Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Softwarenodegetreferenceargs: A OOB check was corrected. Softwarenodegetreferenceargs attempts to retrieve the @index-th element. The property value requires at least index + 1 sizeofref bytes. However, this condition cannot be...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: i2c: core: Fixed the double-free of fwnode in i2cunregisterdevice. Before committing the change df6d7277e552 “i2c: core: Do not dereference fwnode in struct device”, i2cunregisterdevice only called fwnodehandleput on ofnode-s by...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005678)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005678 advisory. In the Linux kernel, the following vulnerability has been resolved: software node: Correct a OOB check in softwarenodegetreferenceargs softwarenodegetreferenceargs...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-005463)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005463 advisory. In the Linux kernel, the following vulnerability has been resolved: software node: Correct a OOB check in softwarenodegetreferenceargs softwarenodegetreferenceargs...

Azure Linux 3.0 Security Update: kernel (CVE-2025-38342)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-38342 advisory. - In the Linux kernel, the following vulnerability has been resolved: software node: Correct a OOB check in...

CLSA-2026-1768663754 kernel: Fix of 38 CVEs

ALSA: usb-audio: Fix out-of-bounds read in sndusbgetaudioformatuac3 CVE-2025-38249 - drm/i915/gt: Fix timeline left held on VMA alloc error CVE-2025-38389 - md/raid1: Fix stack memory use after return in raid1reshape CVE-2025-38445 - atm: clip: Fix infinite recursive call of clippush...

EUVD-2025-20904

Malicious code in bioql PyPI...

EUVD-2025-26787

Malicious code in bioql PyPI...

SUSE CVE-2025-38682

In the Linux kernel, the following vulnerability has been resolved: i2c: core: Fix double-free of fwnode in i2cunregisterdevice Before commit df6d7277e552 "i2c: core: Do not dereference fwnode in struct device", i2cunregisterdevice only called fwnodehandleput on ofnode-s in the form of calling...

CVE-2025-38682

In the Linux kernel, the following vulnerability has been resolved: i2c: core: Fix double-free of fwnode in i2cunregisterdevice Before commit df6d7277e552 "i2c: core: Do not dereference fwnode in struct device", i2cunregisterdevice only called fwnodehandleput on ofnode-s in the form of calling...

UBUNTU-CVE-2025-38682

In the Linux kernel, the following vulnerability has been resolved: i2c: core: Fix double-free of fwnode in i2cunregisterdevice Before commit df6d7277e552 "i2c: core: Do not dereference fwnode in struct device", i2cunregisterdevice only called fwnodehandleput on ofnode-s in the form of calling...

CVE-2025-38682 i2c: core: Fix double-free of fwnode in i2c_unregister_device()

In the Linux kernel, the following vulnerability has been resolved: i2c: core: Fix double-free of fwnode in i2cunregisterdevice Before commit df6d7277e552 "i2c: core: Do not dereference fwnode in struct device", i2cunregisterdevice only called fwnodehandleput on ofnode-s in the form of calling...

CVE-2025-38682

The CVE-2025-38682 entry details a Linux kernel vulnerability in i2c core: i2c_unregister_device() could double-free a fwnode when the i2c_client has a software-node as its primary fwnode. The root cause was unconditional fwnode_handle_put() on the i2c_client, which, if a software fwnode is prima...

CVE-2025-38682 i2c: core: Fix double-free of fwnode in i2c_unregister_device()

In the Linux kernel, the following vulnerability has been resolved: i2c: core: Fix double-free of fwnode in i2cunregisterdevice Before commit df6d7277e552 "i2c: core: Do not dereference fwnode in struct device", i2cunregisterdevice only called fwnodehandleput on ofnode-s in the form of calling...

PT-2025-35955

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A double-free vulnerability exists in the i2c core, specifically within the i2c unregister device function. This issue occurs when an i2c client has a software fwnode as its primary...

UBUNTU-CVE-2025-38573

In the Linux kernel, the following vulnerability has been resolved: spi: cs42l43: Property entry should be a null-terminated array The software node does not specify a count of property entries, so the array must be null-terminated. When unterminated, this can lead to a fault in the downstream...

Linux Distros Unpatched Vulnerability : CVE-2025-38342

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - software node: Correct a OOB check in softwarenodegetreferenceargs softwarenodegetreferenceargs wants to get @index-th element, so the property value requires a...

software node: Correct a OOB check in software_node_get_reference_args()

...

The vulnerability of the software_node_get_reference_args() function in the Linux operating system allows a hacker to compromise the confidentiality of the protected information.

The vulnerability of the softwarenodegetreferenceargs function in the Linux operating system is related to reading beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to compromise the confidentiality of the protected information...

SUSE CVE-2025-38342

In the Linux kernel, the following vulnerability has been resolved: software node: Correct a OOB check in softwarenodegetreferenceargs softwarenodegetreferenceargs wants to get @index-th element, so the property value requires at least 'index + 1 sizeofref' bytes but that can not be guaranteed by...