7 matches found
CVE-2025-40051
In the Linux kernel, the following vulnerability has been resolved: vhost: vringh: Modify the return value check The return value of copyfromiter and copytoiter can't be negative, check whether the copied lengths are equal...
CVE-2025-40061
In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix race in dotask when draining When dotask exhausts its iteration budget !ret, it sets the state to TASKSTATEIDLE to reschedule, without a secondary check on the current task-state. This can overwrite the...
CVE-2025-40078
In the Linux kernel, the following vulnerability has been resolved: bpf: Explicitly check accesses to bpfsockaddr Syzkaller found a kernel warning on the following sockaddr program: 0: r0 = 0 1: r2 = u32 r1 +60 2: exit which triggers: verifier bug: error during ctx access conversion 0 This is...
CVE-2025-40066
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7996: Check phy before init mstalink in mt7996macstaaddlinks In order to avoid a possible NULL pointer dereference in mt7996macstainitlink routine, move the phy pointer check before running mt7996macstainitlink in...
CVE-2025-40035
In the Linux kernel, the following vulnerability has been resolved: Input: uinput - zero-initialize uinputffuploadcompat to avoid info leak Struct ffeffectcompat is embedded twice inside uinputffuploadcompat, contains internal padding. In particular, there is a hole after struct ffreplay to satis...
CVE-2025-40072
In the Linux kernel, the following vulnerability has been resolved: fanotify: Validate the return value of mntnsfromdentry before dereferencing The function dofanotifymark does not validate if mntnsfromdentry returns NULL before dereferencing mntns-userns. This causes a NULL pointer dereference i...
CVE-2023-53715
In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: cfg80211: Pass the PMK in binary instead of hex Apparently the hex passphrase mechanism does not work on newer chips/firmware e.g. BCM4387. It seems there was a simple way of passing it in binary all along, so use...