Security Bulletin: Vulnerabilities in kernel affects IBM Netezza Appliance

Summary The kernel package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVEs CVE-2025-38472, CVE-2025-38527, CVE-2025-38718, CVE-2025-39682, CVE-2025-39698 Vulnerability Details CVEID:CVE-2025-38472 DESCRIPTION: In the Linux kernel, the following...

ROS-20260313-73-0040

A vulnerability in the nfconntrackfindget function of the Netfilter component of the Linux kernel is related to unrestricted resource allocation. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

CVE-2026-23016

In the Linux kernel, the following vulnerability has been resolved: inet: frags: drop fraglist conntrack references Jakub added a warning in nfconntrackcleanupnetlist to make debugging leaked skbs/conntrack references more obvious. syzbot reports this as triggering, and I can also reproduce this...

CLSA-2025-1760546935 kernel: Fix of 43 CVEs

locking/wwmutex/test: Fix potential workqueue corruption CVE-2023-52836 - netfilter: ipset: Fix suspicious rcudereferenceprotected CVE-2024-40993 - netfilter: ipset: Fix race between namespace cleanup and gc in the list:set type CVE-2024-39503 - netfilter: ipset: Missing gc cancellations fixed...

RLSA-2025:16880 Moderate: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: netfilter: nfconntrack: fix crash due to removal of uninitialised entry CVE-2025-38472 kernel: smb: client: fix use-after-free in cifsoplockbreak CVE-2025-38527 kernel: sctp: linearize...

AlmaLinux 10 : kernel (ALSA-2025:15005)

The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:15005 advisory. kernel: udp: Fix memory accounting leak. CVE-2025-22058 kernel: netsched: hfsc: Fix a potential UAF in hfscdequeue too CVE-2025-37823 kernel: ext4: only...

EUVD-2021-24667

Malware in sbrugna...

EUVD-2007-1491

Malware in sbrugna...

EUVD-2023-59682

Malicious code in bioql PyPI...

Moderate: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: netfilter: nfconntrack: fix crash due to removal of uninitialised entry CVE-2025-38472 kernel: smb: client: fix use-after-free in cifsoplockbreak CVE-2025-38527 kernel: sctp: linearize...

CVE-2025-38472

In CVE-2025-38472, the issue is in the Linux kernel nf_conntrack path (netfilter) where a race during removal of a conntrack entry can result in a crash when unlinking from the hash bucket list. The crash is linked to a partially initialised nf_conn struct and mis-handling of the conntrack entry’...

CVE-2025-38472 netfilter: nf_conntrack: fix crash due to removal of uninitialised entry

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfconntrack: fix crash due to removal of uninitialised entry A crash in conntrack was reported while trying to unlink the conntrack entry from the hash bucket list: exception RIP: nfctdeletefromlists+172 .. 7...

CVE-2023-52927

In the Linux kernel, the following vulnerability has been resolved: netfilter: allow exp not to be removed in nfctfindexpectation Currently nfconntrackin calling nfctfindexpectation will remove the exp from the hash table. However, in some scenario, we expect the exp not to be removed when the...

CVE-2022-48974 netfilter: conntrack: fix using __this_cpu_add in preemptible

In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: fix using thiscpuadd in preemptible Currently in nfconntrackhashcheckinsert, when it fails in nfctextvalidpre/post, NFCTSTATINC will be called in the preemptible context, a call trace can be triggered: BUG:...

CVE-2021-47174

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetpipapoavx2: Add irqfpuusable check, fallback to non-AVX2 version Arturo reported this backtrace: 709732.358791 WARNING: CPU: 3 PID: 456 at arch/x86/kernel/fpu/core.c:128 kernelfpubeginmask+0xae/0xe0 709732.358793...

CVE-2021-47129

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftct: skip expectations for confirmed conntrack nftctexpectobjeval calls nfctextadd for a confirmed conntrack entry. However, nfctextadd can only be called for !nfctisconfirmed. 1825.349056 WARNING: CPU: 0 PID: 1279 a...

CVE-2021-47129 netfilter: nft_ct: skip expectations for confirmed conntrack

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftct: skip expectations for confirmed conntrack nftctexpectobjeval calls nfctextadd for a confirmed conntrack entry. However, nfctextadd can only be called for !nfctisconfirmed. 1825.349056 WARNING: CPU: 0 PID: 1279 a...

CVE-2021-47129 netfilter: nft_ct: skip expectations for confirmed conntrack

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftct: skip expectations for confirmed conntrack nftctexpectobjeval calls nfctextadd for a confirmed conntrack entry. However, nfctextadd can only be called for !nfctisconfirmed. 1825.349056 WARNING: CPU: 0 PID: 1279 a...

Code injection

An Allocation of Resources Without Limits or Throttling vulnerability in the kernel of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service DoS. If a high rate of specific valid packets are processed by the routing engine RE this will le...

CVE-2024-21604 Junos OS Evolved: A high rate of specific traffic will cause a complete system outage

An Allocation of Resources Without Limits or Throttling vulnerability in the kernel of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service DoS. If a high rate of specific valid packets are processed by the routing engine RE this will le...