Ubuntu: Security Advisory (USN-7494-3)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-7491-1: Linux kernel (OEM) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - USB Type-C Connector System Software Interface driver; - Timer subsystem; CVE-2025-21902, CVE-2025-21813...

Azure Linux 3.0 Security Update: kernel (CVE-2024-57911)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-57911 advisory. - In the Linux kernel, the following vulnerability has been resolved: iio: dummy: iiosimplydummybuffer: fix...

Azure Linux 3.0 Security Update: kernel (CVE-2024-57951)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-57951 advisory. - In the Linux kernel, the following vulnerability has been resolved: hrtimers: Handle CPU state correctly on...

CVE-2024-58098

The CVE-2024-58098 issue affects the Linux kernel BPF verifier, specifically the logic tracking changes_pkt_data for global sub-programs. When verifiers process calls to helpers, pointers may be invalidated inconsistently between callers and global sub-programs, making certain programs unsafe (e....

SUSE-SU-2025:1463-1 Security update for the Linux Kernel (Live Patch 48 for SLE 15 SP3)

This update for the Linux Kernel 5.3.18-15030059174 fixes several issues. The following security issues were fixed: - CVE-2024-50205: ALSA: firewire-lib: Avoid division by zero in applyconstrainttosize bsc1233294. - CVE-2024-56650: netfilter: xtables: fix LED ID check in ledtgcheck bsc1235431...

RHEL 9 : kernel (RHSA-2025:4469)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:4469 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: nvme-tcp: fix potential memory corrupti...

CVE-2023-53080

In the Linux kernel, the following vulnerability has been resolved: xsk: Add missing overflow check in xdpumemreg The number of chunks can overflow u32. Make sure to return -EINVAL on overflow. Also remove a redundant u32 cast assigning umem-npgs...

CVE-2023-53055

In the Linux kernel, the following vulnerability has been resolved: fscrypt: destroy keyring after securitysbdelete fscryptdestroykeyring must be called after all potentially-encrypted inodes were evicted; otherwise it cannot safely destroy the keyring. Since inodes that are in-use by the Landloc...

CVE-2023-53071

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: do not run mt76unregisterdevice on unregistered hw Trying to probe a mt7921e pci card without firmware results in a successful probe where ieee80211registerhw hasn't been called. When removing the driver,...

CVE-2023-53058

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: E-Switch, Fix an Oops in error handling code The error handling dereferences "vport". There is nothing we can do if it is an error pointer except returning the error code...

CVE-2022-49932

In the Linux kernel, the following vulnerability has been resolved: KVM: VMX: Do all initialization before exposing /dev/kvm to userspace Call kvminit only after all setup is complete, as kvminit exposes /dev/kvm to userspace and thus allows userspace to create VMs and call other ioctls. E.g. KVM...

CVE-2023-53135 riscv: Use READ_ONCE_NOCHECK in imprecise unwinding stack mode

In the Linux kernel, the following vulnerability has been resolved: riscv: Use READONCENOCHECK in imprecise unwinding stack mode When CONFIGFRAMEPOINTER is unset, the stack unwinding function walkstackframe randomly reads the stack and then, when KASAN is enabled, it can lead to the following...

CVE-2023-53134

In the Linux kernel, the following vulnerability has been resolved: bnxten: Avoid order-5 memory allocation for TPA data The driver needs to keep track of all the possible concurrent TPA GRO/LRO completions on the aggregation ring. On P5 chips, the maximum number of concurrent TPA is 256 and the...

CVE-2023-53109

In the Linux kernel, the following vulnerability has been resolved: net: tunnels: annotate lockless accesses to dev-neededheadroom IP tunnels can apparently update dev-neededheadroom in their xmit path. This patch takes care of three tunnels xmit, and also the core LLRESERVEDSPACE and...

CVE-2023-53107

In the Linux kernel, the following vulnerability has been resolved: veth: Fix use after free in XDPREDIRECT Commit 718a18a0c8a6 "veth: Rework vethxdprcvskb in order to accept non-linear skb" introduced a bug where it tried to use pskbexpandhead if the headroom was less than XDPPACKETHEADROOM. Thi...

CVE-2023-53081 ocfs2: fix data corruption after failed write

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix data corruption after failed write When buffered write fails to copy data into underlying page cache page, ocfs2writeendnolock just zeroes out and dirties the page. This can leave dirty page beyond EOF and if page...

CVE-2023-53068 net: usb: lan78xx: Limit packet length to skb->len

In the Linux kernel, the following vulnerability has been resolved: net: usb: lan78xx: Limit packet length to skb-len Packet length retrieved from descriptor may be larger than the actual socket buffer length. In such case the cloned skb passed up the network stack will leak kernel memory content...

CVE-2023-53067 LoongArch: Only call get_timer_irq() once in constant_clockevent_init()

In the Linux kernel, the following vulnerability has been resolved: LoongArch: Only call gettimerirq once in constantclockeventinit Under CONFIGDEBUGATOMICSLEEP=y and CONFIGDEBUGPREEMPT=y, we can see the following messages on LoongArch, this is because using mightsleep in preemption disable...

CVE-2023-53066 qed/qed_sriov: guard against NULL derefs from qed_iov_get_vf_info

In the Linux kernel, the following vulnerability has been resolved: qed/qedsriov: guard against NULL derefs from qediovgetvfinfo We have to make sure that the info returned by the helper is valid before using it. Found by Linux Verification Center linuxtesting.org with the SVACE static analysis...