drm/v3d: Avoid NULL pointer dereference in `v3d_job_update_stats()`

...

TencentOS Server 4: kernel (TSSA-2025:0432)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0432 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

kernel: tls: make sure to abort the stream if headers are bogus

In the Linux kernel, the following vulnerability has been resolved: tls: make sure to abort the stream if headers are bogus Normally we wait for the socket to buffer up the whole record before we service it. If the socket has a tiny buffer, however, we read out the data sooner, to prevent...

CVE-2025-39881 affecting package kernel for versions less than 6.6.112.1-1

CVE-2025-39881 affecting package kernel for versions less than 6.6.112.1-1. A patched version of the package is available...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-990923)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990923 advisory. In the Linux kernel, the following vulnerability has been resolved: mm/swapfile: add condresched in getswappages The softlockup still occurs in getswappages under...

drm/vmwgfx: Fix Use-after-free in validation

...

EUVD-2025-150370

In the Linux kernel, the following vulnerability has been resolved: sctp: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this...

SUSE SLES15 Security Update : kernel (Live Patch 26 for SUSE Linux Enterprise 15 SP5) (SUSE-SU-2025:4059-1)

The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:4059-1 advisory. This update for the SUSE Linux Enterprise kernel 5.14.21-150400.24.150 fixes various security issues The following security issues were fixed: ...

SUSE SLES15 Security Update : kernel (Live Patch 20 for SUSE Linux Enterprise 15 SP5) (SUSE-SU-2025:4043-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:4043-1 advisory. This update for the SUSE Linux Enterprise kernel 5.14.21-150500.55.83 fixes various security issues The following security issues were fixed: -...

SUSE SLES15 Security Update : kernel (Live Patch 14 for SLE 15 SP6) (SUSE-SU-2025:4063-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:4063-1 advisory. This update for the Linux Kernel 6.4.0-1506002365 fixes several issues. The following security issues were fixed: - CVE-2025-38664: ice: Fix a...

EUVD-2025-124954

In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix null pointer dereference on zero-length checksum In xdrstreamdecodeopaqueauth, zero-length checksum.len causes checksum.data to be set to NULL. This triggers a NPD when accessing checksum.data in gsskrb5verifymicv2...

CVE-2025-40152 drm/msm: Fix bootup splat with separate_gpu_drm modparam

In the Linux kernel, the following vulnerability has been resolved: drm/msm: Fix bootup splat with separategpudrm modparam The drmgemforeachgpuvmbo call from lookupvma accesses drmgemobj.gpuva.list, which is not initialized when the drm driver does not support DRIVERGEMGPUVA feature. Enable it fo...

CVE-2025-40143

CVE-2025-40143 concerns the Linux kernel BPF verifier. Syzbot-generated input could trigger a verifier_bug() in maybe_exit_scc() when processing a state inside an SCC, under speculative execution paths. The root cause was an assumption that an existing bpf_scc_visit instance always accompanies a ...

CVE-2025-40137

CVE-2025-40137 describes a Linux kernel issue in F2FS where the error path of f2fs_truncate() did not truncate the first page in cache, leading to inode eviction logic detecting a non-zero i_data.nrpages and triggering a kernel BUG during eviction. The provided details trace the path from evict →...

CVE-2025-40133

In the Linux kernel, the following vulnerability has been resolved: mptcp: Use skdstget and dstdevrcu in mptcpactiveenable. mptcpactiveenable is called from subflowfinishconnect, which is icsk-icskafops-skrxdstset and it's not always under RCU. Using skdstgetsk-dev could trigger UAF. Let's use...

kernel: ASoC: SOF: Intel: hda: Fix potential buffer overflow by snprintf()

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Intel: hda: Fix potential buffer overflow by snprintf snprintf returns the would-be-filled size when the string overflows the given buffer size, hence using this value may result in the buffer overflow although it's...

Linux Distros Unpatched Vulnerability : CVE-2025-40139

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - smc: Use skdstget and dstdevrcu in in smcclcprfxset. smcclcprfxset is called during connect and not under RCU nor RTNL. Using skdstgetsk-dev could trigger UAF...

kernel: can: j1939: j1939_send_one(): fix missing CAN header initialization

In the Linux kernel, the following vulnerability has been resolved: can: j1939: j1939sendone: fix missing CAN header initialization The read access to struct canxlframe::len inside of a j1939 created skbuff revealed a missing initialization of reserved and later filled elements in struct canframe...

kernel: padata: avoid UAF for reorder_work

In the Linux kernel, the following vulnerability has been resolved: padata: avoid UAF for reorderwork Although the previous patch can avoid ps and ps UAF for doserial, it can not avoid potential UAF issue for reorderwork. This issue can happen just as below: cryptorequest cryptorequest cryptodela...

kernel: can: m_can: pci: add missing m_can_class_free_dev() in probe/remove methods

In the Linux kernel, the following vulnerability has been resolved: can: mcan: pci: add missing mcanclassfreedev in probe/remove methods In mcanpciremove and error handling path of mcanpciprobe, mcanclassfreedev should be called to free resource allocated by mcanclassallocatedev, otherwise there...