CVE-2025-37864

In the Linux kernel, the following vulnerability has been resolved: net: dsa: clean up FDB, MDB, VLAN entries on unbind As explained in many places such as commit b117e1e8a86d "net: dsa: delete dsalegacyfdbadd and dsalegacyfdbdel", DSA is written given the assumption that higher layers have...

CVE-2025-37852

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: handle amdgpucgscreatedevice errors in amdpowerplaycreate Add error handling to propagate amdgpucgscreatedevice failures to the caller. When amdgpucgscreatedevice fails, release hwmgr and return -ENOMEM to prevent nul...

CVE-2025-37835

Removed by vendor...

CVE-2025-44021

OpenStack Ironic before 29.0.1 can write unintended files to a target node disk during image handling if a deployment was performed via the API. A malicious project assigned as a node owner can provide a path to any local file readable by ironic-conductor, which may then be written to the target...

CVE-2025-4207

Buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can elicit process termination. This affects the database server and also libpq. Versions before PostgreSQL 17.5, 16.9, 15.13,...

CVE-2025-37802

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix WARNING "do not call blocking ops when !TASKRUNNING" waiteventtimeout will set the state of the current task to TASKUNINTERRUPTIBLE, before doing the condition check. This means that ksmbddurablescavengeralive will try...

CVE-2025-37814

In the Linux kernel, the following vulnerability has been resolved: tty: Require CAPSYSADMIN for all usages of TIOCLSELMOUSEREPORT This requirement was overeagerly loosened in commit 2f83e38a095f "tty: Permit some TIOCLSETSEL modes without CAPSYSADMIN", but as it turns out, 1 the logic I...

CVE-2025-37825

In the Linux kernel, the following vulnerability has been resolved: nvmet: fix out-of-bounds access in nvmetenableport When trying to enable a port that has no transport configured yet, nvmetenableport uses NVMFTRTYPEMAX 255 to query the transports array, causing an out-of-bounds access: 106.0586...

CVE-2025-37823

In the Linux kernel, the following vulnerability has been resolved: netsched: hfsc: Fix a potential UAF in hfscdequeue too Similarly to the previous patch, we need to safe guard hfscdequeue too. But for this one, we don't have a reliable reproducer...

CVE-2025-37827

In the Linux kernel, the following vulnerability has been resolved: btrfs: zoned: return EIO on RAID1 block group write pointer mismatch There was a bug report about a NULL pointer dereference in btrfsaddfreespacezoned that ultimately happens because a conversion from the default metadata profile...

CVE-2025-37811

In the Linux kernel, the following vulnerability has been resolved: usb: chipidea: cihdrcimx: fix usbmisc handling usbmisc is an optional device property so it is totally valid for the corresponding data-usbmiscdata to have a NULL value. Check that before dereferencing the pointer. Found by Linux...

CVE-2025-37830

In the Linux kernel, the following vulnerability has been resolved: cpufreq: scmi: Fix null-ptr-deref in scmicpufreqgetrate cpufreqcpugetraw can return NULL when the target CPU is not present in the policy-cpus mask. scmicpufreqgetrate does not check for this case, which results in a NULL pointer...

thunderbird security update

128.9.2-1.0.1 - Fix prefs for new nss Orabug: 37079820 - Add Oracle prefs file - Force use of gcc-toolset-13 due to clang dependency 128.9.2 - Add OpenELA debranding 128.9.2-1 - Update to 128.9.2...

CVE-2025-47203

dbclient in Dropbear SSH before 2025.88 allows command injection via an untrusted hostname argument, because a shell is used...

mod_auth_openidc:2.3 security update

cjose modauthopenidc 2.4.9.4-8 - Resolves: RHEL-87759 - Empty POST causes crash with OIDCPreservePost...

CVE-2024-4467 affecting package qemu for versions less than 8.2.0-14

CVE-2024-4467 affecting package qemu for versions less than 8.2.0-14. A patched version of the package is available...

CVE-2025-32050 affecting package libsoup for versions less than 3.0.4-5

CVE-2025-32050 affecting package libsoup for versions less than 3.0.4-5. A patched version of the package is available...

CVE-2023-39810 affecting package busybox for versions less than 1.35.0-14

CVE-2023-39810 affecting package busybox for versions less than 1.35.0-14. A patched version of the package is available...

CVE-2025-2849 vulnerabilities

Vulnerabilities for packages: upx...

CVE-2025-46569 vulnerabilities

Vulnerabilities for packages: policy-controller, conftest, trivy, kyverno, spire-server, kyverno-notation-aws, tfsec, gatekeeper, cosign, witness, kots...