CVE-2025-68309 PCI/AER: Fix NULL pointer access by aer_info

In the Linux kernel, the following vulnerability has been resolved: PCI/AER: Fix NULL pointer access by aerinfo The kzallocGFPKERNEL may return NULL, so all accesses to aerinfo-xxx will result in kernel panic. Fix it...

PT-2026-2534

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the drm/xe subsystem related to handling the num syncs parameter in the exec and vm bind ioctl calls. Without proper bounds checking, a large num...

EUVD-2022-55547

Malicious code in bioql PyPI...

EUVD-2025-25571

Malicious code in bioql PyPI...

CVE-2023-53483 ACPI: processor: Check for null return of devm_kzalloc() in fch_misc_setup()

In the Linux kernel, the following vulnerability has been resolved: ACPI: processor: Check for null return of devmkzalloc in fchmiscsetup devmkzalloc may fail, clkdata-name might be NULL and will cause a NULL pointer dereference later. rjw: Subject and changelog edits...

CVE-2025-39886 bpf: Tell memcg to use allow_spinning=false path in bpf_timer_init()

In the Linux kernel, the following vulnerability has been resolved: bpf: Tell memcg to use allowspinning=false path in bpftimerinit Currently, calling bpfmapkmallocnode from bpfasyncinit can cause various locking issues; see the following stack trace edited for style as one example: ... 10.011566...

DEBIAN-CVE-2023-53239

In the Linux kernel, the following vulnerability has been resolved: drm/msm/mdp5: Add check for kzalloc As kzalloc may fail and return NULL pointer, it should be better to check the return value in order to avoid the NULL pointer dereference. Patchwork:...

CVE-2022-50271

CVE-2022-50271 affects the Linux kernel’s vhost/vsock code. The issue arises when copying large files over SFTP over vsock, where data sizes commonly reach 32 kB and kmalloc may allocate many 32 kB chunks, leading to a page allocation failure (example: vhost-5837). The root cause is an inefficien...

CVE-2025-38690

The CVE-2025-38690 entry applies to the Linux kernel code path drm/xe/migrate. The vulnerability concerns incorrect handling of alignment for a bounce buffer when buf+offset is not aligned to XE_CACHELINE_BYTES, which could lead to recursive retries and a stack/recursion risk. The root cause desc...

PT-2025-37981

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains an issue where the communication buffer allocated by setup mm hdr was not contiguous, despite being expected to be by tee shm register kernel buf. This could le...

Linux Distros Unpatched Vulnerability : CVE-2025-38463

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: tcp: Correct signedness in skb remaining space calculation Syzkaller reported a bug 1 where...

SUSE CVE-2025-38555

In the Linux kernel, the following vulnerability has been resolved: usb: gadget : fix use-after-free in compositedevcleanup 1. In func configfscompositebind - compositeosdescreqprepare: if kmalloc fails, the pointer cdev-osdescreq will be freed but not set to NULL. Then it will return a failure t...

CVE-2025-38555

The CVE CVE-2025-38555 is a use-after-free in Linux kernel USB gadget driver during composite_dev_cleanup, arising when configfs_composite_bind() frees cdev->os_desc_req on kmalloc failure but doesn’t NULL it, leading to a subsequent use of non-NULL pointer. The issue affects the usb gadget’s ...

Linux Distros Unpatched Vulnerability : CVE-2023-52559

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Avoid memory allocation in iommususpend The iommususpend syscore suspend callbac...

UBUNTU-CVE-2025-38381

In the Linux kernel, the following vulnerability has been resolved: Input: cs40l50-vibra - fix potential NULL dereference in cs40l50uploadowt The cs40l50uploadowt function allocates memory via kmalloc without checking for allocation failure, which could lead to a NULL pointer dereference. Return...

DEBIAN-CVE-2022-50226

In the Linux kernel, the following vulnerability has been resolved: crypto: ccp - Use kzalloc for sev ioctl interfaces to prevent kernel memory leak For some sev ioctl interfaces, input may be passed that is less than or equal to SEVFWBLOBMAXSIZE, but larger than the data that PSP firmware return...

CVE-2022-50087 firmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails

In the Linux kernel, the following vulnerability has been resolved: firmware: armscpi: Ensure scpiinfo is not assigned if the probe fails When scpi probe fails, at any point, we need to ensure that the scpiinfo is not set and will remain NULL until the probe succeeds. If it is not taken care, the...

CVE-2024-33036

Memory corruption while parsing sensor packets in camera driver, user-space variable is used while allocating memory in kernel and parsing which can lead to huge allocation or invalid memory access...

The vulnerability of the kzalloc() function in the Linux operating system’s kernel allows a hacker to cause a service failure.

The vulnerability of the kzalloc function in the Linux operating system’s kernel is related to pointer arithmetic errors. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...

CVE-2025-22030 mm: zswap: fix crypto_free_acomp() deadlock in zswap_cpu_comp_dead()

In the Linux kernel, the following vulnerability has been resolved: mm: zswap: fix cryptofreeacomp deadlock in zswapcpucompdead Currently, zswapcpucompdead calls cryptofreeacomp while holding the per-CPU acompctx mutex. cryptofreeacomp then holds scomplock through cryptoexitscompopsasync. On the...