SUSE CVE-2022-50228

In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Don't BUG if userspace injects an interrupt with GIF=0 Don't BUG/WARN on interrupt injection due to GIF being cleared, since it's trivial for userspace to force the situation via KVMSETVCPUEVENTS even if having at least...

SUSE CVE-2025-38074

In the Linux kernel, the following vulnerability has been resolved: vhost-scsi: protect vq-logused with vq-mutex The vhost-scsi completion path may access vq-logbase when vq-logused is already set to false. vhost-thread QEMU-thread vhostscsicompletecmdwork - vhostaddused - vhostaddusedn if...

PT-2025-27957

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue concerns the Linux kernel, where a vulnerability has been resolved related to the ublk component. This involves sanitizing arguments from userspace when adding a device and...

CVE-2022-50228 KVM: SVM: Don't BUG if userspace injects an interrupt with GIF=0

In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Don't BUG if userspace injects an interrupt with GIF=0 Don't BUG/WARN on interrupt injection due to GIF being cleared, since it's trivial for userspace to force the situation via KVMSETVCPUEVENTS even if having at least...

CVE-2022-50215 scsi: sg: Allow waiting for commands to complete on removed device

In the Linux kernel, the following vulnerability has been resolved: scsi: sg: Allow waiting for commands to complete on removed device When a SCSI device is removed while in active use, currently sg will immediately return -ENODEV on any attempt to wait for active commands that were sent before t...

CVE-2022-49993 loop: Check for overflow while configuring loop

In the Linux kernel, the following vulnerability has been resolved: loop: Check for overflow while configuring loop The userspace can configure a loop using an ioctl call, wherein a configuration of type loopconfig is passed see loioctl's case on line 1550 of drivers/block/loop.c. This proceeds t...

UBUNTU-CVE-2025-38074

In the Linux kernel, the following vulnerability has been resolved: vhost-scsi: protect vq-logused with vq-mutex The vhost-scsi completion path may access vq-logbase when vq-logused is already set to false. vhost-thread QEMU-thread vhostscsicompletecmdwork - vhostaddused - vhostaddusedn if...

CVE-2025-38074 vhost-scsi: protect vq->log_used with vq->mutex

In the Linux kernel, the following vulnerability has been resolved: vhost-scsi: protect vq-logused with vq-mutex The vhost-scsi completion path may access vq-logbase when vq-logused is already set to false. vhost-thread QEMU-thread vhostscsicompletecmdwork - vhostaddused - vhostaddusedn if...

CVE-2025-38074

CVE-2025-38074 affects the Linux kernel vhost-scsi path used by virtio-scsi/QEMU. The root cause is a race where vq->log_base can be accessed after vq->log_used is set to false, because the completion path may evaluate log_used and then access log_base before proper synchronization. The fix...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: openvswitch: The issue of unsafe attribute parsing in outputuserspace has been fixed. This patch replaces the manual Netlink attribute iteration in outputuserspace with nlaforeachnested, which ensures that only well-formed...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: VLAN: Enforcing the underlying device type Currently, VLAN devices can be created on top of non-Ethernet devices. Aside from the fact that this approach doesn’t make much sense, it also causes a bug that leads to the leakage of t...

kernel: net: gso: fix ownership in __udp_gso_segment

In the Linux kernel, the following vulnerability has been resolved: net: gso: fix ownership in udpgsosegment In udpgsosegment the skb destructor is removed before segmenting the skb but the socket reference is kept as-is. This is an issue if the original skb is later orphaned as we can hit the...

CVE-2025-1246 Mali GPU Userspace Driver allows an Out-of-Bounds access

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Arm Ltd Bifrost GPU Userspace Driver, Arm Ltd Valhall GPU Userspace Driver, Arm Ltd Arm 5th Gen GPU Architecture Userspace Driver allows a non-privileged user process to perform valid GPU processing operation...

ARM多款产品 缓冲区错误漏洞

ARM Bifrost GPU Userspace Driver is a userspace driver from ARM UK. A security vulnerability exists in various ARM products that stems from improperly restricted memory buffer boundaries, which could lead to out-of-bounds access. The following products and versions are affected: Arm Ltd Bifrost G...

SUSE CVE-2025-37998

In the Linux kernel, the following vulnerability has been resolved: openvswitch: Fix unsafe attribute parsing in outputuserspace This patch replaces the manual Netlink attribute iteration in outputuserspace with nlaforeachnested, which ensures that only well-formed attributes are processed...

UBUNTU-CVE-2025-37998

In the Linux kernel, the following vulnerability has been resolved: openvswitch: Fix unsafe attribute parsing in outputuserspace This patch replaces the manual Netlink attribute iteration in outputuserspace with nlaforeachnested, which ensures that only well-formed attributes are processed...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from insecure parsing of attributes in outputuserspace...

USN-7524-1: Linux kernel (Raspberry Pi) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - MIPS architecture; - PowerPC architecture; - RISC-V architecture; - S390 architecture; - Supe...

Ubuntu 24.04 LTS : Linux kernel (Raspberry Pi) vulnerabilities (USN-7524-1)

"The remote Ubuntu 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7524-1 advisory. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws i...

CVE-2024-23374

Memory corruption is possible when an attempt is made from userspace or console to write some haptics effects pattern to the haptics debugfs file...