xorg-x11-server: DeepCopyPointerClasses use-after-free leads to privilege elevation

A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo and ProcXkbGetDeviceInfo to read and write into freed memory. This can lead to local privilege elevation on systems where the X server runs...

RockyLinux 8 : kernel-rt (RLSA-2025:11299)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:11299 advisory. kernel: cifs: potential buffer overflow in handling symlinks CVE-2022-49058 kernel: media: uvcvideo: Remove dangling pointers CVE-2024-58002 kernel:...

SUSE CVE-2025-38377

In the Linux kernel, the following vulnerability has been resolved: rose: fix dangling neighbour pointers in rosertdevicedown There are two bugs in rosertdevicedown that can cause use-after-free: 1. The loop bound t-count is modified within the loop, which can cause the loop to terminate early an...

RLSA-2025:11299 Moderate: kernel-rt security update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: cifs: potential buffer overflow in handling symlinks CVE-2022-49058 kernel: media: uvcvideo: Remove dangling pointers CVE-2024-580...

SUSE CVE-2025-38457

In the Linux kernel, the following vulnerability has been resolved: net/sched: Abort tcmodifyqdisc if parent class does not exist Lion's patch 1 revealed an ancient bug in the qdisc API. Whenever a user creates/modifies a qdisc specifying as a parent another qdisc, the qdisc API will, during...

UBUNTU-CVE-2025-38433

In the Linux kernel, the following vulnerability has been resolved: riscv: fix runtime constant support for nommu kernels the runtimefixup32 function does not handle the case where val is zero correctly as might occur when patching a nommu kernel and referring to a physical address below the 4GiB...

UBUNTU-CVE-2025-38408

In the Linux kernel, the following vulnerability has been resolved: genirq/irqsim: Initialize work context pointers properly Initialize ops member's pointers properly by using kzalloc instead of kmalloc when allocating the simulation work context. Otherwise the pointers contain random content...

CVE-2025-38408

In the Linux kernel, the following vulnerability has been resolved: genirq/irqsim: Initialize work context pointers properly Initialize ops member's pointers properly by using kzalloc instead of kmalloc when allocating the simulation work context. Otherwise the pointers contain random content...

CVE-2025-38408 genirq/irq_sim: Initialize work context pointers properly

In the Linux kernel, the following vulnerability has been resolved: genirq/irqsim: Initialize work context pointers properly Initialize ops member's pointers properly by using kzalloc instead of kmalloc when allocating the simulation work context. Otherwise the pointers contain random content...

CVE-2025-38408 genirq/irq_sim: Initialize work context pointers properly

In the Linux kernel, the following vulnerability has been resolved: genirq/irqsim: Initialize work context pointers properly Initialize ops member's pointers properly by using kzalloc instead of kmalloc when allocating the simulation work context. Otherwise the pointers contain random content...

CVE-2025-38408

CVE-2025-38408 resolves a Linux kernel issue in genirq/irq_sim where the simulation work context pointers were not initialized safely. The root cause is using kmalloc() to allocate the simulation work context, which could leave pointers with random content and lead to invalid dereferences. The fi...

OESA-2025-1880 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: bpf: consider that tail calls invalidate packet pointers Tail-called programs could execute any of the helpers that invalidate packet pointers. Hence,...

UBUNTU-CVE-2025-38377

In the Linux kernel, the following vulnerability has been resolved: rose: fix dangling neighbour pointers in rosertdevicedown There are two bugs in rosertdevicedown that can cause use-after-free: 1. The loop bound t-count is modified within the loop, which can cause the loop to terminate early an...

CVE-2025-38377 rose: fix dangling neighbour pointers in rose_rt_device_down()

In the Linux kernel, the following vulnerability has been resolved: rose: fix dangling neighbour pointers in rosertdevicedown There are two bugs in rosertdevicedown that can cause use-after-free: 1. The loop bound t-count is modified within the loop, which can cause the loop to terminate early an...

CVE-2025-38377

CVE-2025-38377 : Linux kernel vulnerability in rose_rt_device_down() can cause use-after-free by corrupting the neighbour loop (loop bound altered and index increment after removal). A reverse-iteration fix with a fixed loop bound was applied to ensure all entries are examined and removals do not...

CVE-2025-38377

In the Linux kernel, the following vulnerability has been resolved: rose: fix dangling neighbour pointers in rosertdevicedown There are two bugs in rosertdevicedown that can cause use-after-free: 1. The loop bound t-count is modified within the loop, which can cause the loop to terminate early an...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from a transport assignment contention condition that could lead to the use of obsolete pointers...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the mishandling of neighbor pointers in rosertdevicedown could lead to reuse after release...

kernel: media: uvcvideo: Remove dangling pointers

A dangling pointer vulnerability was found in the Linux kernel. When an async control is written, a copy of a pointer is made in the file handle that started the operation. If the user closes that file descriptor, its structure will be freed and there will be one dangling pointer per pending asyn...

kernel: media: uvcvideo: Remove dangling pointers

A dangling pointer vulnerability was found in the Linux kernel. When an async control is written, a copy of a pointer is made in the file handle that started the operation. If the user closes that file descriptor, its structure will be freed and there will be one dangling pointer per pending asyn...