EUVD-2026-25513

In the Linux kernel, the following vulnerability has been resolved: ALSA: usx2y: us144mkii: fix NULL deref on missing interface 0 A malicious USB device with the TASCAM US-144MKII device id can have a configuration containing bInterfaceNumber=1 but no interface 0. USB configuration descriptors ar...

CVE-2022-50877 net: broadcom: bcm4908_enet: update TX stats after actual transmission

In the Linux kernel, the following vulnerability has been resolved: net: broadcom: bcm4908enet: update TX stats after actual transmission Queueing packets doesn't guarantee their transmission. Update TX stats after hardware confirms consuming submitted data. This also fixes a possible race and NU...

SUSE-SU-2025:20946-1 Security update for kernel-livepatch-MICRO-6-0_Update_3

This update for kernel-livepatch-MICRO-6-0Update3 fixes the following issues: - CVE-2024-53164: net: sched: fix ordering of qlen adjustment bsc1246019 - CVE-2025-38664: ice: Fix a null pointer dereference in icecopyandinitpkg bsc1248631 - CVE-2025-38618: vsock: Do not allow binding to VMADDRPORTA...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-986743)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986743 advisory. In the Linux kernel, the following vulnerability has been resolved: KVM: Don't null dereference ops-destroy A KVM device cleanup happens in either of two callbacks: ...

EUVD-2024-51839

Malicious code in bioql PyPI...

EUVD-2022-55134

Malicious code in bioql PyPI...

EUVD-2024-53184

Malicious code in bioql PyPI...

EUVD-2022-54614

Malicious code in bioql PyPI...

EUVD-2024-53259

Malicious code in bioql PyPI...

CVE-2025-38231 nfsd: Initialize ssc before laundromat_work to prevent NULL dereference

In the Linux kernel, the following vulnerability has been resolved: nfsd: Initialize ssc before laundromatwork to prevent NULL dereference In nfs4statestartnet, laundromatwork may access nfsdssc through nfs4laundromat - nfsd4sscexpireumount. If nfsdssc isn't initialized, this can cause NULL point...

CVE-2022-50049

In the Linux kernel, the following vulnerability has been resolved: ASoC: DPCM: Don't pick up BE without substream When DPCM tries to add valid BE connections at dpcmaddpaths, it doesn't check whether the picked BE actually supports for the given stream direction. Due to that, when an asymmetric ...

CVE-2022-50001

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfttproxy: restrict to prerouting hook TPROXY is only allowed from prerouting, but nfttproxy doesn't check this. This fixes a crash null dereference when using tproxy from e.g. output...

CVE-2022-50001

The CVE-2022-50001 issue affects the Linux kernel netfilter component nft_tproxy. The root cause was that TPROXY could be used from non-prerouting paths, leading to a null dereference crash. The fix restricts nft_tproxy to the prerouting hook, requiring a check that it runs only in prerouting. Th...

CVE-2025-37860

In the Linux kernel, the following vulnerability has been resolved: sfc: fix NULL dereferences in ef100processdesignparam Since cited commit, ef100probemain and hence also ef100checkdesignparams run before efx-netdev is created; consequently, we cannot netifsettsomaxsize or segs at this point. Mo...

CVE-2025-37860 sfc: fix NULL dereferences in ef100_process_design_param()

In the Linux kernel, the following vulnerability has been resolved: sfc: fix NULL dereferences in ef100processdesignparam Since cited commit, ef100probemain and hence also ef100checkdesignparams run before efx-netdev is created; consequently, we cannot netifsettsomaxsize or segs at this point. Mo...

CVE-2025-37860

CVE-2025-37860 : Linux kernel sfc/ef100 design-param NULL dereferences fixed by reordering initialization. The vulnerable path allowed ef100_probe_main() and ef100_check_design_params() to run before efx->net_dev was created, enabling NULL dereferences when calling netif_set_tso_max_size() or ...

CVE-2025-22007 Bluetooth: Fix error code in chan_alloc_skb_cb()

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix error code in chanallocskbcb The chanallocskbcb function is supposed to return error pointers on error. Returning NULL will lead to a NULL dereference...

CVE-2025-21857 net/sched: cls_api: fix error handling causing NULL dereference

In the Linux kernel, the following vulnerability has been resolved: net/sched: clsapi: fix error handling causing NULL dereference tcfextsmisscookiebasealloc calls xaalloccyclic which can return 1 if the allocation succeeded after wrapping. This was treated as an error, with value 1 returned to...

CVE-2022-49733

CVE-2022-49733 affects the Linux kernel ALSA: oss subsystem (snd_pcm_oss) with a race in snd_pcm_oss_sync() triggered via SNDCTL_DSP_SYNC. The issue arises because snd_pcm_oss_make_ready() is invoked before acquiring the params_lock, creating a window where another thread can reconfigure the stre...

CVE-2025-21814

CVE-2025-21814 affects the Linux kernel PTP code: ioctl/sysfs handlers call the info->enable callback unconditionally, which can be NULL if the driver doesn’t implement it. Affected drivers include ptp_s390.c, ptp_vclock.c and ptp_mock.c. The fix replaces a missing callback with a dummy one to...