Medium: glibc

Issue Overview: When the assert function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size. CVE-2025-0395 Affected...

The vulnerability of the maple_tree component in the Linux operating system’s kernel allows a hacker to cause a service failure.

The vulnerability of the mapletree component in the Linux operating system’s kernel is related to the insufficient use of the assert function. Exploiting this vulnerability can allow attackers to cause system failures...

The vulnerability of the poll_cci function in the drivers/usb/typec/ucsi/ucsi.c file of the Linux kernel allows a hacker to induce a service failure.

The vulnerability of the pollcci function in the drivers/usb/typec/ucsi/ucsi.c file of the Linux kernel is related to the insufficient use of the assert function. Exploiting this vulnerability can allow a remote attacker to cause a service failure...

ALSA-2025:3828 Moderate: glibc security update

The glibc packages provide the standard C libraries libc, POSIX thread libraries libpthread, standard math libraries libm, and the name service cache daemon nscd used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fixes: glibc:...

The vulnerability of the displaydebugnames() function in the GNU Binutils development environment allows a attacker to cause a service failure.

The vulnerability of the displaydebugnames function in the GNU Binutils development environment is related to the insufficient use of the assert function. Exploiting this vulnerability could allow an attacker to cause a system failure...

The vulnerability of the avahi_alternative_host_name() function in the Avahi service discovery system allows a attacker to cause a service failure.

The vulnerability of the avahialternativehostname function in the Avahi service discovery system in local networks is related to the lack of use of the assert function. Exploiting this vulnerability can allow an attacker to cause a service failure...

The vulnerability of the PLAY command in the Live555 multimedia streaming library, which allows a hacker to cause a service failure.

The vulnerability of the PLAY command in the Live555 multimedia streaming library group is related to the insufficient use of the assert function. Exploiting this vulnerability can allow a malicious actor to cause service failures...

SUSE-SU-2025:20236-1 Security update for glibc

This update for glibc fixes the following issues: - CVE-2025-0395: Fixed buffer overflow in the assert function bsc1236282...

Security update for glibc

This update for glibc fixes the following issues: CVE-2025-0395: Fixed buffer overflow in the assert function bsc1236282. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command...

OESA-2025-1242 glibc security update

The GNU C Library project provides the core libraries for the GNU system and GNU/Linux systems, as well as many other systems that use Linux as the kernel. These libraries provide critical APIs including ISO C11, POSIX.1-2008, BSD, OS-specific APIs and more. These APIs include such foundational...

CVE-2024-58068

In the Linux kernel, the following vulnerability has been resolved: OPP: fix devpmoppfindbw when bandwidth table not initialized If a driver calls devpmoppfindbwceil/floor the retrieve bandwidth from the OPP table but the bandwidth table was not created because the interconnect properties were...

CVE-2024-58068

CVE-2024-58068 affects the Linux kernel OPP subsystem. If a bandwidth table is not created (e.g., interconnect properties missing in the OPP consumer node) and a driver calls dev_pm_opp_find_bw_ceil() or dev_pm_opp_find_bw_floor(), the kernel may NULL-dereference when reading bandwidth from _read...

CVE-2024-58068 OPP: fix dev_pm_opp_find_bw_*() when bandwidth table not initialized

In the Linux kernel, the following vulnerability has been resolved: OPP: fix devpmoppfindbw when bandwidth table not initialized If a driver calls devpmoppfindbwceil/floor the retrieve bandwidth from the OPP table but the bandwidth table was not created because the interconnect properties were...

CVE-2024-58068 OPP: fix dev_pm_opp_find_bw_*() when bandwidth table not initialized

In the Linux kernel, the following vulnerability has been resolved: OPP: fix devpmoppfindbw when bandwidth table not initialized If a driver calls devpmoppfindbwceil/floor the retrieve bandwidth from the OPP table but the bandwidth table was not created because the interconnect properties were...

SUSE-SU-2025:20135-1 Security update for glibc

This update for glibc fixes the following issues: - CVE-2025-0395: Fixed buffer overflow in the assert function bsc1236282. Other fixes: - Fix underallocation of abortmsgs struct - Correctly determine livepatching support - Remove nss-systemd from default nsswitch.conf bsc1233699...

SUSE CVE-2024-57998

In the Linux kernel, the following vulnerability has been resolved: OPP: add index check to assert to avoid buffer overflow in readfreq Pass the freq index to the assert function to make sure we do not read a freq out of the opp-rates table when called from the indexed variants:...

CVE-2024-57998

In the Linux kernel, the following vulnerability has been resolved: OPP: add index check to assert to avoid buffer overflow in readfreq Pass the freq index to the assert function to make sure we do not read a freq out of the opp-rates table when called from the indexed variants:...

UBUNTU-CVE-2024-57998

In the Linux kernel, the following vulnerability has been resolved: OPP: add index check to assert to avoid buffer overflow in readfreq Pass the freq index to the assert function to make sure we do not read a freq out of the opp-rates table when called from the indexed variants:...

CVE-2024-57998

The CVE-2024-57998 issue affects the Linux kernel OPP (Operating Performance Points) subsystem. The vulnerability arises from a lack of proper index validation when reading the opp->rates[] table in _read_freq(), which could lead to a buffered read overflow. The patch adds an index parameter t...

CVE-2024-57998 OPP: add index check to assert to avoid buffer overflow in _read_freq()

In the Linux kernel, the following vulnerability has been resolved: OPP: add index check to assert to avoid buffer overflow in readfreq Pass the freq index to the assert function to make sure we do not read a freq out of the opp-rates table when called from the indexed variants:...