylinux.org/RLSA-2025:0595

Oracle Linux: CVE-2025-21613: ELSA-2025-0401:grafana security update (IMPORTANT) (Multiple Advisories) Severity 8 CVSS (AV:N/AC:H/Au:N/C:C/I:C/A:C) Published 01/06/2025 Created 01/23/2025 Added 01/20/2025 Modified 01/27/2025 Description go-git is a highly extensible git implementation library written in pure Go. An argument injection vulnerability was discovered in go-git versions prior to v5.13. Successful exploitation of this vulnerability could allow an attacker to set arbitrary values to git-upload-pack flags. This only happens when the file transport protocol is being used, as that is the only protocol that shells out to git binaries. This vulnerability is fixed in 5.13.0. Solution(s) oracle-linux-upgrade-grafana oracle-linux-upgrade-grafana-selinux References https://attackerkb.com/topics/cve-2025-21613 CVE - 2025-21613 ELSA-2025-0401

Alma Linux: CVE-2024-46981: Important: redis:6 security update (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/06/2025 Created 01/25/2025 Added 01/24/2025 Modified 01/30/2025 Description Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to manipulate the garbage collector and potentially lead to remote code execution. The problem is fixed in 7.4.2, 7.2.7, and 6.2.17. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to restrict EVAL and EVALSHA commands. Solution(s) alma-upgrade-redis alma-upgrade-redis-devel alma-upgrade-redis-doc References https://attackerkb.com/topics/cve-2024-46981 CVE - 2024-46981 https://errata.almalinux.org/8/ALSA-2025-0595.html https://errata.almalinux.org/9/ALSA-2025-0692.html https://errata.almalinux.org/9/ALSA-2025-0693.html

Debian: CVE-2024-56769: linux -- security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 01/06/2025 Created 01/14/2025 Added 01/13/2025 Modified 01/28/2025 Description In the Linux kernel, the following vulnerability has been resolved: media: dvb-frontends: dib3000mb: fix uninit-value in dib3000_write_reg Syzbot reports [1] an uninitialized value issue found by KMSAN in dib3000_read_reg(). Local u8 rb[2] is used in i2c_transfer() as a read buffer; in case that call fails, the buffer may end up with some undefined values. Since no elaborate error handling is expected in dib3000_write_reg(), simply zero out rb buffer to mitigate the problem. [1] Syzkaller report dvb-usb: bulk message failed: -22 (6/0) ===================================================== BUG: KMSAN: uninit-value in dib3000mb_attach+0x2d8/0x3c0 drivers/media/dvb-frontends/dib3000mb.c:758 dib3000mb_attach+0x2d8/0x3c0 drivers/media/dvb-frontends/dib3000mb.c:758 dibusb_dib3000mb_frontend_attach+0x155/0x2f0 drivers/media/usb/dvb-usb/dibusb-mb.c:31 dvb_usb_adapter_frontend_init+0xed/0x9a0 drivers/media/usb/dvb-usb/dvb-usb-dvb.c:290 dvb_usb_adapter_init drivers/media/usb/dvb-usb/dvb-usb-init.c:90 [inline] dvb_usb_init drivers/media/usb/dvb-usb/dvb-usb-init.c:186 [inline] dvb_usb_device_init+0x25a8/0x3760 drivers/media/usb/dvb-usb/dvb-usb-init.c:310 dibusb_probe+0x46/0x250 drivers/media/usb/dvb-usb/dibusb-mb.c:110 ... Local variable rb created at: dib3000_read_reg+0x86/0x4e0 drivers/media/dvb-frontends/dib3000mb.c:54 dib3000mb_attach+0x123/0x3c0 drivers/media/dvb-frontends/dib3000mb.c:758 ... Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2024-56769 CVE - 2024-56769

