CLSA-2026-1778828497 tar: Fix of CVE-2023-39804

CVE-2023-39804: fix crash on PAX archive with malformed extended header attributes in locatehandler and xattrdecoder...

mac80211: fix crash in ieee80211_chan_bw_change for AP_VLAN stations

...

EUVD-2025-12913

Malicious code in bioql PyPI...

CVE-2025-43212

The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may lead to an unexpected Safari crash...

CVE-2025-38387

CVE-2025-38387 affects the Linux kernel’s RDMA/mlx5 subsystem. The issue arises when an obj_event is inserted into a list before its obj_sub_list is initialized, risking a poisonous pointer if the event is loaded immediately after insertion. The referenced fix initializes obj_event->obj_sub_li...

CVE-2025-38322

In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel: Fix crash in iclupdatetopdownevent The perffuzzer found a hard-lockup crash on a RaptorLake machine: Oops: general protection fault, maybe for address 0xffff89aeceab400: 0000 CPU: 23 UID: 0 PID: 0 Comm: swapper/23...

CVE-2022-49869

In the Linux kernel, the following vulnerability has been resolved: bnxten: Fix possible crash in bnxthwrmsetcoal During the error recovery sequence, the rtnllock is not held for the entire duration and some datastructures may be freed during the sequence. Check for the BNXTSTATEOPEN flag instead...

CVE-2023-52940 mm: multi-gen LRU: fix crash during cgroup migration

In the Linux kernel, the following vulnerability has been resolved: mm: multi-gen LRU: fix crash during cgroup migration lrugenmigratemm assumes lrugenaddmm runs prior to itself. This isn't true for the following scenario: CPU 1 CPU 2 clone cgroupcanfork cgroupprocswrite cgrouppostfork tasklock...

CVE-2024-58068

In the Linux kernel, the following vulnerability has been resolved: OPP: fix devpmoppfindbw when bandwidth table not initialized If a driver calls devpmoppfindbwceil/floor the retrieve bandwidth from the OPP table but the bandwidth table was not created because the interconnect properties were...

CVE-2022-49162

The CVE-2022-49162 issue affects the Linux kernel’s fbdev sm712fb driver. When the sm712fb driver writes three bytes to the framebuffer, it could crash with a page fault due to an endianness fixup path that was open-coded. The fix is to remove the open-coded endianness fixup code (kernel patching...

poppler security update

21.01.0-21 - Fix crash in broken documents when using -dests - Resolves: RHEL-44333 21.01.0-20 - Fix a crash during signing - Resolves: RHEL-31934...

CVE-2022-48982 Bluetooth: Fix crash when replugging CSR fake controllers

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix crash when replugging CSR fake controllers It seems fake CSR 5.0 clones can cause the suspend notifier to be registered twice causing the following kernel panic: 71.986122 Call Trace: 71.986124 71.986125...

CVE-2024-49953 net/mlx5e: Fix crash caused by calling __xfrm_state_delete() twice

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix crash caused by calling xfrmstatedelete twice The km.state is not checked in driver's delayed work. When xfrmstatecheckexpire is called, the state can be reset to XFRMSTATEEXPIRED, even if it is XFRMSTATEDEAD...

SUSE-SU-2024:3189-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 12 SP5 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-43907: drm/amdgpu/pm: fix the null pointer dereference in applystateadjustrules bsc1229787. - CVE-2024-43905: drm/amd/pm: fix the null pointer dereferenc...

CVE-2024-40978 scsi: qedi: Fix crash while reading debugfs attribute

In the Linux kernel, the following vulnerability has been resolved: scsi: qedi: Fix crash while reading debugfs attribute The qedidbgdonotrecovercmdread function invokes sprintf directly on a user pointer, which results into the crash. To fix this issue, use a small local stack buffer for sprintf...

CVE-2024-40978

In the Linux kernel, the following vulnerability has been resolved: scsi: qedi: Fix crash while reading debugfs attribute The qedidbgdonotrecovercmdread function invokes sprintf directly on a user pointer, which results into the crash. To fix this issue, use a small local stack buffer for sprintf...

CVE-2024-38661

In the Linux kernel, the following vulnerability has been resolved: s390/ap: Fix crash in AP internal function modifybitmap A system crash like this Failing address: 200000cb7df6f000 TEID: 200000cb7df6f403 Fault in home space mode while using kernel ASCE. AS:00000002d71bc007 R3:00000003fe5b8007...

CVE-2022-48713

In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel/pt: Fix crash with stop filters in single-range mode Add a check for !buf-single before calling ptbufferregionsize in a place where a missing check can cause a kernel crash. Fixes a bug introduced by commit...

CVE-2021-47284 isdn: mISDN: netjet: Fix crash in nj_probe:

In the Linux kernel, the following vulnerability has been resolved: isdn: mISDN: netjet: Fix crash in njprobe: 'njsetup' in netjet.c might fail with -EIO and in this case 'card-irq' is initialized and is bigger than zero. A subsequent call to 'njrelease' will free the irq that has not been...

CVE-2022-48652 ice: Fix crash by keep old cfg when update TCs more than queues

In the Linux kernel, the following vulnerability has been resolved: ice: Fix crash by keep old cfg when update TCs more than queues There are problems if allocated queues less than Traffic Classes. Commit a632b2a4c920 "ice: ethtool: Prohibit improper channel config for DCB" already disallow setti...