Security update for the Linux Kernel RT (Live Patch 2 for SUSE Linux Enterprise 15 SP7)

This update for the SUSE Linux Enterprise kernel 6.4.0-150700.7.8 fixes various security issues The following security issues were fixed: CVE-2025-38375: virtio-net: ensure the received length does not exceed allocated size bsc1258073. CVE-2025-39977: futex: Prevent use-after-free during requeue-...

Linux Distros Unpatched Vulnerability : CVE-2025-40236

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - virtio-net: zero unused hash fields When GSO tunnel is negotiated virtionethdrtnlfromskb tries to initialize the tunnel metadata but forget to zero unused rxhas...

CVE-2025-38551

A flaw was found in the Linux kernel’s virtio-net driver, where a recursive rtnllock could be triggered during device probing. The deadlock occurs when a VIRTIONETSANNOUNCE request is received from the VMM while the driver is still in the probe stage. In this scenario, the configwork scheduled by...

Linux Distros Unpatched Vulnerability : CVE-2025-38375

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - virtio-net: ensure the received length does not exceed allocated size In xdplinearizepage, when reading the following buffers from the ring, we forget to check...

CVE-2025-38375

CVE-2025-38375: In the Linux kernel, virtio-net could trigger an out-of-bounds read due to not validating the received length against the allocated size when reading buffers from the ring in xdp_linearize_page. The fix adds the missing length check. Affected entries in Debian/Amazon/RH advisories...

Security update for kernel-livepatch-MICRO-6-0-RT_Update_3

This update for kernel-livepatch-MICRO-6-0-RTUpdate3 fixes the following issues: CVE-2024-53237: Fixed bluetooth: fix use-after-free in deviceforeachchild bsc1235008 CVE-2024-53082: Fixed virtionet: Add hashkeylength check bsc1233677 CVE-2024-8805: Fixed BlueZ HID over GATT Profile Improper Acces...

Huawei EulerOS: Security Advisory for qemu (EulerOS-SA-2025-1088)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

kernel: net: missing check virtio

In the Linux kernel, the following vulnerability has been resolved: net: missing check virtio Two missing check in virtionethdrtoskb allowed syzbot to crash kernels again 1. After the skbsegment function the buffer may become non-linear nrfrags != 0, but since the SKBTXSHAREDFRAG flag is not set...

The vulnerability of the virtio-net component of the QEMU hardware emulation software allows a attacker to induce a service failure.

The vulnerability of the virtio-net device emulation component in QEMU is related to the operation of writing data beyond the buffer boundaries in memory. Exploiting this vulnerability allows a remote attacker to cause a system failure...

UBUNTU-CVE-2021-47367

In the Linux kernel, the following vulnerability has been resolved: virtio-net: fix pages leaking when building skb in big mode We try to use buildskb if we had sufficient tailroom. But we forget to release the unused pages chained via private in big mode which will leak pages. Fixing this by...

USN-2182-1 qemu, qemu-kvm vulnerabilities

Michael S. Tsirkin discovered that QEMU incorrectly handled vmxnet3 devices. A local guest could possibly use this issue to cause a denial of service, or possibly execute arbitrary code on the host. This issue only applied to Ubuntu 13.10 and Ubuntu 14.04 LTS. CVE-2013-4544 Michael S. Tsirkin...