23 matches found
EUVD-2026-38986
In the Linux kernel, the following vulnerability has been resolved: vdpa: use generic driveroverride infrastructure When a driver is probed through driverattach, the bus' match callback is called without the device lock held, thus accessing the driveroverride field without a lock, which can cause...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: vhost: moved the bound check for vdpa group to vhostvdpa. Duplications have been removed by consolidating them here. This reduces the possibility that a parent driver may miss them. Additionally, we’ve fixed a bug in vdpasim,...
CVE-2026-43248
In the Linux kernel, the following vulnerability has been resolved: vhost: move vdpa group bound check to vhostvdpa Remove duplication by consolidating these here. This reduces the posibility of a parent driver missing them. While we're at it, fix a bug in vdpasim where a valid ASID can be assign...
SUSE CVE-2023-54291
In the Linux kernel, the following vulnerability has been resolved: vduse: fix NULL pointer dereference vdusevdpasetvqaffinity callback can be called with NULL value as cpumask when deleting the vduse device. This patch resets virtqueue's IRQ affinity mask value to set all CPUs instead of...
PT-2025-52988
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel related to the vdpa Virtual Data Path Acceleration component. The vdpa nl policy structure, used for validating attributes during network message nlmsg...
CVE-2023-53543
Technical details for CVE-2023-53543 are not publicly provided in the supplied documents; monitor SUSE/kernel advisories for updates.
CVE-2023-53543 vdpa: Add max vqp attr to vdpa_nl_policy for nlattr length check
In the Linux kernel, the following vulnerability has been resolved: vdpa: Add max vqp attr to vdpanlpolicy for nlattr length check The vdpanlpolicy structure is used to validate the nlattr when parsing the incoming nlmsg. It will ensure the attribute being described produces a valid nlattr pointe...
EUVD-2025-25573
Malicious code in bioql PyPI...
CVE-2025-38628
In the Linux kernel, the following vulnerability has been resolved: vdpa/mlx5: Fix release of uninitialized resources on error path The commit in the fixes tag made sure that mlx5vdpafree is the single entrypoint for removing the vdpa device resources added in mlx5vdpadevadd, even in the cleanup...
UBUNTU-CVE-2025-38628
In the Linux kernel, the following vulnerability has been resolved: vdpa/mlx5: Fix release of uninitialized resources on error path The commit in the fixes tag made sure that mlx5vdpafree is the single entrypoint for removing the vdpa device resources added in mlx5vdpadevadd, even in the cleanup...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from vdpa/mlx5 not handling error paths correctly when freeing uninitialized resources...
SUSE CVE-2022-50058
In the Linux kernel, the following vulnerability has been resolved: vdpasimblk: set number of address spaces and virtqueue groups Commit bda324fd037a "vdpasim: control virtqueue support" added two new fields nas, ngroups to vdpasimdevattr, but we forgot to initialize them for vdpasimblk. When...
DEBIAN-CVE-2022-50058
In the Linux kernel, the following vulnerability has been resolved: vdpasimblk: set number of address spaces and virtqueue groups Commit bda324fd037a "vdpasim: control virtqueue support" added two new fields nas, ngroups to vdpasimdevattr, but we forgot to initialize them for vdpasimblk. When...
kernel: vdpa/mlx5: Fix invalid mr resource destroy
In the Linux kernel, the following vulnerability has been resolved: vdpa/mlx5: Fix invalid mr resource destroy Certain error paths from mlx5vdpadevadd can end up releasing mr resources which never got initialized in the first place. This patch adds the missing check in mlx5vdpadestroymrresources ...
The vulnerability of the vduse_vdpa_get_config() function in the vDPA driver of the Linux operating system allows a hacker to cause a service failure.
The vulnerability of the vdusevdpagetconfig function in the vDPA driver, located in the drivers/vdpa/vdpauser/vdusedev.c file of the Linux kernel, involves reading memory beyond the allocated buffer. Exploiting this vulnerability could allow an attacker to cause a service failure...
UBUNTU-CVE-2024-53126
In the Linux kernel, the following vulnerability has been resolved: vdpa: solidrun: Fix UB bug with devres In psnetopenpfbar and snetopenvfbar a string later passed to pcimiomapregions is placed on the stack. Neither pcimiomapregions nor the functions it calls copy that string. Should the string...
The vulnerability of the vdpa/mlx5 component in the Linux operating system allows a hacker to trigger a service failure.
The vulnerability of the vdpa/mlx5 component in the Linux operating system is related to the use of an uninitialized resource. Exploiting this vulnerability can allow an attacker to cause a service failure...
SUSE CVE-2022-48861
In the Linux kernel, the following vulnerability has been resolved: vdpa: fix use-after-free on vpvdparemove When vpvdpa driver is unbind, vpvdpa is freed in vdpaunregisterdevice and then vpvdpa-mdev.pcidev is dereferenced in vpmodernremove, triggering use-after-free. Call Trace of unbinding driv...
SUSE CVE-2021-47554
In the Linux kernel, the following vulnerability has been resolved: vdpasim: avoid putting an uninitialized iovadomain The system will crash if we put an uninitialized iovadomain, this could happen when an error occurs before initializing the iovadomain in vdpasimcreate. BUG: kernel NULL pointer...
AZL-56247 CVE-2022-48706 affecting package kernel 5.15.200.1-1
In the Linux kernel, the following vulnerability has been resolved: vdpa: ifcvf: Do proper cleanup if IFCVF init fails ifcvfmgmtdev leaks memory if it is not freed before returning. Call is made to correct return statement so memory does not leak. ifcvfinithw does not take care of this so it is...