CVE-2022-50452

CVE-2022-50452 describes a null-pointer dereference in the Linux kernel net:sched: cake path during cake_init() failure. If the default qdisc is cake and mqprio_init() fails, cake_reset() clears resources but q->tins remains NULL, leading to a NULL dereference in cake_dequeue_one(). The connec...

CVE-2022-50452 net: sched: cake: fix null pointer access issue when cake_init() fails

In the Linux kernel, the following vulnerability has been resolved: net: sched: cake: fix null pointer access issue when cakeinit fails When the default qdisc is cake, if the qdisc of devqueue fails to be inited during mqprioinit, cakereset is invoked to clear resources. In this case, the tins is...

CVE-2023-53452 wifi: rtw89: fix potential race condition between napi_init and napi_enable

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: fix potential race condition between napiinit and napienable A race condition can happen if netdev is registered, but NAPI isn't initialized yet, and meanwhile user space starts the netdev that will enable NAPI. Then...

CVE-2023-53452

Observation: CVE-2023-53452 concerns a race condition in the Linux kernel affecting the wifi driver path for rtW89. When a netdev is registered but NAPI isn’t initialized yet, a race can occur if user space opens the netdev and enables NAPI, causing a kernel BUG at net/core/dev.c:6423 and an inva...

CVE-2023-53449 s390/dasd: Fix potential memleak in dasd_eckd_init()

In the Linux kernel, the following vulnerability has been resolved: s390/dasd: Fix potential memleak in dasdeckdinit dasdreservereq is allocated before dasdvolinforeq, and it also needs to be freed before the error returns, just like the other cases in this function...

CVE-2025-39903

In the Linux kernel, the following vulnerability has been resolved: ofnuma: fix uninitialized memory nodes causing kernel panic When there are memory-only nodes nodes without CPUs, these nodes are not properly initialized, causing kernel panic during boot. ofnumainit ofnumaparsecpunodes nodesetni...

CVE-2025-39891

In the Linux kernel, the following vulnerability has been resolved: wifi: mwifiex: Initialize the chanstats array to zero The adapter-chanstats array is initialized in mwifiexinitchannelscangap with vmalloc, which doesn't zero out memory. The array is filled in mwifiexupdatechanstatistics and the...

AZL-75122 CVE-2025-39891 affecting package kernel for versions less than 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: wifi: mwifiex: Initialize the chanstats array to zero The adapter-chanstats array is initialized in mwifiexinitchannelscangap with vmalloc, which doesn't zero out memory. The array is filled in mwifiexupdatechanstatistics and the...

AZL-68007 CVE-2025-39891 affecting package kernel for versions less than 6.6.112.1-1

In the Linux kernel, the following vulnerability has been resolved: wifi: mwifiex: Initialize the chanstats array to zero The adapter-chanstats array is initialized in mwifiexinitchannelscangap with vmalloc, which doesn't zero out memory. The array is filled in mwifiexupdatechanstatistics and the...

UBUNTU-CVE-2025-39891

In the Linux kernel, the following vulnerability has been resolved: wifi: mwifiex: Initialize the chanstats array to zero The adapter-chanstats array is initialized in mwifiexinitchannelscangap with vmalloc, which doesn't zero out memory. The array is filled in mwifiexupdatechanstatistics and the...

UBUNTU-CVE-2025-39904

In the Linux kernel, the following vulnerability has been resolved: arm64: kexec: initialize kexecbuf struct in loadothersegments Patch series "kexec: Fix invalid field access". The kexecbuf structure was previously declared without initialization. commit bf454ec31add "kexecfile: allow to place...

External Initialization of Trusted Variables or Data Stores

Overview ch.qos.logback:logback-core is a logback-core module. Affected versions of this package are vulnerable to External Initialization of Trusted Variables or Data Stores via the conditional processing of the logback.xml configuration file when both the Janino library and Spring Framework are...

CVE-2025-39904 arm64: kexec: initialize kexec_buf struct in load_other_segments()

In the Linux kernel, the following vulnerability has been resolved: arm64: kexec: initialize kexecbuf struct in loadothersegments Patch series "kexec: Fix invalid field access". The kexecbuf structure was previously declared without initialization. commit bf454ec31add "kexecfile: allow to place...

CVE-2025-39904

Summary: The CVE-2025-39904 issue affects the Linux kernel’s kexec path for arm64 (and riscv per the patch set). A kexec_buf structure was previously declared without full initialization, and a field added by a prior patch could be read uninitialized on some architectures, triggering UBSAN invali...

CVE-2025-39904 arm64: kexec: initialize kexec_buf struct in load_other_segments()

In the Linux kernel, the following vulnerability has been resolved: arm64: kexec: initialize kexecbuf struct in loadothersegments Patch series "kexec: Fix invalid field access". The kexecbuf structure was previously declared without initialization. commit bf454ec31add "kexecfile: allow to place...

CVE-2025-39903

The CVE-2025-39903 issue affects the Linux kernel and relates to NUMA memory initialization. The root cause was that memory-only NUMA nodes (nodes without CPUs) were not properly initialized, causing a NULL pointer dereference in free_area_init when NODE_DATA() is accessed for these uninitialized...

CVE-2025-39903 of_numa: fix uninitialized memory nodes causing kernel panic

In the Linux kernel, the following vulnerability has been resolved: ofnuma: fix uninitialized memory nodes causing kernel panic When there are memory-only nodes nodes without CPUs, these nodes are not properly initialized, causing kernel panic during boot. ofnumainit ofnumaparsecpunodes nodesetni...

CVE-2025-39903 of_numa: fix uninitialized memory nodes causing kernel panic

In the Linux kernel, the following vulnerability has been resolved: ofnuma: fix uninitialized memory nodes causing kernel panic When there are memory-only nodes nodes without CPUs, these nodes are not properly initialized, causing kernel panic during boot. ofnumainit ofnumaparsecpunodes nodesetni...

CVE-2025-39891

In the Linux kernel, the following vulnerability has been resolved: wifi: mwifiex: Initialize the chanstats array to zero The adapter-chanstats array is initialized in mwifiexinitchannelscangap with vmalloc, which doesn't zero out memory. The array is filled in mwifiexupdatechanstatistics and the...

CVE-2025-39891 wifi: mwifiex: Initialize the chan_stats array to zero

In the Linux kernel, the following vulnerability has been resolved: wifi: mwifiex: Initialize the chanstats array to zero The adapter-chanstats array is initialized in mwifiexinitchannelscangap with vmalloc, which doesn't zero out memory. The array is filled in mwifiexupdatechanstatistics and the...