SUSE CVE-2025-38737

In the Linux kernel, the following vulnerability has been resolved: cifs: Fix oops due to uninitialised variable Fix smb3inittransformrq to initialise buffer to NULL before calling netfsallocfolioqbuffer as netfs assumes it can append to the buffer it is given. Setting it to NULL means it should...

UBUNTU-CVE-2025-38737

In the Linux kernel, the following vulnerability has been resolved: cifs: Fix oops due to uninitialised variable Fix smb3inittransformrq to initialise buffer to NULL before calling netfsallocfolioqbuffer as netfs assumes it can append to the buffer it is given. Setting it to NULL means it should...

CVE-2025-58057

CVE-2025-58057 is a Netty vulnerability where, in affected releases of netty-codec-compression (≤ 4.1.124.Final) and netty-codec (≤ 4.2.4.Final), specially crafted input can cause BrotliDecoder and related decoders to allocate a large number of reachable byte buffers, leading to denial of service...

CVE-2025-58057 Netty's BrotliDecoder is vulnerable to DoS via zip bomb style attack

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In netty-codec-compression versions 4.1.124.Final and below, and netty-codec versions 4.2.4.Final and below, when supplied with specially crafted...

CVE-2025-58057 Netty's BrotliDecoder is vulnerable to DoS via zip bomb style attack

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In netty-codec-compression versions 4.1.124.Final and below, and netty-codec versions 4.2.4.Final and below, when supplied with specially crafted...

CVE-2025-58058

A memory leak flaw has been discovered in the golang github.com/ulikunitz/xz package. In affected versions, it is possible to put data in front of an LZMA-encoded byte stream without detecting the situation while reading the header. This can lead to increased memory consumption because the curren...

SUSE-SU-2025:02875-1 Security update for the Linux Kernel RT (Live Patch 3 for SLE 15 SP6)

This update for the Linux Kernel 6.4.0-1506001011 fixes several issues. The following security issues were fixed: - CVE-2025-38494: HID: core: do not bypass hidhwrawrequest bsc1247350. - CVE-2025-38495: HID: core: ensure the allocated report buffer can contain the reserved report ID bsc1247351. -...

PT-2025-33764

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A reference count leak exists in the perf/core subsystem of the Linux kernel. Specifically, when perf mmap fails to allocate a buffer, the event mapped callback of the related event is...

CVE-2025-38481

In the Linux kernel, the following vulnerability has been resolved: comedi: Fail COMEDIINSNLIST ioctl if ninsns is too large The handling of the COMEDIINSNLIST ioctl allocates a kernel buffer to hold the array of struct comediinsn, getting the length from the ninsns member of the struct...

CVE-2025-38481 comedi: Fail COMEDI_INSNLIST ioctl if n_insns is too large

In the Linux kernel, the following vulnerability has been resolved: comedi: Fail COMEDIINSNLIST ioctl if ninsns is too large The handling of the COMEDIINSNLIST ioctl allocates a kernel buffer to hold the array of struct comediinsn, getting the length from the ninsns member of the struct...

CVE-2025-38481 comedi: Fail COMEDI_INSNLIST ioctl if n_insns is too large

In the Linux kernel, the following vulnerability has been resolved: comedi: Fail COMEDIINSNLIST ioctl if ninsns is too large The handling of the COMEDIINSNLIST ioctl allocates a kernel buffer to hold the array of struct comediinsn, getting the length from the ninsns member of the struct...

CVE-2025-38481

Technical details for CVE-2025-38481 are not provided in the connected documents. The initial description notes a comedi kernel fix (n_insns limit) but contains no vendor/product/version/exploit details beyond that.

PT-2025-40874

Name of the Vulnerable Software and Affected Versions Software versions prior to 8.0 Description An issue exists in the handling of MPEG-DASH manifests where an out-of-bounds NUL-byte write occurs one byte past the end of the buffer. This happens during the calculation of the content path. The...

SUSE-SU-2025:02283-1 Security update for audiofile

This update for audiofile fixes the following issues: - CVE-2019-13147: Do not allow too many channel to prevent NULL pointer dereference bsc1140031. - CVE-2022-24599: Clear buffer when allocating bsc1196487...

CBL Mariner 2.0 Security Update: CBL-Mariner Releases / grub2 (CVE-2020-14310)

The version of CBL-Mariner Releases / grub2 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2020-14310 advisory. - There is an issue on grub2 before version 2.06 at function readsectionasstring. It...

CVE-2025-38314

In the Linux kernel, the following vulnerability has been resolved: virtio-pci: Fix result size returned for the admin command completion The result size returned by virtiopciadmindevpartsget is 8 bytes larger than the actual result data size. This occurs because the resultsgsize field of the...

PT-2025-31077

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The handling of the COMEDI INSNLIST ioctl allocates a kernel buffer to hold the array of struct comedi insn, using the length from the n insns member of the struct comedi insnlist suppli...

kernel: ndisc: use RCU protection in ndisc_alloc_skb()

A vulnerability was found in the Linux kernel's IPv6 Neighbor Discovery NDISC subsystem, which manages network neighbor information. The issue arises from improper synchronization mechanisms when allocating socket buffers skbuff in the ndiscallocskb function. Specifically, the function can be...

kernel: ndisc: use RCU protection in ndisc_alloc_skb()

A vulnerability was found in the Linux kernel's IPv6 Neighbor Discovery NDISC subsystem, which manages network neighbor information. The issue arises from improper synchronization mechanisms when allocating socket buffers skbuff in the ndiscallocskb function. Specifically, the function can be...

kernel: ndisc: use RCU protection in ndisc_alloc_skb()

A vulnerability was found in the Linux kernel's IPv6 Neighbor Discovery NDISC subsystem, which manages network neighbor information. The issue arises from improper synchronization mechanisms when allocating socket buffers skbuff in the ndiscallocskb function. Specifically, the function can be...