DEBIAN-CVE-2025-38425

In the Linux kernel, the following vulnerability has been resolved: i2c: tegra: check msg length in SMBUS block read For SMBUS block read, do not continue to read if the message length passed from the device is '0' or greater than the maximum allowed bytes...

AZL-73007 CVE-2025-38391 affecting package kernel for versions less than 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: usb: typec: altmodes/displayport: do not index invalid pinassignments A poorly implemented DisplayPort Alt Mode port partner can indicate that its pin assignment capabilities are greater than the maximum value, DPPINASSIGNF. In...

CVE-2025-38366 LoongArch: KVM: Check validity of "num_cpu" from user space

In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Check validity of "numcpu" from user space The maximum supported cpu number is EIOINTCROUTEMAXVCPUS about irqchip EIOINTC, here add validation about cpu number to avoid array pointer overflow...

jq: jq has signed integer overflow in jv.c:jvp_array_write

A flaw was found in jq, a command line JSON processor. An integer overflow can occur when attempting to assign a value using an array index of 2147483647 or when creating an array with 2147483647 elements, the maximum value for a 32-bit signed integer. This issue causes out-of-bounds memory acces...

SUSE CVE-2025-38201

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetpipapo: clamp maximum map bucket size to INTMAX Otherwise, it is possible to hit WARNONONCE in kvmallocnodenoprof when resizing hashtable because GFPNOWARN is unset. Similar to: b541ba7d1f5a "netfilter: conntrack...

kernel: vmxnet3: Fix malformed packet sizing in vmxnet3_process_xdp

In the Linux kernel, the following vulnerability has been resolved: vmxnet3: Fix malformed packet sizing in vmxnet3processxdp vmxnet3 driver's XDP handling is buggy for packet sizes using ring0 that is, packet sizes between 128 - 3k bytes. We noticed MTU-related connectivity issues with Cilium's...

CVE-2025-38201

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetpipapo: clamp maximum map bucket size to INTMAX Otherwise, it is possible to hit WARNONONCE in kvmallocnodenoprof when resizing hashtable because GFPNOWARN is unset. Similar to: b541ba7d1f5a "netfilter: conntrack...

DEBIAN-CVE-2025-38201

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetpipapo: clamp maximum map bucket size to INTMAX Otherwise, it is possible to hit WARNONONCE in kvmallocnodenoprof when resizing hashtable because GFPNOWARN is unset. Similar to: b541ba7d1f5a "netfilter: conntrack...

CVE-2025-38201

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetpipapo: clamp maximum map bucket size to INTMAX Otherwise, it is possible to hit WARNONONCE in kvmallocnodenoprof when resizing hashtable because GFPNOWARN is unset. Similar to: b541ba7d1f5a "netfilter: conntrack...

DEBIAN-CVE-2025-38179

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix maxsge overflow in smbextractfolioqtordma This fixes the following problem: 749.901015 T8673 run fstests cifs/001 at 2025-06-17 09:40:30 750.346409 T9870...

UBUNTU-CVE-2025-38201

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetpipapo: clamp maximum map bucket size to INTMAX Otherwise, it is possible to hit WARNONONCE in kvmallocnodenoprof when resizing hashtable because GFPNOWARN is unset. Similar to: b541ba7d1f5a "netfilter: conntrack...

CVE-2025-38201

CVE-2025-38201 affects the Linux kernel netfilter nft_set_pipapo. The issue arises when resizing hashtables in netfilter, where WARN_ON_ONCE can trigger if GFP flags allow high bucket counts; the fix clamps the maximum map bucket size to INT_MAX. The vulnerability is described as local-attack-vec...

PT-2025-30813 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A flaw exists in the virtio-net xsk receive rx path related to frame length checking. The buf to xdp function incorrectly calculates the maximum frame length for the first buffer,...

PT-2025-37214

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The Linux kernel contains a flaw related to file descriptor table allocations. When sysctl nr open is set to a very high value, processes attempting to use file descriptors near the...

Security update for gimp

This update for gimp fixes the following issues: CVE-2025-5473: Fix exceed the maximum allowed size bsc1244058. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed for...

Trend Micro Internet Security and Trend Micro Maximum Security vulnerable to link following local privilege escalation (CVE-2025-49384, CVE-2025-49385)

Overview Trend Micro Incorporated has released security updates for Trend Micro Internet Security and Trend Micro Maximum Security that contains a fix for a link following local privilege escalation vulnerability CVE-2025-49384, CVE-2025-49385. Trend Micro Incorporated reported this vulnerability...

CVE-2025-49763

A flaw was found in trafficserver. The Edge Side Includes ESI plugin lacks a limit on maximum inclusion depth, allowing a remote attacker to trigger excessive memory consumption by inserting malicious instructions. This condition occurs due to the plugin's inability to restrict the nesting of ESI...

CVE-2025-49763

ESI plugin does not have the limit for maximum inclusion depth, and that allows excessive memory consumption if malicious instructions are inserted. Users can use a new setting for the plugin --max-inclusion-depth to limit it. This issue affects Apache Traffic Server: from 10.0.0 through 10.0.5,...

CVE-2025-49763 Apache Traffic Server: Remote DoS via memory exhaustion in ESI Plugin

ESI plugin does not have the limit for maximum inclusion depth, and that allows excessive memory consumption if malicious instructions are inserted. Users can use a new setting for the plugin --max-inclusion-depth to limit it. This issue affects Apache Traffic Server: from 10.0.0 through 10.0.5,...

SUSE CVE-2022-50084

In the Linux kernel, the following vulnerability has been resolved: dm raid: fix address sanitizer warning in raidstatus There is this warning when using a kernel with the address sanitizer and running this testsuite: https://gitlab.com/cki-project/kernel-tests/-/tree/main/storage/swraid/scsiraid...