280 matches found
DEBIAN-CVE-2025-21765
In the Linux kernel, the following vulnerability has been resolved: ipv6: use RCU protection in ip6defaultadvmss ip6defaultadvmss needs rcu protection to make sure the net structure it reads does not disappear...
DEBIAN-CVE-2022-49704
In the Linux kernel, the following vulnerability has been resolved: 9p: fix fid refcount leak in v9fsvfsgetlink we check for protocol version later than required, after a fid has been obtained. Just move the version check earlier...
DEBIAN-CVE-2022-49677
In the Linux kernel, the following vulnerability has been resolved: ARM: cns3xxx: Fix refcount leak in cns3xxxinit offindcompatiblenode returns a node pointer with refcount incremented, we should use ofnodeput on it when done. Add missing ofnodeput to avoid refcount leak...
DEBIAN-CVE-2022-49680
In the Linux kernel, the following vulnerability has been resolved: ARM: exynos: Fix refcount leak in exynosmappmu offindmatchingnode returns a node pointer with refcount incremented, we should use ofnodeput on it when not need anymore. Add missing ofnodeput to avoid refcount leak. ofnodeput chec...
DEBIAN-CVE-2022-49635
In the Linux kernel, the following vulnerability has been resolved: drm/i915/selftests: fix subtraction overflow bug On some machines holeend can be small enough to cause subtraction overflow. On the other side addr + 2 minalignment can overflow in case of mock tests. This patch should handle bot...
DEBIAN-CVE-2022-49612
In the Linux kernel, the following vulnerability has been resolved: power: supply: core: Fix boundary conditions in interpolation The functions powersupplytemp2resistsimple and powersupplyocv2capsimple handle boundary conditions incorrectly. The change was introduced in...
DEBIAN-CVE-2022-49587
In the Linux kernel, the following vulnerability has been resolved: tcp: Fix a data-race around sysctltcpnotsentlowat. While reading sysctltcpnotsentlowat, it can be changed concurrently. Thus, we need to add READONCE to its reader...
DEBIAN-CVE-2022-49491
In the Linux kernel, the following vulnerability has been resolved: drm/rockchip: vop: fix possible null-ptr-deref in vopbind It will cause null-ptr-deref in resourcesize, if platformgetresource returns NULL, move calling resourcesize after devmioremapresource that will check 'res' to avoid...
DEBIAN-CVE-2022-49317
In the Linux kernel, the following vulnerability has been resolved: f2fs: avoid infinite loop to flush node pages xfstests/generic/475 can give EIO all the time which give an infinite loop to flush node page like below. Let's avoid it. 16418.518551 Call Trace: 16418.518553 ? dmsubmitbio+0x48/0x40...
DEBIAN-CVE-2021-47646
In the Linux kernel, the following vulnerability has been resolved: Revert "Revert "block, bfq: honor already-setup queue merges"" A crash 1 happened to be triggered in conjunction with commit 2d52c58b9c9b "block, bfq: honor already-setup queue merges". The latter was then reverted by commit...
CLSA-2025-1740230107 Fix CVE(s): CVE-2025-0395
SECURITY UPDATE: insufficient space allocation in assert function leading to buffer overflow - debian/patches/any/CVE-2025-0395.patch: Fix underallocation of abortmsgs struct to store the length of the message string - CVE-2025-0395...
CLSA-2025-1739812242 Fix CVE(s): CVE-2024-3596
SECURITY UPDATE: Generate and verify message MACs in libkrad - debian/patches/CVE-2024-3596.patch: implement support for Message-Authenticator in libkrad - CVE-2024-3596 debian/control: add package Recommends to krb5-doc...
CLSA-2025-1738632064 Fix CVE(s): CVE-2024-12088
SECURITY UPDATE: path traversal vulnerability via improper symlink verification, when using the --safe-links option - debian/patches/CVE-2024-12088.patch: make --safe-links stricter - CVE-2024-12088...
CLSA-2025-1738632046 Fix CVE(s): CVE-2024-12086, CVE-2024-12087, CVE-2024-12088
SECURITY UPDATE: possible information leak via checksum comparison - debian/patches/CVE-2024-12086.patch: fix info leak when connecting to malicious server - CVE-2024-12086 SECURITY UPDATE: arbitraty file write via inproper symlink verification - debian/patches/CVE-2024-12087.patch: fix writing...
CLSA-2025-1737569495 Fix CVE(s): CVE-2024-12085
SECURITY UPDATE: possible information leak via checksum comparison - debian/patches/CVE-2024-12085.patch: fix issue with checksum length manipulation leading to uninitialized memory leak - CVE-2024-12085...
CLSA-2025-1737471454 Fix CVE(s): CVE-2024-12085
SECURITY UPDATE: possible information leak via checksum comparison - debian/patches/CVE-2024-12085.patch: fix issue with checksum length manipulation leading to uninitialized memory leak - CVE-2024-12085...
DEBIAN-CVE-2024-57916
In the Linux kernel, the following vulnerability has been resolved: misc: microchip: pci1xxxx: Resolve kernel panic during GPIO IRQ handling Resolve kernel panic caused by improper handling of IRQs while accessing GPIO values. This is done by replacing generichandleirq with handlenestedirq...
DEBIAN-CVE-2025-22134
When switching to other buffers using the :all command and visual mode still being active, this may cause a heap-buffer overflow, because Vim does not properly end visual mode and therefore may try to access beyond the end of a line in a buffer. In Patch 9.1.1003 Vim will correctly reset the visu...
DEBIAN-CVE-2024-57807
In the Linux kernel, the following vulnerability has been resolved: scsi: megaraidsas: Fix for a potential deadlock This fixes a 'possible circular locking dependency detected' warning CPU0 CPU1 ---- ---- lock&instance-resetmutex; lock&shost-scanmutex; lock&instance-resetmutex;...
DEBIAN-CVE-2024-56766
In the Linux kernel, the following vulnerability has been resolved: mtd: rawnand: fix double free in atmelpmecccreateuser The "user" pointer was converted from being allocated with kzalloc to being allocated by devmkzalloc. Calling kfreeuser will lead to a double free...