CVE-2025-38007

In the Linux kernel, the following vulnerability has been resolved: HID: uclogic: Add NULL check in uclogicinputconfigured devmkasprintf returns NULL when memory allocation fails. Currently, uclogicinputconfigured does not check for this case, which results in a NULL pointer dereference. Add NULL...

CVE-2025-38071

In the Linux kernel, the following vulnerability has been resolved: x86/mm: Check return value from memblockphysallocrange At least with CONFIGPHYSICALSTART=0x100000, if there is 4 MiB of contiguous free memory available at this point, the kernel will crash and burn because memblockphysallocrange...

CVE-2025-38060

In the Linux kernel, the following vulnerability has been resolved: bpf: copyverifierstate should copy 'loopentry' field The bpfverifierstate.loopentry state should be copied by copyverifierstate. Otherwise, .loopentry values from unrelated states would poison env-curstate. Additionally, env-stac...

CVE-2025-38058

In the Linux kernel, the following vulnerability has been resolved: legitimizemnt: check for MNTSYNCUMOUNT should be under mountlock ... or we risk stealing final mntput from sync umount - raising mntcount after umount2 has verified that victim is not busy, but before it has set MNTSYNCUMOUNT; in...

CVE-2025-38057

In the Linux kernel, the following vulnerability has been resolved: espintcp: fix skb leaks A few error paths are missing a kfreeskb...

CVE-2025-38040

In the Linux kernel, the following vulnerability has been resolved: serial: mctrlgpio: split disablems into sync and nosync APIs The following splat has been observed on a SAMA5D27 platform using atmelserial: BUG: sleeping function called from invalid context at kernel/irq/manage.c:738 inatomic: ...

CVE-2025-38034

In the Linux kernel, the following vulnerability has been resolved: btrfs: correct the order of prelimref arguments in btrfsprelimref btrfsprelimref calls the old and new reference variables in the incorrect order. This causes a NULL pointer dereference because oldref is passed as NULL to...

CVE-2025-38016

In the Linux kernel, the following vulnerability has been resolved: HID: bpf: abort dispatch if device destroyed The current HID bpf implementation assumes no output report/request will go through it after hidbpfdestroydevice has been called. This leads to a bug that unplugging certain types of H...

CVE-2025-38014

In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Refactor remove call with idxdcleanup helper The idxdcleanup helper cleans up perfmon, interrupts, internals and so on. Refactor remove call with the idxdcleanup helper to avoid code duplication. Note, this also...

CVE-2025-49177

A flaw was found in the XFIXES extension. The XFixesSetClientDisconnectMode handler does not validate the request length, allowing a client to read unintended memory from previous requests...

CVE-2025-49175

A flaw was found in the X Rendering extension's handling of animated cursors. If a client provides no cursors, the server assumes at least one is present, leading to an out-of-bounds read and potential crash...

CVE-2025-49175

A flaw was found in the X Rendering extension's handling of animated cursors. If a client provides no cursors, the server assumes at least one is present, leading to an out-of-bounds read and potential crash...

gimp security update

2:2.99.8-4.2 - fix CVE-2025-5473 RHEL-95700 2:2.99.8-4.1 - fix CVE-2025-48797 RHEL-93521 - fix CVE-2025-48798 RHEL-93522...

libvpx security update

1.7.0-12 - Add patch for double free Resolves: RHEL-93914...

CVE-2025-22239

Arbitrary event injection on Salt Master. The master's "minionevent" method can be used by and authorized minion to send arbitrary events onto the master's event bus...

CVE-2025-30687 affecting package mysql for versions less than 8.0.42-1

CVE-2025-30687 affecting package mysql for versions less than 8.0.42-1. An upgraded version of the package is available that resolves this issue...

CVE-2024-9512

Removed by vendor...

CVE-2025-0673

Removed by vendor...

[SECURITY] Fedora 42 Update: qt6-qtnetworkauth-6.9.1-1.fc42

Qt6 - NetworkAuth component...

[SECURITY] Fedora 42 Update: fcitx5-qt-5.1.9-7.fc42

Qt library and IM module for fcitx5...