VYPR

linux package

kernel

pkg:linux/kernel

Vulnerabilities (1,755)

  • CVE-2025-71105Jan 14, 2026
    affected >= 5.7.0, < 5.10.248fixed 5.10.248

    In the Linux kernel, the following vulnerability has been resolved: f2fs: use global inline_xattr_slab instead of per-sb slab cache As Hong Yun reported in mailing list: loop7: detected capacity change from 0 to 131072 ------------[ cut here ]------------ kmem_cache of name 'f

  • CVE-2025-71104Jan 14, 2026
    affected >= 4.17.0, < 5.10.248fixed 5.10.248

    In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Fix VM hard lockup after prolonged inactivity with periodic HV timer When advancing the target expiration for the guest's APIC timer in periodic mode, set the expiration to "now" if the target expirat

  • CVE-2025-71103Jan 14, 2026
    affected >= 6.18.0, < 6.18.3fixed 6.18.3

    In the Linux kernel, the following vulnerability has been resolved: drm/msm: adreno: fix deferencing ifpc_reglist when not declared On plaforms with an a7xx GPU not supporting IFPC, the ifpc_reglist if still deferenced in a7xx_patch_pwrup_reglist() which causes a kernel crash:

  • CVE-2025-71102Jan 14, 2026
    affected >= 5.8.0, < 5.10.248fixed 5.10.248

    In the Linux kernel, the following vulnerability has been resolved: scs: fix a wrong parameter in __scs_magic __scs_magic() needs a 'void *' variable, but a 'struct task_struct *' is given. 'task_scs(tsk)' is the starting address of the task's shadow call stack, and '__scs_mag

  • CVE-2025-71070Jan 13, 2026
    affected >= 6.15.0, < 6.18.3fixed 6.18.3

    In the Linux kernel, the following vulnerability has been resolved: ublk: clean up user copy references on ublk server exit If a ublk server process releases a ublk char device file, any requests dispatched to the ublk server but not yet completed will retain a ref value of UBL

  • CVE-2025-71069Jan 13, 2026
    affected >= 4.2.0, < 5.10.248fixed 5.10.248

    In the Linux kernel, the following vulnerability has been resolved: f2fs: invalidate dentry cache on failed whiteout creation F2FS can mount filesystems with corrupted directory depth values that get runtime-clamped to MAX_DIR_HASH_DEPTH. When RENAME_WHITEOUT operations are per

  • CVE-2025-71068HigJan 13, 2026
    affected >= 5.11.0, < 5.15.198fixed 5.15.198

    In the Linux kernel, the following vulnerability has been resolved: svcrdma: bound check rq_pages index in inline path svc_rdma_copy_inline_range indexed rqstp->rq_pages[rc_curpage] without verifying rc_curpage stays within the allocated page array. Add guards before the first

  • CVE-2025-71067Jan 13, 2026
    affected >= 5.15.0, < 6.1.167fixed 6.1.167

    In the Linux kernel, the following vulnerability has been resolved: ntfs: set dummy blocksize to read boot_block when mounting When mounting, sb->s_blocksize is used to read the boot_block without being defined or validated. Set a dummy blocksize before attempting to read the b

  • CVE-2025-71066HigJan 13, 2026
    affected < 5.10.248fixed 5.10.248

    In the Linux kernel, the following vulnerability has been resolved: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change zdi-disclosures@trendmicro.com says: The vulnerability is a race condition between `ets_qdisc_dequeue` and `ets_qdisc_ch

  • CVE-2025-71065Jan 13, 2026
    affected >= 6.1.0, < 6.6.120fixed 6.6.120

    In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid potential deadlock As Jiaming Zhang and syzbot reported, there is potential deadlock in f2fs as below: Chain exists of: &sbi->cp_rwsem --> fs_reclaim --> sb_internal#2 Possible unsafe lo

  • CVE-2025-71064Jan 13, 2026
    affected >= 4.16.0, < 5.10.248fixed 5.10.248

    In the Linux kernel, the following vulnerability has been resolved: net: hns3: using the num_tqps in the vf driver to apply for resources Currently, hdev->htqp is allocated using hdev->num_tqps, and kinfo->tqp is allocated using kinfo->num_tqps. However, kinfo->num_tqps is set

  • CVE-2025-68822Jan 13, 2026
    affected >= 4.0.0, < 6.12.64fixed 6.12.64

    In the Linux kernel, the following vulnerability has been resolved: Input: alps - fix use-after-free bugs caused by dev3_register_work The dev3_register_work delayed work item is initialized within alps_reconnect() and scheduled upon receipt of the first bare PS/2 packet from a

  • CVE-2025-68821Jan 13, 2026
    affected < 5.15.198fixed 5.15.198

    In the Linux kernel, the following vulnerability has been resolved: fuse: fix readahead reclaim deadlock Commit e26ee4efbc79 ("fuse: allocate ff->release_args only if release is needed") skips allocating ff->release_args if the server does not implement open. However in doing s

  • CVE-2025-68820Jan 13, 2026
    affected < 5.10.248fixed 5.10.248

    In the Linux kernel, the following vulnerability has been resolved: ext4: xattr: fix null pointer deref in ext4_raw_inode() If ext4_get_inode_loc() fails (e.g. if it returns -EFSCORRUPTED), iloc.bh will remain set to NULL. Since ext4_xattr_inode_dec_ref_all() lacks error checki

  • CVE-2025-68819Jan 13, 2026
    affected >= 2.6.28, < 5.10.248fixed 5.10.248

    In the Linux kernel, the following vulnerability has been resolved: media: dvb-usb: dtv5100: fix out-of-bounds in dtv5100_i2c_msg() rlen value is a user-controlled value, but dtv5100_i2c_msg() does not check the size of the rlen value. Therefore, if it is set to a value larger

  • CVE-2025-68818Jan 13, 2026
    affected < 5.10.248fixed 5.10.248

    In the Linux kernel, the following vulnerability has been resolved: scsi: Revert "scsi: qla2xxx: Perform lockless command completion in abort path" This reverts commit 0367076b0817d5c75dfb83001ce7ce5c64d803a9. The commit being reverted added code to __qla2x00_abort_all_cmds()

  • CVE-2025-68816Jan 13, 2026
    affected >= 4.19.0, < 5.10.248fixed 5.10.248

    In the Linux kernel, the following vulnerability has been resolved: net/mlx5: fw_tracer, Validate format string parameters Add validation for format string parameters in the firmware tracer to prevent potential security vulnerabilities and crashes from malformed format strings

  • CVE-2025-68815Jan 13, 2026
    affected < 5.10.248fixed 5.10.248

    In the Linux kernel, the following vulnerability has been resolved: net/sched: ets: Remove drr class from the active list if it changes to strict Whenever a user issues an ets qdisc change command, transforming a drr class into a strict one, the ets code isn't checking whether

  • CVE-2025-68814Jan 13, 2026
    affected >= 5.15.0, < 5.15.198fixed 5.15.198

    In the Linux kernel, the following vulnerability has been resolved: io_uring: fix filename leak in __io_openat_prep() __io_openat_prep() allocates a struct filename using getname(). However, for the condition of the file being installed in the fixed file table as well as havin

  • CVE-2025-68813Jan 13, 2026
    affected >= 5.1.0, < 5.10.248fixed 5.10.248

    In the Linux kernel, the following vulnerability has been resolved: ipvs: fix ipv4 null-ptr-deref in route error path The IPv4 code path in __ip_vs_get_out_rt() calls dst_link_failure() without ensuring skb->dev is set, leading to a NULL pointer dereference in fib_compute_spec_

Page 16 of 88