95 matches found
kernel: ipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init()
In the Linux kernel, the following vulnerability has been resolved: ipvs: fix UB due to uninitialized stack access in ipvsprotocolinit Under certain kernel configurations when building with Clang/LLVM, the compiler does not generate a return or jump as the terminator instruction for...
Security update for the Linux Kernel (Live Patch 34 for SUSE Linux Enterprise 15 SP4)
This update for the SUSE Linux Enterprise kernel 5.14.21-150400.24.144 fixes various security issues The following security issues were fixed: CVE-2022-50252: igb: Do not free qvector unless new one was allocated bsc1249847. CVE-2024-53164: net: sched: fix ordering of qlen adjustment bsc1246019...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989094)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989094 advisory. In the Linux kernel, the following vulnerability has been resolved: cfg80211: call cfg80211stopap when switch from P2PGO type If the userspace tools switch from...
AZL-68915 CVE-2025-40049 affecting package kernel for versions less than 6.6.112.1-2
In the Linux kernel, the following vulnerability has been resolved: Squashfs: fix uninit-value in squashfsgetparent Syzkaller reports a "KMSAN: uninit-value in squashfsgetparent" bug. This is caused by openbyhandleat being called with a file handle containing an invalid parent inode number. In...
CVE-2025-40075 tcp_metrics: use dst_dev_net_rcu()
In the Linux kernel, the following vulnerability has been resolved: tcpmetrics: use dstdevnetrcu Replace three dstdev with a lockdep enabled helper...
EUVD-2022-54804
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix dereference of stale list iterator after loop body The list iterator variable will be a bogus pointer if no break was hit. Dereferencing it cur-page in this case could load an out-of-bounds/undefined value making it...
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-986492)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986492 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: Revert scsi: fcoe: Fix potential deadlock on &fip-ctlrlock This reverts commit...
EUVD-2024-53269
Malicious code in bioql PyPI...
EUVD-2025-15902
Malicious code in bioql PyPI...
EUVD-2024-53388
Malicious code in bioql PyPI...
EUVD-2025-24155
Malicious code in bioql PyPI...
EUVD-2023-59729
Malicious code in bioql PyPI...
CVE-2025-38687 affecting package kernel for versions less than 6.6.104.2-1
CVE-2025-38687 affecting package kernel for versions less than 6.6.104.2-1. An upgraded version of the package is available that resolves this issue...
CLSA-2025-1758796886 kernel: Fix of 22 CVEs
drm/amd/amdgpu: introduce gcmes2.bin v2 - proc: fix a dentry lock race between releasetask and lookup - scsi: aacraid: Stop using PCIIRQAFFINITY - scsi: aacraid: Remove useless code - scsi: aacraid: Remove unused aaccheckhealth - scsi: aacraid: struct user,sgmap,64,raw: Replace 1-element arrays...
SUSE CVE-2025-39828
In the Linux kernel, the following vulnerability has been resolved: atm: atmtcp: Prevent arbitrary write in atmtcprecvcontrol. syzbot reported the splat below. 0 When atmtcpvopen or atmtcpvclose is called via connect or close, atmtcpsendcontrol is called to send an in-kernel special message. The...
CVE-2025-38618 vsock: Do not allow binding to VMADDR_PORT_ANY
In the Linux kernel, the following vulnerability has been resolved: vsock: Do not allow binding to VMADDRPORTANY It is possible for a vsock to autobind to VMADDRPORTANY. This can cause a use-after-free when a connection is made to the bound socket. The socket returned by accept also has port...
CVE-2022-50233 Bluetooth: eir: Fix using strlen with hdev->{dev_name,short_name}
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: eir: Fix using strlen with hdev-devname,shortname Both devname and shortname are not guaranteed to be NULL terminated so this instead use strnlen and then attempt to determine if the resulting string needs to be...
RLSA-2025:11456 Moderate: kernel-rt security update
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: tcp/dccp: Don't use timerpending in reqskqueueunlink. CVE-2024-50154 kernel: net: ch9200: fix uninitialised access during...
CVE-2025-38476
In the Linux kernel, the following vulnerability has been resolved: rpl: Fix use-after-free in rpldosrhinline. Running lwtdstcacherefloop.sh in selftest with KASAN triggers the splat below 0. rpldosrhinline fetches ipv6hdrskb and accesses it after skbcowhead, which is illegal as the header could ...
RHEL 10 : kernel (RHSA-2025:10854)
The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:10854 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: exfat: fix random stack corruption...