RLSA-2025:10371 Important: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: ipv6: mcast: extend RCU protection in igmp6send CVE-2025-21759 kernel: x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes CVE-2025-21991 kernel: vmxnet3: Fix malform...

PT-2025-40346

Vulnerabilities in automotive Memory Protection Unit MPU CVE-2023-48010 and CVE-2024-33882 2024 https://t.co/6uScL3wIzO infosec https://t.co/X5CzbiqShT...

SUSE CVE-2022-50426

In the Linux kernel, the following vulnerability has been resolved: remoteproc: imxdsprproc: Add mutex protection for workqueue The workqueue may execute late even after remoteproc is stopped or stopping, some resources rpmsg device and endpoint have been released in rprocstopsubdevices, then...

SUSE CVE-2023-53491

In the Linux kernel, the following vulnerability has been resolved: startkernel: Add nostackprotector function attribute Back during the discussion of commit a9a3ed1eff36 "x86: Fix early boot crash on gcc-10, third try" we discussed the need for a function attribute to control the omission of sta...

kernel: vsock: Fix transport_* TOCTOU

In the Linux kernel, the following vulnerability has been resolved: vsock: Fix transport TOCTOU Transport assignment may race with module unload. Protect newtransport from becoming a stale pointer. This also takes care of an insecure call in vsockuselocaltransport; add a lockdep assert. BUG: unab...

CVE-2022-50452

In the Linux kernel, the following vulnerability has been resolved: net: sched: cake: fix null pointer access issue when cakeinit fails When the default qdisc is cake, if the qdisc of devqueue fails to be inited during mqprioinit, cakereset is invoked to clear resources. In this case, the tins is...

CVE-2022-50448

In the Linux kernel, the following vulnerability has been resolved: mm/uffd: fix warning without PTEMARKERUFFDWP compiled in When PTEMARKERUFFDWP not configured, it's still possible to reach pte marker code and trigger an warning. Add a few CONFIGPTEMARKERUFFDWP ifdefs to make sure the code won't...

CVE-2022-50426

In the Linux kernel, the following vulnerability has been resolved: remoteproc: imxdsprproc: Add mutex protection for workqueue The workqueue may execute late even after remoteproc is stopped or stopping, some resources rpmsg device and endpoint have been released in rprocstopsubdevices, then...

UBUNTU-CVE-2022-50452

In the Linux kernel, the following vulnerability has been resolved: net: sched: cake: fix null pointer access issue when cakeinit fails When the default qdisc is cake, if the qdisc of devqueue fails to be inited during mqprioinit, cakereset is invoked to clear resources. In this case, the tins is...

UBUNTU-CVE-2021-4460

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix UBSAN shift-out-of-bounds warning If getnumsdmaqueues or getnumxgmisdmaqueues is 0, we end up doing a shift operation where the number of bits shifted equals number of bits in the operand. This behaviour is...

UBUNTU-CVE-2023-53493

In the Linux kernel, the following vulnerability has been resolved: accel/qaic: tighten bounds checking in decodemessage Copy the bounds checking from encodemessage to decodemessage. This patch addresses the following concerns. Ensure that there is enough space for at least one header so that we...

CVE-2023-53513 nbd: fix incomplete validation of ioctl arg

In the Linux kernel, the following vulnerability has been resolved: nbd: fix incomplete validation of ioctl arg We tested and found an alarm caused by nbdioctl arg without verification. The UBSAN warning calltrace like below: UBSAN: Undefined behaviour in fs/buffer.c:1709:35 signed integer...

CVE-2023-53493

The CVE-2023-53493 entry describes a Linux kernel issue in accel/qaic where bounds checking in decode_message() was tightened to mirror encode_message() bounds checks. The fix ensures there is space for at least one header (checking msg_hdr_len), validates that the next header can be read (msg_le...

CVE-2023-53481 ubi: ubi_wl_put_peb: Fix infinite loop when wear-leveling work failed

In the Linux kernel, the following vulnerability has been resolved: ubi: ubiwlputpeb: Fix infinite loop when wear-leveling work failed Following process will trigger an infinite loop in ubiwlputpeb: ubifsbgt ubibgt ubifslebunmap ubilebunmap ubiebaunmapleb ubiwlputpeb wearlevelingworker e1 =...

CVE-2023-53478 tracing/synthetic: Fix races on freeing last_cmd

In the Linux kernel, the following vulnerability has been resolved: tracing/synthetic: Fix races on freeing lastcmd Currently, the "lastcmd" variable can be accessed by multiple processes asynchronously when multiple users manipulate syntheticevents node at the same time, it could lead to...

CVE-2022-50426 remoteproc: imx_dsp_rproc: Add mutex protection for workqueue

In the Linux kernel, the following vulnerability has been resolved: remoteproc: imxdsprproc: Add mutex protection for workqueue The workqueue may execute late even after remoteproc is stopped or stopping, some resources rpmsg device and endpoint have been released in rprocstopsubdevices, then...

CVE-2022-50426

CVE-2022-50426 affects the Linux kernel remoteproc path for imx_dsp_rproc. The issue arises from a workqueue that may run after rproc_stop_subdevices releases resources, allowing rproc_vq_interrupt to access freed rpmsg endpoints. The fix adds mutex protection in imx_dsp_rproc_vq_work to skip rpr...

New Android Banking Trojan "Klopatra" Uses Hidden VNC to Control Infected Smartphones

A previously undocumented Android banking trojan called Klopatra has compromised over 3,000 devices, with a majority of the infections reported in Spain and Italy. Italian fraud prevention firm Cleafy, which discovered the sophisticated malware and remote access trojan RAT in late August 2025, sa...

kernel: ipv6: mcast: extend RCU protection in igmp6_send()

In the Linux kernel, the following vulnerability has been resolved: ipv6: mcast: extend RCU protection in igmp6send igmp6send can be called without RTNL or RCU being held. Extend RCU protection so that we can safely fetch the net pointer and avoid a potential UAF. Note that we no longer can use...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the failure to lock-protect the numrdy parameter, which could lead to data contention...