CVE-2025-21658

Technical details beyond the summary are not provided in the supplied documents; no affected products, versions, or fixes are enumerated here. Monitor for updates.

CVE-2024-57931

CVE-2024-57931 is a Linux kernel issue in the SELinux subsystem: when evaluating extended permissions, the patch changes behavior to ignore unknown permissions instead of triggering a BUG(), allowing future permissions to be added without breaking older kernels. The unit described in connected da...

CVE-2024-57930 tracing: Have process_string() also allow arrays

In the Linux kernel, the following vulnerability has been resolved: tracing: Have processstring also allow arrays In order to catch a common bug where a TRACEEVENT TPfastassign assigns an address of an allocated string to the ring buffer and then references it in TPprintk, which can be executed...

CVE-2024-57916

In the Linux kernel, the following vulnerability has been resolved: misc: microchip: pci1xxxx: Resolve kernel panic during GPIO IRQ handling Resolve kernel panic caused by improper handling of IRQs while accessing GPIO values. This is done by replacing generichandleirq with handlenestedirq...

CVE-2024-57926 drm/mediatek: Set private->all_drm_private[i]->drm to NULL if mtk_drm_bind returns err

In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Set private-alldrmprivatei-drm to NULL if mtkdrmbind returns err The pointer need to be set to NULL, otherwise KASAN complains about use-after-free. Because in mtkdrmbind, all private's drm are set as follows...

CVE-2024-57921 drm/amdgpu: Add a lock when accessing the buddy trim function

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Add a lock when accessing the buddy trim function When running YouTube videos and Steam games simultaneously, the tester found a system hang / race condition issue with the multi-display configuration setting. Adding ...

UBUNTU-CVE-2025-21641

In the Linux kernel, the following vulnerability has been resolved: mptcp: sysctl: blackhole timeout: avoid using current-nsproxy As mentioned in the previous commit, using the 'net' structure via 'current' is not recommended for different reasons: - Inconsistency: getting info from the...

CVE-2025-21648

CVE-2025-21648 affects the Linux kernel netfilter conntrack code. The vulnerability arises from the hashtable resize path where the maximum size could exceed practical limits, risking a WARN_ON_ONCE in __kvmalloc_node_noprof() when __GFP_NOWARN is unset. The fix clamps the conntrack hashtable siz...

CVE-2025-21632 x86/fpu: Ensure shadow stack is active before "getting" registers

In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Ensure shadow stack is active before "getting" registers The x86 shadow stack support has its own set of registers. Those registers are XSAVE-managed, but they are "supervisor state components" which means that userspace...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel has a security vulnerability. An attacker exploiting the vulnerability can cause the kernel to crash...

OESA-2025-1065 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: mm/swapfile: skip HugeTLB pages for unusevma I got a bad pud error and lost a 1GB HugeTLB when calling swapoff. The problem can be reproduced by the following...

Unspecified vulnerability in Linux kernel (CNVD-2025-02111)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an inaccessible ibsge list. No details of the vulnerability are provided at this time...

Unspecified vulnerability in Linux kernel (CNVD-2025-02113)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a contention issue when registering network hooks. No details of the vulnerability are provided at this time...

SUSE SLES15 Security Update : kernel (Live Patch 13 for SLE 15 SP5) (SUSE-SU-2025:0146-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0146-1 advisory. This update for the Linux Kernel 5.14.21-1505005562 fixes several issues. The following security issues were fixed: - CVE-2024-50264:...

SUSE-SU-2025:0150-1 Security update for the Linux Kernel (Live Patch 25 for SLE 15 SP4)

This update for the Linux Kernel 5.14.21-15040024116 fixes several issues. The following security issues were fixed: - CVE-2024-50264: vsock/virtio: Initialization of the dangling pointer occurring in vsk-trans bsc1233712. - CVE-2022-48956: ipv6: avoid use-after-free in ip6fragment bsc1232637. -...

SUSE-SU-2025:0138-1 Security update for the Linux Kernel (Live Patch 15 for SLE 15 SP5)

This update for the Linux Kernel 5.14.21-1505005568 fixes several issues. The following security issues were fixed: - CVE-2024-50264: vsock/virtio: Initialization of the dangling pointer occurring in vsk-trans bsc1233712. - CVE-2022-48956: ipv6: avoid use-after-free in ip6fragment bsc1232637. -...

SUSE-SU-2025:0136-1 Security update for the Linux Kernel (Live Patch 39 for SLE 15 SP3)

This update for the Linux Kernel 5.3.18-15030059144 fixes several issues. The following security issues were fixed: - CVE-2024-50264: vsock/virtio: Initialization of the dangling pointer occurring in vsk-trans bsc1233712. - CVE-2022-48956: ipv6: avoid use-after-free in ip6fragment bsc1232637...

CVE-2024-57891

In the Linux kernel, the following vulnerability has been resolved: schedext: Fix invalid irq restore in scxopsbypass While adding outer irqsave/restore locking, 0e7ffff1b811 "scx: Fix raciness in scxopsbypass" forgot to convert an inner rqunlockirqrestore to rqunlock which could re-enable IRQ...

CVE-2024-54031

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsethash: unaligned atomic read on struct nftsetext Access to genmask field in struct nftsetext results in unaligned atomic read: 72.130109 Unable to handle kernel paging request at virtual address ffff0000c2bb708c...

CVE-2024-57857 RDMA/siw: Remove direct link to net_device

In the Linux kernel, the following vulnerability has been resolved: RDMA/siw: Remove direct link to netdevice Do not manage a per device direct link to netdevice. Rely on associated ibdevices netdevice management, not doubling the effort locally. A badly managed local link to netdevice was causin...