FreeBSD: VID-4D79FD1A-CC93-11EF-ABED-08002784C58D (CVE-2024-51741): redis,valkey -- Denial-of-service valnerability due to malformed ACL selectors Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/06/2025 Created 01/14/2025 Added 01/11/2025 Modified 02/02/2025 Description Redis is an open source, in-memory database that persists on disk. An authenticated with sufficient privileges may create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service. The problem is fixed in Redis 7.2.7 and 7.4.2. Solution(s) freebsd-upgrade-package-redis freebsd-upgrade-package-redis-devel freebsd-upgrade-package-redis72 freebsd-upgrade-package-valkey References CVE-2024-51741

Red Hat: CVE-2025-0243: firefox: thunderbird: Memory safety bugs fixed in Firefox 134, Thunderbird 134, Firefox ESR 128.6, and Thunderbird 128.6 (Multiple Advisories) Severity 8 CVSS (AV:N/AC:H/Au:N/C:C/I:C/A:C) Published 01/07/2025 Created 01/11/2025 Added 01/10/2025 Modified 01/15/2025 Description Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 128.5, and Thunderbird 128.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird < 128.6. Solution(s) redhat-upgrade-firefox redhat-upgrade-firefox-debuginfo redhat-upgrade-firefox-debugsource redhat-upgrade-firefox-x11 redhat-upgrade-thunderbird redhat-upgrade-thunderbird-debuginfo redhat-upgrade-thunderbird-debugsource References CVE-2025-0243 RHSA-2025:0080 RHSA-2025:0135 RHSA-2025:0137 RHSA-2025:0138 RHSA-2025:0144 RHSA-2025:0147 RHSA-2025:0166 RHSA-2025:0167 RHSA-2025:0281 RHSA-2025:0284 View more

Gentoo Linux: CVE-2025-0239: Mozilla Firefox: Multiple Vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/07/2025 Created 01/25/2025 Added 01/24/2025 Modified 01/24/2025 Description When using Alt-Svc, ALPN did not properly validate certificates when the original server is redirecting to an insecure site. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird < 128.6. Solution(s) gentoo-linux-upgrade-www-client-firefox gentoo-linux-upgrade-www-client-firefox-bin References https://attackerkb.com/topics/cve-2025-0239 CVE - 2025-0239 202501-10

Oracle Linux: CVE-2025-0240: ELSA-2025-0080:firefox security update (IMPORTANT) (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 01/07/2025 Created 01/14/2025 Added 01/10/2025 Modified 01/27/2025 Description Parsing a JavaScript module as JSON could, under some circumstances, cause cross-compartment access, which may result in a use-after-free. This vulnerability affects Firefox &lt; 134, Firefox ESR &lt; 128.6, Thunderbird &lt; 134, and Thunderbird ESR &lt; 128.6. A flaw was found in Firefox. The Mozilla Foundation&apos;s Security Advisory describes the following issue: Parsing a JavaScript module as JSON could, under some circumstances, cause cross-compartment access, which may result in a use-after-free. Solution(s) oracle-linux-upgrade-firefox oracle-linux-upgrade-firefox-x11 References https://attackerkb.com/topics/cve-2025-0240 CVE - 2025-0240 ELSA-2025-0080 ELSA-2025-0144 ELSA-2025-0132

MFSA2025-02 Firefox: Security Vulnerabilities fixed in Firefox ESR 128.6 (CVE-2025-0241) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/07/2025 Created 01/09/2025 Added 01/08/2025 Modified 01/15/2025 Description When segmenting specially crafted text, segmentation would corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird < 128.6. Solution(s) mozilla-firefox-esr-upgrade-128_6 References https://attackerkb.com/topics/cve-2025-0241 CVE - 2025-0241 http://www.mozilla.org/security/announce/2025/mfsa2025-02.html

SUSE: CVE-2025-0240: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/07/2025 Created 01/11/2025 Added 01/10/2025 Modified 02/06/2025 Description Parsing a JavaScript module as JSON could, under some circumstances, cause cross-compartment access, which may result in a use-after-free. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird < 128.6. Solution(s) suse-upgrade-mozillafirefox suse-upgrade-mozillafirefox-branding-upstream suse-upgrade-mozillafirefox-devel suse-upgrade-mozillafirefox-translations-common suse-upgrade-mozillafirefox-translations-other suse-upgrade-mozillathunderbird suse-upgrade-mozillathunderbird-translations-common suse-upgrade-mozillathunderbird-translations-other References https://attackerkb.com/topics/cve-2025-0240 CVE - 2025-0240

