AZL-68831 CVE-2025-40042 affecting package kernel for versions less than 6.6.117.1-1

In the Linux kernel, the following vulnerability has been resolved: tracing: Fix race condition in kprobe initialization causing NULL pointer dereference There is a critical race condition in kprobe initialization that can lead to NULL pointer dereference and kernel crash. 1135630.084782 Unable t...

AZL-68852 CVE-2025-40035 affecting package kernel for versions less than 6.6.112.1-2

In the Linux kernel, the following vulnerability has been resolved: Input: uinput - zero-initialize uinputffuploadcompat to avoid info leak Struct ffeffectcompat is embedded twice inside uinputffuploadcompat, contains internal padding. In particular, there is a hole after struct ffreplay to satis...

UBUNTU-CVE-2025-40035

In the Linux kernel, the following vulnerability has been resolved: Input: uinput - zero-initialize uinputffuploadcompat to avoid info leak Struct ffeffectcompat is embedded twice inside uinputffuploadcompat, contains internal padding. In particular, there is a hole after struct ffreplay to satis...

CVE-2025-40066 wifi: mt76: mt7996: Check phy before init msta_link in mt7996_mac_sta_add_links()

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7996: Check phy before init mstalink in mt7996macstaaddlinks In order to avoid a possible NULL pointer dereference in mt7996macstainitlink routine, move the phy pointer check before running mt7996macstainitlink in...

CVE-2025-40042

This CVE (CVE-2025-40042) describes a race in Linux kernel tracing (kprobe initialization). The issue occurs between perf_kprobe_init/perf_trace_event_init assigning tp_event->perf_events and enabling kprobe TP_FLAG_PROFILE, where kprobe_dispatcher may observe call->perf_events as NULL, lea...

EUVD-2025-36486

In the Linux kernel, the following vulnerability has been resolved: tracing: Fix race condition in kprobe initialization causing NULL pointer dereference There is a critical race condition in kprobe initialization that can lead to NULL pointer dereference and kernel crash. 1135630.084782 Unable t...

CVE-2025-40042

In the Linux kernel, the following vulnerability has been resolved: tracing: Fix race condition in kprobe initialization causing NULL pointer dereference There is a critical race condition in kprobe initialization that can lead to NULL pointer dereference and kernel crash. 1135630.084782 Unable t...

CVE-2025-40042 tracing: Fix race condition in kprobe initialization causing NULL pointer dereference

In the Linux kernel, the following vulnerability has been resolved: tracing: Fix race condition in kprobe initialization causing NULL pointer dereference There is a critical race condition in kprobe initialization that can lead to NULL pointer dereference and kernel crash. 1135630.084782 Unable t...

EUVD-2025-36493

In the Linux kernel, the following vulnerability has been resolved: Input: uinput - zero-initialize uinputffuploadcompat to avoid info leak Struct ffeffectcompat is embedded twice inside uinputffuploadcompat, contains internal padding. In particular, there is a hole after struct ffreplay to satis...

CVE-2025-40035 Input: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak

In the Linux kernel, the following vulnerability has been resolved: Input: uinput - zero-initialize uinputffuploadcompat to avoid info leak Struct ffeffectcompat is embedded twice inside uinputffuploadcompat, contains internal padding. In particular, there is a hole after struct ffreplay to satis...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from a race condition during kprobe initialization that could lead to a null pointer dereference...

kernel: pstore/ram: Check start of empty przs during init

An out of bounds array vulnerability exists in the linux kernel, such that a missing check on the start field of a PRZ persistent ram zone during initialization leads to damage to the availability and integrity of the system...

Siemens SIMATIC, SCALANCE and RUGGEDCOM Devices Improper Input Validation (CVE-2024-38619)

usb-storage: alauda: Check whether the media is initialized. The member uzonesize of struct alaudainfo will remain 0 if alaudainitmedia fails, potentially causing divide errors in alaudareaddata and alaudawritelba. This plugin only works with Tenable.ot. Please visit...

Siemens SIMATIC, SCALANCE and RUGGEDCOM Devices Improper Initialization (CVE-2024-50015)

ext4: dax: Overflowing extents beyond inode size when partially writing. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid503434; scriptversion"1.3...

Siemens SIMATIC, SCALANCE and RUGGEDCOM Devices Use of Uninitialized Resource (CVE-2024-50302)

In the Linux kernel, the following vulnerability has been resolved: HID: core: zero-initialize the report buffer Since the report buffer is used by all kinds of drivers in various ways, let's zero-initialize it during allocation to make sure that it can't be ever used to leak kernel memory via...

Siemens SIMATIC, SCALANCE and RUGGEDCOM Devices Missing Initialization of a Variable (CVE-2024-53101)

In the Linux kernel, the following vulnerability has been resolved: fs: Fix uninitialized value issue in fromkuid and fromkgid ocfs2setattr uses attr-iamode, attr-iauid and attr-iagid in a trace point even though ATTRMODE, ATTRUID and ATTRGID aren't set. Initialize all fields of newattrs to avoid...

Siemens SIMATIC Devices Divide By Zero (CVE-2024-27059)

In the Linux kernel, the following vulnerability has been resolved: USB: usb-storage: Prevent divide-by-0 error in isd200atacommand The isd200 sub-driver in usb-storage uses the HEADS and SECTORS values in the ATA ID information to calculate cylinder and head values when creating a CDB for READ o...

Siemens SIMATIC Devices Use of Uninitialized Resource (CVE-2024-46865)

In the Linux kernel, the following vulnerability has been resolved: fou: fix initialization of grc The grc must be initialize first. There can be a condition where if fou is NULL, goto out will be executed and grc would be used uninitialized. This plugin only works with Tenable.ot. Please visit...

Siemens SIMATIC, SCALANCE and RUGGEDCOM Devices Use of Uninitialized Resource (CVE-2024-49900)

In the Linux kernel, the following vulnerability has been resolved: jfs: Fix uninit-value access of newea in eabuffer syzbot reports that lzo1x1docompress is using uninit-value: ===================================================== BUG: KMSAN: uninit-value in lzo1x1docompress+0x19f9/0x2510...

Siemens SIMATIC Devices Missing Initialization of a Variable (CVE-2024-45018)

In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: initialise extack before use Fix missing initialisation of extack in flow offload. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information...