UBUNTU-CVE-2022-50812

In the Linux kernel, the following vulnerability has been resolved: security: Restrict CONFIGZEROCALLUSEDREGS to gcc or clang 15.0.6 A bad bug in clang's implementation of -fzero-call-used-regs can result in NULL pointer dereferences see the links above the check for more information. Restrict...

The vulnerability of the `core::fmt::write()` function in the arch/x86/Kconfig module of Linux kernel allows a hacker to trigger a service failure.

The vulnerability of the core::fmt::write function in the arch/x86/Kconfig module of Linux kernels is related to incorrect initialization of resources. Exploiting this vulnerability can allow an attacker to cause a service failure...

Disable SysRq

SysRq enables users with physical access to access dangerous system-level commands in a computer. Therefore, it is advised to restrict the usage of the SysRq function. If SysRq is not disabled, you can use the keyboard to trigger SysRq. As a result, commands may be directly sent to the kernel,...

Configure TIME_WAIT for TCP

TIMEWAIT indicates the time for TCP to wait for connection destruction. If this parameter is set to a large value, a large number of TCP connections are not closed and DoS attacks occur. You are advised to set this parameter to a value less than or equal to 60. SPDX-FileCopyrightText: 2025...

PT-2025-20532

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A issue in the Linux kernel has been identified where the sched yield syscall may not cause scheduling in time-travel mode, potentially leading to extreme slowdown or deadlock. This is d...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: The userfaultfdapi function has been fixed to return EINVAL as expected. Currently, if we request a feature that is not set in the kernel configuration, we will fail silently and return all available features. However, the manual...

SUSE CVE-2024-41027

In the Linux kernel, the following vulnerability has been resolved: Fix userfaultfdapi to return EINVAL as expected Currently if we request a feature that is not set in the Kernel config we fail silently and return all the available features. However, the man page indicates we should return an...

Linux DRM drm_file_update_pid() Race Condition / Use-After-Free

Linux: DRM: refcount incremented too late in drmfileupdatepid I am sending this to security@ and to the drm-misc maintainers - based on https://drm.pages.freedesktop.org/maintainer-tools/committer-drm-misc.htmlmerge-criteria I think this falls into drm-misc's area of responsibility? === summary =...

CLSA-2024-1719568080 Fix CVE(s): CVE-2021-33631, CVE-2021-47545, CVE-2024-2201, CVE-2024-26642

CVE-url: https://ubuntu.com/security/CVE-2024-2201 - x86/cpufeatures: Add CPUIDLNX5 to track recently added Linux-defined word - x86/bugs: Change commas to semicolons in 'spectrev2' sysfs file - x86/bhi: Add support for clearing branch history at syscall entry - x86/bhi: Define SPECCTRLBHIDISS -...

SUSE CVE-2021-47393

In the Linux kernel, the following vulnerability has been resolved: hwmon: mlxreg-fan Return non-zero value when fan current state is enforced from sysfs Fan speed minimum can be enforced from sysfs. For example, setting current fan speed to 20 is used to enforce fan speed to be at 100% speed, 19...

CVE-2023-52855

In the Linux kernel, the following vulnerability has been resolved: usb: dwc2: fix possible NULL pointer dereference caused by driver concurrency In dwc2hcdurbenqueue, "urb-hcpriv = NULL" is executed without holding the lock "hsotg-lock". In dwc2hcdurbdequeue: spinlockirqsave&hsotg-lock, flags;...

UBUNTU-CVE-2021-47430

In the Linux kernel, the following vulnerability has been resolved: x86/entry: Clear X86FEATURESMAP when CONFIGX86SMAP=n Commit 3c73b81a9164 "x86/entry, selftests: Further improve user entry sanity checks" added a warning if AC is set when in the kernel. Commit 662a0221893a3d "x86/entry: Fix AC...

CVE-2021-47209 sched/fair: Prevent dead task groups from regaining cfs_rq's

In the Linux kernel, the following vulnerability has been resolved: sched/fair: Prevent dead task groups from regaining cfsrq's Kevin is reporting crashes which point to a use-after-free of a cfsrq in updateblockedaverages. Initial debugging revealed that we've live cfsrq's onlist=1 in an about t...

SUSE CVE-2023-52562

In the Linux kernel, the following vulnerability has been resolved: mm/slabcommon: fix slabcaches list corruption after kmemcachedestroy After the commit in Fixes:, if a module that created a slab cache does not release all of its allocated objects before destroying the cache at rmmod time, we...

kernel: srcu: Delegate work to the boot cpu if using SRCU_SIZE_SMALL

A synchronization flaw was found in the Linux kernel Sleepable Read-Copy-Update SRCU implementation. The subsystem assumed that central processing unit CPU 0 was always online. On systems where CPU 0 is offline, such as crash-kernel configurations using a different boot CPU, SRCU work could be...

CVE-2023-43783

Cadence through 0.9.2 2023-08-21 uses an Insecure /tmp/cadence-wineasio.reg Temporary File. The filename is used even if it has been created by a local adversary before Cadence started. The adversary can leverage this to create or overwrite files via a symlink attack. In some kernel configuration...

CVE-2023-28842

Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component dockerd, which is developed as moby/moby is commonly referred to as Docker. Swarm Mode, which is...

Design/Logic Flaw

Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component dockerd, which is developed as moby/moby is commonly referred to as Docker. Swarm Mode, which is...

GHSA-6WRF-MXFJ-PF5P Docker Swarm encrypted overlay network with a single endpoint is unauthenticated

Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component dockerd, which is developed as moby/moby is commonly referred to as Docker. Swarm Mode, which is...

CVE-2023-28842 moby/moby's dockerd daemon encrypted overlay network with a single endpoint is unauthenticated

Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component dockerd, which is developed as moby/moby is commonly referred to as Docker. Swarm Mode, which is...