Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the ndiscrauseropt function failing to initialize the padding field in the nduseroptmsg structure, resulting...

CVE-2026-23353

A flaw was found in the Linux kernel's ice network driver. When a local user performs an ethtool offline loopback test, the system can experience a kernel null pointer dereference. This occurs because the libeth library for the receive ring is not properly initialized. Successful exploitation of...

CVE-2026-23329

In the Linux kernel, the following vulnerability has been resolved: libie: don't unroll if fwlog isn't supported The libiefwlogdeinit function can be called during driver unload even when firmware logging was never properly initialized. This led to call trace: 148.576156 Oops: Oops: 0000 1 SMP...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003049)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003049 advisory. Linux kernel vhost since version 4.8 does not properly initialize memory in messages passed between virtual guests and the host operating system in the...

SUSE CVE-2022-50530

In the Linux kernel, the following vulnerability has been resolved: blk-mq: fix null pointer dereference in blkmqclearrqmapping Our syzkaller report a null pointer dereference, root cause is following: blkmqallocmapandrqs set-tagshctxidx = blkmqallocmapandrqs blkmqallocmapandrqs blkmqallocrqs //...

CVE-2023-53678 drm/i915: Fix system suspend without fbdev being initialized

In the Linux kernel, the following vulnerability has been resolved: drm/i915: Fix system suspend without fbdev being initialized If fbdev is not initialized for some reason - in practice on platforms without display - suspending fbdev should be skipped during system suspend, fix this up. While at...

EUVD-2025-32830

In the Linux kernel, the following vulnerability has been resolved: blk-mq: fix null pointer dereference in blkmqclearrqmapping Our syzkaller report a null pointer dereference, root cause is following: blkmqallocmapandrqs set-tagshctxidx = blkmqallocmapandrqs blkmqallocmapandrqs blkmqallocrqs //...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-986796)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986796 advisory. In the Linux kernel, the following vulnerability has been resolved: rtl818x: Prevent using not initialized queues Using not existing queues can panic the kernel with...

SUSE CVE-2025-39772

In the Linux kernel, the following vulnerability has been resolved: drm/hisilicon/hibmc: fix the hibmc loaded failed bug When hibmc loaded failed, the driver use hibmcunload to free the resource, but the mutexes in mode.config are not init, which will access an NULL pointer. Just change goto...

CVE-2025-39772 drm/hisilicon/hibmc: fix the hibmc loaded failed bug

In the Linux kernel, the following vulnerability has been resolved: drm/hisilicon/hibmc: fix the hibmc loaded failed bug When hibmc loaded failed, the driver use hibmcunload to free the resource, but the mutexes in mode.config are not init, which will access an NULL pointer. Just change goto...

CVE-2025-39772

CVE-2025-39772 affects the Linux kernel HibMC driver for Hisilicon GPUs (drm/hisilicon/hibmc). Description: when hibmc loading fails, the driver attempted to free resources via hibmc_unload, but mode.config mutexes were uninitialized, risking a NULL-pointer dereference. The fix replaces a goto cl...

Autodesk AutoCAD DGN File Parsing Uninitialized Variable Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DG...

openjpeg: OpenJPEG OOB heap memory write

An out-of-bounds heap memory write OOB flaw was found in OpenJPEG. A call to opjjp2readheader may lead to an OOB heap memory write when the data stream pstream is too short and pimage is not initialized...

UBUNTU-CVE-2025-38353

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix taking invalid lock on wedge If device wedges on e.g. GuC upload, the submission is not yet enabled and the state is not even initialized. Protect the wedge call so it does nothing in this case. It fixes the following...

PT-2025-33560

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.16.0-rc2 Description: The Linux kernel contained a flaw in the alloc tag top users function within the lib/alloc tag component. This function attempted to acquire a semaphore lock alloc tag cttype-mod lock eve...

DEBIAN-CVE-2022-49873

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix wrong reg type conversion in releasereference Some helper functions will allocate memory. To avoid memory leaks, the verifier requires the eBPF program to release these memories by calling the corresponding helper...

UBUNTU-CVE-2024-49901

In the Linux kernel, the following vulnerability has been resolved: drm/msm/adreno: Assign msmgpu-pdev earlier to avoid nullptrs There are some cases, such as the one uncovered by Commit 46d4efcccc68 "drm/msm/a6xx: Avoid a nullptr dereference when speedbin setting fails" where msmgpucleanup :...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel has a security vulnerability that stems from not initializing extack in ACK...

DEBIAN-CVE-2024-43874

In the Linux kernel, the following vulnerability has been resolved: crypto: ccp - Fix null pointer dereference in sevsnpshutdownlocked Fix a null pointer dereference induced by DEBUGTESTDRIVERREMOVE. Return from sevsnpshutdownlocked if the pspdevice or the sevdevice structs are not initialized...

DEBIAN-CVE-2024-7540

oFono AT CMGL Command Uninitialized Variable Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this...