Debian: CVE-2025-0239: firefox-esr, thunderbird -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/07/2025 Created 01/11/2025 Added 01/10/2025 Modified 01/15/2025 Description When using Alt-Svc, ALPN did not properly validate certificates when the original server is redirecting to an insecure site. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird < 128.6. Solution(s) debian-upgrade-firefox-esr debian-upgrade-thunderbird References https://attackerkb.com/topics/cve-2025-0239 CVE - 2025-0239 DSA-5839-1

VMware Photon OS: CVE-2024-55553 Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 01/06/2025 Created 02/04/2025 Added 02/03/2025 Modified 02/04/2025 Description In FRRouting (FRR) before 10.3 from 6.0 onward, all routes are re-validated if the total size of an update received via RTR exceeds the internal socket's buffer size, default 4K on most OSes. An attacker can use this to trigger re-parsing of the RIB for FRR routers using RTR by causing more than this number of updates during an update interval (usually 30 minutes). Additionally, this effect regularly occurs organically. Furthermore, an attacker can use this to trigger route validation continuously. Given that routers with large full tables may need more than 30 minutes to fully re-validate the table, continuous issuance/withdrawal of large numbers of ROA may be used to impact the route handling performance of all FRR instances using RPKI globally. Additionally, the re-validation will cause heightened BMP traffic to ingestors. Fixed Versions: 10.0.3, 10.1.2, 10.2.1, >= 10.3. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2024-55553 CVE - 2024-55553

Oracle Linux: CVE-2025-0242: ELSA-2025-0147:thunderbird security update (IMPORTANT) (Multiple Advisories) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 01/07/2025 Created 01/14/2025 Added 01/10/2025 Modified 01/27/2025 Description Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 115.18, Firefox ESR 128.5, Thunderbird 115.18, and Thunderbird 128.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox &lt; 134, Firefox ESR &lt; 128.6, Firefox ESR &lt; 115.19, Thunderbird &lt; 134, and Thunderbird ESR &lt; 128.6. A flaw was found in Firefox. The Mozilla Foundation&apos;s Security Advisory describes the following issue: Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 115.18, Firefox ESR 128.5, Thunderbird 115.18, and Thunderbird 128.5. Some of these bugs showed evidence of memory corruption, and we presume that with enough effort, some of these could have been exploited to run arbitrary code. Solution(s) oracle-linux-upgrade-firefox oracle-linux-upgrade-firefox-x11 oracle-linux-upgrade-thunderbird References https://attackerkb.com/topics/cve-2025-0242 CVE - 2025-0242 ELSA-2025-0147 ELSA-2025-0080 ELSA-2025-0144 ELSA-2025-0281 ELSA-2025-0132

Rocky Linux: CVE-2025-21614: grafana (RLSA-2025-0401) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/06/2025 Created 02/15/2025 Added 02/14/2025 Modified 02/14/2025 Description go-git is a highly extensible git implementation library written in pure Go. A denial of service (DoS) vulnerability was discovered in go-git versions prior to v5.13. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git clients. Users running versions of go-git from v4 and above are recommended to upgrade to v5.13 in order to mitigate this vulnerability. Solution(s) rocky-upgrade-grafana rocky-upgrade-grafana-debuginfo rocky-upgrade-grafana-debugsource rocky-upgrade-grafana-selinux References https://attackerkb.com/topics/cve-2025-21614 CVE - 2025-21614 https://errata.rockylinux.org/RLSA-2025:0401

