95 matches found
CVE-2024-58020
In the Linux kernel, the following vulnerability has been resolved: HID: multitouch: Add NULL check in mtinputconfigured devmkasprintf can return a NULL pointer on failure,but this returned value in mtinputconfigured is not checked. Add NULL check in mtinputconfigured, to handle kernel NULL point...
CVE-2022-49494
In the Linux kernel, the following vulnerability has been resolved: mtd: rawnand: cadence: fix possible null-ptr-deref in cadencenanddtprobe It will cause null-ptr-deref when using 'res', if platformgetresource returns NULL, so move using 'res' after devmioremapresource that will check it to avoi...
CVE-2022-49202
CVE-2022-49202 concerns a missing NULL check in Linux kernel Bluetooth hci_uart path (h5_enqueue), where a Syzbot general protection fault occurred in __pm_runtime_resume() due to blindly passing a possibly NULL serdev pointer (hu->serdev). The issue could lead to GPF if hu->serdev is NULL....
CVE-2022-49170
CVE-2022-49170 concerns the F2FS implementation in the Linux kernel. The root cause was a missing sanity check on curseg->alloc_type, which could widen an array-bounds access of sbi->block_count[] (UBSAN: array-index-out-of-bounds) when mounting/operating a corrupted image. The issue manife...
Important: Red Hat Security Advisory: OpenShift Container Platform 4.17.17 bug fix and security update
Red Hat OpenShift Container Platform release 4.17.17 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.17. Red Hat Product Security has rated this update as having a...
CVE-2025-21671 zram: fix potential UAF of zram table
In the Linux kernel, the following vulnerability has been resolved: zram: fix potential UAF of zram table If zrammetaalloc failed early, it frees allocated zram-table without setting it NULL. Which will potentially cause zrammetafree to access the table if user reset an failed and uninitialized...
CVE-2025-21658
Technical details beyond the summary are not provided in the supplied documents; no affected products, versions, or fixes are enumerated here. Monitor for updates.
CVE-2025-21632 x86/fpu: Ensure shadow stack is active before "getting" registers
In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Ensure shadow stack is active before "getting" registers The x86 shadow stack support has its own set of registers. Those registers are XSAVE-managed, but they are "supervisor state components" which means that userspace...
CVE-2024-56368
In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Fix overflow in rbmapvma An overflow occurred when performing the following calculation: nrpages = nrsubbufs + 1 subbuforder - pgoff; Add a check before the calculation to avoid this problem. syzbot reported this as ...
UBUNTU-CVE-2024-57874
In the Linux kernel, the following vulnerability has been resolved: arm64: ptrace: fix partial SETREGSET for NTARMTAGGEDADDRCTRL Currently taggedaddrctrlset doesn't initialize the temporary 'ctrl' variable, and a SETREGSET call with a length of zero will leave this uninitialized. Consequently...
DEBIAN-CVE-2024-47794
In the Linux kernel, the following vulnerability has been resolved: bpf: Prevent tailcall infinite loop caused by freplace There is a potential infinite loop issue that can occur when using a combination of tail calls and freplace. In an upcoming selftest, the attach target for entryfreplace of...
CVE-2024-56786
...
Security update for the Linux Kernel
The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2022-48853: swiotlb: fix info leak with DMAFROMDEVICE bsc1228015. CVE-2024-26801: Bluetooth: Avoid potential use-after-free in hcierrorreset bsc1222413...
CVE-2024-56619 nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry()
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix potential out-of-bounds memory access in nilfsfindentry Syzbot reported that when searching for records in a directory where the inode's isize is corrupted and has a large value, memory access outside the folio/page...
CVE-2024-53171
CVE-2024-53171 affects the Linux kernel ubifs authentication path. The published details describe a use-after-free in ubifs_tnc_end_commit arising when a node’s znode->parent changes due to a tree split, while the node’s znode->cparent may still point to freed memory after deletions. The is...
AZL-53766 CVE-2024-50287 affecting package kernel for versions less than 5.15.173.1-1
In the Linux kernel, the following vulnerability has been resolved: media: v4l2-tpg: prevent the risk of a division by zero As reported by Coverity, the logic at tpgprecalculateline blindly rescales the buffer even when scaledwitdh is equal to zero. If this ever happens, this will cause a divisio...
DEBIAN-CVE-2024-47740
In the Linux kernel, the following vulnerability has been resolved: f2fs: Require FMODEWRITE for atomic write ioctls The F2FS ioctls for starting and committing atomic writes check for inodeownerorcapable, but this does not give LSMs like SELinux or Landlock an opportunity to deny the write acces...
Important: Red Hat Security Advisory: linux-firmware security update
An update for linux-firmware is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...
SUSE CVE-2024-46863
In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: soc-acpi-intel-lnl-match: add missing empty item There is no linksnum in struct sndsocacpimach , and we test !link-numadr as a condition to end the loop in hdasdwmachineselect. So an empty item in struct...
Important: Red Hat Security Advisory: kernel security update
An update for kernel is now available for Red Hat Enterprise Linux 7.7 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...