SUSE CVE-2025-37771

In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Prevent division by zero The user can set any speed value. If speed is greater than UINTMAX/8, division by zero is possible. Found by Linux Verification Center linuxtesting.org with SVACE...

DEBIAN-CVE-2022-49907

In the Linux kernel, the following vulnerability has been resolved: net: mdio: fix undefined behavior in bit shift for mdiobusregister Shifting signed 32-bit value by 31 bits is undefined, so changing significant bit to unsigned. The UBSAN warning calltrace like below: UBSAN: shift-out-of-bounds ...

DEBIAN-CVE-2022-49885

In the Linux kernel, the following vulnerability has been resolved: ACPI: APEI: Fix integer overflow in ghesestatuspoolinit Change numghes from int to unsigned int, preventing an overflow and causing subsequent vmalloc to fail. The overflow happens in ghesestatuspoolinit when calculating len duri...

UBUNTU-CVE-2022-49789

In the Linux kernel, the following vulnerability has been resolved: scsi: zfcp: Fix double free of FSF request when qdio send fails We used to use the wrong type of integer in 'zfcpfsfreqsend' to cache the FSF request ID when sending a new FSF request. This is used in case the sending fails and w...

UBUNTU-CVE-2022-49885

In the Linux kernel, the following vulnerability has been resolved: ACPI: APEI: Fix integer overflow in ghesestatuspoolinit Change numghes from int to unsigned int, preventing an overflow and causing subsequent vmalloc to fail. The overflow happens in ghesestatuspoolinit when calculating len duri...

UBUNTU-CVE-2022-49907

In the Linux kernel, the following vulnerability has been resolved: net: mdio: fix undefined behavior in bit shift for mdiobusregister Shifting signed 32-bit value by 31 bits is undefined, so changing significant bit to unsigned. The UBSAN warning calltrace like below: UBSAN: shift-out-of-bounds ...

DEBIAN-CVE-2025-37769

In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm/smu11: Prevent division by zero The user can set any speed value. If speed is greater than UINTMAX/8, division by zero is possible. Found by Linux Verification Center linuxtesting.org with SVACE. cherry picked from...

DEBIAN-CVE-2025-37767

In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Prevent division by zero The user can set any speed value. If speed is greater than UINTMAX/8, division by zero is possible. Found by Linux Verification Center linuxtesting.org with SVACE...

UBUNTU-CVE-2025-37770

In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Prevent division by zero The user can set any speed value. If speed is greater than UINTMAX/8, division by zero is possible. Found by Linux Verification Center linuxtesting.org with SVACE...

UBUNTU-CVE-2025-37767

In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Prevent division by zero The user can set any speed value. If speed is greater than UINTMAX/8, division by zero is possible. Found by Linux Verification Center linuxtesting.org with SVACE...

UBUNTU-CVE-2025-37766

In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Prevent division by zero The user can set any speed value. If speed is greater than UINTMAX/8, division by zero is possible. Found by Linux Verification Center linuxtesting.org with SVACE...

CVE-2022-49885 ACPI: APEI: Fix integer overflow in ghes_estatus_pool_init()

In the Linux kernel, the following vulnerability has been resolved: ACPI: APEI: Fix integer overflow in ghesestatuspoolinit Change numghes from int to unsigned int, preventing an overflow and causing subsequent vmalloc to fail. The overflow happens in ghesestatuspoolinit when calculating len duri...

Security update for freetype2

This update for freetype2 fixes the following issues: Update to 2.13.2: Some fields in the FTOutline structure have been changed from signed to unsigned type, which better reflects the actual usage. It is also an additional means to protect against malformed input. Rare double-free crashes in the...

SUSE CVE-2025-22122

In the Linux kernel, the following vulnerability has been resolved: block: fix adding folio to bio 4GB folio is possible on some ARCHs, such as aarch64, 16GB hugepage is supported, then 'offset' of folio can't be held in 'unsigned int', cause warning in bioaddfolionofail and IO failure. Fix it by...

SUSE CVE-2025-22091

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix pagesize variable overflow Change all variables storing mlx5umemmkcfindbestpgsz result to unsigned long to support values larger than 31 and avoid overflow. For example: If we try to register 4GB of memory that is...

SUSE CVE-2025-22039

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix overflow in dacloffset bounds check The dacloffset field was originally typed as int and used in an unchecked addition, which could overflow and bypass the existing bounds check in both smbcheckpermdacl and...

CVE-2025-22091

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix pagesize variable overflow Change all variables storing mlx5umemmkcfindbestpgsz result to unsigned long to support values larger than 31 and avoid overflow. For example: If we try to register 4GB of memory that is...

DEBIAN-CVE-2025-22091

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix pagesize variable overflow Change all variables storing mlx5umemmkcfindbestpgsz result to unsigned long to support values larger than 31 and avoid overflow. For example: If we try to register 4GB of memory that is...

UBUNTU-CVE-2025-22091

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix pagesize variable overflow Change all variables storing mlx5umemmkcfindbestpgsz result to unsigned long to support values larger than 31 and avoid overflow. For example: If we try to register 4GB of memory that is...

DEBIAN-CVE-2025-22039

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix overflow in dacloffset bounds check The dacloffset field was originally typed as int and used in an unchecked addition, which could overflow and bypass the existing bounds check in both smbcheckpermdacl and...