1534 matches found
AZL-56327 CVE-2025-21672 affecting package kernel 6.6.126.1-1
In the Linux kernel, the following vulnerability has been resolved: afs: Fix merge preference rule failure condition syzbot reported a lock held when returning to userspace1. This is because if argc is less than 0 and the function returns directly, the held inode lock is not released. Fix this by...
AZL-56285 CVE-2025-21672 affecting package kernel 5.15.200.1-1
In the Linux kernel, the following vulnerability has been resolved: afs: Fix merge preference rule failure condition syzbot reported a lock held when returning to userspace1. This is because if argc is less than 0 and the function returns directly, the held inode lock is not released. Fix this by...
UBUNTU-CVE-2025-21672
In the Linux kernel, the following vulnerability has been resolved: afs: Fix merge preference rule failure condition syzbot reported a lock held when returning to userspace1. This is because if argc is less than 0 and the function returns directly, the held inode lock is not released. Fix this by...
CVE-2025-21672
CVE-2025-21672 concerns the Linux kernel, specifically the afs module, where a fix guards against a lock being left held when returning to userspace. The root cause is described as a scenario where if argc is less than 0 and a function returns directly, an inode mutex lock is not released. The pa...
CVE-2025-0662
In some cases, the ktrace facility will log the contents of kernel structures to userspace. In one such case, ktrace dumps a variable-sized sockaddr to userspace. There, the full sockaddr is copied, even when it is shorter than the full size. This can result in up to 14 uninitialized bytes of...
CVE-2025-0662 Uninitialized kernel memory disclosure via ktrace(2)
In some cases, the ktrace facility will log the contents of kernel structures to userspace. In one such case, ktrace dumps a variable-sized sockaddr to userspace. There, the full sockaddr is copied, even when it is shorter than the full size. This can result in up to 14 uninitialized bytes of...
CVE-2025-0662 Uninitialized kernel memory disclosure via ktrace(2)
In some cases, the ktrace facility will log the contents of kernel structures to userspace. In one such case, ktrace dumps a variable-sized sockaddr to userspace. There, the full sockaddr is copied, even when it is shorter than the full size. This can result in up to 14 uninitialized bytes of...
CVE-2025-0662
CVE-2025-0662 affects FreeBSD ktrace(2): the facility can log kernel structures to userspace and, in one case, dump a variable-sized sockaddr, copying the full sockaddr even when shorter, leaking up to 14 uninitialized bytes of kernel memory from a heap allocation to userspace. The issue is explo...
FreeBSD : FreeBSD -- Uninitialized kernel memory disclosure via ktrace(2) (2830b374-debd-11ef-87ba-002590c1f29c)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 2830b374-debd-11ef-87ba-002590c1f29c advisory. In some cases, the ktrace facility will log the contents of kernel structures to userspace. In one such...
FreeBSD -- Uninitialized kernel memory disclosure via ktrace(2)
Problem Description: In some cases, the ktrace facility will log the contents of kernel structures to userspace. In one such case, ktrace dumps a variable-sized sockaddr to userspace. There, the full sockaddr is copied, even when it is shorter than the full size. This can result in up to 14...
CVE-2024-57911
In the Linux kernel, the following vulnerability has been resolved: iio: dummy: iiosimplydummybuffer: fix information leak in triggered buffer The 'data' array is allocated via kmalloc and it is used to push data to user space from a triggered buffer, but it does not set values for inactive...
UBUNTU-CVE-2024-57907
In the Linux kernel, the following vulnerability has been resolved: iio: adc: rockchipsaradc: fix information leak in triggered buffer The 'data' local struct is used to push data to user space from a triggered buffer, but it does not set values for inactive channels, as it only uses...
UBUNTU-CVE-2024-57912
In the Linux kernel, the following vulnerability has been resolved: iio: pressure: zpa2326: fix information leak in triggered buffer The 'sample' local struct is used to push data to user space from a triggered buffer, but it has a hole between the temperature and the timestamp u32 pressure, u16...
CVE-2024-57909
CVE-2024-57909 – Linux kernel iio bh1745 information leak : The vulnerability occurs in the IIO light driver (bh1745) where the ‘scan’ local struct used to push data to userspace from a triggered buffer is not initialized for inactive channels, since the code only uses iio_for_each_active_channel...
CVE-2024-57908
CVE-2024-57908 affects the Linux kernel’s IIO KMX61 driver (iio: imu: kmx61). The vulnerability arises from using a local buffer to push data to userspace from a triggered buffer without initializing inactive channels, potentially leaking information. The documented fix is to initialize the buffe...
CVE-2024-56538
In the Linux kernel, the following vulnerability has been resolved: drm: zynqmpkms: Unplug DRM device before removal Prevent userspace accesses to the DRM device from causing use-after-frees by unplugging the device before we remove it. This causes any further userspace accesses to result in an...
USN-7154-2 linux-hwe-6.8 vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - MIPS architecture; - PowerPC architecture; - RISC-V architecture; - S390 architecture; -...
CVE-2024-53195
In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Get rid of userspaceirqchipinuse Improper use of userspaceirqchipinuse led to syzbot hitting the following WARNON in kvmtimerupdateirq: WARNING: CPU: 0 PID: 3281 at arch/arm64/kvm/archtimer.c:459...
SUSE CVE-2024-56538
In the Linux kernel, the following vulnerability has been resolved: drm: zynqmpkms: Unplug DRM device before removal Prevent userspace accesses to the DRM device from causing use-after-frees by unplugging the device before we remove it. This causes any further userspace accesses to result in an...
CVE-2024-56538
In the Linux kernel, the following vulnerability has been resolved: drm: zynqmpkms: Unplug DRM device before removal Prevent userspace accesses to the DRM device from causing use-after-frees by unplugging the device before we remove it. This causes any further userspace accesses to result in an...