CVE-2025-40278

CVE-2025-40278 affects the Linux kernel net: sched: act_ife code path. The issue stems from a partially initialized tc_ife structure in tcf_ife_dump(), where a designated initializer left padding uninitialized and nla_put() copies the whole struct to userspace, exposing kernel memory. The advisor...

CVE-2025-40278 net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak

In the Linux kernel, the following vulnerability has been resolved: net: sched: actife: initialize struct tcife to fix KMSAN kernel-infoleak Fix a KMSAN kernel-infoleak detected by the syzbot . net? KMSAN: kernel-infoleak in skbdatagramiter In tcfifedump, the variable 'opt' was partially...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-990815)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990815 advisory. In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix null pointer dereference in ftraceaddmod The @ftracemod is allocated by kzalloc, so...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989250)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989250 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: initialize registers in nftdochain Initialize registers to avoid stack leak...

CVE-2025-40049

In the Linux kernel, the following vulnerability has been resolved: Squashfs: fix uninit-value in squashfsgetparent Syzkaller reports a "KMSAN: uninit-value in squashfsgetparent" bug. This is caused by openbyhandleat being called with a file handle containing an invalid parent inode number. In...

CVE-2025-40035 Input: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak

In the Linux kernel, the following vulnerability has been resolved: Input: uinput - zero-initialize uinputffuploadcompat to avoid info leak Struct ffeffectcompat is embedded twice inside uinputffuploadcompat, contains internal padding. In particular, there is a hole after struct ffreplay to satis...

CVE-2025-40035

In the Linux kernel, the following vulnerability has been resolved: Input: uinput - zero-initialize uinputffuploadcompat to avoid info leak Struct ffeffectcompat is embedded twice inside uinputffuploadcompat, contains internal padding. In particular, there is a hole after struct ffreplay to satis...

CVE-2025-40035

CVE-2025-40035 (Linux kernel) affects the input subsystem (uinput). The vulnerability arises from how struct ff_effect_compat is embedded twice inside uinput_ff_upload_compat, creating a padding hole after ff_replay. If the structure is not cleared before copy_to_user, stack data may be leaked to...

SUSE-SU-2025:20851-1 Security update for the Linux Kernel

The SUSE Linux Enterprise Micro 6.0 and 6.1 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2023-53261: coresight: Fix memory leak in acpibuffer-pointer bsc1249770. - CVE-2024-58090: sched/core: Prevent rescheduling when interrupts are disabl...

Security update for the Linux Kernel

The SUSE Linux Enterprise Micro 6.0 and 6.1 kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2023-53261: coresight: Fix memory leak in acpibuffer-pointer bsc1249770. CVE-2024-58090: sched/core: Prevent rescheduling when interrupts are disabled...

nvmet: always initialize cqe.result

...

CVE-2025-39960 gpiolib: acpi: initialize acpi_gpio_info struct

In the Linux kernel, the following vulnerability has been resolved: gpiolib: acpi: initialize acpigpioinfo struct Since commit 7c010d463372 "gpiolib: acpi: Make sure we fill struct acpigpioinfo", uninitialized acpigpioinfo struct are passed to acpifindgpio and later in the call stack info-quirks ...

net/smc: initialize close_work early to avoid warning

...

PT-2025-41036

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An information leak was identified in the Linux kernel related to the tipc topsrv kern subscr function. Specifically, an 8-byte write was not used to initialize the sub.usr handle...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987028)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987028 advisory. In the Linux kernel, the following vulnerability has been resolved: mac802154: fix missing INITLISTHEAD in ieee802154ifadd Kernel fault injection test reports...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-404228)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-404228 advisory. In the Linux kernel, the following vulnerability has been resolved: net: can: j1939: Initialize unused data in j1939sendone syzbot reported kernel-infoleak in...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-986508)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986508 advisory. In the Linux kernel, the following vulnerability has been resolved: virtio-blk: Fix memory leak among suspend/resume procedure The vblk-vqs should be freed before we...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-986652)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986652 advisory. In the Linux kernel, the following vulnerability has been resolved: s390/qeth: fix NULL deref in qethclearworkingpoollist When qethsetonline calls...

CVE-2025-39937

CVE-2025-39937 affects the Linux kernel, specifically the rfkill GPIO code. A potential crash could occur on x86 when rfkill-gpio binds to BCM4752/LNV4752 ACPI devices because rfkill_find_type() used an uninitialized local pointer (type_name) if device_property_read_string() failed. The fix initi...

EUVD-2025-22593

Malicious code in bioql PyPI...