VYPR

linux package

kernel

pkg:linux/kernel

Vulnerabilities (1,755)

  • CVE-2025-40242Dec 4, 2025
    affected >= 5.15.0, < 6.12.56fixed 6.12.56

    In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix unlikely race in gdlm_put_lock In gdlm_put_lock(), there is a small window of time in which the DFL_UNMOUNT flag has been set but the lockspace hasn't been released, yet. In that window, dlm may stil

  • CVE-2025-40241Dec 4, 2025
    affected >= 6.15.0, < 6.17.6fixed 6.17.6

    In the Linux kernel, the following vulnerability has been resolved: erofs: fix crafted invalid cases for encoded extents Robert recently reported two corrupted images that can cause system crashes, which are related to the new encoded extents introduced in Linux 6.15: - The

  • CVE-2025-40240Dec 4, 2025
    affected >= 4.8.0, < 5.4.301fixed 5.4.301

    In the Linux kernel, the following vulnerability has been resolved: sctp: avoid NULL dereference when chunk data buffer is missing chunk->skb pointer is dereferenced in the if-block where it's supposed to be NULL only. chunk->skb can only be NULL if chunk->head_skb is not. Che

  • CVE-2025-40239Dec 4, 2025
    affected >= 6.10.0, < 6.12.56fixed 6.12.56

    In the Linux kernel, the following vulnerability has been resolved: net: phy: micrel: always set shared->phydev for LAN8814 Currently, during the LAN8814 PTP probe shared->phydev is only set if PTP clock gets actually set, otherwise the function will return before setting it.

  • CVE-2025-40238Dec 4, 2025
    affected >= 6.7.0, < 6.12.56fixed 6.12.56

    In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix IPsec cleanup over MPV device When we do mlx5e_detach_netdev() we eventually disable blocking events notifier, among those events are IPsec MPV events from IB to core. So before disabling those b

  • CVE-2025-40237Dec 4, 2025
    affected < 6.6.73fixed 6.6.73

    In the Linux kernel, the following vulnerability has been resolved: fs/notify: call exportfs_encode_fid with s_umount Calling intotify_show_fdinfo() on fd watching an overlayfs inode, while the overlayfs is being unmounted, can lead to dereferencing NULL ptr. This issue was fo

  • CVE-2025-40236Dec 4, 2025
    affected >= 6.17.0, < 6.17.6fixed 6.17.6

    In the Linux kernel, the following vulnerability has been resolved: virtio-net: zero unused hash fields When GSO tunnel is negotiated virtio_net_hdr_tnl_from_skb() tries to initialize the tunnel metadata but forget to zero unused rxhash fields. This may leak information to anot

  • CVE-2025-40235Dec 4, 2025
    affected >= 6.8.0, < 6.12.56fixed 6.12.56

    In the Linux kernel, the following vulnerability has been resolved: btrfs: directly free partially initialized fs_info in btrfs_check_leaked_roots() If fs_info->super_copy or fs_info->super_for_commit allocated failed in btrfs_get_tree_subvol(), then no need to call btrfs_free_

  • CVE-2025-40234Dec 4, 2025
    affected >= 6.16.0, < 6.17.6fixed 6.17.6

    In the Linux kernel, the following vulnerability has been resolved: platform/x86: alienware-wmi-wmax: Fix NULL pointer dereference in sleep handlers Devices without the AWCC interface don't initialize `awcc`. Add a check before dereferencing it in sleep handlers.

  • CVE-2025-40233Dec 4, 2025
    affected >= 3.0.0, < 5.4.301fixed 5.4.301

    In the Linux kernel, the following vulnerability has been resolved: ocfs2: clear extent cache after moving/defragmenting extents The extent map cache can become stale when extents are moved or defragmented, causing subsequent operations to see outdated extent flags. This trigg

  • CVE-2025-40232Dec 4, 2025
    affected >= 6.17.0, < 6.17.6fixed 6.17.6

    In the Linux kernel, the following vulnerability has been resolved: rv: Fully convert enabled_monitors to use list_head as iterator The callbacks in enabled_monitors_seq_ops are inconsistent. Some treat the iterator as struct rv_monitor *, while others treat the iterator as str

  • CVE-2025-40231Dec 4, 2025
    affected < 5.10.246fixed 5.10.246

    In the Linux kernel, the following vulnerability has been resolved: vsock: fix lock inversion in vsock_assign_transport() Syzbot reported a potential lock inversion deadlock between vsock_register_mutex and sk_lock-AF_VSOCK when vsock_linger() is called. The issue was introduc

  • CVE-2025-40230Dec 4, 2025
    affected >= 6.12.0, < 6.12.56fixed 6.12.56

    In the Linux kernel, the following vulnerability has been resolved: mm: prevent poison consumption when splitting THP When performing memory error injection on a THP (Transparent Huge Page) mapped to userspace on an x86 server, the kernel panics with the following trace. The e

  • CVE-2025-40229Dec 4, 2025
    affected >= 6.15.0, < 6.17.6fixed 6.17.6

    In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: fix potential memory leak by cleaning ops_filter in damon_destroy_scheme Currently, damon_destroy_scheme() only cleans up the filter list but leaves ops_filter untouched, which could lead to memo

  • CVE-2025-40228Dec 4, 2025
    affected >= 6.15.0, < 6.17.6fixed 6.17.6

    In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs: catch commit test ctx alloc failure Patch series "mm/damon/sysfs: fix commit test damon_ctx [de]allocation". DAMON sysfs interface dynamically allocates and uses a damon_ctx object for testing

  • CVE-2025-40227Dec 4, 2025
    affected >= 6.15.0, < 6.17.6fixed 6.17.6

    In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs: dealloc commit test ctx always The damon_ctx for testing online DAMON parameters commit inputs is deallocated only when the test fails. This means memory is leaked for every successful online D

  • CVE-2025-40226Dec 4, 2025
    affected < 6.6.115fixed 6.6.115

    In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scmi: Account for failed debug initialization When the SCMI debug subsystem fails to initialize, the related debug root will be missing, and the underlying descriptor will be NULL. Handle this fa

  • CVE-2025-40225Dec 4, 2025
    affected >= 6.10.0, < 6.12.56fixed 6.12.56

    In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Fix kernel panic on partial unmap of a GPU VA region This commit address a kernel panic issue that can happen if Userspace tries to partially unmap a GPU virtual region (aka drm_gpuva). The VM_BIND

  • CVE-2025-40224Dec 4, 2025
    affected >= 6.15.0, < 6.17.6fixed 6.17.6

    In the Linux kernel, the following vulnerability has been resolved: hwmon: (cgbc-hwmon) Add missing NULL check after devm_kzalloc() The driver allocates memory for sensor data using devm_kzalloc(), but did not check if the allocation succeeded. In case of memory allocation fail

  • CVE-2025-40223Dec 4, 2025
    affected >= 5.9.0, < 5.10.246fixed 5.10.246

    In the Linux kernel, the following vulnerability has been resolved: most: usb: Fix use-after-free in hdm_disconnect hdm_disconnect() calls most_deregister_interface(), which eventually unregisters the MOST interface device with device_unregister(iface->dev). If that drops the l

Page 72 of 88