VYPR

linux package

kernel

pkg:linux/kernel

Vulnerabilities (1,755)

  • CVE-2025-68328Dec 22, 2025
    affected >= 5.4.0, < 5.10.247fixed 5.10.247

    In the Linux kernel, the following vulnerability has been resolved: firmware: stratix10-svc: fix bug in saving controller data Fix the incorrect usage of platform_set_drvdata and dev_set_drvdata. They both are of the same data and overrides each other. This resulted in the rmmo

  • CVE-2025-68327Dec 22, 2025
    affected >= 3.0.0, < 5.10.247fixed 5.10.247

    In the Linux kernel, the following vulnerability has been resolved: usb: renesas_usbhs: Fix synchronous external abort on unbind A synchronous external abort occurs on the Renesas RZ/G3S SoC if unbind is executed after the configuration sequence described above: modprobe usb_f

  • CVE-2025-68326Dec 22, 2025
    affected >= 6.17.0, < 6.17.11fixed 6.17.11

    In the Linux kernel, the following vulnerability has been resolved: drm/xe/guc: Fix stack_depot usage Add missing stack_depot_init() call when CONFIG_DRM_XE_DEBUG_GUC is enabled to fix the following call stack: [] BUG: kernel NULL pointer dereference, address: 000000000000000

  • CVE-2025-68325Dec 18, 2025
    affected < 5.10.248fixed 5.10.248

    In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_cake: Fix incorrect qlen reduction in cake_drop In cake_drop(), qdisc_tree_reduce_backlog() is used to update the qlen and backlog of the qdisc hierarchy. Its caller, cake_enqueue(), assumes that

  • CVE-2025-68324Dec 18, 2025
    affected >= 2.6.12, < 6.12.63fixed 6.12.63

    In the Linux kernel, the following vulnerability has been resolved: scsi: imm: Fix use-after-free bug caused by unfinished delayed work The delayed work item 'imm_tq' is initialized in imm_attach() and scheduled via imm_queuecommand() for processing SCSI commands. When the IMM

  • CVE-2025-68323Dec 18, 2025
    affected >= 6.16.0, < 6.17.13fixed 6.17.13

    In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: fix use-after-free caused by uec->work The delayed work uec->work is scheduled in gaokun_ucsi_probe() but never properly canceled in gaokun_ucsi_remove(). This creates use-after-free scenarios

  • CVE-2025-68322Dec 16, 2025
    affected >= 4.19.0, < 6.12.58fixed 6.12.58

    In the Linux kernel, the following vulnerability has been resolved: parisc: Avoid crash due to unaligned access in unwinder Guenter Roeck reported this kernel crash on his emulated B160L machine: Starting network: udhcpc: started, v1.36.1 Backtrace: [<104320d4>] unwind_once

  • CVE-2025-68321Dec 16, 2025
    affected >= 4.18.0, < 5.15.197fixed 5.15.197

    In the Linux kernel, the following vulnerability has been resolved: page_pool: always add GFP_NOWARN for ATOMIC allocations Driver authors often forget to add GFP_NOWARN for page allocation from the datapath. This is annoying to users as OOMs are a fact of life, and we pretty m

  • CVE-2025-68320Dec 16, 2025
    affected >= 5.17.0, < 6.6.117fixed 6.6.117

    In the Linux kernel, the following vulnerability has been resolved: lan966x: Fix sleeping in atomic context The following warning was seen when we try to connect using ssh to the device. BUG: sleeping function called from invalid context at kernel/locking/mutex.c:575 in_atomic

  • CVE-2025-68319Dec 16, 2025
    affected >= 6.9.0, < 6.17.8fixed 6.17.8

    In the Linux kernel, the following vulnerability has been resolved: netconsole: Acquire su_mutex before navigating configs hierarchy There is a race between operations that iterate over the userdata cg_children list and concurrent add/remove of userdata items through configfs.

  • CVE-2025-68318Dec 16, 2025
    affected >= 6.11.0, < 6.17.8fixed 6.17.8

    In the Linux kernel, the following vulnerability has been resolved: clk: thead: th1520-ap: set all AXI clocks to CLK_IS_CRITICAL The AXI crossbar of TH1520 has no proper timeout handling, which means gating AXI clocks can easily lead to bus timeout and thus system hang. Set al

  • CVE-2025-68317Dec 16, 2025
    affected >= 6.10.0, < 6.12.58fixed 6.12.58

    In the Linux kernel, the following vulnerability has been resolved: io_uring/zctx: check chained notif contexts Send zc only links ubuf_info for requests coming from the same context. There are some ambiguous syz reports, so let's check the assumption on notification completion

  • CVE-2025-68316Dec 16, 2025
    affected >= 6.13.0, < 6.17.8fixed 6.17.8

    In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fix invalid probe error return value After DME Link Startup, the error return value is set to the MIPI UniPro GenericErrorCode which can be 0 (SUCCESS) or 1 (FAILURE). Upon failure during driv

  • CVE-2025-68315Dec 16, 2025
    affected >= 3.8.0, < 6.12.58fixed 6.12.58

    In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to detect potential corrupted nid in free_nid_list As reported, on-disk footer.ino and footer.nid is the same and out-of-range, let's add sanity check on f2fs_alloc_nid() to detect any potential corru

  • CVE-2025-68314Dec 16, 2025
    affected >= 6.17.0, < 6.17.8fixed 6.17.8

    In the Linux kernel, the following vulnerability has been resolved: drm/msm: make sure last_fence is always updated Update last_fence in the vm-bind path instead of kernel managed path. last_fence is used to wait for work to finish in vm_bind contexts but not used for kernel m

  • CVE-2025-68313Dec 16, 2025
    affected >= 6.8.0, < 6.12.58fixed 6.12.58

    In the Linux kernel, the following vulnerability has been resolved: x86/CPU/AMD: Add RDSEED fix for Zen5 There's an issue with RDSEED's 16-bit and 32-bit register output variants on Zen5 which return a random value of 0 "at a rate inconsistent with randomness while incorrectly

  • CVE-2025-68312Dec 16, 2025
    affected < 5.4.302fixed 5.4.302

    In the Linux kernel, the following vulnerability has been resolved: usbnet: Prevents free active kevent The root cause of this issue are: 1. When probing the usbnet device, executing usbnet_link_change(dev, 0, 0); put the kevent work in global workqueue. However, the kevent has

  • CVE-2025-68311Dec 16, 2025
    affected >= 6.5.0, < 6.12.58fixed 6.12.58

    In the Linux kernel, the following vulnerability has been resolved: tty: serial: ip22zilog: Use platform device for probing After commit 84a9582fd203 ("serial: core: Start managing serial controllers to enable runtime PM") serial drivers need to provide a device in struct uart_

  • CVE-2025-68310Dec 16, 2025
    affected >= 5.16.0, < 6.1.159fixed 6.1.159

    In the Linux kernel, the following vulnerability has been resolved: s390/pci: Avoid deadlock between PCI error recovery and mlx5 crdump Do not block PCI config accesses through pci_cfg_access_lock() when executing the s390 variant of PCI error recovery: Acquire just device_lock

  • CVE-2025-68309Dec 16, 2025
    affected >= 6.16.0, < 6.17.8fixed 6.17.8

    In the Linux kernel, the following vulnerability has been resolved: PCI/AER: Fix NULL pointer access by aer_info The kzalloc(GFP_KERNEL) may return NULL, so all accesses to aer_info->xxx will result in kernel panic. Fix it.

Page 50 of 88