Linux Distros Unpatched Vulnerability : CVE-2023-54114

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: nsh: Use correct macoffset to unwind gso skb in nshgsosegment As the call trace shows, skbpanic was caused by wrong skb-macheader in nshgsosegment: invali...

PT-2025-53191

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.3.0-next-20230505 1 Description The issue lies within the network stack, specifically in the handling of Network Namespace Segmentation NSH with Generic Segmentation Offload GSO. A flaw in the nsh gso segment...

kernel: ALSA: usb-audio: Validate UAC3 cluster segment descriptors

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Validate UAC3 cluster segment descriptors UAC3 class segment descriptors need to be verified whether their sizes match with the declared lengths and whether they fit with the allocated buffer sizes, too. Otherwis...

kernel: skbuff: skb_segment, Call zero copy functions before using skbuff frags

In the Linux kernel, the following vulnerability has been resolved: skbuff: skbsegment, Call zero copy functions before using skbuff frags Commit bf5c25d60861 "skbuff: in skbsegment, call zerocopy functions once per nskb" added the call to zero copy functions in skbsegment. The change introduced ...

UBUNTU-CVE-2025-68240

In the Linux kernel, the following vulnerability has been resolved: nilfs2: avoid having an active sctimer before freeing sci Because kthreadstop did not stop sctask properly and returned -EINTR, the sctimer was not properly closed, ultimately causing the problem 1 reported by syzbot when freeing...

CVE-2025-68291

The CVE-2025-68291 issue affects the Linux kernel MPTCP path: in mptcp_do_fastclose(), rcv_mss was not initialised before triggering tcp_send_active_reset(), leading to a divide-by-zero in __tcp_select_window() for MPTCP sockets. The fix mirrors a prior bare-TCP patch by initialising rcv_mss (to ...

CVE-2025-68291 mptcp: Initialise rcv_mss before calling tcp_send_active_reset() in mptcp_do_fastclose().

In the Linux kernel, the following vulnerability has been resolved: mptcp: Initialise rcvmss before calling tcpsendactivereset in mptcpdofastclose. syzbot reported divide-by-zero in tcpselectwindow by MPTCP socket. 0 We had a similar issue for the bare TCP and fixed in commit 499350a5a6e7 "tcp:...

CVE-2025-68240

The CVE-2025-68240 entry concerns the Linux kernel nilfs2 subsystem. The described vulnerability arose because a sc_timer could remain active when freeing sci, caused by kthread_stop not reliably stopping sc_task (returning -EINTR), leaving the timer improperly closed. The remediation uses timer_...

CVE-2025-68240 nilfs2: avoid having an active sc_timer before freeing sci

In the Linux kernel, the following vulnerability has been resolved: nilfs2: avoid having an active sctimer before freeing sci Because kthreadstop did not stop sctask properly and returned -EINTR, the sctimer was not properly closed, ultimately causing the problem 1 reported by syzbot when freeing...

CVE-2023-53839

In the Linux kernel, the following vulnerability has been resolved: dccp: fix data-race around dp-dccpsmsscache dccpsendmsg reads dp-dccpsmsscache before locking the socket. Same thing in dodccpgetsockopt. Add READONCE/WRITEONCE annotations, and change dccpsendmsg to check again dccpsmsscache aft...

CVE-2023-53839

In the Linux kernel, the following vulnerability has been resolved: dccp: fix data-race around dp-dccpsmsscache dccpsendmsg reads dp-dccpsmsscache before locking the socket. Same thing in dodccpgetsockopt. Add READONCE/WRITEONCE annotations, and change dccpsendmsg to check again dccpsmsscache aft...

PT-2025-49424

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel related to io uring, specifically a truncation issue within the io estimate bvec size function. This truncation can lead to corruption issues. The probl...

kernel: skbuff: skb_segment, Call zero copy functions before using skbuff frags

In the Linux kernel, the following vulnerability has been resolved: skbuff: skbsegment, Call zero copy functions before using skbuff frags Commit bf5c25d60861 "skbuff: in skbsegment, call zerocopy functions once per nskb" added the call to zero copy functions in skbsegment. The change introduced ...

[SECURITY] Fedora 43 Update: persepolis-5.1.1-6.fc43

Persepolis is a Download Manager written in Python. - Multi segment downloading - Scheduling downloads - Download queuing - Finding and downloading video from Youtube, Vimeo, DailyMotion,...

Oracle Linux 10 : ELSA-2025-20095-0: / kernel (ELSA-2025-200950)

The remote Oracle Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-200950 advisory. - selftests: tls: add tests for zero-length records CKI Backport Bot RHEL-114328 CVE-2025-39682 - tls: fix handling of zero-length records on the...

PT-2025-51695

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contained a flaw within the MPTCP implementation. Specifically, the rcv mss was not initialized before being used in the tcp send active reset function within mptcp do...

kernel: ALSA: usb-audio: Validate UAC3 cluster segment descriptors

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Validate UAC3 cluster segment descriptors UAC3 class segment descriptors need to be verified whether their sizes match with the declared lengths and whether they fit with the allocated buffer sizes, too. Otherwis...

kernel: ipv6: sr: Fix MAC comparison to be constant-time

In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this...

kernel: ALSA: usb-audio: Validate UAC3 cluster segment descriptors

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Validate UAC3 cluster segment descriptors UAC3 class segment descriptors need to be verified whether their sizes match with the declared lengths and whether they fit with the allocated buffer sizes, too. Otherwis...

SUSE-SU-2025:21064-1 Security update for the Linux Kernel

The SUSE Linux Enterprise Micro 6.0 and 6.1 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2025-38008: mm/pagealloc: fix race condition in unaccepted memory handling bsc1244939. - CVE-2025-38539: trace/fgraph: Fix the warning caused by...