Debian: CVE-2024-56765: linux -- security update Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 01/06/2025 Created 01/14/2025 Added 01/13/2025 Modified 01/28/2025 Description In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries/vas: Add close() callback in vas_vm_ops struct The mapping VMA address is saved in VAS window struct when the paste address is mapped. This VMA address is used during migration to unmap the paste address if the window is active. The paste address mapping will be removed when the window is closed or with the munmap(). But the VMA address in the VAS window is not updated with munmap() which is causing invalid access during migration. The KASAN report shows: [16386.254991] BUG: KASAN: slab-use-after-free in reconfig_close_windows+0x1a0/0x4e8 [16386.255043] Read of size 8 at addr c00000014a819670 by task drmgr/696928 [16386.255096] CPU: 29 UID: 0 PID: 696928 Comm: drmgr Kdump: loaded Tainted: GB6.11.0-rc5-nxgzip #2 [16386.255128] Tainted: [B]=BAD_PAGE [16386.255148] Hardware name: IBM,9080-HEX Power11 (architected) 0x820200 0xf000007 of:IBM,FW1110.00 (NH1110_016) hv:phyp pSeries [16386.255181] Call Trace: [16386.255202] [c00000016b297660] [c0000000018ad0ac] dump_stack_lvl+0x84/0xe8 (unreliable) [16386.255246] [c00000016b297690] [c0000000006e8a90] print_report+0x19c/0x764 [16386.255285] [c00000016b297760] [c0000000006e9490] kasan_report+0x128/0x1f8 [16386.255309] [c00000016b297880] [c0000000006eb5c8] __asan_load8+0xac/0xe0 [16386.255326] [c00000016b2978a0] [c00000000013f898] reconfig_close_windows+0x1a0/0x4e8 [16386.255343] [c00000016b297990] [c000000000140e58] vas_migration_handler+0x3a4/0x3fc [16386.255368] [c00000016b297a90] [c000000000128848] pseries_migrate_partition+0x4c/0x4c4 ... [16386.256136] Allocated by task 696554 on cpu 31 at 16377.277618s: [16386.256149]kasan_save_stack+0x34/0x68 [16386.256163]kasan_save_track+0x34/0x80 [16386.256175]kasan_save_alloc_info+0x58/0x74 [16386.256196]__kasan_slab_alloc+0xb8/0xdc [16386.256209]kmem_cache_alloc_noprof+0x200/0x3d0 [16386.256225]vm_area_alloc+0x44/0x150 [16386.256245]mmap_region+0x214/0x10c4 [16386.256265]do_mmap+0x5fc/0x750 [16386.256277]vm_mmap_pgoff+0x14c/0x24c [16386.256292]ksys_mmap_pgoff+0x20c/0x348 [16386.256303]sys_mmap+0xd0/0x160 ... [16386.256350] Freed by task 0 on cpu 31 at 16386.204848s: [16386.256363]kasan_save_stack+0x34/0x68 [16386.256374]kasan_save_track+0x34/0x80 [16386.256384]kasan_save_free_info+0x64/0x10c [16386.256396]__kasan_slab_free+0x120/0x204 [16386.256415]kmem_cache_free+0x128/0x450 [16386.256428]vm_area_free_rcu_cb+0xa8/0xd8 [16386.256441]rcu_do_batch+0x2c8/0xcf0 [16386.256458]rcu_core+0x378/0x3c4 [16386.256473]handle_softirqs+0x20c/0x60c [16386.256495]do_softirq_own_stack+0x6c/0x88 [16386.256509]do_softirq_own_stack+0x58/0x88 [16386.256521]__irq_exit_rcu+0x1a4/0x20c [16386.256533]irq_exit+0x20/0x38 [16386.256544]interrupt_async_exit_prepare.constprop.0+0x18/0x2c ... [16386.256717] Last potentially related work creation: [16386.256729]kasan_save_stack+0x34/0x68 [16386.256741]__kasan_record_aux_stack+0xcc/0x12c [16386.256753]__call_rcu_common.constprop.0+0x94/0xd04 [16386.256766]vm_area_free+0x28/0x3c [16386.256778]remove_vma+0xf4/0x114 [16386.256797]do_vmi_align_munmap.constprop.0+0x684/0x870 [16386.256811]__vm_munmap+0xe0/0x1f8 [16386.256821]sys_munmap+0x54/0x6c [16386.256830]system_call_exception+0x1a0/0x4a0 [16386.256841]system_call_vectored_common+0x15c/0x2ec [16386.256868] The buggy address belongs to the object at c00000014a819670 which belongs to the cache vm_area_struct of size 168 [16386.256887] The buggy address is located 0 bytes inside of freed 168-byte region [c00000014a819670, c00000014a819718) [16386.256915] The buggy address belongs to the physical page: [16386.256928] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x14a81 [16386.256950] memcg:c0000000ba430001 [16386.256961] anon flags: 0x43ffff800000000(node=4|zone=0|lastcpupid=0x7ffff) [16386.256975] page_type: 0xfdffffff(slab) [16386 ---truncated--- Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2024-56765 CVE - 2024-56765

