Important: kernel

Issue Overview: There is a potential deadlock in the eBPF subsystem in the Linux kernel. The default sysctl configuration "kernel.unprivilegedbpfdisabled" on Amazon Linux does not allow unprivileged users to use eBPF. CVE-2023-0160 A denial of service problem was found, due to a possible recursiv...

SUSE-SU-2023:2416-1 Security update for the Linux Kernel (Live Patch 28 for SLE 15 SP3)

This update for the Linux Kernel 5.3.18-15030059109 fixes several issues. The following security issues were fixed: - CVE-2023-28464: Fixed user-after-free that could lead to privilege escalation in hciconncleanup in net/uetooth/hciconn.c bsc1211111. - CVE-2023-1989: Fixed a use after free in...

SUSE-SU-2023:2399-1 Security update for the Linux Kernel (Live Patch 40 for SLE 12 SP5)

This update for the Linux Kernel 4.12.14-122150 fixes several issues. The following security issues were fixed: - CVE-2023-28464: Fixed user-after-free that could lead to privilege escalation in hciconncleanup in net/uetooth/hciconn.c bsc1211111. - CVE-2023-1989: Fixed a use after free in...

SUSE-SU-2023:2386-1 Security update for the Linux Kernel (Live Patch 39 for SLE 15 SP1)

This update for the Linux Kernel 4.12.14-150100197142 fixes several issues. The following security issues were fixed: - CVE-2023-1989: Fixed a use after free in btsdioremove bsc1210500. - CVE-2023-2162: Fixed an use-after-free flaw in iscsiswtcpsessioncreate bsc1210662. - CVE-2023-23454: Fixed a...

SUSE-SU-2023:2376-1 Security update for the Linux Kernel (Live Patch 31 for SLE 15 SP1)

This update for the Linux Kernel 4.12.14-150100197114 fixes several issues. The following security issues were fixed: - CVE-2023-28464: Fixed user-after-free that could lead to privilege escalation in hciconncleanup in net/uetooth/hciconn.c bsc1211111. - CVE-2023-1989: Fixed a use after free in...

OESA-2023-1304 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: A use-after-free vulnerability was found in drmleaseheld in drivers/gpu/drm/drmlease.c in the Linux kernel due to a race problem. This flaw allows a local user privilege attacker to cause a denial of service DoS or a kernel...

ALSA-2023:3349 Important: kernel security and bug fix update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: netfilter: use-after-free in nftables when processing batch requests can lead to privilege escalation CVE-2023-32233 For more details about the security issues, including the impact, a CV...

CVE-2023-0459 Copy_from_user Spectre-V1 Gadget in Linux Kernel

Copyfromuser on 64-bit versions of the Linux kernel does not implement the uaccessbeginnospec allowing a user to bypass the "accessok" check and pass a kernel pointer to copyfromuser. This would allow an attacker to leak information. We recommend upgrading beyond...

Important: kernel security, bug fix, and enhancement update

The kernel packages contain the Linux kernel, the core of any Linux operating system. The following packages have been upgraded to a later upstream version: kernel 4.18.0. BZ2122230, BZ2122267 Security Fixes: use-after-free caused by l2capreassemblesdu in net/bluetooth/l2capcore.c CVE-2022-3564...

kernel: soc: qcom: ocmem: Fix refcount leak in of_get_ocmem

In the Linux kernel, the following vulnerability has been resolved: soc: qcom: ocmem: Fix refcount leak in ofgetocmem ofparsephandle returns a node pointer with refcount incremented, we should use ofnodeput on it when not need anymore. Add missing ofnodeput to avoid refcount leak. ofnodeput will...

Important: kernel security, bug fix, and enhancement update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: use-after-free in l2capconnect and l2capleconnectreq in net/bluetooth/l2capcore.c CVE-2022-42896 net/ulp: use-after-free in listening ULP sockets CVE-2023-0461 cpu: AMD CPUs may transiently execu...

PT-2025-17220 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A memory leak issue has been identified in the Linux kernel, specifically in the es58x rx err msg function. This occurs when can-do set mode fails, causing the function to return witho...

PT-2025-26094

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A vulnerability in the Linux kernel has been resolved, related to the freeing of not-finalized bpf prog pack. The issue occurs when there are multiple subprogs and jit subprogs is called...

ALSA-2023:2458 Important: kernel security, bug fix, and enhancement update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: use-after-free in l2capconnect and l2capleconnectreq in net/bluetooth/l2capcore.c CVE-2022-42896 net/ulp: use-after-free in listening ULP sockets CVE-2023-0461 cpu: AMD CPUs may transiently execu...

PT-2025-26074 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A potential NULL pointer dereference issue has been identified in the Linux kernel, specifically in the kernfs remove function. This issue arises when lockdep is enabled, causing lockd...

RXSA-2023:1566 Important: kernel security, bug fix, and enhancement update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: stack overflow in doprocdointvec and procskipspaces CVE-2022-4378 ALSA: pcm: Move rwsem lock inside sndctlelemread to prevent UAF CVE-2023-0266 kernel: FUSE filesystem low-privileged user...

CVE-2023-21492

Kernel pointers are printed in the log file prior to SMR May-2023 Release 1 allows a privileged local attacker to bypass ASLR...

Use Of Uninitialized Variable

linux-gke is vulnerable to Use of Uninitialized Variable. The vulnerability allows users with the ability to execute high-privileged code to exploit the flaws within 'nftosfeval function' causing a lack of proper initialization of memory prior to accessing it resulting in the attacker gaining...

CLSA-2023-1682712108 kernel: Fix of 7 CVEs

mISDN: fix use-after-free bugs in l1oip timer handlers CVE-2022-3565 - media: rc: Fix use-after-free bugs caused by enetxirqsim CVE-2023-1118 - Bluetooth: btsdio: fix use after free bug in btsdioremove due to unfinished work CVE-2023-1989 - proc: procskipspaces shouldn't think it is working on C...

CLSA-2023-1682711481 kernel: Fix of 7 CVEs

mISDN: fix use-after-free bugs in l1oip timer handlers CVE-2022-3565 - media: rc: Fix use-after-free bugs caused by enetxirqsim CVE-2023-1118 - Bluetooth: btsdio: fix use after free bug in btsdioremove due to unfinished work CVE-2023-1989 - proc: procskipspaces shouldn't think it is working on C...