Linux Distros Unpatched Vulnerability : CVE-2025-39823

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - KVM: x86: use arrayindexnospec with indices that come from guest min and destid are guest-controlled indices. Using arrayindexnospec after the bounds checks...

SUSE CVE-2023-53181

In the Linux kernel, the following vulnerability has been resolved: dma-buf/dma-resv: Stop leaking on krealloc failure Currently dmaresvgetfences will leak the previously allocated array if the fence iteration got restarted and the kreallocarray fails. Free the old array by hand, and make sure we...

SUSE CVE-2023-53195

In the Linux kernel, the following vulnerability has been resolved: mlxsw: minimal: fix potential memory leak in mlxswmlinecardsinit The line cards array is not freed in the error path of mlxswmlinecardsinit, which can lead to a memory leak. Fix by freeing the array in the error path, thereby...

SUSE CVE-2025-39818

In the Linux kernel, the following vulnerability has been resolved: HID: intel-thc-hid: intel-thc: Fix incorrect pointer arithmetic in I2C regs save Improper use of secondary pointer &dev-i2csubipregs caused kernel crash and out-of-bounds error: BUG: KASAN: slab-out-of-bounds in...

GHSA-3WFH-36RX-9537 Timing Attack Vulnerability in SCRAM Authentication

Impact A timing attack vulnerability exists in the SCRAM Java implementation. The issue arises because Arrays.equals was used to compare secret values such as client proofs and server signatures. Since Arrays.equals performs a short-circuit comparison, the execution time varies depending on how...

CVE-2023-53313

In the Linux kernel, the following vulnerability has been resolved: md/raid10: fix wrong setting of maxcorrreaderrors There is no input check when echo md/maxreaderrors and overflow might occur. Add check of input number...

AZL-74718 CVE-2025-39823 affecting package kernel for versions less than 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: use arrayindexnospec with indices that come from guest min and destid are guest-controlled indices. Using arrayindexnospec after the bounds checks clamps these values to mitigate speculative execution side-channels...

AZL-67419 CVE-2025-39823 affecting package kernel for versions less than 6.6.104.2-1

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: use arrayindexnospec with indices that come from guest min and destid are guest-controlled indices. Using arrayindexnospec after the bounds checks clamps these values to mitigate speculative execution side-channels...

UBUNTU-CVE-2025-39823

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: use arrayindexnospec with indices that come from guest min and destid are guest-controlled indices. Using arrayindexnospec after the bounds checks clamps these values to mitigate speculative execution side-channels...

CVE-2025-39823

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: use arrayindexnospec with indices that come from guest min and destid are guest-controlled indices. Using arrayindexnospec after the bounds checks clamps these values to mitigate speculative execution side-channels...

DEBIAN-CVE-2025-39823

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: use arrayindexnospec with indices that come from guest min and destid are guest-controlled indices. Using arrayindexnospec after the bounds checks clamps these values to mitigate speculative execution side-channels...

CVE-2025-39818

In the Linux kernel, the following vulnerability has been resolved: HID: intel-thc-hid: intel-thc: Fix incorrect pointer arithmetic in I2C regs save Improper use of secondary pointer &dev-i2csubipregs caused kernel crash and out-of-bounds error: BUG: KASAN: slab-out-of-bounds in...

CVE-2025-39823

CVE-2025-39823 is a Linux kernel KVM/CPU virtualization vulnerability affecting x86 where indices from the guest (min, dest_id) were used with array_index_nospec after bounds checks. The issue enables speculative execution side-channel leakage affecting confidentiality, integrity, and availabilit...

CVE-2025-39823 KVM: x86: use array_index_nospec with indices that come from guest

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: use arrayindexnospec with indices that come from guest min and destid are guest-controlled indices. Using arrayindexnospec after the bounds checks clamps these values to mitigate speculative execution side-channels...

CVE-2025-39823 KVM: x86: use array_index_nospec with indices that come from guest

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: use arrayindexnospec with indices that come from guest min and destid are guest-controlled indices. Using arrayindexnospec after the bounds checks clamps these values to mitigate speculative execution side-channels...

DEBIAN-CVE-2023-53273

In the Linux kernel, the following vulnerability has been resolved: Drivers: vmbus: Check for channel allocation before looking up relids relid2channel assumes vmbus channel array to be allocated when called. However, in cases such as kdump/kexec, not all relids will be reset by the host. When th...

Linux Distros Unpatched Vulnerability : CVE-2022-50315

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ata: ahci: Match EMMAXSLOTS with SATAPMPMAXPORTS UBSAN complains about array-index-out-of-bounds: 1.980703 kernel: UBSAN: array-index-out-of-bounds in...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from not using arrayindexnospec for indexes from clients, which could lead to a speculative execution side-channel...

SUSE CVE-2023-53238

In the Linux kernel, the following vulnerability has been resolved: phy: hisilicon: Fix an out of bounds check in hisiinnophyprobe The size of array 'priv-ports' is INNOPHYPORTNUM. In the for loop, 'i' is used as the index for array 'priv-ports' with a check i INNOPHYPORTNUM which indicates that...

CVE-2023-53238

In the Linux kernel, the following vulnerability has been resolved: phy: hisilicon: Fix an out of bounds check in hisiinnophyprobe The size of array 'priv-ports' is INNOPHYPORTNUM. In the for loop, 'i' is used as the index for array 'priv-ports' with a check i INNOPHYPORTNUM which indicates that...