Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990288)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990288 advisory. In the Linux kernel, the following vulnerability has been resolved: s390/cpumsf: Handle CPU hotplug remove during sampling CPU hotplug remove handling triggers the...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989726)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989726 advisory. In the Linux kernel, the following vulnerability has been resolved: s390/cpumsf: Handle CPU hotplug remove during sampling CPU hotplug remove handling triggers the...

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerabilities have been resolved: drm/mediatek: Added error handling for the old state CRTC in atomicdisable. Introduced error handling to address a issue where, after a hotplug event, the cursor continues to update. This situation can lead to a kernel panic d...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerabilities have been resolved: powerpc/eeh: Made the EEH driver’s device hotplug operations safe. Multiple race conditions existed between the PCIe hotplug driver and the EEH driver, leading to various kernel errors of the same general nature: A second type...

Astra Linux – Vulnerability found in Linux 6.12, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: hrtimers: Timers queued after CPUHPAPHRTIMERSDYING are forced to be migrated away from the dying CPU to any online target. This is done to avoid delaying bandwidth timer handling tasks related to CPU hotplug progress. However,...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerabilities have been resolved: PCI: pnvphp – Fixed issue with surprise plug detection and recovery. The existing PowerNV hotplug code did not handle surprise plug events correctly, resulting in a complete failure of the hotplug system after a device was...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerabilities have been resolved: mm/ptdump: The memory hotplug lock is now handled within ptdumpwalkpgd. Memory hot removal operations involve unmapping memory and dismantling various kernel page table regions as needed. The ptdump code may race with concurre...

Siemens SIMATIC and SCALANCE Devices Use After Free (CVE-2024-57951)

In the Linux kernel, the following vulnerability has been resolved: hrtimers: Handle CPU state correctly on hotplug Consider a scenario where a CPU transitions from CPUHPONLINE to halfway through a CPU hotunplug down to CPUHPHRTIMERSPREPARE, and then back to CPUHPONLINE: Since hrtimerspreparecpu...

EUVD-2022-54567

In the Linux kernel, the following vulnerability has been resolved: powerpc/memhotplug: Add addpages override for PPC With commit ffa0b64e3be5 "powerpc: Fix virtaddrvalid for 64-bit Book3E & 32-bit" the kernel now validate the addr against highmemory value. This results in the below BUGON with da...

ROS-20251023-01

A vulnerability in the cifscomposemountoptions function of the fs/smb/client/cifsproto.h module of the SMB client support kernel of the Linux operating system is related to synchronization errors when using a shared resource. Exploitation of the vulnerability could allow an attacker to cause a...

EUVD-2023-59996

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix NULL dereference in niwriteinode Syzbot reports a NULL dereference in niwriteinode. When creating a new inode, if allocation fails in miinit function called in miformatnew function, mi-mrec is set to NULL. In the...

EUVD-2022-55661

In the Linux kernel, the following vulnerability has been resolved: fs: jfs: fix shift-out-of-bounds in dbAllocAG Syzbot found a crash : UBSAN: shift-out-of-bounds in dbAllocAG. The underlying bug is the missing check of bmp-dbagl2size. The field can be greater than 64 and trigger the...

Linux Distros Unpatched Vulnerability : CVE-2022-50510

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: perf/smmuv3: Fix hotplug callback leak in armsmmupmuinit armsmmupmuinit won't remove the...

EulerOS 2.0 SP11 : cloud-init (EulerOS-SA-2025-2221)

According to the versions of the cloud-init package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : When a non-x86 platform is detected, cloud-init grants root access to a hardcoded url with a local IP address. To prevent this,cloud-init defau...

CVE-2025-39958

In the Linux kernel, the following vulnerability has been resolved: iommu/s390: Make attach succeed when the device was surprise removed When a PCI device is removed with surprise hotplug, there may still be attempts to attach the device to the default domain as part of tear down via...

SUSE CVE-2025-39958

In the Linux kernel, the following vulnerability has been resolved: iommu/s390: Make attach succeed when the device was surprise removed When a PCI device is removed with surprise hotplug, there may still be attempts to attach the device to the default domain as part of tear down via...

CLSA-2025-1760018787 cloud-init: Fix of CVE-2024-11584

CVE-2024-11584: fix systemd socket unit permission vulnerability to prevent unprivileged user from triggering hotplug-hook commands...

EUVD-2025-33325

In the Linux kernel, the following vulnerability has been resolved: iommu/s390: Make attach succeed when the device was surprise removed When a PCI device is removed with surprise hotplug, there may still be attempts to attach the device to the default domain as part of tear down via...

CVE-2025-39958

In the Linux kernel, the following vulnerability has been resolved: iommu/s390: Make attach succeed when the device was surprise removed When a PCI device is removed with surprise hotplug, there may still be attempts to attach the device to the default domain as part of tear down via...

UBUNTU-CVE-2025-39958

In the Linux kernel, the following vulnerability has been resolved: iommu/s390: Make attach succeed when the device was surprise removed When a PCI device is removed with surprise hotplug, there may still be attempts to attach the device to the default domain as part of tear down via...