kernel: net/sched: Always pass notifications when child class becomes empty

A use-after-free UAF vulnerability was found in the Linux kernel's net/sched subsystem, specifically in the Credit-Based Shaper CBS qdisc implementation schcbs. The vulnerability occurs because the CBS qdisc's reset function qdiscresetqueue only resets its internal queue but fails to reset its...

Security update for the Linux Kernel (Live Patch 23 for SLE 15 SP5)

This update for the Linux Kernel 5.14.21-1505005594 fixes several issues. The following security issues were fixed: CVE-2025-21999: proc: fix UAF in procgetinode bsc1242579. CVE-2022-49053: scsi: target: tcmu: Fix possible page UAF bsc1237930. CVE-2025-38001: netsched: hfsc: Address reentrant...

CLSA-2025-1757699471 kernel: Fix of 13 CVEs

mm/hugetlb: unshare page tables during VMA split, not before CVE-2025-38084 - hugetlb: unshare some PMDs when splitting VMAs CVE-2025-38084 - posix-cpu-timers: fix race between handleposixcputimers and posixcputimerdel CVE-2025-38352 - tipc: Fix use-after-free in tipcconnclose. CVE-2025-38464 -...

Security update for kernel-livepatch-MICRO-6-0_Update_5

This update for kernel-livepatch-MICRO-6-0Update5 fixes the following issues: CVE-2025-38087: net/sched: fix use-after-free in tapriodevnotifier bsc1245505 CVE-2025-21999: proc: fix UAF in procgetinode bsc1242579 CVE-2025-38001: netsched: hfsc: Address reentrant enqueue adding class to eltree twi...

Security update for kernel-livepatch-MICRO-6-0_Update_6

This update for kernel-livepatch-MICRO-6-0Update6 fixes the following issues: CVE-2025-38087: net/sched: fix use-after-free in tapriodevnotifier bsc1245505 CVE-2025-21999: proc: fix UAF in procgetinode bsc1242579 CVE-2025-38001: netsched: hfsc: Address reentrant enqueue adding class to eltree twi...

SUSE-SU-2025:20702-1 Security update for kernel-livepatch-MICRO-6-0_Update_8

This update for kernel-livepatch-MICRO-6-0Update8 fixes the following issues: - CVE-2025-38087: net/sched: fix use-after-free in tapriodevnotifier bsc1245505 - CVE-2025-38001: netsched: hfsc: Address reentrant enqueue adding class to eltree twice bsc1244235 - CVE-2025-38000: schhfsc: Fix qlen...

Security update for the Linux Kernel (Live Patch 57 for SLE 15 SP3)

This update for the Linux Kernel 5.3.18-15030059204 fixes several issues. The following security issues were fixed: CVE-2025-21999: proc: fix UAF in procgetinode bsc1242579. CVE-2025-38001: netsched: hfsc: Address reentrant enqueue adding class to eltree twice bsc1244235. CVE-2025-38000: schhfsc:...

kernel: net/sched: Always pass notifications when child class becomes empty

A use-after-free UAF vulnerability was found in the Linux kernel's net/sched subsystem, specifically in the Credit-Based Shaper CBS qdisc implementation schcbs. The vulnerability occurs because the CBS qdisc's reset function qdiscresetqueue only resets its internal queue but fails to reset its...

SUSE CVE-2025-38719

In the Linux kernel, the following vulnerability has been resolved: net: hibmcge: fix the division by zero issue When the network port is down, the queue is released, and ring-len is 0. In debugfs, hbggetqueueusednum will be called, which may lead to a division by zero issue. This patch adds a...

UBUNTU-CVE-2025-38719

In the Linux kernel, the following vulnerability has been resolved: net: hibmcge: fix the division by zero issue When the network port is down, the queue is released, and ring-len is 0. In debugfs, hbggetqueueusednum will be called, which may lead to a division by zero issue. This patch adds a...

CVE-2025-38719

The CVE-2025-38719 entry concerns the Linux kernelnet hibmcge: when the network port is down, a released queue can yield ring->len = 0, triggering a division by zero in hbg_get_queue_used_num() called from debugfs. The provided patch adds a guard: if ring->len is 0, hbg_get_queue_used_num()...

CVE-2025-38719 net: hibmcge: fix the division by zero issue

In the Linux kernel, the following vulnerability has been resolved: net: hibmcge: fix the division by zero issue When the network port is down, the queue is released, and ring-len is 0. In debugfs, hbggetqueueusednum will be called, which may lead to a division by zero issue. This patch adds a...

CVE-2025-38719 net: hibmcge: fix the division by zero issue

In the Linux kernel, the following vulnerability has been resolved: net: hibmcge: fix the division by zero issue When the network port is down, the queue is released, and ring-len is 0. In debugfs, hbggetqueueusednum will be called, which may lead to a division by zero issue. This patch adds a...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the hibmcge driver not handling division operations correctly when the queue length is zero, which could...

PT-2025-35992

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A division by zero issue was identified in the hibmcge network driver. This issue occurs when a network port is down, leading to the release of the queue and a zero value for ring-len...

kernel: net/sched: Always pass notifications when child class becomes empty

A use-after-free UAF vulnerability was found in the Linux kernel's net/sched subsystem, specifically in the Credit-Based Shaper CBS qdisc implementation schcbs. The vulnerability occurs because the CBS qdisc's reset function qdiscresetqueue only resets its internal queue but fails to reset its...

kernel: sch_hfsc: make hfsc_qlen_notify() idempotent

In the Linux kernel, the following vulnerability has been resolved: schhfsc: make hfscqlennotify idempotent hfscqlennotify is not idempotent either and not friendly to its callers, like fqcodeldequeue. Let's make it idempotent to ease qdisctreereducebacklog callers' life: 1. updatevf decreases...

RHEL 8 : kernel (RHSA-2025:14692)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:14692 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: can: peakusb: fix use after...

RHEL 9 : kernel (RHSA-2025:14744)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:14744 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: driver: base: fix UAF when...

kernel: sch_hfsc: make hfsc_qlen_notify() idempotent

In the Linux kernel, the following vulnerability has been resolved: schhfsc: make hfscqlennotify idempotent hfscqlennotify is not idempotent either and not friendly to its callers, like fqcodeldequeue. Let's make it idempotent to ease qdisctreereducebacklog callers' life: 1. updatevf decreases...