SUSE CVE-2023-53515

In the Linux kernel, the following vulnerability has been resolved: virtio-mmio: don't break lifecycle of vmdev vmdev has a separate lifecycle because it has a 'struct device' embedded. Thus, having a release callback for it is correct. Allocating the vmdev struct with devres totally breaks this...

SUSE CVE-2023-53520

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix hcisuspendsync crash If hciunregisterdev frees the hcidev object but hcisuspendnotifier may still be accessing it, it can cause the program to crash. Here's the call trace: 102152.653246 Call Trace: 102152.653254...

SUSE CVE-2025-39908

In the Linux kernel, the following vulnerability has been resolved: net: devioctl: take ops lock in hwtstamp lower paths ndo hwtstamp callbacks are expected to run under the per-device ops lock. Make the lower get/set paths consistent with the rest of ndo invocations. Kernel log: WARNING: CPU: 13...

UBUNTU-CVE-2022-50431

In the Linux kernel, the following vulnerability has been resolved: ALSA: aoa: i2sbus: fix possible memory leak in i2sbusadddev devsetname in soundbusaddone allocates memory for name, it need be freed when ofdeviceregister fails, call soundbusdevput to give up the reference that hold in...

UBUNTU-CVE-2022-50427

In the Linux kernel, the following vulnerability has been resolved: ALSA: ac97: fix possible memory leak in sndac97devregister If deviceregister fails in sndac97devregister, it should call putdevice to give up reference, or the name allocated in devsetname is leaked...

UBUNTU-CVE-2023-53515

In the Linux kernel, the following vulnerability has been resolved: virtio-mmio: don't break lifecycle of vmdev vmdev has a separate lifecycle because it has a 'struct device' embedded. Thus, having a release callback for it is correct. Allocating the vmdev struct with devres totally breaks this...

CVE-2023-53515

CVE-2023-53515 affects the Linux kernel virtio-mmio subsystem. The issue stems from allocating vm_dev with devres, which breaks the vm_dev lifecycle tied to a struct device; when the platform_device is removed, the memory is freed before vm_dev release, causing a use-after-free when the release c...

CVE-2023-53515 virtio-mmio: don't break lifecycle of vm_dev

In the Linux kernel, the following vulnerability has been resolved: virtio-mmio: don't break lifecycle of vmdev vmdev has a separate lifecycle because it has a 'struct device' embedded. Thus, having a release callback for it is correct. Allocating the vmdev struct with devres totally breaks this...

CVE-2023-53454 HID: multitouch: Correct devm device reference for hidinput input_dev name

In the Linux kernel, the following vulnerability has been resolved: HID: multitouch: Correct devm device reference for hidinput inputdev name Reference the HID device rather than the input device for the devm allocation of the inputdev name. Referencing the inputdev would lead to a use-after-free...

AZL-74754 CVE-2025-39911 affecting package kernel for versions less than 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: i40e: fix IRQ freeing in i40evsirequestirqmsix error path If requestirq in i40evsirequestirqmsix fails in an iteration later than the first, the error path wants to free the IRQs requested so far. However, it uses the wrong devid...

CVE-2025-39908

In the Linux kernel, the following vulnerability has been resolved: net: devioctl: take ops lock in hwtstamp lower paths ndo hwtstamp callbacks are expected to run under the per-device ops lock. Make the lower get/set paths consistent with the rest of ndo invocations. Kernel log: WARNING: CPU: 13...

UBUNTU-CVE-2025-39908

In the Linux kernel, the following vulnerability has been resolved: net: devioctl: take ops lock in hwtstamp lower paths ndo hwtstamp callbacks are expected to run under the per-device ops lock. Make the lower get/set paths consistent with the rest of ndo invocations. Kernel log: WARNING: CPU: 13...

CVE-2025-39911

CVE-2025-39911 : Linux kernel i40e driver fix for IRQ freeing in i40e_vsi_request_irq_msix error path. If request_irq() fails after the first iteration, the error path frees IRQs with the wrong dev_id, causing IRQs to remain freed incorrectly and triggering a WARNING: “Trying to free already-free...

CVE-2025-39908 net: dev_ioctl: take ops lock in hwtstamp lower paths

In the Linux kernel, the following vulnerability has been resolved: net: devioctl: take ops lock in hwtstamp lower paths ndo hwtstamp callbacks are expected to run under the per-device ops lock. Make the lower get/set paths consistent with the rest of ndo invocations. Kernel log: WARNING: CPU: 13...

CVE-2025-39908 net: dev_ioctl: take ops lock in hwtstamp lower paths

In the Linux kernel, the following vulnerability has been resolved: net: devioctl: take ops lock in hwtstamp lower paths ndo hwtstamp callbacks are expected to run under the per-device ops lock. Make the lower get/set paths consistent with the rest of ndo invocations. Kernel log: WARNING: CPU: 13...

PT-2025-40082

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel related to hardware timestamping hwtstamp within network device operations. Specifically, the issue involves failing to properly acquire the operations...

NewStart CGSL MAIN 6.06 : blktrace Vulnerability (NS-SA-2025-0216)

The remote NewStart CGSL host, running version MAIN 6.06, has blktrace packages installed that are affected by a vulnerability: - blktrace aka Block IO Tracing 1.2.0, as used with the Linux kernel and Android, has a buffer overflow in the devmapread function in btt/devmap.c because the device and...

CVE-2025-34234

Summary: CVE-2025-34234 affects Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to 25.1.102 and Application prior to 25.1.1413. Two hardcoded private keys are shipped inside application containers (printerlogic/pi, printerlogic/printer-admin-api, printercloud/pi) and stored in p...

Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP7 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2024-46733: btrfs: fix qgroup reserve leaks in cowfilerange bsc1230708. CVE-2024-49996: cifs: Fix buffer overflow when parsing NFS reparse points bsc1232089...

MAL-2025-47694 Malicious code in ng-dev (npm)

--- -= Per source details. Do not edit below this line.=-...