10766 matches found
USN-7854-1: Linux kernel (KVM) vulnerabilities
Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered that the Linux kernel contained insufficient branch predictor isolation between a guest and a userspace hypervisor for certain processors. This flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this t...
USN-7854-1 linux-kvm vulnerabilities
Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered that the Linux kernel contained insufficient branch predictor isolation between a guest and a userspace hypervisor for certain processors. This flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this t...
USN-7853-1: Linux kernel vulnerabilities
Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered that the Linux kernel contained insufficient branch predictor isolation between a guest and a userspace hypervisor for certain processors. This flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this t...
USN-7853-1 linux, linux-aws, linux-aws-hwe, linux-gcp, linux-gcp-4.15, linux-hwe, linux-oracle vulnerabilities
Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered that the Linux kernel contained insufficient branch predictor isolation between a guest and a userspace hypervisor for certain processors. This flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this t...
CVE-2025-40093 usb: gadget: f_ecm: Refactor bind path to use __free()
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fecm: Refactor bind path to use free After an bind/unbind cycle, the ecm-notifyreq is left stale. If a subsequent bind fails, the unified error label attempts to free this stale request, leading to a NULL pointer...
PT-2025-44376
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the Linux kernel’s DRM/XE subsystem where an array of VM binds could potentially evict other buffer objects BOs within the same VM under specific conditions. This coul...
Linux Distros Unpatched Vulnerability : CVE-2025-40069
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: drm/msm: Fix obj leak in VMBIND error path If we fail a handle-lookup part way thru, we need...
Input: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak
...
SUSE CVE-2025-40062
In the Linux kernel, the following vulnerability has been resolved: crypto: hisilicon/qm - set NULL to qm-debug.qmdiffregs When the initialization of qm-debug.accdiffreg fails, the probe process does not exit. However, after qm-debug.qmdiffregs is freed, it is not set to NULL. This can lead to a...
SUSE CVE-2025-40063
In the Linux kernel, the following vulnerability has been resolved: crypto: comp - Use same definition of context alloc and free ops In commit 42d9f6c77479 "crypto: acomp - Move scomp stream allocation code into acomp", the cryptoacompstreams struct was made to rely on having the allocctx and...
SUSE CVE-2025-40070
In the Linux kernel, the following vulnerability has been resolved: pps: fix warning in ppsregistercdev when register device fail Similar to previous commit 2a934fdb01db "media: v4l2-dev: fix error handling in videoregisterdevice", the release hook should be set before deviceregister. Otherwise,...
Siemens SIMATIC Devices Out-of-bounds Read (CVE-2023-39194)
A flaw was found in the XFRM subsystem in the Linux kernel. The specific flaw exists within the processing of state filters, which can result in a read past the end of an allocated buffer. This flaw allows a local privileged CAPNETADMIN attacker to trigger an out-of- bounds read, potentially...
CVE-2025-40073
In the Linux kernel, the following vulnerability has been resolved: drm/msm: Do not validate SSPP when it is not ready Current code will validate current plane and previous plane to confirm they can share a SSPP with multi-rect mode. The SSPP is already allocated for previous plane, while current...
CVE-2025-40035
In the Linux kernel, the following vulnerability has been resolved: Input: uinput - zero-initialize uinputffuploadcompat to avoid info leak Struct ffeffectcompat is embedded twice inside uinputffuploadcompat, contains internal padding. In particular, there is a hole after struct ffreplay to satis...
AZL-68852 CVE-2025-40035 affecting package kernel for versions less than 6.6.112.1-2
In the Linux kernel, the following vulnerability has been resolved: Input: uinput - zero-initialize uinputffuploadcompat to avoid info leak Struct ffeffectcompat is embedded twice inside uinputffuploadcompat, contains internal padding. In particular, there is a hole after struct ffreplay to satis...
UBUNTU-CVE-2025-40035
In the Linux kernel, the following vulnerability has been resolved: Input: uinput - zero-initialize uinputffuploadcompat to avoid info leak Struct ffeffectcompat is embedded twice inside uinputffuploadcompat, contains internal padding. In particular, there is a hole after struct ffreplay to satis...
UBUNTU-CVE-2025-40031
In the Linux kernel, the following vulnerability has been resolved: tee: fix registershmhelper In registershmhelper, fix incorrect error handling for a call to ioviterextractpages. A case is missing for when ioviterextractpages only got some pages and return a number larger than 0, but not the...
CVE-2025-40063 crypto: comp - Use same definition of context alloc and free ops
In the Linux kernel, the following vulnerability has been resolved: crypto: comp - Use same definition of context alloc and free ops In commit 42d9f6c77479 "crypto: acomp - Move scomp stream allocation code into acomp", the cryptoacompstreams struct was made to rely on having the allocctx and...
CVE-2025-40045 ASoC: codecs: wcd937x: set the comp soundwire port correctly
In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: wcd937x: set the comp soundwire port correctly For some reason we endup with setting soundwire port for HPHLCOMP and HPHRCOMP as zero, this can potentially result in a memory corruption due to accessing and setting ...
PT-2025-44101
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw in the remoteproc subsystem, specifically within the pru rproc set ctable function. This function could potentially dereference a NULL pointer because it...