CVE-2025-1290

CVE-2025-1290 affects ChromeOS Kernel 5.4: a race condition Use-After-Free in virtio_transport_space_update during AF_VSOCK connect can lead to a dangling pointer and potential kernel code execution. Exploitation details are not provided in the documents, but Red Hat, CNVD, CNNVD and PT Security ...

Security update for the Linux Kernel (Live Patch 19 for SLE 15 SP5)

This update for the Linux Kernel 5.14.21-1505005580 fixes one issue. The following security issue was fixed: CVE-2024-56600: net: inet6: do not leave a dangling sk pointer in inet6create bsc1235218. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like...

Security update for the Linux Kernel (Live Patch 48 for SLE 15 SP3)

This update for the Linux Kernel 5.3.18-15030059174 fixes several issues. The following security issues were fixed: CVE-2022-49014: net: tun: Fix use-after-free in tundetach bsc1232818. CVE-2022-49563: crypto: qat - add param check for RSA bsc1238788. CVE-2022-49564: crypto: qat - add param check...

SUSE-SU-2025:1252-1 Security update for the Linux Kernel (Live Patch 24 for SLE 15 SP4)

This update for the Linux Kernel 5.14.21-15040024111 fixes several issues. The following security issues were fixed: - CVE-2024-41090: tap: add missing verification for short frame bsc1228714. - CVE-2024-56600: net: inet6: do not leave a dangling sk pointer in inet6create bsc1235218...

Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP6)

This update for the Linux Kernel 6.4.0-15060021 fixes several issues. The following security issues were fixed: CVE-2024-56600: net: inet6: do not leave a dangling sk pointer in inet6create bsc1235218. CVE-2024-41090: tap: add missing verification for short frame bsc1228714. Patch Instructions: T...

Security update for the Linux Kernel (Live Patch 6 for SLE 15 SP6)

This update for the Linux Kernel 6.4.0-1506002330 fixes one issue. The following security issue was fixed: CVE-2024-56600: net: inet6: do not leave a dangling sk pointer in inet6create bsc1235218. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like...

kernel: vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans

A dangling pointer can be created in vsk-trans, potentially leading to a Use-After-Free condition...

Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2021-47633: ath5k: fix OOB in ath5keepromreadpcalinfo5111 bsc1237768. CVE-2022-49080: mm/mempolicy: fix mpolnew leak in sharedpolicyreplace bsc1238033...

AlmaLinux 9 : kernel (ALSA-2025:2627)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:2627 advisory. kernel: ACPI: extlog: fix NULL pointer dereference check CVE-2023-52605 kernel: vsock/virtio: Initialization of the dangling pointer occurring in vsk-tran...

ocfs2: fix slab-use-after-free due to dangling pointer dqi_priv

...

Bluetooth: RFCOMM: avoid leaving dangling sk pointer in rfcomm_sock_alloc()

...

kernel: vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans

A dangling pointer can be created in vsk-trans, potentially leading to a Use-After-Free condition...

Important: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: ACPI: extlog: fix NULL pointer dereference check CVE-2023-52605 kernel: vsock/virtio: Initialization of the dangling pointer occurring in vsk-trans CVE-2024-50264 kernel: HID: core:...

net: ieee802154: do not leave a dangling sk pointer in ieee802154_create()

...

Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create()

...

net: af_can: do not leave a dangling sk pointer in can_create()

...

net: inet6: do not leave a dangling sk pointer in inet6_create()

...

net: inet: do not leave a dangling sk pointer in inet_create()

...

Linux Distros Unpatched Vulnerability : CVE-2024-53103

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: hvsock: Initializing vsk-trans to NULL to prevent a dangling pointer When hvs is released,...

Linux Distros Unpatched Vulnerability : CVE-2024-50264

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: Initialization of the dangling pointer occurring in vsk-trans During loopback...