Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-7874-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7874-1 advisory. Jean-Claude Graf, Sandro Regge, Ali Hajiabadi, and Kaveh Razavi discovered that the Linux kernel contained insufficient branch predictor...

Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP5 RT kernel was updated to fix various security issues The following security issues were fixed: CVE-2022-50327: ACPI: processor: idle: Check acpifetchacpidev return value bsc1249859. CVE-2022-50334: hugetlbfs: fix null-ptr-deref in hugetlbfsparseparam bsc1249857...

Azure Application Gateway Elevation of Privilege Vulnerability

Stack-based buffer overflow in Azure Application Gateway allows an unauthorized attacker to elevate privileges over a network...

PT-2025-47652

Name of the Vulnerable Software and Affected Versions Azure Application Gateway affected versions not specified Description A stack-based buffer overflow exists in Azure Application Gateway. This allows an unauthorized attacker to elevate privileges over a network. The issue requires no...

USN-7875-1: Linux kernel (Oracle) vulnerabilities

Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered that the Linux kernel contained insufficient branch predictor isolation between a guest and a userspace hypervisor for certain processors. This flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this t...

USN-7875-1 linux-oracle vulnerabilities

Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered that the Linux kernel contained insufficient branch predictor isolation between a guest and a userspace hypervisor for certain processors. This flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this t...

USN-7874-2: Linux kernel (FIPS) vulnerabilities

Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered that the Linux kernel contained insufficient branch predictor isolation between a guest and a userspace hypervisor for certain processors. This flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this t...

USN-7874-2 linux-fips, linux-aws-fips, linux-gcp-fips vulnerabilities

Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered that the Linux kernel contained insufficient branch predictor isolation between a guest and a userspace hypervisor for certain processors. This flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this t...

USN-7874-1: Linux kernel vulnerabilities

Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered that the Linux kernel contained insufficient branch predictor isolation between a guest and a userspace hypervisor for certain processors. This flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this t...

USN-7874-1 linux, linux-aws, linux-aws-5.4, linux-gcp, linux-gcp-5.4, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4, linux-xilinx-zynqmp vulnerabilities

Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered that the Linux kernel contained insufficient branch predictor isolation between a guest and a userspace hypervisor for certain processors. This flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this t...

mptcp: do not queue data on closed subflows

...

SUSE-SU-2025:4132-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP7 Azure kernel was updated to fix various security issues The following security issues were fixed: - CVE-2025-38008: mm/pagealloc: fix race condition in unaccepted memory handling bsc1244939. - CVE-2025-38539: trace/fgraph: Fix the warning caused by missing...

Security update for the Linux Kernel (Live Patch 61 for SUSE Linux Enterprise 12 SP5)

This update for the SUSE Linux Enterprise kernel 4.12.14-122.231 fixes various security issues The following security issues were fixed: CVE-2022-48956: ipv6: avoid use-after-free in ip6fragment bsc1232637. CVE-2022-49014: net: tun: Fix use-after-free in tundetach bsc1232818. CVE-2022-49053: scsi...

HPE Aruba Networking 100 Series Cellular Bridge 安全漏洞

HPE Aruba Networking 100 Series Cellular Bridge is a 5G/4G mobile network wireless bridge device from HPE America. A security vulnerability exists in the HPE Aruba Networking 100 Series Cellular Bridge that stems from a denial-of-service vulnerability in the web-based management interface, which...

HPE Aruba Networking AOS-CX 安全漏洞

HPE Aruba Networking AOS-CX is a series of switch devices from HPE America. A security vulnerability exists in the HPE Aruba Networking AOS-CX that stems from improper access control of the web-based management interface, which could lead to the disclosure of sensitive information...

HPE Aruba Networking AOS-CX 安全漏洞

HPE Aruba Networking AOS-CX is a series of switch devices from HPE America. A security vulnerability exists in the HPE Aruba Networking AOS-CX that stems from a command injection vulnerability that could lead to remote code execution...

HPE Aruba Networking AOS-CX 安全漏洞

HPE Aruba Networking AOS-CX is a series of switch devices from HPE America. A security vulnerability exists in the HPE Aruba Networking AOS-CX that stems from a User Authentication Service session hijacking vulnerability that could lead to unauthorized session access...

HPE Aruba Networking Management Software 安全漏洞

HPE Aruba Networking Management Software is a network management platform from HPE America. A security vulnerability exists in HPE Aruba Networking Management Software Airwave that stems from a command injection vulnerability in the command line interface that could lead to the execution of...

HPE Aruba Networking AOS-CX 安全漏洞

HPE Aruba Networking AOS-CX is a series of switch devices from HPE America. A security vulnerability exists in the HPE Aruba Networking AOS-CX that stems from a platform-level denial-of-service vulnerability that could cause the switch to fail to boot...

HPE Aruba Networking AOS-CX 安全漏洞

HPE Aruba Networking AOS-CX is a series of switch devices from HPE America. A security vulnerability exists in the HPE Aruba Networking AOS-CX that stems from improper access control of the SSH restricted shell interface, which could result in a read-only user gaining administrator privileges...