Siemens SIMATIC Devices Incomplete Cleanup (CVE-2024-50148)

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: bnep: fix wild-memory-access in protounregister As bnepinit ignore bnepsockinit's return value, and bnepsockinit will cleanup all resource. Then when remove bnep module will call bnepsockcleanup to cleanup sock's...

Siemens SIMATIC, SCALANCE and RUGGEDCOM Devices Out-of-bounds Write (CVE-2024-47697)

In the Linux kernel, the following vulnerability has been resolved: drivers: media: dvb-frontends/rtl2830: fix an out-of-bounds write error Ensure index in rtl2830pidfilter does not exceed 31 to prevent out-of-bounds access. dev-filters is a 32-bit value, so setbit and clearbit functions should...

Siemens SIMATIC Devices Improper Synchronization (CVE-2024-53042)

In the Linux kernel, the following vulnerability has been resolved: ipv4: iptunnel: Fix suspicious RCU usage warning in iptunnelinitflow There are code paths from which the function is called without holding the RCU read lock, resulting in a suspicious RCU usage warning 1. Fix by using...

Siemens SIMATIC Devices Improper Input Validation (CVE-2024-26993)

In the Linux kernel, the following vulnerability has been resolved: fs: sysfs: Fix reference leak in sysfsbreakactiveprotection This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...

EUVD-2022-54510

In the Linux kernel, the following vulnerability has been resolved: i40e: Fix call trace in setuptxdescriptors After PF reset and ethtool -t there was call trace in dmesg sometimes leading to panic. When there was some time, around 5 seconds, between reset and test there were no errors. Problem w...

EUVD-2023-60002

In the Linux kernel, the following vulnerability has been resolved: arm64: csum: Fix OoB access in IP checksum code for negative lengths Although commit c2c24edb1d9c "arm64: csum: Fix pathological zero-length calls" added an early return for zero-length input, syzkaller has popped up with an...

CVE-2023-53703 HID: amd_sfh: Fix for shift-out-of-bounds

In the Linux kernel, the following vulnerability has been resolved: HID: amdsfh: Fix for shift-out-of-bounds Shift operation of 'exp' and 'shift' variables exceeds the maximum number of shift values in the u32 range leading to UBSAN shift-out-of-bounds. ... 6.120512 UBSAN: shift-out-of-bounds in...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987555)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987555 advisory. In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix call timer start racing with call destruction The rxrpccall struct has a timer used to...

CVE-2025-40011

CVE-2025-40011 affects the Linux kernel DRM GMA500 HDMI teardown path. The vulnerability arises from a null-dereference when the driver’s pdev->driver_data is NULLed by pci_set_drvdata and then dereferenced in oaktrail_hdmi_i2c_exit to extract the i2c_dev. The underlying issue is in the sequen...

CVE-2025-39991 wifi: ath11k: fix NULL dereference in ath11k_qmi_m3_load()

In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fix NULL dereference in ath11kqmim3load If ab-fw.m3data points to data, then fw pointer remains null. Further, if m3mem is not allocated, then fw is dereferenced to be passed to ath11kerr function. Replace fw-size b...

SUSE CVE-2022-50531

In the Linux kernel, the following vulnerability has been resolved: tipc: fix an information leak in tipctopsrvkernsubscr Use a 8-byte write to initialize sub.usrhandle in tipctopsrvkernsubscr, otherwise four bytes remain uninitialized when issuing setsockopt..., SOLTIPC, .... This resulted in an...

CVE-2022-50541 dmaengine: ti: k3-udma: Reset UDMA_CHAN_RT byte counters to prevent overflow

In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: k3-udma: Reset UDMACHANRT byte counters to prevent overflow UDMACHANRTBCNTREG stores the real-time channel bytecount statistics. These registers are 32-bit hardware counters and the driver uses these counters to...

CVE-2023-53654 octeontx2-af: Add validation before accessing cgx and lmac

In the Linux kernel, the following vulnerability has been resolved: octeontx2-af: Add validation before accessing cgx and lmac with the addition of new MAC blocks like CN10K RPM and CN10KB RPMUSX, LMACs are noncontiguous and CGX blocks are also noncontiguous. But during RVU driver initialization,...

CVE-2023-53648 ALSA: ac97: Fix possible NULL dereference in snd_ac97_mixer

In the Linux kernel, the following vulnerability has been resolved: ALSA: ac97: Fix possible NULL dereference in sndac97mixer smatch error: sound/pci/ac97/ac97codec.c:2354 sndac97mixer error: we previously assumed 'rac97' could be null see line 2072 remove redundant assignment, return error if...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-986643)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986643 advisory. In the Linux kernel, the following vulnerability has been resolved: cipso: Fix data-races around sysctl. While reading cipso sysctl variables, they can be changed...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-986622)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986622 advisory. In the Linux kernel, the following vulnerability has been resolved: rose: Fix NULL pointer dereference in rosesendframe The syzkaller reported an issue: KASAN:...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-986379)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986379 advisory. In the Linux kernel, the following vulnerability has been resolved: tracing: Correct the length check which causes memory corruption We've suffered from severe kerne...

SUSE CVE-2023-53533

In the Linux kernel, the following vulnerability has been resolved: Input: raspberrypi-ts - fix refcount leak in rpitsprobe rpifirmwareget take reference, we need to release it in error paths as well. Use devmrpifirmwareget helper to handling the resources. Also remove the existing rpifirmwareput...

CVE-2023-53607 ALSA: ymfpci: Fix BUG_ON in probe function

In the Linux kernel, the following vulnerability has been resolved: ALSA: ymfpci: Fix BUGON in probe function The snddmabuffer.bytes field now contains the aligned size, which this sndBUGON did not account for, resulting in the following: 9.625915 ------------ cut here ------------ 9.633440...

CVE-2023-53601

CVE-2023-53601 is a Linux kernel vulnerability in the bonding driver where code could assume skb_mac_header is set in ndo_start_xmit, risking invalid skb handling. The fixed description states that skb->data is sufficient and bonding must not rely on mac_header. Concrete details appear in conn...