CVE-2025-40016 media: uvcvideo: Mark invalid entities with id UVC_INVALID_ENTITY_ID
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40016
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40016
CVE-2025-40013 ASoC: qcom: audioreach: fix potential null pointer dereference
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40013
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40013
CVE-2025-59295 Windows URL Parsing Remote Code Execution Vulnerability
Added an acknowledgement. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59295
Added an acknowledgement. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59295
CVE-2025-59500 Azure Notification Service Elevation of Privilege Vulnerability
Improper access control in Azure Notification Service allows an authorized attacker to elevate privileges over a network.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59500
Improper access control in Azure Notification Service allows an authorized attacker to elevate privileges over a network.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59500
CVE-2025-59503 Azure Compute Resource Provider Elevation of Privilege Vulnerability
Server-side request forgery (ssrf) in Azure Compute Gallery allows an authorized attacker to elevate privileges over a network.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59503
Server-side request forgery (ssrf) in Azure Compute Gallery allows an authorized attacker to elevate privileges over a network.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59503
CVE-2025-59273 Azure Event Grid System Elevation of Privilege Vulnerability
Improper access control in Azure Event Grid allows an unauthorized attacker to elevate privileges over a network.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59273
Improper access control in Azure Event Grid allows an unauthorized attacker to elevate privileges over a network.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59273
CVE-2025-59287 Windows Server Update Service (WSUS) Remote Code Execution Vulnerability
To comprehensively address CVE-2025-59287, Microsoft has released an out of band security update for the following supported versions of Windows Server: Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, Windows Server 2019, Windows Server 2022, Windows Server 2022, 23H2 Edition (Server Core installation), and Windows Server 2025. Note that a reboot will be required after you install the updates.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59287
To comprehensively address CVE-2025-59287, Microsoft has released an out of band security update for the following supported versions of Windows Server: Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, Windows Server 2019, Windows Server 2022, Windows Server 2022, 23H2 Edition (Server Core installation), and Windows Server 2025. Note that a reboot will be required after you install the updates.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59287
CVE-2022-49635 drm/i915/selftests: fix subtraction overflow bug
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-49635
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-49635
CVE-2022-49610 KVM: VMX: Prevent RSB underflow before vmenter
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-49610
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-49610
CVE-2022-49562 KVM: x86: Use __try_cmpxchg_user() to update guest PTE A/D bits
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-49562
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-49562
CVE-2022-49552 bpf: Fix combination of jit blinding and pointers to bpf subprogs.
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-49552
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-49552
CVE-2022-49543 ath11k: fix the warning of dev_wake in mhi_pm_disable_transition()
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-49543
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-49543
CVE-2022-49469 btrfs: fix anon_dev leak in create_subvol()
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-49469
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-49469
CVE-2022-49173 spi: fsi: Implement a timeout for polling status
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-49173
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-49173
CVE-2025-62813 LZ4 through 1.10.0 allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact when the application processes untrusted LZ4 frames. For example, LZ4F_createCDict_advanced in lib/lz4frame.c mishandles NULL checks.
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62813
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62813
CVE-2025-11411 Possible domain hijacking via promiscuous records in the authority section
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-11411
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-11411
CVE-2025-11840 GNU Binutils ldmisc.c vfinfo out-of-bounds
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-11840
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-11840
CVE-2025-40049 Squashfs: fix uninit-value in squashfs_get_parent
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40049
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40049
CVE-2025-40081 perf: arm_spe: Prevent overflow in PERF_IDX2OFF()
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40081
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40081
CVE-2025-40048 uio_hv_generic: Let userspace take care of interrupt mask
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40048
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40048
CVE-2025-40036 misc: fastrpc: fix possible map leak in fastrpc_put_args
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40036
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40036