Azure Linux 3.0 Security Update: kernel (CVE-2024-49960)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-49960 advisory. - In the Linux kernel, the following vulnerability has been resolved: ext4: fix timer use-after-free on failed...

Azure Linux 3.0 Security Update: kernel (CVE-2025-37738)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-37738 advisory. - In the Linux kernel, the following vulnerability has been resolved: ext4: ignore xattrs past end Once inside...

Azure Linux 3.0 Security Update: kernel (CVE-2025-38220)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-38220 advisory. - In the Linux kernel, the following vulnerability has been resolved: ext4: only dirty folios when data...

Azure Linux 3.0 Security Update: kernel (CVE-2024-47700)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-47700 advisory. - In the Linux kernel, the following vulnerability has been resolved: ext4: check stripe size compatibility on...

Azure Linux 3.0 Security Update: kernel (CVE-2025-38222)

"The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-38222 advisory. - In the Linux kernel, the following vulnerability has been resolved: ext4: inline: fix len overflow in...

CLSA-2026-1768110920 kernel: Fix of 16 CVEs

crypto: lzo - Fix compression buffer overrun CVE-2025-38068 - wifi: brcmfmac: fix use-after-free when rescheduling brcmfbtcoexinfo work CVE-2025-39863 - NFSD: Protect against send buffer overflow in NFSv2 READ CVE-2022-43945 - tcp: Clear tcpsksk-fastopenrsk in tcpdisconnect. CVE-2025-40186 - can:...

MiracleLinux 8 : kernel-4.18.0-513.24.1.el8_9 (AXSA:2024-7674:10)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7674:10 advisory. kernel: vmwgfx: NULL pointer dereference in vmwcmddxdefinequery CVE-2022-38096 kernel: Out of boundary write in perfreadgroup as result of overflow ...

MiracleLinux 8 : kernel-4.18.0-553.16.1.el8_10 (AXSA:2024-8704:25)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8704:25 advisory. kernel: powerpc: Fix access beyond end of drmem array CVE-2023-52451 kernel: efivarfs: force RO when remounting if SetVariable is not supported...

MiracleLinux 8 : e2fsprogs-1.45.4-3.el8 (AXSA:2020-302:02)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2020-302:02 advisory. e2fsprogs: crafted ext4 partition leads to out-of-bounds write CVE-2019-5094 Tenable has extracted the preceding description block directly from the...

MiracleLinux 7 : e2fsprogs-1.42.9-19.el7 (AXSA:2020-637:03)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-637:03 advisory. e2fsprogs: Crafted ext4 partition leads to out-of-bounds write CVE-2019-5094 e2fsprogs: Out-of-bounds write in e2fsck/rehash.c CVE-2019-5188 Tenable...

MiracleLinux 8 : kernel-4.18.0-240.el8 (AXSA:2021-1489:04)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1489:04 advisory. kernel: use after free in the video driver leads to local privilege escalation CVE-2019-9458 kernel: use-after-free in drivers/bluetooth/hcildisc.c...

CLSA-2026-1768775579 kernel: Fix of 49 CVEs

scsi: ses: Fix slab-out-of-bounds in sesenclosuredataprocess CVE-2023-53803 - md/raid1: Fix stack memory use after return in raid1reshape CVE-2025-38445 - ALSA: usb-audio: Fix out-of-bounds read in sndusbgetaudioformatuac3 CVE-2025-38249 - atm: clip: Fix infinite recursive call of clippush...

SUSE CVE-2025-68820

In the Linux kernel, the following vulnerability has been resolved: ext4: xattr: fix null pointer deref in ext4rawinode If ext4getinodeloc fails e.g. if it returns -EFSCORRUPTED, iloc.bh will remain set to NULL. Since ext4xattrinodedecrefall lacks error checking, this will lead to a null pointer...

SUSE CVE-2025-71123

In the Linux kernel, the following vulnerability has been resolved: ext4: fix string copying in parseapplysbmountoptions strscpypad can't be used to copy a non-NUL-term string into a NUL-term string of possibly bigger size. Commit 0efc5990bca5 "string.h: Introduce memtostr and memtostrpad" provid...

Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2022-49110: netfilter: conntrack: revisit gc autotuning bsc1237981. CVE-2022-49139: Bluetooth: fix null ptr deref on hcisyncconncompleteevt bsc1238032...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-004197)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004197 advisory. The Linux kernel before 5.4.2 mishandles ext4expandextraisize, as demonstrated by use-after-free errors in ext4expandextraisize and ext4xattrsetentry, related to...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000935)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000935 advisory. The ext4zerorange function in fs/ext4/extents.c in the Linux kernel before 4.1 allows local users to cause a denial of service BUG via a crafted fallocate zero-range...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001155)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001155 advisory. The ext4fillsuper function in fs/ext4/super.c in the Linux kernel through 4.15.15 does not always initialize the crc32c checksum driver, which allows attackers to...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001300)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001300 advisory. fs/ext4/inode.c in the Linux kernel before 4.6.2, when ext4 data=ordered mode is used, mishandles a needs- flushing-before-commit list, which allows local users to...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-004016)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004016 advisory. ext4protectreservedinode in fs/ext4/blockvalidity.c in the Linux kernel through 5.5.3 allows attackers to cause a denial of service soft lockup via a crafted journal...