23 matches found
Security update for the Linux Kernel
The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2021-47633: ath5k: fix OOB in ath5keepromreadpcalinfo5111 bsc1237768. CVE-2022-49545: ALSA: usb-audio: Cancel pending work at closing a MIDI substream bsc1238729...
MiracleLinux 7 : kernel-3.10.0-1160.139.1.0.1.el7.AXS7 (AXSA:2025-11327:91)
"The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-11327:91 advisory. ext4: fix possible UAF when remounting r/o a mmp-protected file system CVE-2021-47342 ext4: fix memory leak in ext4fillsuper net: defer final...
EUVD-2025-26748
Malicious code in bioql PyPI...
kernel: tipc: Fix use-after-free in tipc_conn_close()
In the Linux kernel, the following vulnerability has been resolved: tipc: Fix use-after-free in tipcconnclose. syzbot reported a null-ptr-deref in tipcconnclose during netns dismantle. 0 tipctopsrvstop iterates tipcnetnet-topsrv-connidr and calls tipcconnclose for each tipcconn. The problem is th...
kernel: tipc: Fix use-after-free in tipc_conn_close()
In the Linux kernel, the following vulnerability has been resolved: tipc: Fix use-after-free in tipcconnclose. syzbot reported a null-ptr-deref in tipcconnclose during netns dismantle. 0 tipctopsrvstop iterates tipcnetnet-topsrv-connidr and calls tipcconnclose for each tipcconn. The problem is th...
kernel: tipc: Fix use-after-free in tipc_conn_close()
In the Linux kernel, the following vulnerability has been resolved: tipc: Fix use-after-free in tipcconnclose. syzbot reported a null-ptr-deref in tipcconnclose during netns dismantle. 0 tipctopsrvstop iterates tipcnetnet-topsrv-connidr and calls tipcconnclose for each tipcconn. The problem is th...
DEBIAN-CVE-2025-38721
In the Linux kernel, the following vulnerability has been resolved: netfilter: ctnetlink: fix refcount leak on table dump There is a reference count leak in ctnetlinkdumptable: if res ctgeneral; // HERE cb-args1 = unsigned longct; ... While its very unlikely, its possible that ct == last. If this...
CVE-2025-38464
CVE-2025-38464 affects the Linux kernel Tipc subsystem. The issue is a use-after-free in tipc_conn_close() that can occur when tipc_topsrv_stop() iterates tipc_net(net)->topsrv->conn_idr and calls tipc_conn_close() for each tipc_conn after releasing the IDR lock. If tipc_conn_recv_work() is...
CVE-2025-38464 tipc: Fix use-after-free in tipc_conn_close().
In the Linux kernel, the following vulnerability has been resolved: tipc: Fix use-after-free in tipcconnclose. syzbot reported a null-ptr-deref in tipcconnclose during netns dismantle. 0 tipctopsrvstop iterates tipcnetnet-topsrv-connidr and calls tipcconnclose for each tipcconn. The problem is th...
CVE-2025-38464
In the Linux kernel, the following vulnerability has been resolved: tipc: Fix use-after-free in tipcconnclose. syzbot reported a null-ptr-deref in tipcconnclose during netns dismantle. 0 tipctopsrvstop iterates tipcnetnet-topsrv-connidr and calls tipcconnclose for each tipcconn. The problem is th...
CLSA-2025-1747688581 kernel: Fix of 15 CVEs
media: uvcvideo: Fix double free in error path CVE-2024-57980 - vrf: use RCU protection in l3mdevl3out CVE-2025-21791 - geneve: Fix use-after-free in genevefinddev. CVE-2025-21858 - ibmvnic: Don't reference skb after sending to VIOS CVE-2025-21855 - pfifotailenqueue: Drop new packet when...
Security update for the Linux Kernel
The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2021-47633: ath5k: fix OOB in ath5keepromreadpcalinfo5111 bsc1237768. CVE-2022-49545: ALSA: usb-audio: Cancel pending work at closing a MIDI substream bsc1238729...
Important: kernel
Issue Overview: Integer Overflow or Wraparound vulnerability in Linux kernel on x86 and ARM md, raid, raid5 modules allows Forced Integer Overflow. CVE-2024-23307 In the Linux kernel, the following vulnerability has been resolved: gpiolib: cdev: Fix use after free in lineinfochangednotify...
CVE-2025-21677
In the Linux kernel, the following vulnerability has been resolved: pfcp: Destroy device along with udp socket's netns dismantle. pfcpnewlink links the device to a list in devnetdev instead of net, where a udp tunnel socket is created. Even when net is removed, the device stays alive on devnetdev...
CVE-2024-56658
In the Linux kernel, the following vulnerability has been resolved: net: defer final 'struct net' free in netns dismantle Ilya reported a slab-use-after-free in dstdestroy 1 Issue is in xfrm6netinit and xfrm4netinit : They copy xfrm46dstopstemplate into net-xfrm.xfrm46dstops. But net structure...
AZL-54798 CVE-2024-56658 affecting package kernel for versions less than 5.15.182.1-1
In the Linux kernel, the following vulnerability has been resolved: net: defer final 'struct net' free in netns dismantle Ilya reported a slab-use-after-free in dstdestroy 1 Issue is in xfrm6netinit and xfrm4netinit : They copy xfrm46dstopstemplate into net-xfrm.xfrm46dstops. But net structure...
UBUNTU-CVE-2024-56635
In the Linux kernel, the following vulnerability has been resolved: net: avoid potential UAF in defaultoperstate syzbot reported an UAF in defaultoperstate 1 Issue is a race between device and netns dismantles. After calling rtnlunlock from netdevruntodo, we can not assume the netns of each devic...
CVE-2024-56658 net: defer final 'struct net' free in netns dismantle
In the Linux kernel, the following vulnerability has been resolved: net: defer final 'struct net' free in netns dismantle Ilya reported a slab-use-after-free in dstdestroy 1 Issue is in xfrm6netinit and xfrm4netinit : They copy xfrm46dstopstemplate into net-xfrm.xfrm46dstops. But net structure...
CVE-2024-56635
CVE-2024-56635 (Linux kernel) : A race between device and NETNS dismantles could cause a use‑after‑free in __dev_get_by_index accessed via default_operstate(), as syzbot observed a KASAN UAF. The root cause is a race after __rtnl_unlock() when netns/device lifetimes may not be alive; mitigation d...
CVE-2024-50036
CVE-2024-50036 is a Linux kernel vulnerability where dst_entries_add() uses per-CPU data that can be freed during netns dismantle, making dst_entries_destroy() race with dst_release() and potentially causing a use-after-free. The issue arises because the count of dsts must be decremented earlier,...