CVE-2022-49159

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Implement ref count for SRB The timeout handler and the done function are racing. When qla2x00asynciocbtimeout starts to run it can be preempted by the normal response path via the firmware?. qla24xxasyncgpscspdone...

CVE-2022-49076 RDMA/hfi1: Fix use-after-free bug for mm struct

In the Linux kernel, the following vulnerability has been resolved: RDMA/hfi1: Fix use-after-free bug for mm struct Under certain conditions, such as MPIAbort, the hfi1 cleanup code may represent the last reference held on the task mm. hfi1mmurbunregister then drops the last reference and the mm ...

CVE-2022-49076

CVE-2022-49076 concerns the Linux kernel RDMA/hfi1 subsystem. The issue is a use-after-free in the mm struct lifecycle: under certain conditions (e.g., MPI_Abort), hfi1_mmu_rb_unregister() may drop the last reference to a task mm, freeing it before its final use in hfi1_release_user_pages. This c...

编号撤回

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A resource management error vulnerability exists in Linux kernel that stems from the lpfc driver not properly handling node list releases after an ELS LOGO abort...

CLSA-2025-1740470259 Fix CVE(s): CVE-2025-0395

SECURITY UPDATE: insufficient space allocation in assert function leading to buffer overflow - debian/patches/any/CVE-2025-0395.patch: Fix underallocation of abortmsgs struct to store the length of the message string - CVE-2025-0395...

Important: ecs-service-connect-agent

Issue Overview: Envoy is a cloud-native high-performance edge/middle/service proxy. In affected versions sendOverloadError is going to assume the active request exists when envoy.loadshedpoints.http1serverabortdispatch is configured. If activerequest is nullptr, only onMessageBeginImpl is called...

CLSA-2025-1740230107 Fix CVE(s): CVE-2025-0395

SECURITY UPDATE: insufficient space allocation in assert function leading to buffer overflow - debian/patches/any/CVE-2025-0395.patch: Fix underallocation of abortmsgs struct to store the length of the message string - CVE-2025-0395...

RFC7250 handshakes with unauthenticated servers don't abort as expected

...

kernel: netfilter: nf_tables: fix memleak in map from abort path

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: fix memleak in map from abort path The Linux kernel CVE team has assigned CVE-2024-27011 to this issue. Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024050148-CVE-2024-27011-2c70@gregkh/T...

SUSE CVE-2023-1428

There exists an vulnerability causing an abort to be called in gRPC. The following headers cause gRPC's C++ implementation to abort when called via http2: te: x x != trailers :scheme: x x != http, https grpclbclientstats: x x == anything On top of sending one of those headers, a later header must...

Security update for glibc

This update for glibc fixes the following issue: CVE-2025-0395: Fix underallocation of abortmsgs struct bsc1236282, BZ 32582 s390x-wcsncmp patch: s390x: Fix segfault in wcsncmp bsc1228044. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Validate hdwq pointers before dereferencing in reset/errata paths When the HBA is undergoing a reset or is handling an errata event, NULL pointer dereference may cause crashes in routines such as lpfcsliflushiorings,...

CVE-2023-52924 netfilter: nf_tables: don't skip expired elements during walk

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: don't skip expired elements during walk There is an asymmetry between commit/abort and preparation phase if the following conditions are met: 1. set is a verdict map "1.2.3.4 : jump foo" 2. timeouts are enabl...

CVE-2025-21675

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Clear port select structure when fail to create Clear the port select structure on error so no stale values left after definers are destroyed. That's because the mlx5lagdestroydefiners always try to destroy all lag...

CVE-2025-21675 net/mlx5: Clear port select structure when fail to create

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Clear port select structure when fail to create Clear the port select structure on error so no stale values left after definers are destroyed. That's because the mlx5lagdestroydefiners always try to destroy all lag...

CVE-2025-21675

The CVE-2025-21675 issue affects the Linux kernel code path for mlx5_lag_port_sel_create, where resource cleanup was incomplete and could lead to double-destruction of definers after a failure to create the port select structure. The resulting cleanup gap caused a NULL pointer dereference on erro...

SUSE CVE-2024-56758

In the Linux kernel, the following vulnerability has been resolved: btrfs: check folio mapping after unlock in relocateonefolio When we call btrfsreadfolio to bring a folio uptodate, we unlock the folio. The result of that is that a different thread can modify the mapping like remove it with...

CVE-2024-56758

In the Linux kernel, the following vulnerability has been resolved: btrfs: check folio mapping after unlock in relocateonefolio When we call btrfsreadfolio to bring a folio uptodate, we unlock the folio. The result of that is that a different thread can modify the mapping like remove it with...

AZL-55032 CVE-2024-56758 affecting package kernel for versions less than 6.6.96.1-1

In the Linux kernel, the following vulnerability has been resolved: btrfs: check folio mapping after unlock in relocateonefolio When we call btrfsreadfolio to bring a folio uptodate, we unlock the folio. The result of that is that a different thread can modify the mapping like remove it with...

UBUNTU-CVE-2024-56758

In the Linux kernel, the following vulnerability has been resolved: btrfs: check folio mapping after unlock in relocateonefolio When we call btrfsreadfolio to bring a folio uptodate, we unlock the folio. The result of that is that a different thread can modify the mapping like remove it with...