6095 matches found
SUSE CVE-2025-21830
In the Linux kernel, the following vulnerability has been resolved: landlock: Handle weird files A corrupted filesystem e.g. bcachefs might return weird files. Instead of throwing a warning and allowing access to such file, treat them as regular files...
CVE-2024-58078 misc: misc_minor_alloc to use ida for all dynamic/misc dynamic minors
In the Linux kernel, the following vulnerability has been resolved: misc: miscminoralloc to use ida for all dynamic/misc dynamic minors miscminoralloc was allocating id using ida for minor only in case of MISCDYNAMICMINOR but miscminorfree was always freeing ids using idafree causing a mismatch a...
Security Bulletin: Multiple vulnerabilities within WebSphere Application and IBM HTTP Server, affect IBM Tivoli Monitoring.
Summary Multiple vulnerabilities within WebSphere Application and IBM HTTP Server which is included as part of IBM Tivoli Monitoring ITM portal server. have been remediated Vulnerability Details CVEID:CVE-2024-45086 DESCRIPTION: IBM WebSphere Application Server is vulnerable to an XML external...
Advisory ROSA-SA-2025-2754
Software: PackageKit 1.1.12 OS: ROSA Virtualization 2.1 packageevrstring: PackageKit-1.1.12-7.0.1.rv3 CVE-ID: CVE-2024-0217 BDU-ID: None CVE-Crit: LOW CVE-DESC.: A use-after-free vulnerability in PackageKitd allows an attacker to access freed memory and potentially execute arbitrary code...
Advisory ROSA-SA-2025-2735
Software: cups 2.2.6 OS: ROSA Virtualization 3.0 packageevrstring: cups-2.2.6-60.rv30 CVE-ID: CVE-2023-32360 BDU-ID: 2023-07653 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the CUPS print server is related to flaws in the authentication procedure. Exploitation of the vulnerability could allow a...
Advisory ROSA-SA-2025-2728
Software: opencryptoki 3.21.0 OS: ROSA Virtualization 3.0 packageevrstring: opencryptoki-3.21.0-10.rv30 CVE-ID: CVE-2024-0914 BDU-ID: 2024-02839 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the opencryptoki package is related to the processing of RSA PKCS1 augmented ciphertexts. Exploitation of...
CVE-2025-21762 arp: use RCU protection in arp_xmit()
In the Linux kernel, the following vulnerability has been resolved: arp: use RCU protection in arpxmit arpxmit can be called without RTNL or RCU protection. Use RCU protection to avoid potential UAF...
CVE-2025-21719 ipmr: do not call mr_mfc_uses_dev() for unres entries
In the Linux kernel, the following vulnerability has been resolved: ipmr: do not call mrmfcusesdev for unres entries syzbot found that calling mrmfcusesdev for unres entries would crash 1, because c-mfcun.res.minvif / c-mfcun.res.maxvif alias to "struct skbuffhead unresolved", which contain two...
DEBIAN-CVE-2022-49115
In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: Fix misused goto label Fix a misused goto label jump since that can result in a memory leak...
CVE-2021-47646
In the Linux kernel, the following vulnerability has been resolved: Revert "Revert "block, bfq: honor already-setup queue merges"" A crash 1 happened to be triggered in conjunction with commit 2d52c58b9c9b "block, bfq: honor already-setup queue merges". The latter was then reverted by commit...
CVE-2022-49672
CVE-2022-49672 refers to a race condition in the Linux kernel’s network/tun path: when destroying a tunNAPI object, the NAPI in the tun_file struct can be destroyed before the netdev, requiring explicit deletion of the NAPI. Syzbot observed this race as the queue was detached, enabling a potentia...
CVE-2022-49563
In the Linux kernel, the following vulnerability has been resolved: crypto: qat - add param check for RSA Reject requests with a source buffer that is bigger than the size of the key. This is to prevent a possible integer underflow that might happen when copying the source scatterlist into a line...
CVE-2022-49542 scsi: lpfc: Move cfg_log_verbose check before calling lpfc_dmp_dbg()
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Move cfglogverbose check before calling lpfcdmpdbg In an attempt to log message 0126 with LOGTRACEEVENT, the following hard lockup call trace hangs the system. Call Trace: rawspinlockirqsave+0x32/0x40...
CVE-2022-49508 HID: elan: Fix potential double free in elan_input_configured
In the Linux kernel, the following vulnerability has been resolved: HID: elan: Fix potential double free in elaninputconfigured 'input' is a managed resource allocated with devminputallocatedevice, so there is no need to call inputfreedevice explicitly or there will be a double free. According to...
CVE-2022-49489 drm/msm/disp/dpu1: set vbif hw config to NULL to avoid use after memory free during pm runtime resume
In the Linux kernel, the following vulnerability has been resolved: drm/msm/disp/dpu1: set vbif hw config to NULL to avoid use after memory free during pm runtime resume BUG: Unable to handle kernel paging request at virtual address 006b6b6b6b6b6be3 Call trace: dpuvbifinitmemtypes+0x40/0xb8...
CVE-2022-49258 crypto: ccree - Fix use after free in cc_cipher_exit()
In the Linux kernel, the following vulnerability has been resolved: crypto: ccree - Fix use after free in cccipherexit kfreesensitivectxp-user.key will free the ctxp-user.key. But ctxp-user.key is still used in the next line, which will lead to a use after free. We can call kfreesensitive after...
CVE-2022-49252 ASoC: codecs: rx-macro: fix accessing array out of bounds for enum type
In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: rx-macro: fix accessing array out of bounds for enum type Accessing enums using integer would result in array out of bounds access on platforms like aarch64 where sizeoflong is 8 compared to enum size which is 4 byt...
CVE-2022-49177
In the Linux kernel, the following vulnerability has been resolved: hwrng: cavium - fix NULL but dereferenced coccicheck error Fix following coccicheck warning: ./drivers/char/hwrandom/cavium-rng-vf.c:182:17-20: ERROR: pdev is NULL but dereferenced...
CVE-2022-49117 mips: ralink: fix a refcount leak in ill_acc_of_setup()
In the Linux kernel, the following vulnerability has been resolved: mips: ralink: fix a refcount leak in illaccofsetup ofnodeputnp needs to be called when pdev == NULL...
CVE-2022-49104
CVE-2022-49104 affects the Linux kernel, specifically the staging/vchiq_core code path. The issue is triggered when find_service_by_handle is given an invalid handle, which can return NULL and lead to a NULL pointer dereference. The description in the provided documents confirms this root cause a...