CVE-2025-22011 ARM: dts: bcm2711: Fix xHCI power-domain

In the Linux kernel, the following vulnerability has been resolved: ARM: dts: bcm2711: Fix xHCI power-domain During s2idle tests on the Raspberry CM4 the VPU firmware always crashes on xHCI power-domain resume: root@raspberrypi:/sys/power echo freeze state 70.724347 xhcisuspend finished 70.727730...

CVE-2025-22011

CVE-2025-22011 describes a Linux kernel issue on ARM/bcm2711 in Raspberry Pi CM4 during s2idle when the xHCI power-domain resume triggers a VPU firmware crash. The root cause is the mixed usage of raspberrypi-power and bcm2835-power power domains; the fix is to avoid the VPU power-domain driver, ...

CVE-2025-22011 ARM: dts: bcm2711: Fix xHCI power-domain

In the Linux kernel, the following vulnerability has been resolved: ARM: dts: bcm2711: Fix xHCI power-domain During s2idle tests on the Raspberry CM4 the VPU firmware always crashes on xHCI power-domain resume: root@raspberrypi:/sys/power echo freeze state 70.724347 xhcisuspend finished 70.727730...

PT-2025-15399

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to the mixed usage of raspberrypi-power and bcm2835-power at the same time, causing the VPU firmware to crash on xHCI power-domain resume during s2idle tests on th...

USN-7406-1: Linux kernel vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - GPU drivers; - SMB network file system; - Network namespace; - Networking core; CVE-2024-26928, CVE-2024-56658,...

USN-7379-2: Linux kernel (Raspberry Pi) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - MIPS architecture; - PowerPC architecture; - RISC-V architecture; - S390 architecture; - x86...

Researchers Uncover ~200 Unique C2 Domains Linked to Raspberry Robin Access Broker

A new investigation has unearthed nearly 200 unique command-and-control C2 domains associated with a malware called Raspberry Robin. "Raspberry Robin also known as Roshtyak or Storm-0856 is a complex and evolving threat actor that provides initial access broker IAB services to numerous criminal...

Linux Distros Unpatched Vulnerability : CVE-2024-49963

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mailbox: bcm2835: Fix timeout during suspend mode During noirq suspend phase the Raspberry Pi power driver suffer of firmware property timeouts. The reason is...

USN-7328-1: Linux kernel vulnerabilities

Attila Szász discovered that the HFS+ file system implementation in the Linux Kernel contained a heap overflow vulnerability. An attacker could use a specially crafted file system image that, when mounted, could cause a denial of service system crash or possibly execute arbitrary code...

USN-7325-1: Linux kernel vulnerabilities

Attila Szász discovered that the HFS+ file system implementation in the Linux Kernel contained a heap overflow vulnerability. An attacker could use a specially crafted file system image that, when mounted, could cause a denial of service system crash or possibly execute arbitrary code...

USN-7323-1: Linux kernel vulnerabilities

Attila Szász discovered that the HFS+ file system implementation in the Linux Kernel contained a heap overflow vulnerability. An attacker could use a specially crafted file system image that, when mounted, could cause a denial of service system crash or possibly execute arbitrary code...

Linux Distros Unpatched Vulnerability : CVE-2024-35932

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/vc4: don't check if plane-state-fb == state-fb Currently, when using non-blocking commits, we can see the following kernel warning: 110.908514 ------------...

Linux Distros Unpatched Vulnerability : CVE-2022-49194

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: bcmgenet: Use stronger register read/writes to assure ordering GCC12 appears to be much smarter about its dependency tracking and is aware that the relaxed...

USN-7303-3: Linux kernel vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM32 architecture; - x86 architecture; - Block layer subsystem; - Cryptographic API; - ACPI drivers; - Drivers cor...

CVE-2024-57979

The CVE-2024-57979 entry is supported by connected documents detailing a Linux kernel use-after-free in pps during device teardown. The root cause is described as pps_device_destruct() freeing the pps_device immediately after cdev_del(), while fops from previously opened cdevs may still be callab...

CVE-2024-57979

In the Linux kernel, the following vulnerability has been resolved: pps: Fix a use-after-free On a board running ntpd and gpsd, I'm seeing a consistent use-after-free in sysexit from gpsd when rebooting: pps pps1: removed ------------ cut here ------------ kobject: 'null' 00000000db4bec24: is not...

CVE-2024-57979 pps: Fix a use-after-free

In the Linux kernel, the following vulnerability has been resolved: pps: Fix a use-after-free On a board running ntpd and gpsd, I'm seeing a consistent use-after-free in sysexit from gpsd when rebooting: pps pps1: removed ------------ cut here ------------ kobject: 'null' 00000000db4bec24: is not...

CVE-2024-57979 pps: Fix a use-after-free

In the Linux kernel, the following vulnerability has been resolved: pps: Fix a use-after-free On a board running ntpd and gpsd, I'm seeing a consistent use-after-free in sysexit from gpsd when rebooting: pps pps1: removed ------------ cut here ------------ kobject: 'null' 00000000db4bec24: is not...

USN-7305-1: Linux kernel vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - x86 architecture; - Block layer subsystem; - ACPI drivers; - GPU drivers; - HID subsystem; -...

CVE-2022-49194

In the Linux kernel, the following vulnerability has been resolved: net: bcmgenet: Use stronger register read/writes to assure ordering GCC12 appears to be much smarter about its dependency tracking and is aware that the relaxed variants are just normal loads and stores and this is causing proble...