Overview CVE-2025-40222 is a vulnerability identified in the Linux kernel’s SH-SCI (SuperH Serial Communication Interface) serial driver. This flaw, if triggered, can lead to a kernel panic due to an out-of-bounds memory access when handling RSCI (Reduced Serial Communication Interface) FIFO overruns. This article provides a detailed technical analysis of the vulnerability, its potential impact, and the necessary mitigation steps to secure your Linux systems. Technical Details The vulnerability lies within the error handling code for receive operations in the SH-SCI serial driver. The sci_handle_fifo_overrun() function, responsible for managing FIFO overruns, incorrectly accessed memory outside of the rsci_port_params structure when…

Overview A critical directory traversal vulnerability, identified as CVE-2025-65346, has been discovered in alexusmai’s laravel-file-manager version 3.3.1 and below. This vulnerability allows attackers to write arbitrary files to the server’s filesystem, potentially leading to remote code execution or data compromise. It stems from improper validation of extraction paths during the unzip/extraction process. Technical Details The vulnerability resides in the component responsible for handling archive extraction. Specifically, the application fails to adequately sanitize or validate the paths specified within the archive. An attacker can craft a malicious archive containing files with specially crafted paths (e.g., “../../../../../etc/passwd”). When laravel-file-manager extracts this archive,…

Overview CVE-2025-54307 details a critical path traversal vulnerability found in the Thermo Fisher Torrent Suite Django application, version 5.18.1. This vulnerability allows low-privilege authenticated users to upload arbitrary files to the server, potentially leading to remote code execution. This vulnerability arises from insufficient sanitization of filenames during file uploads via the /configure/plugins/plugin/upload/zip/ and /configure/newupdates/offline/bundle/upload/ endpoints. Technical Details The vulnerability resides in the plupload_file_upload function, which handles file uploads. This function constructs the destination file path using either the name parameter or the uploaded filename, neither of which are properly sanitized. The file extension is extracted by splitting the filename string.…

Overview A critical remote code execution (RCE) vulnerability, identified as CVE-2025-54306, has been discovered in the Thermo Fisher Torrent Suite Django application, specifically version 5.18.1. This vulnerability allows remote attackers to execute arbitrary commands on the affected system by exploiting insufficient input validation in the network configuration functionality. Technical Details The vulnerability lies within the way the Torrent Suite handles network configuration parameters through its administrative endpoints. The application permits administrators to modify the server’s network configuration via the Django application. These configurations are then processed by Bash scripts, namely TSsetnoproxy and TSsetproxy. These scripts directly write user-controlled data to…

Overview CVE-2025-54305 describes a critical vulnerability discovered in the Thermo Fisher Torrent Suite Django application, specifically version 5.18.1. This vulnerability allows a local attacker to bypass authentication and gain administrative access to the system. The core issue lies within the LocalhostAuthMiddleware, which improperly authenticates users based on the REMOTE_ADDR property in the request’s META data. Technical Details The LocalhostAuthMiddleware in Torrent Suite 5.18.1 incorrectly authenticates users as ionadmin if the REMOTE_ADDR property in request.META matches one of the following IP addresses: 127.0.0.1, 127.0.1.1, or ::1 (localhost). This means any user with local access to the server hosting the Torrent Suite…

Overview CVE-2025-53963 describes a critical security vulnerability affecting Thermo Fisher Ion Torrent OneTouch 2 INS1005527 devices. These devices are vulnerable due to the presence of a weak default password for the root account. An attacker who can reach the device’s SSH server (port 22) can exploit this flaw to gain root access and execute arbitrary code. Important Note: This vulnerability affects products that are no longer supported by the maintainer. Technical Details The Thermo Fisher Ion Torrent OneTouch 2 device runs an SSH server exposed on the default port 22. The root account utilizes a default password of ionadmin. Critically,…

Overview CVE-2025-40221 describes a potential vulnerability in the Linux kernel’s media subsystem, specifically within the mg4b driver. This flaw involves the possibility of leaking uninitialized stack data to userspace. A fix has been implemented to address this issue by ensuring that the scan structure is properly initialized before use, preventing the leakage of sensitive or unpredictable data. Technical Details The vulnerability stems from the fact that the scan structure within the mg4b driver might not be completely initialized before being used. This can result in parts of the structure containing leftover data from the stack. If this uninitialized structure is…

This article provides a detailed analysis of CVE-2025-40220, a vulnerability found in the Linux kernel’s fuse (Filesystem in Userspace) implementation. This issue can lead to a livelock situation, particularly when using fuseblk workers. We’ll explore the technical details, potential impact, and steps to mitigate this vulnerability. Overview CVE-2025-40220 identifies a flaw in the way the Linux kernel handles file puts within the fuse subsystem, specifically when dealing with asynchronous I/O (AIO) operations in conjunction with fuseblk. This can result in a scenario where fuse server threads become stuck waiting for responses from themselves, effectively halting operations. Technical Details The vulnerability…

A critical race condition vulnerability, identified as CVE-2025-40219, has been discovered and resolved in the Linux kernel’s PCI/IOV (Input/Output Virtualization) Single Root I/O Virtualization (SR-IOV) implementation. This flaw could lead to double remove and list corruption, particularly affecting systems running on the s390 architecture. Overview CVE-2025-40219 stems from a lack of proper locking mechanisms during the enabling and disabling of SR-IOV virtual functions (VFs). Specifically, when disabling SR-IOV through config space accesses to the parent Physical Function (PF), the `sriov_disable()` function removes PCI devices representing the VFs. The absence of the `pci_rescan_remove_lock` during this process allows for concurrent removal and…

Overview CVE-2025-40218 describes a vulnerability in the Linux kernel’s DAMON (Data Access Monitoring) subsystem. Specifically, the issue resided in the virtual address space operation set implementation (vaddr) of DAMON. An infinite loop could occur during page table walks when `pte_offset_map_lock()` continuously failed due to a pmd migration entry. This could lead to a soft lockup, particularly when CPU hotplugging and DAMON were running concurrently. A patch has been implemented to prevent this infinite loop by avoiding retries of the page table walk in case of failure. Technical Details The DAMON vaddr implementation uses `pte_offset_map_lock()` to read and write page table…