CVE-2025-38267 ring-buffer: Do not trigger WARN_ON() due to a commit_overrun

In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Do not trigger WARNON due to a commitoverrun When reading a memory mapped buffer the reader page is just swapped out with the last page written in the write buffer. If the reader page is the same as the commit buffer...

CVE-2025-21777 ring-buffer: Validate the persistent meta data subbuf array

In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Validate the persistent meta data subbuf array The meta data for a mapped ring buffer contains an array of indexes of all the subbuffers. The first entry is the reader page, and the rest of the entries lay out the...

The vulnerability of the bpf_ringbuf_reserve() function in the Linux operating system, related to writing beyond the buffer boundaries in memory, allows a attacker to execute arbitrary code in the kernel context.

The vulnerability of the bpfringbufreserve function in the Linux operating system is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to execute arbitrary code in the kernel context...

Kernel: KVM: OOB memory access via mmio ring buffer

An out-of-bounds access issue was found in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvmcoalescedmmio' object, wherein write indices 'ring-first' and 'ring-last' value could be supplied by a host user-space...