SUSE CVE-2023-53059

In the Linux kernel, the following vulnerability has been resolved: platform/chrome: crosecchardev: fix kernel data leak from ioctl It is possible to peep kernel page's data by providing larger insize in struct croseccommand1 when invoking EC host commands. Fix it by using zeroed memory. 1:...

CVE-2022-49845 can: j1939: j1939_send_one(): fix missing CAN header initialization

In the Linux kernel, the following vulnerability has been resolved: can: j1939: j1939sendone: fix missing CAN header initialization The read access to struct canxlframe::len inside of a j1939 created skbuff revealed a missing initialization of reserved and later filled elements in struct canframe...

PT-2025-28994

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A potential null pointer dereference issue was identified in the fpga mgr test img load sgt function. The function allocates memory for sgt using kunit kzalloc, but fails to verify if...

DEBIAN-CVE-2025-38575

In the Linux kernel, the following vulnerability has been resolved: ksmbd: use aeadrequestfree to match aeadrequestalloc Use aeadrequestfree instead of kfree to properly free memory allocated by aeadrequestalloc. This ensures sensitive crypto data is zeroed before being freed...

UBUNTU-CVE-2025-38575

In the Linux kernel, the following vulnerability has been resolved: ksmbd: use aeadrequestfree to match aeadrequestalloc Use aeadrequestfree instead of kfree to properly free memory allocated by aeadrequestalloc. This ensures sensitive crypto data is zeroed before being freed...

DEBIAN-CVE-2024-57943

In the Linux kernel, the following vulnerability has been resolved: exfat: fix the new buffer was not zeroed before writing Before writing, if a bufferhead marked as new, its data must be zeroed, otherwise uninitialized data in the page cache will be written. So this commit uses foliozeronewbuffe...

UBUNTU-CVE-2024-57943

In the Linux kernel, the following vulnerability has been resolved: exfat: fix the new buffer was not zeroed before writing Before writing, if a bufferhead marked as new, its data must be zeroed, otherwise uninitialized data in the page cache will be written. So this commit uses foliozeronewbuffe...

CVE-2024-57943 exfat: fix the new buffer was not zeroed before writing

In the Linux kernel, the following vulnerability has been resolved: exfat: fix the new buffer was not zeroed before writing Before writing, if a bufferhead marked as new, its data must be zeroed, otherwise uninitialized data in the page cache will be written. So this commit uses foliozeronewbuffe...

CVE-2024-57943 exfat: fix the new buffer was not zeroed before writing

In the Linux kernel, the following vulnerability has been resolved: exfat: fix the new buffer was not zeroed before writing Before writing, if a bufferhead marked as new, its data must be zeroed, otherwise uninitialized data in the page cache will be written. So this commit uses foliozeronewbuffe...

CVE-2024-57943

CVE-2024-57943 affects the Linux kernel exFAT path where a newly allocated buffer head could write uninitialized data from the page cache. The root cause is that buffers marked as new were not zeroed before write_end(), risking data leakage or corruption. The remediation is a kernel commit that c...

CVE-2024-57943 exfat: fix the new buffer was not zeroed before writing

In the Linux kernel, the following vulnerability has been resolved: exfat: fix the new buffer was not zeroed before writing Before writing, if a bufferhead marked as new, its data must be zeroed, otherwise uninitialized data in the page cache will be written. So this commit uses foliozeronewbuffe...

UBUNTU-CVE-2024-57905

In the Linux kernel, the following vulnerability has been resolved: iio: adc: ti-ads1119: fix information leak in triggered buffer The 'scan' local struct is used to push data to user space from a triggered buffer, but it has a hole between the sample unsigned int and the timestamp. This hole is...

CVE-2024-57907 iio: adc: rockchip_saradc: fix information leak in triggered buffer

In the Linux kernel, the following vulnerability has been resolved: iio: adc: rockchipsaradc: fix information leak in triggered buffer The 'data' local struct is used to push data to user space from a triggered buffer, but it does not set values for inactive channels, as it only uses...

DEBIAN-CVE-2024-56769

In the Linux kernel, the following vulnerability has been resolved: media: dvb-frontends: dib3000mb: fix uninit-value in dib3000writereg Syzbot reports 1 an uninitialized value issue found by KMSAN in dib3000readreg. Local u8 rb2 is used in i2ctransfer as a read buffer; in case that call fails, t...

AZL-55056 CVE-2024-56769 affecting package kernel for versions less than 6.6.76.1-1

In the Linux kernel, the following vulnerability has been resolved: media: dvb-frontends: dib3000mb: fix uninit-value in dib3000writereg Syzbot reports 1 an uninitialized value issue found by KMSAN in dib3000readreg. Local u8 rb2 is used in i2ctransfer as a read buffer; in case that call fails, t...

kernel security update

5.14.0-503.19.15.OL9 - Disable UKI signing Orabug: 36571828 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug:...

AZL-54635 CVE-2024-53097 affecting package kernel for versions less than 6.6.64.2-1

In the Linux kernel, the following vulnerability has been resolved: mm: krealloc: Fix MTE false alarm in dokrealloc This patch addresses an issue introduced by commit 1a83a716ec233 "mm: krealloc: consider spare memory for GFPZERO" which causes MTE Memory Tagging Extension to falsely report a...

UBUNTU-CVE-2024-53097

In the Linux kernel, the following vulnerability has been resolved: mm: krealloc: Fix MTE false alarm in dokrealloc This patch addresses an issue introduced by commit 1a83a716ec233 "mm: krealloc: consider spare memory for GFPZERO" which causes MTE Memory Tagging Extension to falsely report a...

kernel: platform/chrome: cros_ec_chardev: fix kernel data leak from ioctl

In the Linux kernel, the following vulnerability has been resolved: platform/chrome: crosecchardev: fix kernel data leak from ioctl It is possible to peep kernel page's data by providing larger insize in struct croseccommand1 when invoking EC host commands. Fix it by using zeroed memory. 1:...

kernel: lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc()

In the Linux kernel, the following vulnerability has been resolved: lib/generic-radix-tree.c: Fix rare race in genradixptralloc If we need to increase the tree depth, allocate a new node, and then race with another thread that increased the tree depth before us, we'll still have a preallocated no...