62 matches found
SUSE CVE-2026-46182
In the Linux kernel, the following vulnerability has been resolved: pseries/papr-hvpipe: Prevent kernel stack memory leak to userspace The hdr variable is allocated on the stack and only hdr.version and hdr.flags are initialized explicitly. Because the struct paprhvpipehdr contains reserved paddi...
CVE-2026-46139
In the Linux kernel, the following vulnerability has been resolved: smb: client: use kzalloc to zero-initialize security descriptor buffer Commit 62e7dd0a39c2d "smb: common: change the data type of numaces to le16" split struct smbacl's le32 numaces field into le16 numaces and le16 reserved. The...
PT-2026-44305
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A kernel stack memory leak occurs in the pseries/papr-hvpipe component. The hdr variable is allocated on the stack, but only hdr.version and hdr.flags are explicitly initialized. Since t...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007597)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007597 advisory. In the Linux kernel, the following vulnerability has been resolved: Input: uinput - zero-initialize uinputffuploadcompat to avoid info leak Struct ffeffectcompat is...
CLSA-2026-1773668222 Fix CVE(s): CVE-2026-24481
SECURITY UPDATE: heap information disclosure in PSD handler - debian/patches/CVE-2026-24481.patch: zero-initialize pixel buffer in ReadPSDChannelZip to prevent heap info leak when ZIP-compressed layer data decompresses to fewer bytes than expected - CVE-2026-24481...
CVE-2026-22978
In the Linux kernel, the following vulnerability has been resolved: wifi: avoid kernel-infoleak from struct iwpoint struct iwpoint has a 32bit hole on 64bit arches. struct iwpoint void user pointer; / Pointer to the data in user space / u16 length; / number of fields or size in bytes / u16 flags;...
drm/i915/gem: Zero-initialize the eb.vma array in i915_gem_do_execbuffer
...
SUSE CVE-2025-71130
In the Linux kernel, the following vulnerability has been resolved: drm/i915/gem: Zero-initialize the eb.vma array in i915gemdoexecbuffer Initialize the eb.vma array with values of 0 when the eb structure is first set up. In particular, this sets the eb-vmai.vma pointers to NULL, simplifying...
CVE-2025-71130 drm/i915/gem: Zero-initialize the eb.vma array in i915_gem_do_execbuffer
In the Linux kernel, the following vulnerability has been resolved: drm/i915/gem: Zero-initialize the eb.vma array in i915gemdoexecbuffer Initialize the eb.vma array with values of 0 when the eb structure is first set up. In particular, this sets the eb-vmai.vma pointers to NULL, simplifying...
CVE-2025-71130 drm/i915/gem: Zero-initialize the eb.vma array in i915_gem_do_execbuffer
In the Linux kernel, the following vulnerability has been resolved: drm/i915/gem: Zero-initialize the eb.vma array in i915gemdoexecbuffer Initialize the eb.vma array with values of 0 when the eb structure is first set up. In particular, this sets the eb-vmai.vma pointers to NULL, simplifying...
CVE-2025-68727
In the Linux kernel, the following vulnerability has been resolved: ntfs3: Fix uninit buffer allocated by getname Fix uninit errors caused after buffer allocation given to 'de'; by initializing the buffer with zeroes. The fix was found by using KMSAN...
CVE-2025-40035 Input: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak
In the Linux kernel, the following vulnerability has been resolved: Input: uinput - zero-initialize uinputffuploadcompat to avoid info leak Struct ffeffectcompat is embedded twice inside uinputffuploadcompat, contains internal padding. In particular, there is a hole after struct ffreplay to satis...
CVE-2025-40035
In the Linux kernel, the following vulnerability has been resolved: Input: uinput - zero-initialize uinputffuploadcompat to avoid info leak Struct ffeffectcompat is embedded twice inside uinputffuploadcompat, contains internal padding. In particular, there is a hole after struct ffreplay to satis...
CVE-2025-40035
CVE-2025-40035 (Linux kernel) affects the input subsystem (uinput). The vulnerability arises from how struct ff_effect_compat is embedded twice inside uinput_ff_upload_compat, creating a padding hole after ff_replay. If the structure is not cleared before copy_to_user, stack data may be leaked to...
EUVD-2024-44804
Malicious code in bioql PyPI...
UBUNTU-CVE-2025-38613
In the Linux kernel, the following vulnerability has been resolved: staging: gpib: fix unset padding field copy back to userspace The introduction of a padding field in the gpibboardinfoioctl is showing up as initialized data on the stack frame being copyied back to userspace in function...
CVE-2025-38579
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix KMSAN uninit-value in extentinfo usage KMSAN reported a use of uninitialized value in isextentmergeable and isbackmergeable via the read extent tree path. The root cause is that getreadextentinfo only initializes three...
Security update for kernel-livepatch-MICRO-6-0_Update_3
This update for kernel-livepatch-MICRO-6-0Update3 fixes the following issues: CVE-2024-57882: Fixed mptcp: fix TCP options overflow. bsc1235916 CVE-2024-56648: Fixed net: hsr: avoid potential out-of-bound access in fillframeinfo bsc1235452 CVE-2024-50302: Fixed HID: core: zero-initialize the repo...
LSN-0111-1 Kernel Live Patch Security Notice
It was discovered that the watchqueue event notification system contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service or escalate their privileges.CVE-2022-0995 In the Linux kernel, the following vulnerability has been resolved: smb: client:...
Security update for the Linux Kernel (Live Patch 54 for SLE 12 SP5)
This update for the Linux Kernel 4.12.14-122201 fixes several issues. The following security issues were fixed: CVE-2024-46818: drm/amd/display: Check gpioid before used as array index bsc1231204. CVE-2024-50302: HID: core: zero-initialize the report buffer bsc1233679. CVE-2022-48792: scsi: pm800...