DEBIAN-CVE-2025-37915

In the Linux kernel, the following vulnerability has been resolved: netsched: drr: Fix double list add in class with netem as child qdisc As described in Gerrard's report 1, there are use cases where a netem child qdisc will make the parent qdisc's enqueue callback reentrant. In the case of drr,...

CVE-2025-37956 ksmbd: prevent rename with empty string

In the Linux kernel, the following vulnerability has been resolved: ksmbd: prevent rename with empty string Client can send empty newname string to ksmbd server. It will cause a kernel oops from dalloc. This patch return the error when attempting to rename a file or directory with an empty new na...

CVE-2025-37947 ksmbd: prevent out-of-bounds stream writes by validating *pos

In the Linux kernel, the following vulnerability has been resolved: ksmbd: prevent out-of-bounds stream writes by validating pos ksmbdvfsstreamwrite did not validate whether the write offset pos was within the bounds of the existing stream data length vlen. If pos was greater than or equal to vle...

kernel: exfat: fix potential deadlock on __exfat_get_dentry_set

A potential deadlock on exfatgetdentryset was found in the Linux kernel. This may lead to decreased Availability...

kernel: fscache: Fix oops due to race with cookie_lru and use_cookie

In the Linux kernel, the following vulnerability has been resolved: fscache: Fix oops due to race with cookielru and usecookie If a cookie expires from the LRU and the LRUDISCARD flag is set, but the state machine has not run yet, it's possible another thread can call fscacheusecookie and begin t...

kernel: userfaultfd: fix checks for huge PMDs

In the Linux kernel, the following vulnerability has been resolved: userfaultfd: fix checks for huge PMDs Patch series "userfaultfd: fix races around pmdtranshuge check", v2. The pmdtranshuge code in mfillatomic is wrong in three different ways depending on kernel version: 1. The pmdtranshuge che...

DEBIAN-CVE-2025-37815

In the Linux kernel, the following vulnerability has been resolved: misc: microchip: pci1xxxx: Fix Kernel panic during IRQ handler registration Resolve kernel panic while accessing IRQ handler associated with the generated IRQ. This is done by acquiring the spinlock and storing the current...

CBL Mariner 2.0 Security Update: kernel (CVE-2025-21700)

The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-21700 advisory. - In the Linux kernel, the following vulnerability has been resolved: net: sched: Disallow replacing of child...

Azure Linux 3.0 Security Update: kernel (CVE-2025-21887)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-21887 advisory. - In the Linux kernel, the following vulnerability has been resolved: ovl: fix UAF in ovldentryupdatereval by...

CLSA-2025-1746479711 kernel-uek: Fix of 218 CVEs

sctp: sysctl: authenable: avoid using current-nsproxy - sctp: sysctl: cookiehmacalg: avoid using current-nsproxy CVE-2025-21640 - bpf: Use preemptcount directly in bpfsendsignalcommon - Revert "sctp: sysctl: cookiehmacalg: avoid using current-nsproxy" - jfs: fix slab-out-of-bounds read in eaget -...

UBUNTU-CVE-2023-53109

In the Linux kernel, the following vulnerability has been resolved: net: tunnels: annotate lockless accesses to dev-neededheadroom IP tunnels can apparently update dev-neededheadroom in their xmit path. This patch takes care of three tunnels xmit, and also the core LLRESERVEDSPACE and...

CVE-2023-53107 veth: Fix use after free in XDP_REDIRECT

In the Linux kernel, the following vulnerability has been resolved: veth: Fix use after free in XDPREDIRECT Commit 718a18a0c8a6 "veth: Rework vethxdprcvskb in order to accept non-linear skb" introduced a bug where it tried to use pskbexpandhead if the headroom was less than XDPPACKETHEADROOM. Thi...

DEBIAN-CVE-2022-49776

In the Linux kernel, the following vulnerability has been resolved: macvlan: enforce a consistent minimal mtu macvlan should enforce a minimal mtu of 68, even at link creation. This patch avoids the current behavior which could lead to crashes in ipv6 stack if the link is brought up $ ip link add...

CVE-2022-49867 net: wwan: iosm: fix memory leak in ipc_wwan_dellink

In the Linux kernel, the following vulnerability has been resolved: net: wwan: iosm: fix memory leak in ipcwwandellink IOSM driver registers network device without setting the needsfreenetdev flag, and does NOT call freenetdev when unregisters network device, which causes a memory leak. This patc...

CVE-2022-49853 net: macvlan: fix memory leaks of macvlan_common_newlink

In the Linux kernel, the following vulnerability has been resolved: net: macvlan: fix memory leaks of macvlancommonnewlink kmemleak reports memory leaks in macvlancommonnewlink, as follows: ip link add link eth0 name .. type macvlan mode source macaddr add kmemleak reports: unreferenced object...

CVE-2022-49763

Summary (CVE-2022-49763) In the Linux kernel NTFS code, the use-after-free issue in ntfs_attr_find() stems from missing bounds checks on the attrs_offset field after loading the first MFT record. The vulnerability was exposed by KASAN reports (use-after-free read) during NTFS attribute handling, ...

CVE-2025-37753

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

CVE-2025-37775 ksmbd: fix the warning from __kernel_write_iter

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix the warning from kernelwriteiter 2110.972290 ------------ cut here ------------ 2110.972301 WARNING: CPU: 3 PID: 735 at fs/readwrite.c:599 kernelwriteiter+0x21b/0x280 This patch doesn't allow writing to directory...

Important: kernel-livepatch-6.1.128-136.201

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: netem: Update sch-q.qlen before qdisctreereducebacklog CVE-2025-21703 Affected Packages: kernel-livepatch-6.1.128-136.201 Issue Correction: Please ensure you have live patching enabled. Run dnf update...

Important: kernel-livepatch-5.10.234-225.910

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: netem: Update sch-q.qlen before qdisctreereducebacklog CVE-2025-21703 Affected Packages: kernel-livepatch-5.10.234-225.910 Issue Correction: Please ensure you have live patching enabled. Run yum update...