kernel: io_uring/sqpoll: zero sqd->thread on tctx errors

No description is available for this CVE...

kernel: block, bfq: fix bfqq uaf in bfq_limit_depth()

In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix bfqq uaf in bfqlimitdepth Set new allocated bfqq to bic or remove freed bfqq from bic are both protected by bfqd-lock, however bfqlimitdepth is deferencing bfqq from bic without the lock, this can lead to UAF if t...

kernel: net: sched: fix ordering of qlen adjustment

In the Linux kernel, the following vulnerability has been resolved: net: sched: fix ordering of qlen adjustment Changes to sch-q.qlen around qdisctreereducebacklog need to happen before a call to said function because otherwise it may fail to notify parent qdiscs when the child is about to become...

kernel: vsock: Fix sk_error_queue memory leak

In the Linux kernel, the following vulnerability has been resolved: vsock: Fix skerrorqueue memory leak Kernel queues MSGZEROCOPY completion notifications on the error queue. Where they remain, until explicitly recved. To prevent memory leaks, clean up the queue when the socket is destroyed...

kernel: md/raid10: fix null ptr dereference in raid10_size()

In the Linux kernel, the following vulnerability has been resolved: md/raid10: fix null ptr dereference in raid10size In raid10run if raid10setqueuelimits succeed, the return value is set to zero, and if following procedures failed raid10run will return zero while mddev-private is still NULL,...

kernel: blk-mq: setup queue ->tag_set before initializing hctx

In the Linux kernel, the following vulnerability has been resolved: blk-mq: setup queue -tagset before initializing hctx Commit 7b815817aa58 "blk-mq: add helper for checking if one CPU is mapped to specified hctx" needs to check queue mapping via tag set in hctx's cpuhp handler. However, q-tagset...

kernel: nvme-rdma: unquiesce admin_q before destroy it

In the Linux kernel, the following vulnerability has been resolved: nvme-rdma: unquiesce adminq before destroy it Kernel will hang on destroy adminq while we create ctrl failed, such as following calltrace: PID: 23644 TASK: ff2d52b40f439fc0 CPU: 2 COMMAND: "nvme" 0 ff61d23de260fb78 schedule at...

kernel: block, bfq: fix possible UAF for bfqq->bic with merge chain

A flaw was found in the Budget Fair Queueing BFQ I/O scheduler in the Linux kernel. Handling merged chains of BFQ queues can cause a use-after-free condition and result in a denial of service...

kernel: idpf: fix memory leaks and crashes while performing a soft reset

In the Linux kernel, the following vulnerability has been resolved: idpf: fix memory leaks and crashes while performing a soft reset The second tagged commit introduced a UAF, as it removed restoring qvector-vport pointers after reinitializating the structures. This is due to that all queue...

kernel: idpf: fix UAFs when destroying the queues

In the Linux kernel, the following vulnerability has been resolved: idpf: fix UAFs when destroying the queues The second tagged commit started sometimes very rarely, but possible throwing WARNs from net/core/pagepool.c:pagepooldisabledirectrecycling. Turned out idpf frees interrupt vectors with...

kernel: workqueue: Do not warn when cancelling WQ_MEM_RECLAIM work from !WQ_MEM_RECLAIM worker

In the Linux kernel, the following vulnerability has been resolved: workqueue: Do not warn when cancelling WQMEMRECLAIM work from !WQMEMRECLAIM worker After commit 746ae46c1113 "drm/sched: Mark scheduler work queues with WQMEMRECLAIM" amdgpu started seeing the following warning: workqueue:...

PT-2025-27713

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to the fixed version Description: A vulnerability in the Linux kernel has been resolved, related to the ice driver's Tx scheduler error handling in the XDP callback. When the XDP program is loaded, it adds new Tx...

SUSE CVE-2022-49901

In the Linux kernel, the following vulnerability has been resolved: blk-mq: Fix kmemleak in blkmqinitallocatedqueue There is a kmemleak caused by modprobe nullblk.ko unreferenced object 0xffff8881acb1f000 size 1024: comm "modprobe", pid 836, jiffies 4294971190 age 27.068s hex dump first 32 bytes:...

The vulnerability of the Queue Manager, a software tool for managing containerized environments by IBM MQ Operator, allows a intruder to cause a service failure.

The vulnerability of the Queue Manager, a software tool for managing containerized environments in IBM MQ Operator, relates to the use of memory after it is released. Exploiting this vulnerability could allow an attacker to cause service interruptions...

SUSE CVE-2025-37837

In the Linux kernel, the following vulnerability has been resolved: iommu/tegra241-cmdqv: Fix warnings due to dmamfreecoherent Two WARNINGs are observed when SMMU driver rolls back upon failure: arm-smmu-v3.9.auto: Failed to register iommu arm-smmu-v3.9.auto: probe with driver arm-smmu-v3 failed...

SUSE CVE-2025-37861

In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Synchronous access b/w reset and tm thread for reply queue When the task management thread processes reply queues while the reset thread resets them, the task management thread accesses an invalid queue ID 0xFFFF, s...

SUSE CVE-2025-37886

In the Linux kernel, the following vulnerability has been resolved: pdscore: make waitcontext part of qinfo Make the waitcontext a full part of the qinfo struct rather than a stack variable that goes away after pdscadminqpost is done so that the context is still available after the wait loop has...

DEBIAN-CVE-2025-37886

In the Linux kernel, the following vulnerability has been resolved: pdscore: make waitcontext part of qinfo Make the waitcontext a full part of the qinfo struct rather than a stack variable that goes away after pdscadminqpost is done so that the context is still available after the wait loop has...

AZL-70144 CVE-2025-37861 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Synchronous access b/w reset and tm thread for reply queue When the task management thread processes reply queues while the reset thread resets them, the task management thread accesses an invalid queue ID 0xFFFF, s...

DEBIAN-CVE-2025-37861

In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Synchronous access b/w reset and tm thread for reply queue When the task management thread processes reply queues while the reset thread resets them, the task management thread accesses an invalid queue ID 0xFFFF, s...