Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: ax25: rcu protect dev-ax25ptr syzbot identified a lockdep issue 1. We should remove the ax25 RTNL dependency in ax25setsockopt. This should also fix various potential UAF issues in ax25. 1 WARNING: A circular locking dependenc...

ax25: fix incorrect dev_tracker usage

...

EUVD-2025-30352

Malicious code in bioql PyPI...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Fix "KASAN: slab-use-after-free Read in ibregisterdevice" problem CVE-2025-38022 In the Linux kernel, the following vulnerability has been resolved: dma-buf: insert memory barrier before updating...

SUSE CVE-2025-39848

In the Linux kernel, the following vulnerability has been resolved: ax25: properly unshare skbs in ax25kissrcv Bernard Pidoux reported a regression apparently caused by commit c353e8983e0d "net: introduce per netns packet chains". skb-dev becomes NULL and we crash in netifreceiveskbcore. Before...

AZL-67589 CVE-2025-39848 affecting package kernel for versions less than 6.6.112.1-1

In the Linux kernel, the following vulnerability has been resolved: ax25: properly unshare skbs in ax25kissrcv Bernard Pidoux reported a regression apparently caused by commit c353e8983e0d "net: introduce per netns packet chains". skb-dev becomes NULL and we crash in netifreceiveskbcore. Before...

CVE-2025-39848

In the Linux kernel, the following vulnerability has been resolved: ax25: properly unshare skbs in ax25kissrcv Bernard Pidoux reported a regression apparently caused by commit c353e8983e0d "net: introduce per netns packet chains". skb-dev becomes NULL and we crash in netifreceiveskbcore. Before...

CVE-2025-39848

CVE-2025-39848 (Linux kernel) concerns ax25_kiss_rcv() potentially queuing/mangling input skbs when the skb is shared, leading to crashes in __netif_receive_skb_core() after a per-netns packet-chain change. The root cause is a lack of proper unsharing of skbs in ax25_kiss_rcv(), with a regression...

CVE-2025-39848

In the Linux kernel, the following vulnerability has been resolved: ax25: properly unshare skbs in ax25kissrcv Bernard Pidoux reported a regression apparently caused by commit c353e8983e0d "net: introduce per netns packet chains". skb-dev becomes NULL and we crash in netifreceiveskbcore. Before...

ax25: rcu protect dev->ax25_ptr

...

SUSE CVE-2022-50163

In the Linux kernel, the following vulnerability has been resolved: ax25: fix incorrect devtracker usage While investigating a separate rose issue 1, and enabling CONFIGNETDEVREFCNTTRACKER=y, Bernard reported an orthogonal ax25 issue 2 An ax25dev can be used by one or many struct ax25cb. We thus...

AZL-62531 CVE-2025-22109 affecting package kernel 6.6.126.1-1

In the Linux kernel, the following vulnerability has been resolved: ax25: Remove broken autobind Binding AX25 socket by using the autobind feature leads to memory leaks in ax25connect and also refcount leaks in ax25release. Memory leak was detected with kmemleak:...

CVE-2025-22109

In the Linux kernel, the following vulnerability has been resolved: ax25: Remove broken autobind Binding AX25 socket by using the autobind feature leads to memory leaks in ax25connect and also refcount leaks in ax25release. Memory leak was detected with kmemleak:...

ax25: Fix refcount leak caused by setting SO_BINDTODEVICE sockopt

...

SUSE CVE-2025-21812

In the Linux kernel, the following vulnerability has been resolved: ax25: rcu protect dev-ax25ptr syzbot found a lockdep issue 1. We should remove ax25 RTNL dependency in ax25setsockopt This should also fix a variety of possible UAF in ax25. 1 WARNING: possible circular locking dependency detecte...

SUSE CVE-2025-21792

In the Linux kernel, the following vulnerability has been resolved: ax25: Fix refcount leak caused by setting SOBINDTODEVICE sockopt If an AX25 device is bound to a socket by setting the SOBINDTODEVICE socket option, a refcount leak will occur in ax25release. Commit 9fd75b66b8f6 "ax25: Fix refcou...

UBUNTU-CVE-2025-21812

In the Linux kernel, the following vulnerability has been resolved: ax25: rcu protect dev-ax25ptr syzbot found a lockdep issue 1. We should remove ax25 RTNL dependency in ax25setsockopt This should also fix a variety of possible UAF in ax25. 1 WARNING: possible circular locking dependency detecte...

AZL-57965 CVE-2025-21792 affecting package kernel for versions less than 6.6.79.1-1

In the Linux kernel, the following vulnerability has been resolved: ax25: Fix refcount leak caused by setting SOBINDTODEVICE sockopt If an AX25 device is bound to a socket by setting the SOBINDTODEVICE socket option, a refcount leak will occur in ax25release. Commit 9fd75b66b8f6 "ax25: Fix refcou...

AZL-57819 CVE-2025-21792 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: ax25: Fix refcount leak caused by setting SOBINDTODEVICE sockopt If an AX25 device is bound to a socket by setting the SOBINDTODEVICE socket option, a refcount leak will occur in ax25release. Commit 9fd75b66b8f6 "ax25: Fix refcou...

PT-2025-9003

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.13.0-rc3 Description A potential issue has been identified in the Linux kernel related to the ax25 protocol. The problem arises from a possible circular locking dependency detected between rtnl mutex and sk...