UBUNTU-CVE-2025-38613

In the Linux kernel, the following vulnerability has been resolved: staging: gpib: fix unset padding field copy back to userspace The introduction of a padding field in the gpibboardinfoioctl is showing up as initialized data on the stack frame being copyied back to userspace in function...

CVE-2025-38579

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix KMSAN uninit-value in extentinfo usage KMSAN reported a use of uninitialized value in isextentmergeable and isbackmergeable via the read extent tree path. The root cause is that getreadextentinfo only initializes three...

Linux Distros Unpatched Vulnerability : CVE-2024-26791

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - btrfs: dev-replace: properly validate device names There's a syzbot report that device name buffers passed to device replace are not properly checked for string...

Linux Distros Unpatched Vulnerability : CVE-2025-22110

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlinkqueue: Initialize ctx to avoid memory allocation error It is possible th...

nfsd: Initialize ssc before laundromat_work to prevent NULL dereference

...

DEBIAN-CVE-2025-38387

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Initialize objevent-objsublist before xainsert The objevent may be loaded immediately after inserted, then if the listhead is not initialized then we may get a poisonous pointer. This fixes the crash below: mlx5core...

AZL-65648 CVE-2025-23266 affecting package nvidia-container-toolkit for versions less than 1.17.8-1

NVIDIA Container Toolkit for all platforms contains a vulnerability in some hooks used to initialize the container, where an attacker could execute arbitrary code with elevated permissions. A successful exploit of this vulnerability might lead to escalation of privileges, data tampering,...

usb: gadget: aspeed: Add NULL pointer check in ast_vhub_init_dev()

...

DEBIAN-CVE-2025-38319

In the Linux kernel, the following vulnerability has been resolved: drm/amd/pp: Fix potential NULL pointer dereference in atomctrlinitializemcregtable The function atomctrlinitializemcregtable and atomctrlinitializemcregtablev22 does not check the return value of smuatomgetdatatable. If...

CVE-2025-38319

CVE-2025-38319 affects the Linux kernel’s DRM/AMD/PP path. The vulnerability arises because atomctrl_initialize_mc_reg_table() and atomctrl_initialize_mc_reg_table_v2_2() do not validate the return value of smu_atom_get_data_table(); if that call fails to obtain vram_info and returns NULL, a NULL...

UBUNTU-CVE-2025-38205

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Avoid divide by zero by initializing dummy pitch to 1 Why If the dummy values in populatedummydmlsurfacecfg aren't updated then they can lead to a divide by zero in downstream callers like CalculateVMAndRowBytes...

CVE-2025-6109 javahongxi whatsmars InitializrController.java initialize path traversal

A vulnerability was found in javahongxi whatsmars 2021.4.0. It has been rated as problematic. Affected by this issue is the function initialize of the file /whatsmars-archetypes/whatsmars-initializr/src/main/java/org/hongxi/whatsmars/initializr/controller/InitializrController.java. The manipulati...

CVE-2023-23298

The Toybox.Graphics.BufferedBitmap.initialize API method in CIQ API version 2.3.0 through 4.1.7 does not validate its parameters, which can result in integer overflows when allocating the underlying bitmap buffer. A malicious application could call the API method with specially crafted parameters...

CVE-2023-23300

The Toybox.Cryptography.Cipher.initialize API method in CIQ API version 3.0.0 through 4.1.7 does not validate its parameters, which can result in buffer overflows when copying data. A malicious application could call the API method with specially crafted parameters and hijack the execution of the...

CVE-2025-37887 pds_core: handle unsupported PDS_CORE_CMD_FW_CONTROL result

In the Linux kernel, the following vulnerability has been resolved: pdscore: handle unsupported PDSCORECMDFWCONTROL result If the FW doesn't support the PDSCORECMDFWCONTROL command the driver might at the least print garbage and at the worst crash when the user runs the "devlink dev info" devlink...

DEBIAN-CVE-2025-37805

In the Linux kernel, the following vulnerability has been resolved: sound/virtio: Fix cancelsync warnings on uninitialized workstructs Betty reported hitting the following warning: 8.709131 T221 WARNING: CPU: 2 PID: 221 at kernel/workqueue.c:4182 ... 8.713282 T221 Call trace: 8.713365 T221...

SUSE CVE-2022-49818

In the Linux kernel, the following vulnerability has been resolved: mISDN: fix misuse of putdevice in mISDNregisterdevice We should not release reference by putdevice before calling deviceinitialize...

DEBIAN-CVE-2022-49928

In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Fix null-ptr-deref when xps sysfs alloc failed There is a null-ptr-deref when xps sysfs alloc failed: BUG: KASAN: null-ptr-deref in sysfsdocreatelinksd+0x40/0xd0 Read of size 8 at addr 0000000000000030 by task gssproxy/45...

DEBIAN-CVE-2022-49818

In the Linux kernel, the following vulnerability has been resolved: mISDN: fix misuse of putdevice in mISDNregisterdevice We should not release reference by putdevice before calling deviceinitialize...

UBUNTU-CVE-2022-49818

In the Linux kernel, the following vulnerability has been resolved: mISDN: fix misuse of putdevice in mISDNregisterdevice We should not release reference by putdevice before calling deviceinitialize...