EUVD-1999-1372

Malware in sbrugna...

EUVD-2025-18616

Malicious code in bioql PyPI...

CVE-2025-38309

In the Linux kernel, the following vulnerability has been resolved: drm/xe/vm: move xesvminit earlier In xevmcloseandput we need to be able to call xesvmfini, however during vm creation we can call this on the error path, before having actually initialised the svm state, leading to various splats...

CVE-2025-38309

CVE-2025-38309 affects the Linux kernel’s drm/xe/vm path. The root cause is that during vm creation, the code may call xe_svm_fini() on the error path before the SVM state is initialised, causing kernel splats and a fatal NPD. A fix moves xe_svm_init() earlier in xe_svm lifecycle to ensure proper...

CVE-2025-38036

In the Linux kernel, the following vulnerability has been resolved: drm/xe/vf: Perform early GT MMIO initialization to read GMDID VFs need to communicate with the GuC to obtain the GMDID value and existing GuC functions used for that assume that the GT has it's MMIO members already setup. However...

CVE-2025-38036

In the Linux kernel, the following vulnerability has been resolved: drm/xe/vf: Perform early GT MMIO initialization to read GMDID VFs need to communicate with the GuC to obtain the GMDID value and existing GuC functions used for that assume that the GT has it's MMIO members already setup. However...

CVE-2025-38036

The CVE-2025-38036 entry describes a Linux kernel issue in drm/xe/vf where GuC communication required GT MMIO to be initialized. Root cause: gt->mmio was initialized late due to recent refactoring, causing GuC calls to xe_mmio_read|write() to crash with an NPD when attempting to access MMIO ad...

CVE-2025-38036 drm/xe/vf: Perform early GT MMIO initialization to read GMDID

In the Linux kernel, the following vulnerability has been resolved: drm/xe/vf: Perform early GT MMIO initialization to read GMDID VFs need to communicate with the GuC to obtain the GMDID value and existing GuC functions used for that assume that the GT has it's MMIO members already setup. However...

CVE-2025-23131

CVE-2025-23131 affects the Linux kernel in the DLM subsystem. The issue occurs when do_uevent returns a positive value written to event_done; this value previously caused new_lockspace to consider it a success, leaving lockspace uninitialized and leading to a NULL pointer dereference in dlm_find_...

CVE-2025-23131 dlm: prevent NPD when writing a positive value to event_done

In the Linux kernel, the following vulnerability has been resolved: dlm: prevent NPD when writing a positive value to eventdone douevent returns the value written to eventdone. In case it is a positive value, newlockspace would undo all the work, and lockspace would not be set. dlmnewlockspace,...

CVE-2025-22093 drm/amd/display: avoid NPD when ASIC does not support DMUB

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: avoid NPD when ASIC does not support DMUB ctx-dmubsrv will de NULL if the ASIC does not support DMUB, which is tested in dmdmubswinit. However, it will be dereferenced in dmubhwlockmgrcmd if shouldusedmublock...

SUSE CVE-2024-46866

In the Linux kernel, the following vulnerability has been resolved: drm/xe/client: add missing bo locking in showmeminfo bomeminfo wants to inspect bo state like tt and the ttm resource, however this state can change at any point leading to stuff like NPD and UAF, if the bo lock is not held. Grab...

CVE-2024-46866

A vulnerability in the Linux kernel's drm/xe/client driver was resolved. This issue was resolved by adding the missing buffer object BO locking in the showmeminfo function. Inspecting the BO state without this lock led to a NULL pointer dereference NPD or use-after-free UAF issues due to concurre...

CVE-2024-46866 drm/xe/client: add missing bo locking in show_meminfo()

In the Linux kernel, the following vulnerability has been resolved: drm/xe/client: add missing bo locking in showmeminfo bomeminfo wants to inspect bo state like tt and the ttm resource, however this state can change at any point leading to stuff like NPD and UAF, if the bo lock is not held. Grab...

CVE-2024-46866

CVE-2024-46866 is a Linux kernel DRM-XE issue: bo_meminfo() can inspect bo state (tt/ttm) without holding the bo lock, allowing state changes that may cause NPD or UAF. The fix grabs the bo lock during bo_meminfo() and adds a ref for object_idr; v2 also introduces xe_bo_assert_held(). Concrete de...

CVE-2024-43894 drm/client: fix null pointer dereference in drm_client_modeset_probe

In the Linux kernel, the following vulnerability has been resolved: drm/client: fix null pointer dereference in drmclientmodesetprobe In drmclientmodesetprobe, the return value of drmmodeduplicate is assigned to modeset-mode, which will lead to a possible NULL pointer dereference on failure of...

CVE-2024-42091

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Check pat.ops before dumping PAT settings We may leave pat.ops unset when running on brand new platform or when running as a VF. While the former is unlikely, the latter is valid future use case and will cause NPD when...

CVE-2024-42091 drm/xe: Check pat.ops before dumping PAT settings

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Check pat.ops before dumping PAT settings We may leave pat.ops unset when running on brand new platform or when running as a VF. While the former is unlikely, the latter is valid future use case and will cause NPD when...

CVE-2023-52826

In the Linux kernel, the following vulnerability has been resolved: drm/panel/panel-tpo-tpg110: fix a possible null pointer dereference In tpg110getmodes, the return value of drmmodeduplicate is assigned to mode, which will lead to a NULL pointer dereference on failure of drmmodeduplicate. Add a...

Null pointer dereference

In the Linux kernel, the following vulnerability has been resolved: hamradio: improve the incomplete fix to avoid NPD The previous commit 3e0588c291d6 "hamradio: defer ax25 kfree after unregisternetdev" reorder the kfree operations and unregisternetdev operation to prevent UAF. This commit improv...