CLSA-2025-1761074747 kernel: Fix of 39 CVEs

nfs: fix UAF in direct writes CVE-2024-26958 - NFSD: Fix the behavior of READ near OFFSETMAX CVE-2022-48827 - thermal: core: prevent potential string overflow CVE-2023-52868 - ath5k: fix OOB in ath5keepromreadpcalinfo5111 CVE-2021-47633 - RDMA/cma: Ensure rdmaaddrcancel happens before issuing...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987632)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987632 advisory. In the Linux kernel, the following vulnerability has been resolved: drivers: staging: rtl8192u: Fix deadlock in ieee80211beaconsstop There is a deadlock in...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987660)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987660 advisory. In the Linux kernel, the following vulnerability has been resolved: drivers: tty: serial: Fix deadlock in sa1100settermios There is a deadlock in sa1100settermios,...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987555)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987555 advisory. In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix call timer start racing with call destruction The rxrpccall struct has a timer used to...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987665)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987665 advisory. In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Use deltimersync in fw reset flow of halting poll Substitute deltimer with deltimersync...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987636)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987636 advisory. In the Linux kernel, the following vulnerability has been resolved: drivers: usb: host: Fix deadlock in oxubussuspend There is a deadlock in oxubussuspend, which is...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987575)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987575 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: xtIDLETIMER: fix panic that occurs when timertype has garbage value Currently, when th...

WordPress WPC Countdown Timer for WooCommerce plugin <= 3.1.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin WPC Countdown Timer for WooCommerce versions = 3.1.4...

UBUNTU-CVE-2025-40003

In the Linux kernel, the following vulnerability has been resolved: net: mscc: ocelot: Fix use-after-free caused by cyclic delayed work The origin code calls canceldelayedwork in ocelotstatsdeinit to cancel the cyclic delayed work item ocelot-statswork. However, canceldelayedwork may fail to canc...

CVE-2025-40003

CVE-2025-40003 : In the Linux kernel’s mscc/ocelot code, use-after-free can occur due to cyclic delayed work being canceled inadequately during deinitialization. The code in ocelot_stats_deinit() calls cancel_delayed_work(), which may fail to stop a work item if it is already executing; the delay...

SUSE CVE-2025-39994

In the Linux kernel, the following vulnerability has been resolved: media: tuner: xc5000: Fix use-after-free in xc5000release The original code uses canceldelayedwork in xc5000release, which does not guarantee that the delayed work item timersleep has fully completed if it was already running. Th...

SUSE CVE-2025-39995

In the Linux kernel, the following vulnerability has been resolved: media: i2c: tc358743: Fix use-after-free bugs caused by orphan timer in probe The state-timer is a cyclic timer that schedules worki2cpoll and delayedworkenablehotplug, while rearming itself. Using timerdelete fails to guarantee...

media: i2c: tc358743: Fix use-after-free bugs caused by orphan timer in probe

...

EUVD-2025-34578

In the Linux kernel, the following vulnerability has been resolved: media: i2c: tc358743: Fix use-after-free bugs caused by orphan timer in probe The state-timer is a cyclic timer that schedules worki2cpoll and delayedworkenablehotplug, while rearming itself. Using timerdelete fails to guarantee...

CVE-2025-39995

In the Linux kernel, the following vulnerability has been resolved: media: i2c: tc358743: Fix use-after-free bugs caused by orphan timer in probe The state-timer is a cyclic timer that schedules worki2cpoll and delayedworkenablehotplug, while rearming itself. Using timerdelete fails to guarantee...

CVE-2025-39994

In the Linux kernel, the following vulnerability has been resolved: media: tuner: xc5000: Fix use-after-free in xc5000release The original code uses canceldelayedwork in xc5000release, which does not guarantee that the delayed work item timersleep has fully completed if it was already running. Th...

CVE-2025-39997

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: fix race condition to UAF in sndusbmidifree The previous commit 0718a78f6a9f "ALSA: usb-audio: Kill timer properly at removal" patched a UAF issue caused by the error timer. However, because the error timer kill...

DEBIAN-CVE-2025-39995

In the Linux kernel, the following vulnerability has been resolved: media: i2c: tc358743: Fix use-after-free bugs caused by orphan timer in probe The state-timer is a cyclic timer that schedules worki2cpoll and delayedworkenablehotplug, while rearming itself. Using timerdelete fails to guarantee...

UBUNTU-CVE-2025-39997

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: fix race condition to UAF in sndusbmidifree The previous commit 0718a78f6a9f "ALSA: usb-audio: Kill timer properly at removal" patched a UAF issue caused by the error timer. However, because the error timer kill...

UBUNTU-CVE-2025-39994

In the Linux kernel, the following vulnerability has been resolved: media: tuner: xc5000: Fix use-after-free in xc5000release The original code uses canceldelayedwork in xc5000release, which does not guarantee that the delayed work item timersleep has fully completed if it was already running. Th...