3093 matches found
CVE-2025-21800
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: HWS, fix definer's HWSSET32 macro for negative offset When bit offset for HWSSET32 macro is negative, UBSAN complains about the shift-out-of-bounds: UBSAN: shift-out-of-bounds in...
UBUNTU-CVE-2025-21800
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: HWS, fix definer's HWSSET32 macro for negative offset When bit offset for HWSSET32 macro is negative, UBSAN complains about the shift-out-of-bounds: UBSAN: shift-out-of-bounds in...
CVE-2025-21800
CVE-2025-21800 : Linux kernel fix for net/mlx5: HWS, where definer’s HWS_SET32 macro used a negative bit offset, triggering UBSAN shift-out-of-bounds in drivers/net/ethernet/mellanox/mlx5/core/steering/hws/definer.c (offset -8). This is a local issue with high impact to confidentiality/integrity/...
CVE-2025-21800
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: HWS, fix definer's HWSSET32 macro for negative offset When bit offset for HWSSET32 macro is negative, UBSAN complains about the shift-out-of-bounds: UBSAN: shift-out-of-bounds in...
CVE-2025-21800 net/mlx5: HWS, fix definer's HWS_SET32 macro for negative offset
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: HWS, fix definer's HWSSET32 macro for negative offset When bit offset for HWSSET32 macro is negative, UBSAN complains about the shift-out-of-bounds: UBSAN: shift-out-of-bounds in...
AZL-68970 CVE-2025-21734 affecting package kernel 5.15.200.1-1
In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: Fix copy buffer page size For non-registered buffer, fastrpc driver copies the buffer and pass it to the remote subsystem. There is a problem with current implementation of page size calculation which is not...
DEBIAN-CVE-2025-21734
In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: Fix copy buffer page size For non-registered buffer, fastrpc driver copies the buffer and pass it to the remote subsystem. There is a problem with current implementation of page size calculation which is not...
UBUNTU-CVE-2025-21734
In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: Fix copy buffer page size For non-registered buffer, fastrpc driver copies the buffer and pass it to the remote subsystem. There is a problem with current implementation of page size calculation which is not...
SUSE CVE-2022-49581
In the Linux kernel, the following vulnerability has been resolved: be2net: Fix buffer overflow in begetmoduleeeprom becmdreadporttransceiverdata assumes that it is given a buffer that is at least PAGEDATALEN long, or twice that if the module supports SFF 8472. However, this is not always the cas...
SUSE CVE-2022-49706
In the Linux kernel, the following vulnerability has been resolved: zonefs: fix zonefsiomapbegin for reads If a readahead is issued to a sequential zone file with an offset exactly equal to the current file size, the iomap type is set to IOMAPUNWRITTEN, which will prevent an IO, but the iomap...
SUSE CVE-2022-49723
In the Linux kernel, the following vulnerability has been resolved: drm/i915/reset: Fix errorstateread ptr + offset use Fix our pointer offset usage in errorstateread when there is no i915gpucoredump but buf offset is non-zero. This fixes a kernel page fault can happen when multiple tests are...
DEBIAN-CVE-2024-57953
In the Linux kernel, the following vulnerability has been resolved: rtc: tps6594: Fix integer overflow on 32bit systems The problem is this multiply in tps6594rtcsetoffset tmp = offset TICKSPERHOUR; The "tmp" variable is an s64 but "offset" is a long in the -277774-277774 range. On 32bit systems ...
UBUNTU-CVE-2025-21724
In the Linux kernel, the following vulnerability has been resolved: iommufd/iovabitmap: Fix shift-out-of-bounds in iovabitmapoffsettoindex Resolve a UBSAN shift-out-of-bounds issue in iovabitmapoffsettoindex where shifting the constant "1" of type int by bitmap-mapped.pgshift an unsigned long val...
UBUNTU-CVE-2024-58000
In the Linux kernel, the following vulnerability has been resolved: iouring: prevent reg-wait speculations With ENTEREXTARGREG instead of passing a user pointer with arguments for the waiting loop the user can specify an offset into a pre-mapped region of memory, in which case the offset, offset ...
CVE-2025-21734
In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: Fix copy buffer page size For non-registered buffer, fastrpc driver copies the buffer and pass it to the remote subsystem. There is a problem with current implementation of page size calculation which is not...
CVE-2025-21724
CVE-2025-21724: In the Linux kernel’s iommufd/iova_bitmap, UBSAN shift-out-of-bounds occurred in iova_bitmap_offset_to_index() when shifting the constant 1 by bitmap->mapped.pgshift (unsigned long). If pgshift > 31, the 32-bit int shift overflowed, causing undefined behavior. The fix promot...
CVE-2024-58000
CVE-2024-58000 affects the Linux kernel Io_uring reg-wait path. The root cause is speculative execution on a kernel array indexed by user input when using ENTER_EXT_ARG_REG, which could interpret an offset into a pre-mapped memory region as an argument. The documented fix is to prevent speculativ...
CVE-2024-58000 io_uring: prevent reg-wait speculations
In the Linux kernel, the following vulnerability has been resolved: iouring: prevent reg-wait speculations With ENTEREXTARGREG instead of passing a user pointer with arguments for the waiting loop the user can specify an offset into a pre-mapped region of memory, in which case the offset, offset ...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an integer overflow in the tps6594rtcsetoffset function...
PT-2025-8787 · Linux +1 · Linux Kernel +1
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A vulnerability in the Linux kernel has been resolved, specifically in the io uring component. The issue allowed for reg-wait speculations, which could be exploited by passing a user...