Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ethtool: Fixed an issue where the uninitialized number of lanes was used. It is not possible to set the number of lanes when adjusting link modes using the legacy IOCTL ethtool interface. Since the structure struct...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: netlink: added nla be16/32 types to the minlen array BUGs: KMSAN: uninit-value in nlavalidaterangeunsigned, lib/nlattr.c:222 inline BUGs: KMSAN: uninit-value in nlavalidateintrange, lib/nlattr.c:336 inline BUGs: KMSAN:...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989570)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989570 advisory. In the Linux kernel, the following vulnerability has been resolved: staging: rtl8712: fix uninit-value in usbread8 and friends When r8712usbctrlvendorreq returns...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987111)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987111 advisory. In the Linux kernel, the following vulnerability has been resolved: ath9khtc: fix uninit value bugs Syzbot reported 2 KMSAN bugs in ath9k. All of them are caused by...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-389728)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-389728 advisory. In the Linux kernel, the following vulnerability has been resolved: inetdiag: Initialize pad field in struct inetdiagreqv2 KMSAN reported uninit-value access in...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-413652)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-413652 advisory. In the Linux kernel, the following vulnerability has been resolved: dccp: fix dccpv4err/dccpv6err again dh-dccphx is the 9th byte offset 8 in struct dccphdr, not in...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-386224)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-386224 advisory. In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix uninitialized value in ocfs2filereaditer Syzbot has reported the following KMSAN splat...

EUVD-2022-54926

Malicious code in bioql PyPI...

CVE-2023-53344 can: bcm: bcm_tx_setup(): fix KMSAN uninit-value in vfs_write

In the Linux kernel, the following vulnerability has been resolved: can: bcm: bcmtxsetup: fix KMSAN uninit-value in vfswrite Syzkaller reported the following issue: ===================================================== BUG: KMSAN: uninit-value in aiorwdone fs/aio.c:1520 inline BUG: KMSAN:...

CVE-2025-38718 sctp: linearize cloned gso packets in sctp_rcv

In the Linux kernel, the following vulnerability has been resolved: sctp: linearize cloned gso packets in sctprcv A cloned head skb still shares these frag skbs in fraglist with the original head skb. It's not safe to access these frag skbs. syzbot reported two use-of-uninitialized-memory bugs...

DEBIAN-CVE-2025-21707

In the Linux kernel, the following vulnerability has been resolved: mptcp: consolidate suboption status MPTCP maintains the received sub-options status is the bitmask carrying the received suboptions and in several bitfields carrying per suboption additional info. Zeroing the bitmask before parsi...

UBUNTU-CVE-2022-49235

In the Linux kernel, the following vulnerability has been resolved: ath9khtc: fix uninit value bugs Syzbot reported 2 KMSAN bugs in ath9k. All of them are caused by missing field initialization. In htcconnectservice svcmetalen and pad are not initialized. Based on code it looks like in current sk...

DEBIAN-CVE-2022-49235

In the Linux kernel, the following vulnerability has been resolved: ath9khtc: fix uninit value bugs Syzbot reported 2 KMSAN bugs in ath9k. All of them are caused by missing field initialization. In htcconnectservice svcmetalen and pad are not initialized. Based on code it looks like in current sk...

CVE-2022-49374 tipc: check attribute length for bearer name

In the Linux kernel, the following vulnerability has been resolved: tipc: check attribute length for bearer name syzbot reported uninit-value: ===================================================== BUG: KMSAN: uninit-value in stringnocheck lib/vsprintf.c:644 inline BUG: KMSAN: uninit-value in...

CVE-2022-49374 tipc: check attribute length for bearer name

In the Linux kernel, the following vulnerability has been resolved: tipc: check attribute length for bearer name syzbot reported uninit-value: ===================================================== BUG: KMSAN: uninit-value in stringnocheck lib/vsprintf.c:644 inline BUG: KMSAN: uninit-value in...

CVE-2022-49298 staging: rtl8712: fix uninit-value in r871xu_drv_init()

In the Linux kernel, the following vulnerability has been resolved: staging: rtl8712: fix uninit-value in r871xudrvinit When 'tmpU1b' returns from r8712read8padapter, EE9346CR is 0, 'mac6' will not be initialized. BUG: KMSAN: uninit-value in r871xudrvinit+0x2d54/0x3070...

CVE-2022-49235 ath9k_htc: fix uninit value bugs

In the Linux kernel, the following vulnerability has been resolved: ath9khtc: fix uninit value bugs Syzbot reported 2 KMSAN bugs in ath9k. All of them are caused by missing field initialization. In htcconnectservice svcmetalen and pad are not initialized. Based on code it looks like in current sk...

Azure Linux 3.0 Security Update: kernel (CVE-2024-44983)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-44983 advisory. - In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: validate vlan head...

CVE-2024-56648

In the Linux kernel, the following vulnerability has been resolved: net: hsr: avoid potential out-of-bound access in fillframeinfo syzbot is able to feed a packet with 14 bytes, pretending it is a vlan one. Since fillframeinfo is relying on skb-maclen already, extend the check to cover this case...

CVE-2024-56648 net: hsr: avoid potential out-of-bound access in fill_frame_info()

In the Linux kernel, the following vulnerability has been resolved: net: hsr: avoid potential out-of-bound access in fillframeinfo syzbot is able to feed a packet with 14 bytes, pretending it is a vlan one. Since fillframeinfo is relying on skb-maclen already, extend the check to cover this case...