CVE-2023-53192 vxlan: Fix nexthop hash size

In the Linux kernel, the following vulnerability has been resolved: vxlan: Fix nexthop hash size The nexthop code expects a 31 bit hash, such as what is returned by fibmultipathhash and rt6multipathhash. Passing the 32 bit hash returned by skbgethash can lead to problems related to the fact that...

DEBIAN-CVE-2025-39784

In the Linux kernel, the following vulnerability has been resolved: PCI: Fix link speed calculation on retrain failure When pciefailedlinkretrain fails to retrain, it tries to revert to the previous link speed. However it calculates that speed from the Link Control 2 register without masking out...

CVE-2025-39784

In the Linux kernel, the following vulnerability has been resolved: PCI: Fix link speed calculation on retrain failure When pciefailedlinkretrain fails to retrain, it tries to revert to the previous link speed. However it calculates that speed from the Link Control 2 register without masking out...

CVE-2025-39784

CVE-2025-39784 is a Linux kernel PCIe issue resolved by masking non-speed bits in PCIE_LNKCTL2_TLS2SPEED() (and PCIE_LNKCAP_SLS2SPEED()) when retraining a PCIe link. The bug caused incorrect speed values to be interpreted from the Link Control 2 register, producing PCI_SPEED_UNKNOWN (0xff) and tr...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from not properly masking non-speed bits, which could lead to an error in link speed calculation...

comedi: Make insn_rw_emulate_bits() do insn->n samples

...

AZL-66938 CVE-2025-39686 affecting package kernel for versions less than 6.6.104.2-1

In the Linux kernel, the following vulnerability has been resolved: comedi: Make insnrwemulatebits do insn-n samples The insnrwemulatebits function is used as a default handler for INSNREAD instructions for subdevices that have a handler for INSNBITS but not for INSNREAD. Similarly, it is used as...

CVE-2025-39686

In the Linux kernel, the following vulnerability has been resolved: comedi: Make insnrwemulatebits do insn-n samples The insnrwemulatebits function is used as a default handler for INSNREAD instructions for subdevices that have a handler for INSNBITS but not for INSNREAD. Similarly, it is used as...

CVE-2025-38736

In the Linux kernel, the following vulnerability has been resolved: net: usb: asixdevices: Fix PHY address mask in MDIO bus initialization Syzbot reported shift-out-of-bounds exception on MDIO bus initialization. The PHY address should be masked to 5 bits 0-31. Without this mask, invalid PHY...

UBUNTU-CVE-2025-38736

In the Linux kernel, the following vulnerability has been resolved: net: usb: asixdevices: Fix PHY address mask in MDIO bus initialization Syzbot reported shift-out-of-bounds exception on MDIO bus initialization. The PHY address should be masked to 5 bits 0-31. Without this mask, invalid PHY...

CVE-2025-38736

Technical details about CVE-2025-38736 are not provided in the connected documents. The initial description notes a Linux kernel MDIO PHY address masking fix (mask with 0x1f) in net: usb: asix_devices to prevent OOB/invalid MDIO addresses. Connected advisories reference the CVE, but do not supply...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel, which stems from the insn-n sample not being handled by the insnrwemulatebits function of the comedi module...

Linux Distros Unpatched Vulnerability : CVE-2024-34244

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libmodbus v3.1.10 is vulnerable to Buffer Overflow via the modbuswritebits function. This issue can be triggered when the function is fed with specially crafted...

PT-2025-49070

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.16.0-syzkaller Description The Linux kernel had an uninitialized value issue within the hfs find set zero bits function, specifically related to the HFS filesystem. The issue was identified by syzbot and involv...

Linux Distros Unpatched Vulnerability : CVE-2006-4484

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Buffer overflow in the LWZReadByte function in ext/gd/libgd/gdgifin.c in the GD extension in PHP before 5.1.5 allows remote attackers to have an unknown impact...

CVE-2025-55398

An issue was discovered in mouse07410 asn1c thru 0.9.29 2025-03-20 - a fork of vlm asn1c. In UPER Unaligned Packed Encoding Rules, asn1c-generated decoders fail to enforce INTEGER constraints when the bound is positive and exceeds 32 bits in length, potentially allowing incorrect or malicious inp...

Linux Distros Unpatched Vulnerability : CVE-2017-15423

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in BoringSSL SPAKE2 in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to leak the low-order bits of SHA512password b...

AZL-66491 CVE-2025-38556 affecting package kernel for versions less than 6.6.119.3-1

In the Linux kernel, the following vulnerability has been resolved: HID: core: Harden s32ton against conversion to 0 bits Testing by the syzbot fuzzer showed that the HID core gets a shift-out-of-bounds exception when it tries to convert a 32-bit quantity to a 0-bit quantity. Ideally this should...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the s32ton function not being handled correctly when converting 0 bits, which could lead to a crash...

kernel: USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor

A vulnerability was found in the usbparseendpoint function in the Linux kernel's usb drivers, where improper handling of the reserved bits in an endpoint descriptor's bEndpointAddress field can lead to confusion in the endpointisduplicate routine in config.c. This will erroneously treat the same...