Oracle Linux: CVE-2024-56767: ELSA-2025-20095: Unbreakable Enterprise kernel security update (IMPORTANT) (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 01/06/2025 Created 02/13/2025 Added 02/11/2025 Modified 02/13/2025 Description In the Linux kernel, the following vulnerability has been resolved: dmaengine: at_xdmac: avoid null_prt_deref in at_xdmac_prep_dma_memset The at_xdmac_memset_create_desc may return NULL, which will lead to a null pointer dereference. For example, the len input is error, or the atchan-&gt;free_descs_list is empty and memory is exhausted. Therefore, add check to avoid this. Solution(s) oracle-linux-upgrade-kernel-uek References https://attackerkb.com/topics/cve-2024-56767 CVE - 2024-56767 ELSA-2025-20095

Oracle Linux: CVE-2024-56766: ELSA-2025-20095: Unbreakable Enterprise kernel security update (IMPORTANT) (Multiple Advisories) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 01/06/2025 Created 02/13/2025 Added 02/11/2025 Modified 02/13/2025 Description In the Linux kernel, the following vulnerability has been resolved: mtd: rawnand: fix double free in atmel_pmecc_create_user() The &quot;user&quot; pointer was converted from being allocated with kzalloc() to being allocated by devm_kzalloc().Calling kfree(user) will lead to a double free. Solution(s) oracle-linux-upgrade-kernel-uek References https://attackerkb.com/topics/cve-2024-56766 CVE - 2024-56766 ELSA-2025-20095

Red Hat: CVE-2024-46981: redis: Redis' Lua library commands may lead to remote code execution (Multiple Advisories) Severity 6 CVSS (AV:L/AC:H/Au:S/C:C/I:C/A:C) Published 01/06/2025 Created 01/23/2025 Added 01/22/2025 Modified 01/30/2025 Description Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to manipulate the garbage collector and potentially lead to remote code execution. The problem is fixed in 7.4.2, 7.2.7, and 6.2.17. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to restrict EVAL and EVALSHA commands. Solution(s) redhat-upgrade-redis redhat-upgrade-redis-debuginfo redhat-upgrade-redis-debugsource redhat-upgrade-redis-devel redhat-upgrade-redis-doc References CVE-2024-46981 RHSA-2025:0398 RHSA-2025:0399 RHSA-2025:0566 RHSA-2025:0595 RHSA-2025:0640 RHSA-2025:0692 RHSA-2025:0693 View more

Ubuntu: USN-7230-2 (CVE-2024-55553): FRR vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/06/2025 Created 01/31/2025 Added 01/30/2025 Modified 01/30/2025 Description In FRRouting (FRR) before 10.3 from 6.0 onward, all routes are re-validated if the total size of an update received via RTR exceeds the internal socket's buffer size, default 4K on most OSes. An attacker can use this to trigger re-parsing of the RIB for FRR routers using RTR by causing more than this number of updates during an update interval (usually 30 minutes). Additionally, this effect regularly occurs organically. Furthermore, an attacker can use this to trigger route validation continuously. Given that routers with large full tables may need more than 30 minutes to fully re-validate the table, continuous issuance/withdrawal of large numbers of ROA may be used to impact the route handling performance of all FRR instances using RPKI globally. Additionally, the re-validation will cause heightened BMP traffic to ingestors. Fixed Versions: 10.0.3, 10.1.2, 10.2.1, >= 10.3. Solution(s) ubuntu-pro-upgrade-frr References https://attackerkb.com/topics/cve-2024-55553 CVE - 2024-55553 USN-7230-2

