174 matches found
CVE-2025-37778
CVE-2025-37778 affects the Linux kernel’s ksmbd/kerberos path. The issue is a dangling pointer in krb_authenticate: it frees sess->user and may not null it; ksmbd_krb5_authenticate reinitialises sess->user, but may return without doing so, causing smb2_sess_setup to access freed memory. The...
CVE-2025-37765 drm/nouveau: prime: fix ttm_bo_delayed_delete oops
In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: prime: fix ttmbodelayeddelete oops Fix an oops in ttmbodelayeddelete which results from dererencing a dangling pointer: Oops: general protection fault, probably for non-canonical address 0x6b6b6b6b6b6b6b7b: 0000 1...
CVE-2025-37755 net: libwx: handle page_pool_dev_alloc_pages error
In the Linux kernel, the following vulnerability has been resolved: net: libwx: handle pagepooldevallocpages error pagepooldevallocpages could return NULL. There was a WARNON!page but it would still proceed to use the NULL pointer and then crash. This is similar to commit 001ba0902046 "net: fec:...
SUSE-SU-2025:1413-1 Security update for augeas
This update for augeas fixes the following issues: - CVE-2025-2588: Check for NULL pointers when calling recaseexpand in function faexpandnocase. bsc1239909...
SUSE-SU-2025:1276-1 Security update for the Linux Kernel (Live Patch 19 for SLE 15 SP5)
This update for the Linux Kernel 5.14.21-1505005580 fixes one issue. The following security issue was fixed: - CVE-2024-56600: net: inet6: do not leave a dangling sk pointer in inet6create bsc1235218...
Security update for the Linux Kernel (Live Patch 46 for SLE 15 SP3)
This update for the Linux Kernel 5.3.18-15030059167 fixes several issues. The following security issues were fixed: CVE-2022-49014: net: tun: Fix use-after-free in tundetach bsc1232818. CVE-2022-49563: crypto: qat - add param check for RSA bsc1238788. CVE-2022-49564: crypto: qat - add param check...
Security update for the Linux Kernel (Live Patch 47 for SLE 15 SP3)
This update for the Linux Kernel 5.3.18-15030059170 fixes several issues. The following security issues were fixed: CVE-2022-49014: net: tun: Fix use-after-free in tundetach bsc1232818. CVE-2022-49563: crypto: qat - add param check for RSA bsc1238788. CVE-2022-49564: crypto: qat - add param check...
CVE-2025-31115
The CVE-2025-31115 affects XZ Utils’ liblzma multithreaded .xz decoder (lzma_stream_decoder_mt) in versions 5.3.3alpha through 5.8.0. The issue can cause a crash with heap-use-after-free and writes to memory based on a NULL pointer plus an offset, impacting applications/libraries that invoke the ...
CVE-2025-31115
XZ Utils provide a general-purpose data-compression library plus command-line tools. In XZ Utils 5.3.3alpha to 5.8.0, the multithreaded .xz decoder in liblzma has a bug where invalid input can at least result in a crash. The effects include heap use after free and writing to an address based on t...
CVE-2025-22006
In the Linux kernel, the following vulnerability has been resolved: net: ethernet: ti: am65-cpsw: Fix NAPI registration sequence Registering the interrupts for TX or RX DMA Channels prior to registering their respective NAPI callbacks can result in a NULL pointer dereference. This is seen in...
Azure Linux 3.0 Security Update: kernel (CVE-2024-56587)
The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-56587 advisory. - In the Linux kernel, the following vulnerability has been resolved: leds: class: Protect brightnessshow with...
CBL Mariner 2.0 Security Update: kernel (CVE-2024-56587)
The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-56587 advisory. - In the Linux kernel, the following vulnerability has been resolved: leds: class: Protect brightnessshow with...
CVE-2024-58060
In the Linux kernel, the following vulnerability has been resolved: bpf: Reject structops registration that uses module ptr and the module btfid is missing There is a UAF report in the bpfstructops when CONFIGMODULES=n. In particular, the report is on tcpcongestionops that has a "struct module...
Linux Distros Unpatched Vulnerability : CVE-2025-21697
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Ensure job pointer is set to NULL after job completion After a job completes, the...
Linux Distros Unpatched Vulnerability : CVE-2024-49904
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/amdgpu: add list empty check to avoid null pointer issue Add list empty check to avoid null pointer issues in some corner cases. - listforeachentrysafe...
Linux Distros Unpatched Vulnerability : CVE-2021-44960
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In SVGPP SVG++ library 1.3.0, the XMLDocument::getRoot function in the renderDocument function handled the XMLDocument object improperly, returning a null point...
Linux Distros Unpatched Vulnerability : CVE-2023-52492
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: dmaengine: fix NULL pointer in channel unregistration function dmaasyncdevicechannelregister...
Linux Distros Unpatched Vulnerability : CVE-2023-32724
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Memory pointer is in a property of the Ducktape object. This leads to multiple vulnerabilities related to direct memory access and manipulation. CVE-2023-32724...
Linux Distros Unpatched Vulnerability : CVE-2024-26747
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - usb: roles: fix NULL pointer issue when put module's reference In current design, usb role class driver will get usbroleswitch parent's module reference after t...
Linux Distros Unpatched Vulnerability : CVE-2022-49187
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: clk: Fix clkhwgetclk when dev is NULL Any registered clkcore structure can have a NULL point...