CVE-2025-40278 net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak

In the Linux kernel, the following vulnerability has been resolved: net: sched: actife: initialize struct tcife to fix KMSAN kernel-infoleak Fix a KMSAN kernel-infoleak detected by the syzbot . net? KMSAN: kernel-infoleak in skbdatagramiter In tcfifedump, the variable 'opt' was partially...

mtd: core: fix possible resource leak in init_mtd()

...

CVE-2025-40234

In the Linux kernel, the following vulnerability has been resolved: platform/x86: alienware-wmi-wmax: Fix NULL pointer dereference in sleep handlers Devices without the AWCC interface don't initialize awcc. Add a check before dereferencing it in sleep handlers...

CVE-2025-40226

In the Linux kernel, the following vulnerability has been resolved: firmware: armscmi: Account for failed debug initialization When the SCMI debug subsystem fails to initialize, the related debug root will be missing, and the underlying descriptor will be NULL. Handle this fault condition in the...

orangefs: Fix kmemleak in orangefs_sysfs_init()

...

CVE-2025-40263

In the Linux kernel, the following vulnerability has been resolved: Input: croseckeyb - fix an invalid memory access If croseckeybregistermatrix isn't called due to buttonsswitchesonly in croseckeybprobe, ckdev-idev remains NULL. An invalid memory access is observed in croseckeybprocess when...

CVE-2025-40234

In the Linux kernel, the following vulnerability has been resolved: platform/x86: alienware-wmi-wmax: Fix NULL pointer dereference in sleep handlers Devices without the AWCC interface don't initialize awcc. Add a check before dereferencing it in sleep handlers...

CVE-2025-40226

In the Linux kernel, the following vulnerability has been resolved: firmware: armscmi: Account for failed debug initialization When the SCMI debug subsystem fails to initialize, the related debug root will be missing, and the underlying descriptor will be NULL. Handle this fault condition in the...

UBUNTU-CVE-2025-40226

In the Linux kernel, the following vulnerability has been resolved: firmware: armscmi: Account for failed debug initialization When the SCMI debug subsystem fails to initialize, the related debug root will be missing, and the underlying descriptor will be NULL. Handle this fault condition in the...

CVE-2025-40263 Input: cros_ec_keyb - fix an invalid memory access

In the Linux kernel, the following vulnerability has been resolved: Input: croseckeyb - fix an invalid memory access If croseckeybregistermatrix isn't called due to buttonsswitchesonly in croseckeybprobe, ckdev-idev remains NULL. An invalid memory access is observed in croseckeybprocess when...

CVE-2025-40235 btrfs: directly free partially initialized fs_info in btrfs_check_leaked_roots()

In the Linux kernel, the following vulnerability has been resolved: btrfs: directly free partially initialized fsinfo in btrfscheckleakedroots If fsinfo-supercopy or fsinfo-superforcommit allocated failed in btrfsgettreesubvol, then no need to call btrfsfreefsinfo. Otherwise btrfscheckleakedroots...

CVE-2025-40234 platform/x86: alienware-wmi-wmax: Fix NULL pointer dereference in sleep handlers

In the Linux kernel, the following vulnerability has been resolved: platform/x86: alienware-wmi-wmax: Fix NULL pointer dereference in sleep handlers Devices without the AWCC interface don't initialize awcc. Add a check before dereferencing it in sleep handlers...

CVE-2025-40226

CVE-2025-40226: In the Linux kernel, the SCMI firmware debug subsystem may fail to initialize, leaving the debug root missing and the descriptor NULL. The fix adds fault handling in SCMI debug helpers that maintain metrics counters to cope with a NULL descriptor when initialization fails.

CVE-2025-40226 firmware: arm_scmi: Account for failed debug initialization

In the Linux kernel, the following vulnerability has been resolved: firmware: armscmi: Account for failed debug initialization When the SCMI debug subsystem fails to initialize, the related debug root will be missing, and the underlying descriptor will be NULL. Handle this fault condition in the...

CVE-2025-40226

In the Linux kernel, the following vulnerability has been resolved: firmware: armscmi: Account for failed debug initialization When the SCMI debug subsystem fails to initialize, the related debug root will be missing, and the underlying descriptor will be NULL. Handle this fault condition in the...

CVE-2025-40226 firmware: arm_scmi: Account for failed debug initialization

In the Linux kernel, the following vulnerability has been resolved: firmware: armscmi: Account for failed debug initialization When the SCMI debug subsystem fails to initialize, the related debug root will be missing, and the underlying descriptor will be NULL. Handle this fault condition in the...

EUVD-2025-201233

In the Linux kernel, the following vulnerability has been resolved: firmware: armscmi: Account for failed debug initialization When the SCMI debug subsystem fails to initialize, the related debug root will be missing, and the underlying descriptor will be NULL. Handle this fault condition in the...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from an unhandled debugging initialization failure that could lead to a null pointer dereference...

Fedora 43 : unbound (2025-90281e4554)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-90281e4554 advisory. Update to 1.24.2 rhbz2417261 - Additional fix for CVE-2025-11411 https://nlnetlabs.nl/projects/unbound/download/unbound-1-24-2 ---- Do not always initialize...

CLSA-2025-1764696522 libssh: Fix of 2 CVEs

CVE-2025-5372: fix inconsistent return value interpretation in sshkdf function to prevent uninitialized key buffers leading to SSH session compromise - CVE-2025-5987: fix missing error detection in ChaCha20 initialization that could leave cipher context partially uninitialized...