CVE-2025-21460 – VMware Guest VM Heap Overflow

May 6, 2025

CVE ID : CVE-2025-21460

Published : May 6, 2025, 9:15 a.m. | 1 hour, 12 minutes ago

Description : Memory corruption while processing a message, when the buffer is controlled by a Guest VM, the value can be changed continuously.

Severity: 7.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-21462 – QNAP QTS Memory Corruption Vulnerability

Next Article CVE-2024-49845 – Microsoft Windows FRS Memory Corruption Vulnerability

Highlights

CVE-2025-37987 – Linux PDS Core AdminQ Overflow/Stuck Condition Vulnerability

May 20, 2025

CVE ID : CVE-2025-37987

Published : May 20, 2025, 6:15 p.m. | 34 minutes ago

Description : In the Linux kernel, the following vulnerability has been resolved:

pds_core: Prevent possible adminq overflow/stuck condition

The pds_core’s adminq is protected by the adminq_lock, which prevents
more than 1 command to be posted onto it at any one time. This makes it
so the client drivers cannot simultaneously post adminq commands.
However, the completions happen in a different context, which means
multiple adminq commands can be posted sequentially and all waiting
on completion.

On the FW side, the backing adminq request queue is only 16 entries
long and the retry mechanism and/or overflow/stuck prevention is
lacking. This can cause the adminq to get stuck, so commands are no
longer processed and completions are no longer sent by the FW.

As an initial fix, prevent more than 16 outstanding adminq commands so
there’s no way to cause the adminq from getting stuck. This works
because the backing adminq request queue will never have more than 16
pending adminq commands, so it will never overflow. This is done by
reducing the adminq depth to 16.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CodeSOD: Across the 4th Dimension

Cursor vs GitHub Copilot (2025): Which AI Platform Wins for Your Node.js Dev Team?

NuGet adds support for Trusted Publishing

AWS launches IDE extension for building browser automation agents

Distribution Release: Kali Linux 2025.3

Distribution Release: SysLinuxOS 13

Development Release: MX Linux 25 Beta 1

DistroWatch Weekly, Issue 1140

Beyond Denial: How AI Concierge Services Can Transform Healthcare from Reactive to Proactive

Beyond Denial: How AI Concierge Services Can Transform Healthcare from Reactive to Proactive

IDC ServiceScape for Microsoft Power Apps Low-Code/No-Code Custom Application Development Services

A Stream-Oriented UI library for interactive web applications

FOSS Weekly #25.39: Kill Switch Phones, LMDE 7, Zorin OS 18 Beta, Polybar, Apt History and More Linux Stuff

FOSS Weekly #25.39: Kill Switch Phones, LMDE 7, Zorin OS 18 Beta, Polybar, Apt History and More Linux Stuff

Distribution Release: Kali Linux 2025.3

Distribution Release: SysLinuxOS 13

CVE-2025-21460 – VMware Guest VM Heap Overflow

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass

CVE-2025-46329 – Snowflake libsnowflakeclient Sensitive Information Logging

Spelloff – multiplayer first-person shooter

I recommend this $320 Lenovo tablet over the iPad for most people. Here’s why

SPFtoolbox – look up DNS records

CVE-2025-37987 – Linux PDS Core AdminQ Overflow/Stuck Condition Vulnerability

Hjhhbvnbgbnvbbggnhghjg

IT Rack Setup Services in Delhi – Professional IT Infrastructure Solutions

CVE-2025-27007 – Brainstorm Force SureTriggers Privilege Escalation Vulnerability

CVE-2025-21460 – VMware Guest VM Heap Overflow

Related Posts