Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: Wifi: ath10k: avoiding NULL pointer errors during sdio removal When running ‘rmmod ath10k’, ath10ksdioremove will free the sdioworkqueue by calling destroyworkqueue. However, if CONFIGINITONFREEDEFAULTON is set to yes, a kernel...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fixed a slab-use-after-free issue in hdcpwork Why A slab-use-after-free issue was reported when HDCP was destroyed, but the propertyvalidatedwork queue was still running. How The delayed work was canceled when th...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: core: flush gadget workqueue after device removal The devicedel function can cause new work to be scheduled in the gadget-workqueue. This issue is observed, for example, with the dwc3 driver, as follows: c devicedel...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: Fix NULL pointer access Resources should only be released after all threads that utilize them have been destroyed. This commit ensures that resources are not released prematurely by waiting for the associated...

PT-2025-30774

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The OP-TEE driver registers the notif callback function for FF-A notifications. This function is called in an atomic context, which can lead to errors when processing asynchronous...

DEBIAN-CVE-2025-37994

In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: displayport: Fix NULL pointer access This patch ensures that the UCSI driver waits for all pending tasks in the ucsidisplayportwork workqueue to finish executing before proceeding with the partner removal...

USN-7513-5 linux-oracle-6.8 vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - RISC-V architecture; - x86 architecture; - Block layer subsystem; - Compute Acceleration Framework; - ACPI drivers;...

CVE-2025-37895

In the Linux kernel, the following vulnerability has been resolved: bnxten: Fix error handling path in bnxtinitchip WARNON is triggered in flushwork if bnxtinitchip fails because we call cancelworksync on dim work that has not been initialized. WARNING: CPU: 37 PID: 5223 at kernel/workqueue.c:420...

USN-7522-1 linux-azure-nvidia vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - RISC-V architecture; - x86 architecture; - Block layer subsystem; - Compute Acceleration Framework; - ACPI drivers;...

USN-7513-3 linux-azure, linux-azure-6.8, linux-oem-6.8 vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - RISC-V architecture; - x86 architecture; - Block layer subsystem; - Compute Acceleration Framework; - ACPI drivers;...

USN-7513-2 linux-realtime vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - RISC-V architecture; - x86 architecture; - Block layer subsystem; - Compute Acceleration Framework; - ACPI drivers;...

Ubuntu 24.04 LTS : Linux kernel (GKE) vulnerabilities (USN-7515-1)

"The remote Ubuntu 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7515-1 advisory. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws i...

kernel: Bluetooth: hci_core: Fix sleeping function called from invalid context

REJECTED CVE A vulnerability was identified in the Linux kernel's Bluetooth: hcicore package, where a sleeping function mutexlock was improperly invoked from an invalid context within the HCI event handling workqueue, potentially leading to kernel warnings or deadlocks. An attacker exploiting thi...

kernel: smb: During unmount, ensure all cached dir instances drop their dentry

In the Linux kernel, the following vulnerability has been resolved: smb: During unmount, ensure all cached dir instances drop their dentry The unmount process cifskillsb calling closeallcacheddirs can race with various cached directory operations, which ultimately results in dentries not being...

kernel: kthread: unpark only parked kthread

In the Linux kernel, the following vulnerability has been resolved: kthread: unpark only parked kthread Calling into kthread unparking unconditionally is mostly harmless when the kthread is already unparked. The wake up is then simply ignored because the target is not in TASKPARKED state. However...

kernel: workqueue: Improve scalability of workqueue watchdog touch

No description is available for this CVE...

SUSE CVE-2025-37884

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix deadlock between rcutaskstrace and eventmutex. Fix the following deadlock: CPU A freeevent perfkprobedestroy mutexlock&eventmutex perftraceeventunreg synchronizercutaskstrace There are several paths where freeevent grabs...

DEBIAN-CVE-2025-37884

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix deadlock between rcutaskstrace and eventmutex. Fix the following deadlock: CPU A freeevent perfkprobedestroy mutexlock&eventmutex perftraceeventunreg synchronizercutaskstrace There are several paths where freeevent grabs...

UBUNTU-CVE-2025-37884

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix deadlock between rcutaskstrace and eventmutex. Fix the following deadlock: CPU A freeevent perfkprobedestroy mutexlock&eventmutex perftraceeventunreg synchronizercutaskstrace There are several paths where freeevent grabs...

SUSE CVE-2022-49805

In the Linux kernel, the following vulnerability has been resolved: net: lan966x: Fix potential null-ptr-deref in lan966xstatsinit lan966xstatsinit calls createsinglethreadworkqueue and not checked the ret value, which may return NULL. And a null-ptr-deref may happen: lan966xstatsinit...