CVE-2023-53197

In the Linux kernel, the following vulnerability has been resolved: USB: uhci: fix memory leak with using debugfslookup When calling debugfslookup the result must have dput called on it, otherwise the memory will leak over time. To make things simpler, just call debugfslookupandremove instead whi...

CVE-2022-50247

CVE-2022-50247 concerns a Linux kernel USB xHCI MTK driver issue: if wakeup IRQ setup fails, the shared HCD is leaked because usb_put_hcd() may not NULL the @shared_hcd before decreasing usage. The patch (referenced in the description) fixes leakage by ensuring shared_hcd is NULLed prior to decre...

CVE-2022-50247 usb: xhci-mtk: fix leakage of shared hcd when fail to set wakeup irq

In the Linux kernel, the following vulnerability has been resolved: usb: xhci-mtk: fix leakage of shared hcd when fail to set wakeup irq Can not set the @sharedhcd to NULL before decrease the usage count by usbputhcd, this will cause the shared hcd not released...

kernel: Bluetooth: hci_core: Fix use-after-free in vhci_flush()

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcicore: Fix use-after-free in vhciflush syzbot reported use-after-free in vhciflush without repro. 0 From the splat, a thread closed a vhci file descriptor while its device was being used by iotcl on another thread...

usb: xhci: Fix isochronous Ring Underrun/Overrun event handling

...

USN-7737-1 linux-azure, linux-azure-6.8, linux-azure-nvidia vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - S390 architecture; - x86 architecture; - Block layer subsystem; -...

kernel: USB: core: Fix access violation during port device removal

In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix access violation during port device removal Testing with KASAN and syzkaller revealed a bug in port.c:disablestore: usbhubtostructhub can return NULL if the hub that the port belongs to is concurrently removed, but...

kernel: Bluetooth: hci_core: Fix use-after-free in vhci_flush()

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcicore: Fix use-after-free in vhciflush syzbot reported use-after-free in vhciflush without repro. 0 From the splat, a thread closed a vhci file descriptor while its device was being used by iotcl on another thread...

CVE-2025-38593

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: fix double free in 'hcidiscoveryfilterclear' Function 'hcidiscoveryfilterclear' frees 'uuids' array and then sets it to NULL. There is a tiny chance of the following race: 'hcicmdsyncwork'...

AlmaLinux 8 : kernel-rt (ALSA-2025:13961)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:13961 advisory. kernel: drm/vkms: Fix use after free and double free on init error CVE-2025-22097 kernel: netsched: ets: Fix double list add in class with netem as child...

RHEL 8 : kernel-rt (RHSA-2025:13961)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:13961 advisory. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism...

ALSA-2025:13961 Moderate: kernel-rt security update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: drm/vkms: Fix use after free and double free on init error CVE-2025-22097 kernel: netsched: ets: Fix double list add in class with...

Linux Distros Unpatched Vulnerability : CVE-2024-35978

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix memory leak in hcireqsynccomplete In 'hcireqsynccomplete', always free the...

Linux Distros Unpatched Vulnerability : CVE-2024-35816

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: firewire: ohci: prevent leak of left- over IRQ on unbind Commit 5a95f1ded28691e6 firewire:...

Linux Distros Unpatched Vulnerability : CVE-2022-50186

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: ath11k: fix missing skb drop on htctxcompletion error On htctxcompletion error the skb is no...

Linux Distros Unpatched Vulnerability : CVE-2022-50033

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - usb: host: ohci-ppc-of: Fix refcount leak bug In ohcihcdppcofprobe, offindcompatiblenode will return a node pointer with refcount incremented. We should use...

Linux Distros Unpatched Vulnerability : CVE-2025-37882

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - usb: xhci: Fix isochronous Ring Underrun/Overrun event handling The TRB pointer of these events points at enqueue at the time of error occurrence on xHCI 1.1+ H...

Linux Distros Unpatched Vulnerability : CVE-2021-47434

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - xhci: Fix command ring pointer corruption while aborting a command The command ring pointer is located at 6:63 bits of the command ring control register CRCR. A...

Linux Distros Unpatched Vulnerability : CVE-2022-50166

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Bluetooth: When HCI work queue is drained, only queue chained work The HCI command, event, and data packet processing workqueue is drained to avoid deadlock in...

Linux Distros Unpatched Vulnerability : CVE-2023-53046

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix race condition in hcicmdsyncclear There is a potential race condition in...