USN-7874-1: Linux kernel vulnerabilities

Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered that the Linux kernel contained insufficient branch predictor isolation between a guest and a userspace hypervisor for certain processors. This flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this t...

USN-7874-1 linux, linux-aws, linux-aws-5.4, linux-gcp, linux-gcp-5.4, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4, linux-xilinx-zynqmp vulnerabilities

Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered that the Linux kernel contained insufficient branch predictor isolation between a guest and a userspace hypervisor for certain processors. This flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this t...

SUSE-SU-2025:4139-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP4 RT kernel was updated to fix various security issues The following security issues were fixed: - CVE-2022-50327: ACPI: processor: idle: Check acpifetchacpidev return value bsc1249859. - CVE-2022-50334: hugetlbfs: fix null-ptr-deref in hugetlbfsparseparam bsc124985...

Security update for the Linux Kernel

The SUSE Linux Enterprise FIXME kernel was updated to fix various security issues The following security issues were fixed: CVE-2022-50327: ACPI: processor: idle: Check acpifetchacpidev return value bsc1249859. CVE-2022-50334: hugetlbfs: fix null-ptr-deref in hugetlbfsparseparam bsc1249857...

Siemens SCALANCE and RUGGEDCOM Devices Improper Input Validation (CVE-2024-56576)

media: i2c: tc358743: crash in the probe error path when using polling. If an error occurs in the probe function, the polling timer that was alarmed earlier should be removed, otherwise the timer is called with arguments that are already freed, which results in a crash. This plugin only works wit...

CVE-2025-40163

In the Linux kernel, the following vulnerability has been resolved: sched/deadline: Stop dlserver before CPU goes offline IBM CI tool reported kernel warning1 when running a CPU removal operation through drmgr2. i.e "drmgr -c cpu -r -q 1" WARNING: CPU: 0 PID: 0 at kernel/sched/cpudeadline.c:219...

USN-7861-3: Linux kernel vulnerabilities

Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered that the Linux kernel contained insufficient branch predictor isolation between a guest and a userspace hypervisor for certain processors. This flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this t...

USN-7861-3 linux-nvidia-6.8, linux-oracle, linux-oracle-6.8 vulnerabilities

Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered that the Linux kernel contained insufficient branch predictor isolation between a guest and a userspace hypervisor for certain processors. This flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this t...

CVE-2025-40142

In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Disable bottom softirqs as part of spinlockirq on PREEMPTRT sndpcmgrouplockirq acquires a spinlockt and disables interrupts via spinlockirq. This also implicitly disables the handling of softirqs such as TIMERSOFTIRQ. ...

CVE-2025-40163 sched/deadline: Stop dl_server before CPU goes offline

In the Linux kernel, the following vulnerability has been resolved: sched/deadline: Stop dlserver before CPU goes offline IBM CI tool reported kernel warning1 when running a CPU removal operation through drmgr2. i.e "drmgr -c cpu -r -q 1" WARNING: CPU: 0 PID: 0 at kernel/sched/cpudeadline.c:219...

CVE-2025-40142 ALSA: pcm: Disable bottom softirqs as part of spin_lock_irq() on PREEMPT_RT

In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Disable bottom softirqs as part of spinlockirq on PREEMPTRT sndpcmgrouplockirq acquires a spinlockt and disables interrupts via spinlockirq. This also implicitly disables the handling of softirqs such as TIMERSOFTIRQ. ...

CVE-2025-12668

The WP Count Down Timer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters of the 'wpcountdowntimer' shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-990865)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990865 advisory. In the Linux kernel, the following vulnerability has been resolved: MIPS: cevt-r4k: Don't call getc0compareint if timer irq is installed This avoids warning: 0.11805...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-990751)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990751 advisory. In the Linux kernel, the following vulnerability has been resolved: ALSA: timer: Set lower bound of start tick time Currently ALSA timer doesn't have the lower limit...

kernel: smc: Fix use-after-free in tcp_write_timer_handler()

In the Linux kernel, the following vulnerability has been resolved: smc: Fix use-after-free in tcpwritetimerhandler. With Eric's ref tracker, syzbot finally found a repro for use-after-free in tcpwritetimerhandler by kernel TCP sockets. 0 If SMC creates a kernel socket in smccreate, the kernel...

kernel: can: isotp: split tx timer into transmission and timeout

In the Linux kernel, the following vulnerability has been resolved: can: isotp: split tx timer into transmission and timeout The timer for the transmission of isotp PDUs formerly had two functions: 1. send two consecutive frames with a given time gap 2. monitor the timeouts for flow control frame...

kernel: Linux kernel: Denial of Service due to NULL pointer dereference in iSCSI target NOPIN timer handling

A flaw was found in the Linux kernel. The iSCSI Internet Small Computer System Interface target subsystem, which manages network-based storage connections, contains a vulnerability where a NOPIN response timer can improperly expire and restart on a deleted connection. This can lead to a NULL...

kernel: rtc: check if __rtc_read_time was successful in rtc_timer_do_work()

A vulnerability was found in the Linux kernel's RTC driver in the rtctimerdowork function, where the rtcreadtime call may fail. This issue results in uninitialized data in the rtctime struct. It can lead to the generation of extremely large values, causing periodic timer failures and potentially...

EUVD-2025-60934

The WP Count Down Timer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters of the 'wpcountdowntimer' shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

CVE-2025-12668

The WP Count Down Timer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters of the 'wpcountdowntimer' shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...