kernel security update

An update is available for kernel. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel packages contain the Linux kernel, the core of any Linux operating...

JLSEC-2025-208 An issue was discovered in Arm Mbed TLS before 2.24.0

An issue was discovered in Arm Mbed TLS before 2.24.0. It incorrectly uses a revocationDate check when deciding whether to honor certificate revocation via a CRL. In some situations, an attacker can exploit this by changing the local clock...

ARM: dts: qcom: replace gcc PXO with pxo_board fixed clock

...

kernel: drm/amd/display: clear optc underflow before turn off odm clock

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: clear optc underflow before turn off odm clock Why After ODM clock off, optc underflow bit will be kept there always and clear not work. We need to clear that before clock off. How Clear that if have when clock o...

Siemens SCALANCE and RUGGEDCOM Devices Out-of-bounds Read (CVE-2024-53150)

ALSA: usb-audio: out of bounds reads when finding clock sources The current USB-audio driver code doesn't check bLength of each descriptor at traversing for clock descriptors. That is, when a device provides a bogus descriptor with a shorter bLength, the driver might hit out-of- bounds reads. For...

Siemens SCALANCE and RUGGEDCOM Devices Improper Input Validation (CVE-2024-53158)

soc: qcom: geni-se: array underflow in geniseclktblget This loop is supposed to break if the frequency returned from clkroundrate is the same as on the previous iteration. However, that check doesn't make sense on the first iteration through the loop. It leads to reading before the start of...

Siemens SCALANCE and RUGGEDCOM Devices Improper Input Validation (CVE-2024-50181)

clk: imx: Remove CLKSETPARENTGATE for DRAM mux for i.MX7D. For i.MX7D DRAM related mux clock, the clock source change should ONLY be done done in low level asm code without accessing DRAM, and then calling clk API to sync the HW clock status with clk tree, it should never touch real clock source...

Siemens SCALANCE and RUGGEDCOM Devices Improper Input Validation (CVE-2024-56739)

rtc: check if rtcreadtime was successful in rtctimerdowork If the rtcreadtime call fails, the struct rtctime tm; may contain uninitialized data, or an illegal date/time read from the RTC hardware. When calling rtctmtoktime later, the result may be a very large value possibly KTIMEMAX. If there ar...

CVE-2025-40127

In the Linux kernel, the following vulnerability has been resolved: hwrng: ks-sa - fix division by zero in kssarnginit Fix division by zero in kssarnginit caused by missing clock pointer initialization. The clkgetrate call is performed on an uninitialized clk pointer, resulting in division by zer...

SUSE CVE-2025-40127

In the Linux kernel, the following vulnerability has been resolved: hwrng: ks-sa - fix division by zero in kssarnginit Fix division by zero in kssarnginit caused by missing clock pointer initialization. The clkgetrate call is performed on an uninitialized clk pointer, resulting in division by zer...

DEBIAN-CVE-2025-40208

In the Linux kernel, the following vulnerability has been resolved: media: iris: fix module removal if firmware download failed Fix remove if firmware failed to load: qcom-iris aa00000.video-codec: Direct firmware load for qcom/vpu/vpu33p4.mbn failed with error -2 qcom-iris aa00000.video-codec:...

CVE-2025-40208

In the Linux kernel, the following vulnerability has been resolved: media: iris: fix module removal if firmware download failed Fix remove if firmware failed to load: qcom-iris aa00000.video-codec: Direct firmware load for qcom/vpu/vpu33p4.mbn failed with error -2 qcom-iris aa00000.video-codec:...

USN-7835-6: Linux kernel (AWS) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - x86 architecture; - ACPI drivers; - Ublk userspace block driver; -...

USN-7835-6 linux-aws-6.8 vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - x86 architecture; - ACPI drivers; - Ublk userspace block driver; -...

EUVD-2025-124956

In the Linux kernel, the following vulnerability has been resolved: hwrng: ks-sa - fix division by zero in kssarnginit Fix division by zero in kssarnginit caused by missing clock pointer initialization. The clkgetrate call is performed on an uninitialized clk pointer, resulting in division by zer...

CVE-2025-40127

In the Linux kernel, the following vulnerability has been resolved: hwrng: ks-sa - fix division by zero in kssarnginit Fix division by zero in kssarnginit caused by missing clock pointer initialization. The clkgetrate call is performed on an uninitialized clk pointer, resulting in division by zer...

UBUNTU-CVE-2025-40127

In the Linux kernel, the following vulnerability has been resolved: hwrng: ks-sa - fix division by zero in kssarnginit Fix division by zero in kssarnginit caused by missing clock pointer initialization. The clkgetrate call is performed on an uninitialized clk pointer, resulting in division by zer...

CVE-2025-40127

CVE-2025-40127 – Linux kernel (hwrng: ks-sa-rng) Root cause: division by zero in ks_sa_rng_init caused by using clk_get_rate() on an uninitialized clk pointer. Impact: division by zero during delay value calculations within the hardware RNG initialization path. Technical detail: A clock is not pr...

CVE-2025-40127 hwrng: ks-sa - fix division by zero in ks_sa_rng_init

In the Linux kernel, the following vulnerability has been resolved: hwrng: ks-sa - fix division by zero in kssarnginit Fix division by zero in kssarnginit caused by missing clock pointer initialization. The clkgetrate call is performed on an uninitialized clk pointer, resulting in division by zer...

CVE-2025-40127 hwrng: ks-sa - fix division by zero in ks_sa_rng_init

In the Linux kernel, the following vulnerability has been resolved: hwrng: ks-sa - fix division by zero in kssarnginit Fix division by zero in kssarnginit caused by missing clock pointer initialization. The clkgetrate call is performed on an uninitialized clk pointer, resulting in division by zer...