Overview CVE-2025-40225 describes a critical vulnerability in the Linux kernel’s Panthor graphics driver. This flaw can lead to a kernel panic if userspace attempts to partially unmap a GPU virtual region. The issue stems from how the Panthor driver manages memory allocation during unmap operations, specifically when dealing with partial unmappings of buffer objects (BOs). A fix has been implemented in the kernel to address this vulnerability. Technical Details The vulnerability arises within the drm/panthor driver due to improper handling of memory allocation when partially unmapping GPU virtual regions, also known as drm_gpuva. The VM_BIND interface allows for partial unmapping…

Overview CVE-2025-40224 identifies a vulnerability within the cgbc-hwmon driver of the Linux kernel. This flaw stems from a missing NULL check after a memory allocation attempt using devm_kzalloc(). If the memory allocation fails, the subsequent dereferencing of the NULL pointer could result in a kernel crash, leading to a denial-of-service condition. A patch has been released to address this issue, adding the necessary NULL check to ensure proper error handling. Technical Details The cgbc-hwmon driver is responsible for monitoring hardware components. The vulnerability lies in how the driver handles memory allocation for sensor data. Specifically: The driver uses devm_kzalloc() to…

Overview CVE-2025-40223 describes a use-after-free vulnerability found within the Linux kernel’s implementation of the Media Oriented Systems Transport (MOST) interface for USB devices. This flaw exists in the hdm_disconnect() function, potentially leading to system instability or, in some scenarios, code execution. This article provides a comprehensive breakdown of the vulnerability, its technical details, potential impact, and available mitigation strategies. Technical Details The vulnerability arises from incorrect memory management within the hdm_disconnect() function, which is responsible for handling the disconnection of a MOST interface device. The sequence of events leading to the use-after-free is as follows: hdm_disconnect() calls most_deregister_interface(). most_deregister_interface() eventually…

Overview CVE-2025-40222 is a vulnerability identified in the Linux kernel’s SH-SCI (SuperH Serial Communication Interface) serial driver. This flaw, if triggered, can lead to a kernel panic due to an out-of-bounds memory access when handling RSCI (Reduced Serial Communication Interface) FIFO overruns. This article provides a detailed technical analysis of the vulnerability, its potential impact, and the necessary mitigation steps to secure your Linux systems. Technical Details The vulnerability lies within the error handling code for receive operations in the SH-SCI serial driver. The sci_handle_fifo_overrun() function, responsible for managing FIFO overruns, incorrectly accessed memory outside of the rsci_port_params structure when…

Overview A critical directory traversal vulnerability, identified as CVE-2025-65346, has been discovered in alexusmai’s laravel-file-manager version 3.3.1 and below. This vulnerability allows attackers to write arbitrary files to the server’s filesystem, potentially leading to remote code execution or data compromise. It stems from improper validation of extraction paths during the unzip/extraction process. Technical Details The vulnerability resides in the component responsible for handling archive extraction. Specifically, the application fails to adequately sanitize or validate the paths specified within the archive. An attacker can craft a malicious archive containing files with specially crafted paths (e.g., “../../../../../etc/passwd”). When laravel-file-manager extracts this archive,…

Overview CVE-2025-54307 details a critical path traversal vulnerability found in the Thermo Fisher Torrent Suite Django application, version 5.18.1. This vulnerability allows low-privilege authenticated users to upload arbitrary files to the server, potentially leading to remote code execution. This vulnerability arises from insufficient sanitization of filenames during file uploads via the /configure/plugins/plugin/upload/zip/ and /configure/newupdates/offline/bundle/upload/ endpoints. Technical Details The vulnerability resides in the plupload_file_upload function, which handles file uploads. This function constructs the destination file path using either the name parameter or the uploaded filename, neither of which are properly sanitized. The file extension is extracted by splitting the filename string.…

Overview A critical remote code execution (RCE) vulnerability, identified as CVE-2025-54306, has been discovered in the Thermo Fisher Torrent Suite Django application, specifically version 5.18.1. This vulnerability allows remote attackers to execute arbitrary commands on the affected system by exploiting insufficient input validation in the network configuration functionality. Technical Details The vulnerability lies within the way the Torrent Suite handles network configuration parameters through its administrative endpoints. The application permits administrators to modify the server’s network configuration via the Django application. These configurations are then processed by Bash scripts, namely TSsetnoproxy and TSsetproxy. These scripts directly write user-controlled data to…

Overview CVE-2025-54305 describes a critical vulnerability discovered in the Thermo Fisher Torrent Suite Django application, specifically version 5.18.1. This vulnerability allows a local attacker to bypass authentication and gain administrative access to the system. The core issue lies within the LocalhostAuthMiddleware, which improperly authenticates users based on the REMOTE_ADDR property in the request’s META data. Technical Details The LocalhostAuthMiddleware in Torrent Suite 5.18.1 incorrectly authenticates users as ionadmin if the REMOTE_ADDR property in request.META matches one of the following IP addresses: 127.0.0.1, 127.0.1.1, or ::1 (localhost). This means any user with local access to the server hosting the Torrent Suite…

Overview CVE-2025-53963 describes a critical security vulnerability affecting Thermo Fisher Ion Torrent OneTouch 2 INS1005527 devices. These devices are vulnerable due to the presence of a weak default password for the root account. An attacker who can reach the device’s SSH server (port 22) can exploit this flaw to gain root access and execute arbitrary code. Important Note: This vulnerability affects products that are no longer supported by the maintainer. Technical Details The Thermo Fisher Ion Torrent OneTouch 2 device runs an SSH server exposed on the default port 22. The root account utilizes a default password of ionadmin. Critically,…

Overview CVE-2025-40221 describes a potential vulnerability in the Linux kernel’s media subsystem, specifically within the mg4b driver. This flaw involves the possibility of leaking uninitialized stack data to userspace. A fix has been implemented to address this issue by ensuring that the scan structure is properly initialized before use, preventing the leakage of sensitive or unpredictable data. Technical Details The vulnerability stems from the fact that the scan structure within the mg4b driver might not be completely initialized before being used. This can result in parts of the structure containing leftover data from the stack. If this uninitialized structure is…