glibc security update

2.28-251.0.4.31 - Forward port of Oracle patches Reviewed-by: Jose E. Marchesi Oracle history: February-24-2026 Cupertino Miranda - 2.28-251.0.4.27 - Fixed orabug 38834066 stpcpy MTE support Reviewed-by: Jose E. Marchesi December-8-2025 Cupertino Miranda - 2.28-251.0.3.27 - Forward port of Oracle...

SUSE CVE-2025-71110

In the Linux kernel, the following vulnerability has been resolved: mm/slub: reset KASAN tag in deferfree before accessing freed memory When CONFIGSLUBTINY is enabled, kfreenolock calls kasanslabfree before deferfree. On ARM64 with MTE Memory Tagging Extension, kasanslabfree poisons the memory an...

Linux Distros Unpatched Vulnerability : CVE-2025-71110

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: mm/slub: reset KASAN tag in deferfree before accessing freed memory When CONFIGSLUBTINY is...

EUVD-2025-203634

In the Linux kernel, the following vulnerability has been resolved: arm64: mte: Do not warn if the page is already tagged in copyhighpage The arm64 copyhighpage assumes that the destination page is newly allocated and not MTE-tagged PGmtetagged unset and warns accordingly. However, following comm...

Linux Distros Unpatched Vulnerability : CVE-2025-40353

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - arm64: mte: Do not warn if the page is already tagged in copyhighpage The arm64 copyhighpage assumes that the destination page is newly allocated and not...

SUSE CVE-2022-50675

In the Linux kernel, the following vulnerability has been resolved: arm64: mte: Avoid setting PGmtetagged if no tags cleared or restored Prior to commit 69e3b846d8a7 "arm64: mte: Sync tags for pages where PTE is untagged", mtesynctags was only called for ptetagged entries those mapped with PROTMT...

CVE-2022-50675

In the Linux kernel, the following vulnerability has been resolved: arm64: mte: Avoid setting PGmtetagged if no tags cleared or restored Prior to commit 69e3b846d8a7 "arm64: mte: Sync tags for pages where PTE is untagged", mtesynctags was only called for ptetagged entries those mapped with PROTMT...

UBUNTU-CVE-2022-50675

In the Linux kernel, the following vulnerability has been resolved: arm64: mte: Avoid setting PGmtetagged if no tags cleared or restored Prior to commit 69e3b846d8a7 "arm64: mte: Sync tags for pages where PTE is untagged", mtesynctags was only called for ptetagged entries those mapped with PROTMT...

CVE-2022-50675 arm64: mte: Avoid setting PG_mte_tagged if no tags cleared or restored

In the Linux kernel, the following vulnerability has been resolved: arm64: mte: Avoid setting PGmtetagged if no tags cleared or restored Prior to commit 69e3b846d8a7 "arm64: mte: Sync tags for pages where PTE is untagged", mtesynctags was only called for ptetagged entries those mapped with PROTMT...

Linux Distros Unpatched Vulnerability : CVE-2022-50675

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - arm64: mte: Avoid setting PGmtetagged if no tags cleared or restored Prior to commit 69e3b846d8a7 arm64: mte: Sync tags for pages where PTE is untagged,...

PT-2025-49706

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw related to Memory Tagging Extension MTE. Specifically, the issue involves incorrectly setting the PG mte tagged bit for pages that were not properly...

glibc bug fix update

2.28-251.0.3.25 - Forward port of Oracle patches Reviewed-by: Jose E. Marchesi Oracle history: June-9-2025 Cupertino Miranda - 2.28-251.0.3.22 - Forward port of Oracle patches Reviewed-by: David Faust April-14-2025 Cupertino Miranda - 2.28-251.0.3.16 - Forward port of Oracle patches Reviewed-by:...

glibc security update

2.28-251.0.3.22 - Forward port of Oracle patches Reviewed-by: David Faust Oracle history: April-14-2025 Cupertino Miranda - 2.28-251.0.3.16 - Forward port of Oracle patches Reviewed-by: Elena Zannoni March-26-2025 Cupertino Miranda - 2.28-251.0.3.14 - OraBug: 36625686 Add MTE support on string...

glibc security update

2.28-251.0.3.16 - Forward port of Oracle patches Reviewed-by: Elena Zannoni Oracle history: March-26-2025 Cupertino Miranda - 2.28-251.0.3.14 - OraBug: 36625686 Add MTE support on string functions Reviewed-by: Jose E. Marchesi March-17-2025 Cupertino Miranda - 2.28-251.0.2.14 - Forward port of...

glibc security update

2.28-251.0.3.16 - Forward port of Oracle patches Reviewed-by: Elena Zannoni Oracle history: March-26-2025 Cupertino Miranda - 2.28-251.0.3.14 - OraBug: 36625686 Add MTE support on string functions Reviewed-by: Jose E. Marchesi March-17-2025 Cupertino Miranda - 2.28-251.0.2.14 - Forward port of...

CVE-2024-53097

In the Linux kernel, the following vulnerability has been resolved: mm: krealloc: Fix MTE false alarm in dokrealloc This patch addresses an issue introduced by commit 1a83a716ec233 "mm: krealloc: consider spare memory for GFPZERO" which causes MTE Memory Tagging Extension to falsely report a...

CVE-2024-53097

In the Linux kernel, the following vulnerability has been resolved: mm: krealloc: Fix MTE false alarm in dokrealloc This patch addresses an issue introduced by commit 1a83a716ec233 "mm: krealloc: consider spare memory for GFPZERO" which causes MTE Memory Tagging Extension to falsely report a...

CVE-2024-53097 mm: krealloc: Fix MTE false alarm in __do_krealloc

In the Linux kernel, the following vulnerability has been resolved: mm: krealloc: Fix MTE false alarm in dokrealloc This patch addresses an issue introduced by commit 1a83a716ec233 "mm: krealloc: consider spare memory for GFPZERO" which causes MTE Memory Tagging Extension to falsely report a...

CVE-2024-53097

CVE-2024-53097 affects the Linux kernel mm/krealloc path. Connected sources confirm a patch for mm: krealloc: Fix MTE false alarm in __do_krealloc, addressing a false KASAN/MTE slab-out-of-bounds error triggered when zeroing spare memory in __do_krealloc. Root cause: memory tagging mismatch due t...

AZL-53573 CVE-2024-50139 affecting package kernel for versions less than 6.6.64.2-1

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Fix shift-out-of-bounds bug Fix a shift-out-of-bounds bug reported by UBSAN when running VM with MTE enabled host kernel. UBSAN: shift-out-of-bounds in arch/arm64/kvm/sysregs.c:1988:14 shift exponent 33 is too large f...