SUSE CVE-2025-37750

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix UAF in decryption with multichannel After commit f7025d861694 "smb: client: allocate crypto only for primary server" and commit b0abcd65ec54 "smb: client: fix UAF in async decryption", the channels started reusin...

DEBIAN-CVE-2022-49852

In the Linux kernel, the following vulnerability has been resolved: riscv: process: fix kernel info leakage threadstruct's s12 may contain random kernel memory content, which may be finally leaked to userspace. This is a security hole. Fix it by clearing the s12 array in threadstruct when fork. A...

AZL-69737 CVE-2025-37750 affecting package kernel 6.6.126.1-1

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix UAF in decryption with multichannel After commit f7025d861694 "smb: client: allocate crypto only for primary server" and commit b0abcd65ec54 "smb: client: fix UAF in async decryption", the channels started reusin...

SUSE CVE-2025-22024

In the Linux kernel, the following vulnerability has been resolved: nfsd: fix management of listener transports Currently, when no active threads are running, a root user using nfsdctl command can try to remove a particular listener from the list of previously added ones, then start the server by...

DEBIAN-CVE-2025-22009

In the Linux kernel, the following vulnerability has been resolved: regulator: dummy: force synchronous probing Sometimes I get a NULL pointer dereference at boot time in kobjectget with the following call stack: anatopregulatorprobe devmregulatorregister regulatorregister regulatorresolvesupply...

CVE-2025-21436

Memory corruption may occur while initiating two IOCTL calls simultaneously to create processes from two different threads...

CVE-2025-21436

Memory corruption may occur while initiating two IOCTL calls simultaneously to create processes from two different threads...

Azure Linux 3.0 Security Update: kernel (CVE-2024-56670)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-56670 advisory. - In the Linux kernel, the following vulnerability has been resolved: usb: gadget: userial: Fix the issue that...

net: rose: fix timer races against user threads

...

Linux Distros Unpatched Vulnerability : CVE-2024-38667

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - riscv: prevent ptregs corruption for secondary idle threads Top of the kernel thread stack should be reserved for ptregs. However this is not the case for the...

MAL-2025-1633 Malicious code in threads_api_sample (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bdb5d2ffbf67e52e43a62054fde29f4de7d6c5b68dd8fb80a42606e42170325f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

SUSE CVE-2025-21718

In the Linux kernel, the following vulnerability has been resolved: net: rose: fix timer races against user threads Rose timers only acquire the socket spinlock, without checking if the socket is owned by one user thread. Add a check and rearm the timers if needed. BUG: KASAN: slab-use-after-free...

UBUNTU-CVE-2025-21749

In the Linux kernel, the following vulnerability has been resolved: net: rose: lock the socket in rosebind syzbot reported a soft lockup in roseloopbacktimer, with a repro calling bind from multiple threads. rosebind must lock the socket to avoid this issue...

SUSE CVE-2022-49124

In the Linux kernel, the following vulnerability has been resolved: x86/mce: Work around an erratum on fast string copy instructions A rare kernel panic scenario can happen when the following conditions are met due to an erratum on fast string copy instructions: 1 An uncorrected error. 2 That err...

CVE-2025-21749

In the Linux kernel, the following vulnerability has been resolved: net: rose: lock the socket in rosebind syzbot reported a soft lockup in roseloopbacktimer, with a repro calling bind from multiple threads. rosebind must lock the socket to avoid this issue...

DEBIAN-CVE-2022-49264

In the Linux kernel, the following vulnerability has been resolved: exec: Force single empty string when argv is empty Quoting1 Ariadne Conill: "In several other operating systems, it is a hard requirement that the second argument to execve2 be the name of a program, thus prohibiting a scenario...

UBUNTU-CVE-2022-49647

In the Linux kernel, the following vulnerability has been resolved: cgroup: Use separate src/dst nodes when preloading csssets for migration Each cset cssset is pinned by its tasks. When we're moving tasks around across csets for a migration, we need to hold the source and destination csets to...

DEBIAN-CVE-2022-49097

In the Linux kernel, the following vulnerability has been resolved: NFS: Avoid writeback threads getting stuck in mempoolalloc In a low memory situation, allow the NFS writeback code to fail without getting stuck in infinite loops in mempoolalloc...

UBUNTU-CVE-2022-49097

In the Linux kernel, the following vulnerability has been resolved: NFS: Avoid writeback threads getting stuck in mempoolalloc In a low memory situation, allow the NFS writeback code to fail without getting stuck in infinite loops in mempoolalloc...

CVE-2022-49264

CVE-2022-49264 is a Linux kernel issue where execve(2) argv handling could lead to an elevation of privilege. The fix injects a single empty string into argv when argc == 0 and updates argc accordingly, preventing argv from being empty or NULL. The description indicates this is a local privilege-...