VYPR

linux package

kernel

pkg:linux/kernel

Vulnerabilities (1,755)

  • CVE-2025-68288Dec 16, 2025
    affected >= 4.17.0, < 5.10.247fixed 5.10.247

    In the Linux kernel, the following vulnerability has been resolved: usb: storage: Fix memory leak in USB bulk transport A kernel memory leak was identified by the 'ioctl_sg01' test from Linux Test Project (LTP). The following bytes were mainly observed: 0x53425355. When USB st

  • CVE-2025-68287Dec 16, 2025
    affected >= 3.2.0, < 5.10.247fixed 5.10.247

    In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: Fix race condition between concurrent dwc3_remove_requests() call paths This patch addresses a race condition caused by unsynchronized execution of multiple call paths invoking `dwc3_remove_requests(

  • CVE-2025-68286Dec 16, 2025
    affected >= 4.15.0, < 5.10.247fixed 5.10.247

    In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check NULL before accessing [WHAT] IGT kms_cursor_legacy's long-nonblocking-modeset-vs-cursor-atomic fails with NULL pointer dereference. This can be reproduced with both an eDP panel and a DP

  • CVE-2025-68285Dec 16, 2025
    affected >= 2.6.35, < 5.10.247fixed 5.10.247

    In the Linux kernel, the following vulnerability has been resolved: libceph: fix potential use-after-free in have_mon_and_osd_map() The wait loop in __ceph_open_session() can race with the client receiving a new monmap or osdmap shortly after the initial map is received. Both

  • CVE-2025-68284Dec 16, 2025
    affected >= 5.11.0, < 5.15.197fixed 5.15.197

    In the Linux kernel, the following vulnerability has been resolved: libceph: prevent potential out-of-bounds writes in handle_auth_session_key() The len field originates from untrusted network packets. Boundary checks have been added to prevent potential out-of-bounds writes wh

  • CVE-2025-68283Dec 16, 2025
    affected >= 2.6.34, < 6.1.159fixed 6.1.159

    In the Linux kernel, the following vulnerability has been resolved: libceph: replace BUG_ON with bounds check for map->max_osd OSD indexes come from untrusted network packets. Boundary checks are added to validate these against map->max_osd. [ idryomov: drop BUG_ON in ceph_get

  • CVE-2025-68282Dec 16, 2025
    affected >= 3.12.0, < 5.10.248fixed 5.10.248

    In the Linux kernel, the following vulnerability has been resolved: usb: gadget: udc: fix use-after-free in usb_gadget_state_work A race condition during gadget teardown can lead to a use-after-free in usb_gadget_state_work(), as reported by KASAN: BUG: KASAN: invalid-access

  • CVE-2025-68281Dec 16, 2025
    affected >= 6.17.0, < 6.17.12fixed 6.17.12

    In the Linux kernel, the following vulnerability has been resolved: ASoC: SDCA: bug fix while parsing mipi-sdca-control-cn-list "struct sdca_control" declares "values" field as integer array. But the memory allocated to it is of char array. This causes crash for sdca_parse_func

  • CVE-2025-68266Dec 16, 2025
    affected >= 2.6.12, < 5.10.248fixed 5.10.248

    In the Linux kernel, the following vulnerability has been resolved: bfs: Reconstruct file type when loading from disk syzbot is reporting that S_IFMT bits of inode->i_mode can become bogus when the S_IFMT bits of the 32bits "mode" field loaded from disk are corrupted or when th

  • CVE-2025-68265Dec 16, 2025
    affected >= 6.1.0, < 6.1.167fixed 6.1.167

    In the Linux kernel, the following vulnerability has been resolved: nvme: fix admin request_queue lifetime The namespaces can access the controller's admin request_queue, and stale references on the namespaces may exist after tearing down the controller. Ensure the admin reques

  • CVE-2025-68264Dec 16, 2025
    affected >= 3.8.0, < 5.10.248fixed 5.10.248

    In the Linux kernel, the following vulnerability has been resolved: ext4: refresh inline data size before write operations The cached ei->i_inline_size can become stale between the initial size check and when ext4_update_inline_data()/ext4_create_inline_data() use it. Although

  • CVE-2025-68263CriDec 16, 2025
    affected >= 5.15.0, < 6.1.160fixed 6.1.160

    In the Linux kernel, the following vulnerability has been resolved: ksmbd: ipc: fix use-after-free in ipc_msg_send_request ipc_msg_send_request() waits for a generic netlink reply using an ipc_msg_table_entry on the stack. The generic netlink handler (handle_generic_event()/han

  • CVE-2025-68262Dec 16, 2025
    affected >= 6.17.0, < 6.17.12fixed 6.17.12

    In the Linux kernel, the following vulnerability has been resolved: crypto: zstd - fix double-free in per-CPU stream cleanup The crypto/zstd module has a double-free bug that occurs when multiple tfms are allocated and freed. The issue happens because zstd_streams (per-CPU con

  • CVE-2025-68261Dec 16, 2025
    affected >= 4.11.0, < 5.10.248fixed 5.10.248

    In the Linux kernel, the following vulnerability has been resolved: ext4: add i_data_sem protection in ext4_destroy_inline_data_nolock() Fix a race between inline data destruction and block mapping. The function ext4_destroy_inline_data_nolock() changes the inode data layout b

  • CVE-2025-68260Dec 16, 2025
    affected >= 6.18.0, < 6.18.1fixed 6.18.1

    In the Linux kernel, the following vulnerability has been resolved: rust_binder: fix race condition on death_list Rust Binder contains the following unsafe operation: // SAFETY: A `NodeDeath` is never inserted into the death list // of any node other than its owner, so it is

  • CVE-2025-68259Dec 16, 2025
    affected >= 6.0.0, < 6.1.160fixed 6.1.160

    In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Don't skip unrelated instruction if INT3/INTO is replaced When re-injecting a soft interrupt from an INT3, INT0, or (select) INTn instruction, discard the exception and retry the instruction if the co

  • CVE-2025-68258Dec 16, 2025
    affected >= 2.6.30, < 5.10.248fixed 5.10.248

    In the Linux kernel, the following vulnerability has been resolved: comedi: multiq3: sanitize config options in multiq3_attach() Syzbot identified an issue [1] in multiq3_attach() that induces a task timeout due to open() or COMEDI_DEVCONFIG ioctl operations, specifically, in t

  • CVE-2025-68257Dec 16, 2025
    affected >= 5.8.0, < 5.10.248fixed 5.10.248

    In the Linux kernel, the following vulnerability has been resolved: comedi: check device's attached status in compat ioctls Syzbot identified an issue [1] that crashes kernel, seemingly due to unexistent callback dev->get_valid_routes(). By all means, this should not occur as s

  • CVE-2025-68256Dec 16, 2025
    affected >= 4.12.0, < 6.1.160fixed 6.1.160

    In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: fix out-of-bounds read in rtw_get_ie() parser The Information Element (IE) parser rtw_get_ie() trusted the length byte of each IE without validating that the IE body (len bytes after the 2-b

  • CVE-2025-68255Dec 16, 2025
    affected >= 4.12.0, < 5.10.248fixed 5.10.248

    In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: fix stack buffer overflow in OnAssocReq IE parsing The Supported Rates IE length from an incoming Association Request frame was used directly as the memcpy() length when copying into a fixed

Page 52 of 88