SUSE CVE-2025-39695

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Flush delayed SKBs while releasing RXE resources When skb packets are sent out, these skb packets still depends on the rxe resources, for example, QP, sk, when these packets are destroyed. If these rxe resources are...

Security Bulletin: Multiple vulnerabilities in IBM MQ Operator and Queue manager container images

Summary Multiple vulnerabilities were addressed in IBM MQ Operator and Queue manager container images Vulnerability Details CVEID:CVE-2025-32415 DESCRIPTION: In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploi...

DEBIAN-CVE-2025-39692

In the Linux kernel, the following vulnerability has been resolved: smb: server: split ksmbdrdmastoplistening out of ksmbdrdmadestroy We can't call destroyworkqueuesmbdirectwq; before stopsessions! Otherwise already existing connections try to use smbdirectwq as a NULL pointer...

CVE-2025-39677

In the Linux kernel, the following vulnerability has been resolved: net/sched: Fix backlog accounting in qdiscdequeueinternal This issue applies for the following qdiscs: hhf, fq, fqcodel, and fqpie, and occurs in their change handlers when adjusting to the new limit. The problem is the following...

AZL-70789 CVE-2025-39677 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: net/sched: Fix backlog accounting in qdiscdequeueinternal This issue applies for the following qdiscs: hhf, fq, fqcodel, and fqpie, and occurs in their change handlers when adjusting to the new limit. The problem is the following...

DEBIAN-CVE-2025-39677

In the Linux kernel, the following vulnerability has been resolved: net/sched: Fix backlog accounting in qdiscdequeueinternal This issue applies for the following qdiscs: hhf, fq, fqcodel, and fqpie, and occurs in their change handlers when adjusting to the new limit. The problem is the following...

UBUNTU-CVE-2025-39703

In the Linux kernel, the following vulnerability has been resolved: net, hsr: reject HSR frame if skb can't hold tag Receiving HSR frame with insufficient space to hold HSR tag in the skb can result in a crash kernel BUG: 45.390915 skbuff: skbunderpanic: text:ffffffff86f32cac len:26 put:14...

CVE-2025-39682 tls: fix handling of zero-length records on the rx_list

In the Linux kernel, the following vulnerability has been resolved: tls: fix handling of zero-length records on the rxlist Each recvmsg call must process either - only contiguous DATA records any number of them - one non-DATA record If the next record has different type than what has already been...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an unflashed work queue that could lead to reuse after release...

SUSE CVE-2025-38717

In the Linux kernel, the following vulnerability has been resolved: net: kcm: Fix race condition in kcmunattach syzbot found a race condition when kcmunattachpsock and kcmreleasekcm are executed at the same time. kcmunattach is missing a check of the flag kcm-txstopped before calling queuework. I...

SUSE CVE-2025-38719

In the Linux kernel, the following vulnerability has been resolved: net: hibmcge: fix the division by zero issue When the network port is down, the queue is released, and ring-len is 0. In debugfs, hbggetqueueusednum will be called, which may lead to a division by zero issue. This patch adds a...

AZL-66818 CVE-2025-38695 affecting package kernel for versions less than 6.6.104.2-1

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Check for hdwq null ptr when cleaning up lpfcvport structure If a call to lpfcsli4readrev from lpfcsli4hbasetup fails, the resultant cleanup routine lpfcsli4vportdeletefcpxriaborted may occur before sli4hba.hdwqs are...

AZL-73926 CVE-2025-38695 affecting package kernel for versions less than 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Check for hdwq null ptr when cleaning up lpfcvport structure If a call to lpfcsli4readrev from lpfcsli4hbasetup fails, the resultant cleanup routine lpfcsli4vportdeletefcpxriaborted may occur before sli4hba.hdwqs are...

DEBIAN-CVE-2025-38695

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Check for hdwq null ptr when cleaning up lpfcvport structure If a call to lpfcsli4readrev from lpfcsli4hbasetup fails, the resultant cleanup routine lpfcsli4vportdeletefcpxriaborted may occur before sli4hba.hdwqs are...

UBUNTU-CVE-2025-38719

In the Linux kernel, the following vulnerability has been resolved: net: hibmcge: fix the division by zero issue When the network port is down, the queue is released, and ring-len is 0. In debugfs, hbggetqueueusednum will be called, which may lead to a division by zero issue. This patch adds a...

CVE-2025-38719

The CVE-2025-38719 entry concerns the Linux kernelnet hibmcge: when the network port is down, a released queue can yield ring->len = 0, triggering a division by zero in hbg_get_queue_used_num() called from debugfs. The provided patch adds a guard: if ring->len is 0, hbg_get_queue_used_num()...

CVE-2025-38719 net: hibmcge: fix the division by zero issue

In the Linux kernel, the following vulnerability has been resolved: net: hibmcge: fix the division by zero issue When the network port is down, the queue is released, and ring-len is 0. In debugfs, hbggetqueueusednum will be called, which may lead to a division by zero issue. This patch adds a...

CVE-2025-38719 net: hibmcge: fix the division by zero issue

In the Linux kernel, the following vulnerability has been resolved: net: hibmcge: fix the division by zero issue When the network port is down, the queue is released, and ring-len is 0. In debugfs, hbggetqueueusednum will be called, which may lead to a division by zero issue. This patch adds a...

CVE-2025-38695

CVE-2025-38695 affects the Linux kernel SCSI lpfc, where lpfc_sli4_vport cleanup can run before sli4_hba.hdwqs are allocated if lpfc_sli4_read_rev() fails. This may cause a NULL pointer dereference when acquiring abts_io_buf_list_lock for the first hardware queue. The fix adds a NULL pointer chec...

CVE-2025-38695 scsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport structure

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Check for hdwq null ptr when cleaning up lpfcvport structure If a call to lpfcsli4readrev from lpfcsli4hbasetup fails, the resultant cleanup routine lpfcsli4vportdeletefcpxriaborted may occur before sli4hba.hdwqs are...