kernel: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT

A flaw was found in the packet scheduler API in the Linux kernel. An invalid assumption about qdiscs with major handle ffff allows qdiscs, such as DRR, that maintain an active class list to cause a use-after-free with a dangling class pointer...

kernel: hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer

In the Linux kernel, the following vulnerability has been resolved: hvsock: Initializing vsk-trans to NULL to prevent a dangling pointer When hvs is released, there is a possibility that vsk-trans may not be initialized to NULL, which could lead to a dangling pointer. This issue is resolved by...

SUSE CVE-2025-37765

In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: prime: fix ttmbodelayeddelete oops Fix an oops in ttmbodelayeddelete which results from dererencing a dangling pointer: Oops: general protection fault, probably for non-canonical address 0x6b6b6b6b6b6b6b7b: 0000 1...

CVE-2025-37778

In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fix dangling pointer in krbauthenticate krbauthenticate frees sess-user and does not set the pointer to NULL. It calls ksmbdkrb5authenticate to reinitialise sess-user but that function may return without doing so. If that...

DEBIAN-CVE-2025-37778

In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fix dangling pointer in krbauthenticate krbauthenticate frees sess-user and does not set the pointer to NULL. It calls ksmbdkrb5authenticate to reinitialise sess-user but that function may return without doing so. If that...

UBUNTU-CVE-2025-37765

In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: prime: fix ttmbodelayeddelete oops Fix an oops in ttmbodelayeddelete which results from dererencing a dangling pointer: Oops: general protection fault, probably for non-canonical address 0x6b6b6b6b6b6b6b7b: 0000 1...

CVE-2025-37778 ksmbd: Fix dangling pointer in krb_authenticate

In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fix dangling pointer in krbauthenticate krbauthenticate frees sess-user and does not set the pointer to NULL. It calls ksmbdkrb5authenticate to reinitialise sess-user but that function may return without doing so. If that...

CVE-2025-37778 ksmbd: Fix dangling pointer in krb_authenticate

In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fix dangling pointer in krbauthenticate krbauthenticate frees sess-user and does not set the pointer to NULL. It calls ksmbdkrb5authenticate to reinitialise sess-user but that function may return without doing so. If that...

CVE-2025-37778

CVE-2025-37778 affects the Linux kernel’s ksmbd/kerberos path. The issue is a dangling pointer in krb_authenticate: it frees sess->user and may not null it; ksmbd_krb5_authenticate reinitialises sess->user, but may return without doing so, causing smb2_sess_setup to access freed memory. The...

CVE-2025-37765 drm/nouveau: prime: fix ttm_bo_delayed_delete oops

In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: prime: fix ttmbodelayeddelete oops Fix an oops in ttmbodelayeddelete which results from dererencing a dangling pointer: Oops: general protection fault, probably for non-canonical address 0x6b6b6b6b6b6b6b7b: 0000 1...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from a dangling pointer issue in krbauthenticate...

ghostscript: dangling pointer in gdev_prn_open_printer_seekable()

A flaw was found in Ghostscript. A remote attacker may use a specially crafted payload to trigger access to previously freed memory, which can potentially lead to remote code execution or an application crash...

PT-2025-22186

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue in the Linux kernel's ksmbd component, related to Kerberos authentication, has been identified. The problem arises when another thread operates on a session and us...

SUSE-SU-2025:20187-1 Security update for kernel-livepatch-MICRO-6-0_Update_4

This update for kernel-livepatch-MICRO-6-0Update4 fixes the following issues: - CVE-2024-56600: net: inet6: Fixed dangling sk pointer in inet6create bsc1235218. - CVE-2024-57882: mptcp: Fixed TCP options overflow bsc1235916...

CVE-2025-1290

A race condition Use-After-Free vulnerability exists in the virtiotransportspaceupdate function within the Kernel 5.4 on ChromeOS. Concurrent allocation and freeing of the virtiovsocksock structure during an AFVSOCK connect syscall can occur before a worker thread accesses it resulting in a...

CVE-2025-1290

CVE-2025-1290 affects ChromeOS Kernel 5.4: a race condition Use-After-Free in virtio_transport_space_update during AF_VSOCK connect can lead to a dangling pointer and potential kernel code execution. Exploitation details are not provided in the documents, but Red Hat, CNVD, CNNVD and PT Security ...

Security update for the Linux Kernel (Live Patch 19 for SLE 15 SP5)

This update for the Linux Kernel 5.14.21-1505005580 fixes one issue. The following security issue was fixed: CVE-2024-56600: net: inet6: do not leave a dangling sk pointer in inet6create bsc1235218. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like...

Security update for the Linux Kernel (Live Patch 48 for SLE 15 SP3)

This update for the Linux Kernel 5.3.18-15030059174 fixes several issues. The following security issues were fixed: CVE-2022-49014: net: tun: Fix use-after-free in tundetach bsc1232818. CVE-2022-49563: crypto: qat - add param check for RSA bsc1238788. CVE-2022-49564: crypto: qat - add param check...

SUSE-SU-2025:1252-1 Security update for the Linux Kernel (Live Patch 24 for SLE 15 SP4)

This update for the Linux Kernel 5.14.21-15040024111 fixes several issues. The following security issues were fixed: - CVE-2024-41090: tap: add missing verification for short frame bsc1228714. - CVE-2024-56600: net: inet6: do not leave a dangling sk pointer in inet6create bsc1235218...

Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP6)

This update for the Linux Kernel 6.4.0-15060021 fixes several issues. The following security issues were fixed: CVE-2024-56600: net: inet6: do not leave a dangling sk pointer in inet6create bsc1235218. CVE-2024-41090: tap: add missing verification for short frame bsc1228714. Patch Instructions: T...