CVE-2025-38524 rxrpc: Fix recv-recv race of completed call

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix recv-recv race of completed call If a call receives an event such as incoming data, the call gets placed on the socket's queue and a thread in recvmsg can be awakened to go and process it. Once the thread has picked up...

CVE-2025-38524

The CVE-2025-38524 issue concerns a race in Linux kernel RXRPC: when a call on a socket receives events, the call may be dequeued by two threads, potentially causing a release/decoupling that leaves a stale RXRPC_USER_CALL_ID. The fix dequeues the call and ignores it if it is already released, pr...

Linux Distros Unpatched Vulnerability : CVE-2025-37821

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: sched/eevdf: Fix se-slice being set to U64MAX and resulting crash There is a code path in...

Linux Distros Unpatched Vulnerability : CVE-2025-37823

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - netsched: hfsc: Fix a potential UAF in hfscdequeue too Similarly to the previous patch, we need to safe guard hfscdequeue too. But for this one, we don't have a...

Linux Distros Unpatched Vulnerability : CVE-2025-38174

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - thunderbolt: Do not double dequeue a configuration request Some of our devices crash in tbcfgrequestdequeue: general protection fault, probably for non-canonica...

Linux Distros Unpatched Vulnerability : CVE-2023-52855

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - usb: dwc2: fix possible NULL pointer dereference caused by driver concurrency In dwc2hcdurbenqueue, urb-hcpriv = NULL is executed without holding the lock...

thunderbolt: Do not double dequeue a configuration request

...

kernel: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue()

A flaw was found in the HFSC queueing discipline implementation in the Linux kernel. When a packet is enqueued and the child qdisc's peek function is called before properly updating the HFSC queue's length and backlog counters, a race condition can occur. In some cases, the peek operation may...

SUSE CVE-2025-38468

In the Linux kernel, the following vulnerability has been resolved: net/sched: Return NULL when htblookupleaf encounters an empty rbtree htblookupleaf has a BUGON that can trigger with the following: tc qdisc del dev lo root tc qdisc add dev lo root handle 1: htb default 1 tc class add dev lo...

AZL-65910 CVE-2025-38468 affecting package kernel for versions less than 6.6.104.2-1

In the Linux kernel, the following vulnerability has been resolved: net/sched: Return NULL when htblookupleaf encounters an empty rbtree htblookupleaf has a BUGON that can trigger with the following: tc qdisc del dev lo root tc qdisc add dev lo root handle 1: htb default 1 tc class add dev lo...

net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too

...

Bluetooth: btusb: avoid NULL pointer dereference in skb_dequeue()

...

SUSE CVE-2025-38174

In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Do not double dequeue a configuration request Some of our devices crash in tbcfgrequestdequeue: general protection fault, probably for non-canonical address 0xdead000000000122 CPU: 6 PID: 91007 Comm: kworker/6:2...

CVE-2025-38174

In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Do not double dequeue a configuration request Some of our devices crash in tbcfgrequestdequeue: general protection fault, probably for non-canonical address 0xdead000000000122 CPU: 6 PID: 91007 Comm: kworker/6:2...

AZL-64647 CVE-2025-38174 affecting package kernel for versions less than 6.6.96.1-1

In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Do not double dequeue a configuration request Some of our devices crash in tbcfgrequestdequeue: general protection fault, probably for non-canonical address 0xdead000000000122 CPU: 6 PID: 91007 Comm: kworker/6:2...

DEBIAN-CVE-2025-38174

In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Do not double dequeue a configuration request Some of our devices crash in tbcfgrequestdequeue: general protection fault, probably for non-canonical address 0xdead000000000122 CPU: 6 PID: 91007 Comm: kworker/6:2...

UBUNTU-CVE-2025-38174

In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Do not double dequeue a configuration request Some of our devices crash in tbcfgrequestdequeue: general protection fault, probably for non-canonical address 0xdead000000000122 CPU: 6 PID: 91007 Comm: kworker/6:2...

CVE-2025-38174

The CVE-2025-38174 issue is in the Linux kernel Thunderbolt path: tb_cfg_request_work/tb_cfg_request_dequeue can schedule the same configuration request twice, causing a double list_del on ctl->request_queue and a potential general protection fault (non-canonical address 0xdead000000000122). T...

PT-2025-30120

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw in the networking scheduler where certain classful qdiscs may unexpectedly empty a child qdisc, leading to a use-after-free condition. This can occur whe...

SUSE CVE-2022-50132

In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: change place of 'privep' assignment in cdns3gadgetepdequeue, cdns3gadgetepenable If 'ep' is NULL, result of eptocdns3epep is invalid pointer and its dereference with privep-cdns3dev may cause panic. Found by Linux...