CVE-2024-26954 affecting package kernel for versions less than 6.6.96.2-2

CVE-2024-26954 affecting package kernel for versions less than 6.6.96.2-2. A patched version of the package is available...

CVE-2022-50350

In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix a race condition between loginwork and the login thread In case a malicious initiator sends some random data immediately after a login PDU; the iscsitargetskdataready callback will schedule the loginwork...

CVE-2023-53329

In the Linux kernel, the following vulnerability has been resolved: workqueue: fix data race with the pwq-stats increment KCSAN has discovered a data race in kernel/workqueue.c:2598: 1863.554079 ================================================================== 1863.554118 BUG: KCSAN: data-race i...

CVE-2022-50343

In the Linux kernel, the following vulnerability has been resolved: rapidio: fix possible name leaks when rioadddevice fails Patch series "rapidio: fix three possible memory leaks". This patchset fixes three name leaks in error handling. - patch 1 fixes two name leaks while rioadddevice fails. -...

GHSA-P768-C3PR-6459 vulnerabilities

Vulnerabilities for packages: temporal...

CVE-2025-39822

In the Linux kernel, the following vulnerability has been resolved: iouring/kbuf: fix signedness in thislen calculation When importing and using buffers, buf-len is considered unsigned. However, buf-len is converted to signed int when committing. This can lead to unexpected behavior if the buffer...

CVE-2025-39817

In the Linux kernel, the following vulnerability has been resolved: efivarfs: Fix slab-out-of-bounds in efivarfsdcompare Observed on kernel 6.6 present on master as well: BUG: KASAN: slab-out-of-bounds in memcmp+0x98/0xd0 Call trace: kasancheckrange+0xe8/0x190 asanloadN+0x1c/0x28 memcmp+0x98/0xd0...

CVE-2022-50313

In the Linux kernel, the following vulnerability has been resolved: erofs: fix order = MAXORDER warning due to crafted negative isize As syzbot reported 1, the root cause is that isize field is a signed type, and negative isize is also less than EROFSBLKSIZ. As a consequence, it's handled as fast...

CVE-2022-50262

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Validate BOOT recordsize When the NTFS BOOT recordsize field recordbits calculation through blksizebits assumes the size always 256, which could lead to NPD while mounting a malformed NTFS image. 318.675159 BUG: kernel...

CVE-2023-53221

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix memleak due to fentry attach failure If it fails to attach fentry, the allocated bpf trampoline image will be left in the system. That can be verified by checking /proc/kallsyms. This meamleak can be verified by a simple...

CVE-2023-53210

In the Linux kernel, the following vulnerability has been resolved: md/raid5-cache: fix null-ptr-deref for r5lflushstripetoraid r5lflushstripetoraid will check if the list 'flushingios' is empty, and then submit 'flushbio', however, r5llogflushendio is clearing the list first and then clear the...

CVE-2022-50315

In the Linux kernel, the following vulnerability has been resolved: ata: ahci: Match EMMAXSLOTS with SATAPMPMAXPORTS UBSAN complains about array-index-out-of-bounds: 1.980703 kernel: UBSAN: array-index-out-of-bounds in /build/linux-9H675w/linux-5.15.0/drivers/ata/libahci.c:968:41 1.980709 kernel:...

CVE-2022-50335

In the Linux kernel, the following vulnerability has been resolved: 9p: set req refcount to zero to avoid uninitialized usage When a new request is allocated, the refcount will be zero if it is reused, but if the request is newly allocated from slab, it is not fully initialized before being added...

CVE-2022-50312

In the Linux kernel, the following vulnerability has been resolved: drivers: serial: jsm: fix some leaks in probe This error path needs to unwind instead of just returning directly...

CVE-2022-50279

In the Linux kernel, the following vulnerability has been resolved: wifi: rtlwifi: Fix global-out-of-bounds bug in rtl8812aephysettxpowerlimit There is a global-out-of-bounds reported by KASAN: BUG: KASAN: global-out-of-bounds in rtl8812aeeqnbyte.part.0+0x3d/0x84 rtl8821ae Read of size 1 at addr...

CVE-2023-53180

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Avoid NULL pointer access during management transmit cleanup Currently 'ar' reference is not added in skbcb. Though this is generally not used during transmit completion callbacks, on interface removal the remaining...

CVE-2023-53166

In the Linux kernel, the following vulnerability has been resolved: power: supply: bq25890: Fix externalpowerchanged race bq25890chargerexternalpowerchanged dereferences bq-charger, which gets sets in bq25890powersupplyinit like this: bq-charger = devmpowersupplyregisterbq-dev, &bq-desc, &psycfg;...

CVE-2025-39801

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: Remove WARNON for device endpoint command timeouts This commit addresses a rarely observed endpoint command timeout which causes kernel panic due to warn when 'paniconwarn' is enabled and unnecessary call trace prints...

CVE-2025-9165 vulnerabilities

Vulnerabilities for packages: tiff...

CVE-2025-8851 vulnerabilities

Vulnerabilities for packages: tiff...