CVE-2022-49789 scsi: zfcp: Fix double free of FSF request when qdio send fails

In the Linux kernel, the following vulnerability has been resolved: scsi: zfcp: Fix double free of FSF request when qdio send fails We used to use the wrong type of integer in 'zfcpfsfreqsend' to cache the FSF request ID when sending a new FSF request. This is used in case the sending fails and w...

CVE-2022-49764 bpf: Prevent bpf program recursion for raw tracepoint probes

In the Linux kernel, the following vulnerability has been resolved: bpf: Prevent bpf program recursion for raw tracepoint probes We got report from sysbot 1 about warnings that were caused by bpf program attached to contentionbegin raw tracepoint triggering the same tracepoint by using...

CVE-2025-37756

In the Linux kernel, the following vulnerability has been resolved: net: tls: explicitly disallow disconnect syzbot discovered that it can disconnect a TLS socket and then run into all sort of unexpected corner cases. I have a vague recollection of Eric pointing this out to us a long time ago...

CVE-2025-23149

In the Linux kernel, the following vulnerability has been resolved: tpm: do not start chip while suspended Checking TPMCHIPFLAGSUSPENDED after the call to tpmfindgetops can lead to a spurious tpmchipstart call: 35985.503771 i2c i2c-1: Transfer while suspended 35985.503796 WARNING: CPU: 0 PID: 74 ...

CVE-2025-23139

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

CVE-2025-23139

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

CVE-2025-37795

CVE-2025-37795 is rejected/not used per the CVE entry; not an active vulnerability.

CVE-2025-37793

CVE-2025-37793 affects the Linux kernel ASoC: Intel avs driver. The vulnerability arises when avs_component_probe() dereferences a NULL from devm_kasprintf() if memory allocation fails, leading to a NULL pointer dereference. A fix was implemented in the kernel to check for NULL from devm_kasprint...

CVE-2025-37790 net: mctp: Set SOCK_RCU_FREE

In the Linux kernel, the following vulnerability has been resolved: net: mctp: Set SOCKRCUFREE Bind lookup runs under RCU, so ensure that a socket doesn't go away in the middle of a lookup...

CVE-2025-37789 net: openvswitch: fix nested key length validation in the set() action

In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix nested key length validation in the set action It's not safe to access nlalenovskey if the data is smaller than the netlink header. Check that the attribute is OK first...

CVE-2025-37770

CVE-2025-37770 affects the Linux kernel (drm/amd/pm): if a user sets a speed value greater than UINT_MAX/8, a division by zero is possible. The issue is exploitable locally with low privileges and no user interaction required. The vulnerability was identified by the Linux Verification Center (SVA...

CVE-2025-37769 drm/amd/pm/smu11: Prevent division by zero

In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm/smu11: Prevent division by zero The user can set any speed value. If speed is greater than UINTMAX/8, division by zero is possible. Found by Linux Verification Center linuxtesting.org with SVACE. cherry picked from...

CVE-2025-37746 perf/dwc_pcie: fix duplicate pci_dev devices

In the Linux kernel, the following vulnerability has been resolved: perf/dwcpcie: fix duplicate pcidev devices During platformdeviceregister, wrongly using struct device pcidev as platformdata caused a kmemdup copy of pcidev. Worse still, accessing the duplicated device leads to list corruption a...

CVE-2025-37743 wifi: ath12k: Avoid memory leak while enabling statistics

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Avoid memory leak while enabling statistics Driver uses monitor destination rings for extended statistics mode and standalone monitor mode. In extended statistics mode, TLVs are parsed from the buffer received from...

PT-2025-18569

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A security issue has been identified in the Linux kernel, specifically related to the riscv process, where the s12 array in thread struct may contain random kernel memory content. This...

Security Bulletin: IBM Technical Suppport Appliance - possible security flaws or denial of service

Summary Several fixes to the Linux kernel for reported issues related to various security vulnerabilities such as denial of service, unauthorized access, or leakage of sensitive data. Vulnerability Details CVEID:CVE-2024-53088 DESCRIPTION: In the Linux kernel, the following vulnerability has been...

CVE-2025-39735

In the Linux kernel, the following vulnerability has been resolved: jfs: fix slab-out-of-bounds read in eaget During the "sizecheck" label in eaget, the code checks if the extended attribute list xattr size matches easize. If not, it logs "eaget: invalid extended attribute" and calls printhexdump...

CVE-2025-38104 drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to avoid Priority Inversion in SRIOV

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to avoid Priority Inversion in SRIOV RLCG Register Access is a way for virtual functions to safely access GPU registers in a virtualized environment., including TLB...

CVE-2021-47671

In the Linux kernel, the following vulnerability has been resolved: can: etases58x: es58xrxerrmsg: fix memory leak in error path In es58xrxerrmsg, if can-dosetmode fails, the function directly returns without calling netifrxskb. This means that the skb previously allocated by alloccanerrskb is no...

PT-2025-28008 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel versions 6.14.0 and later Description: The issue is related to the powerpc64/ftrace component of the Linux kernel, where the register r15 is clobbered during livepatching and not restored, leading to potential kernel crashes. Thi...