Debian: CVE-2024-56767: linux -- security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 01/06/2025 Created 01/14/2025 Added 01/13/2025 Modified 01/28/2025 Description In the Linux kernel, the following vulnerability has been resolved: dmaengine: at_xdmac: avoid null_prt_deref in at_xdmac_prep_dma_memset The at_xdmac_memset_create_desc may return NULL, which will lead to a null pointer dereference. For example, the len input is error, or the atchan->free_descs_list is empty and memory is exhausted. Therefore, add check to avoid this. Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2024-56767 CVE - 2024-56767

Amazon Linux 2023: CVE-2024-46981: Important priority package update for redis6 Severity 6 CVSS (AV:L/AC:H/Au:S/C:C/I:C/A:C) Published 01/06/2025 Created 02/05/2025 Added 02/14/2025 Modified 02/14/2025 Description Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to manipulate the garbage collector and potentially lead to remote code execution. The problem is fixed in 7.4.2, 7.2.7, and 6.2.17. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to restrict EVAL and EVALSHA commands. A flaw was found in the Redis server. This flaw allows an authenticated user to use a specially crafted Lua script to manipulate the garbage collector, potentially leading to remote code execution. Solution(s) amazon-linux-2023-upgrade-redis6 amazon-linux-2023-upgrade-redis6-debuginfo amazon-linux-2023-upgrade-redis6-debugsource amazon-linux-2023-upgrade-redis6-devel amazon-linux-2023-upgrade-redis6-doc References https://attackerkb.com/topics/cve-2024-46981 CVE - 2024-46981 https://alas.aws.amazon.com/AL2023/ALAS-2025-818.html

Amazon Linux AMI 2: CVE-2025-21613: Security patch for amazon-ssm-agent (ALAS-2025-2739) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/06/2025 Created 02/05/2025 Added 02/05/2025 Modified 02/05/2025 Description go-git is a highly extensible git implementation library written in pure Go. An argument injection vulnerability was discovered in go-git versions prior to v5.13. Successful exploitation of this vulnerability could allow an attacker to set arbitrary values to git-upload-pack flags. This only happens when the file transport protocol is being used, as that is the only protocol that shells out to git binaries. This vulnerability is fixed in 5.13.0. Solution(s) amazon-linux-ami-2-upgrade-amazon-ssm-agent References https://attackerkb.com/topics/cve-2025-21613 AL2/ALAS-2025-2739 CVE - 2025-21613

Amazon Linux 2023: CVE-2025-21614: Important priority package update for amazon-ssm-agent Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 01/06/2025 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description go-git is a highly extensible git implementation library written in pure Go. A denial of service (DoS) vulnerability was discovered in go-git versions prior to v5.13. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git clients. Users running versions of go-git from v4 and above are recommended to upgrade to v5.13 in order to mitigate this vulnerability. A denial of service (DoS) vulnerability was found in go-git. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server, which triggers resource exhaustion in go-git clients. Solution(s) amazon-linux-2023-upgrade-amazon-ssm-agent References https://attackerkb.com/topics/cve-2025-21614 CVE - 2025-21614 https://alas.aws.amazon.com/AL2023/ALAS-2025-824.html

VMware Photon OS: CVE-2024-56763 Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 01/06/2025 Created 01/30/2025 Added 01/29/2025 Modified 02/04/2025 Description In the Linux kernel, the following vulnerability has been resolved: tracing: Prevent bad count for tracing_cpumask_write If a large count is provided, it will trigger a warning in bitmap_parse_user. Also check zero for it. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2024-56763 CVE - 2024-56763