VYPR

linux package

kernel

pkg:linux/kernel

Vulnerabilities (1,755)

  • CVE-2025-40222Dec 4, 2025
    affected >= 6.17.0, < 6.17.6fixed 6.17.6

    In the Linux kernel, the following vulnerability has been resolved: tty: serial: sh-sci: fix RSCI FIFO overrun handling The receive error handling code is shared between RSCI and all other SCIF port types, but the RSCI overrun_reg is specified as a memory offset, while for othe

  • CVE-2025-40221Dec 4, 2025
    affected >= 6.7.0, < 6.12.54fixed 6.12.54

    In the Linux kernel, the following vulnerability has been resolved: media: pci: mg4b: fix uninitialized iio scan data Fix potential leak of uninitialized stack data to userspace by ensuring that the `scan` structure is zeroed before use.

  • CVE-2025-40220Dec 4, 2025
    affected >= 2.6.38, < 5.10.246fixed 5.10.246

    In the Linux kernel, the following vulnerability has been resolved: fuse: fix livelock in synchronous file put from fuseblk workers I observed a hang when running generic/323 against a fuseblk server. This test opens a file, initiates a lot of AIO writes to that file descriptor

  • CVE-2025-40219Dec 4, 2025
    affected >= 5.0.0, < 5.4.301fixed 5.4.301

    In the Linux kernel, the following vulnerability has been resolved: PCI/IOV: Fix race between SR-IOV enable/disable and hotplug Commit 05703271c3cd ("PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV") tried to fix a race between the VF removal inside sriov_

  • CVE-2025-40218Dec 4, 2025
    affected >= 6.5.0, < 6.6.113fixed 6.6.113

    In the Linux kernel, the following vulnerability has been resolved: mm/damon/vaddr: do not repeat pte_offset_map_lock() until success DAMON's virtual address space operation set implementation (vaddr) calls pte_offset_map_lock() inside the page table walk callback function. Th

  • CVE-2025-40217Dec 4, 2025
    affected >= 6.11.0, < 6.17.4fixed 6.17.4

    In the Linux kernel, the following vulnerability has been resolved: pidfs: validate extensible ioctls Validate extensible ioctls stricter than we do now.

  • CVE-2025-40216Dec 4, 2025
    affected >= 6.12.0, < 6.12.36fixed 6.12.36

    In the Linux kernel, the following vulnerability has been resolved: io_uring/rsrc: don't rely on user vaddr alignment There is no guaranteed alignment for user pointers, however the calculation of an offset of the first page into a folio after coalescing uses some weird bit mas

  • CVE-2025-40215Dec 4, 2025
    affected >= 2.6.29, < 5.10.248fixed 5.10.248

    In the Linux kernel, the following vulnerability has been resolved: xfrm: delete x->tunnel as we delete x The ipcomp fallback tunnels currently get deleted (from the various lists and hashtables) as the last user state that needed that fallback is destroyed (not deleted). If a

  • CVE-2025-40214Dec 4, 2025
    affected < 6.1.159fixed 6.1.159

    In the Linux kernel, the following vulnerability has been resolved: af_unix: Initialise scc_index in unix_add_edge(). Quang Le reported that the AF_UNIX GC could garbage-collect a receive queue of an alive in-flight socket, with a nice repro. The repro consists of three stages

  • CVE-2025-40213Nov 24, 2025
    affected >= 6.17.0, < 6.17.8fixed 6.17.8

    In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: fix crash in set_mesh_sync and set_mesh_complete There is a BUG: KASAN: stack-out-of-bounds in set_mesh_sync due to memcpy from badly declared on-stack flexible array. Another crash is in set_

  • CVE-2025-40212Nov 24, 2025
    affected >= 6.12.0, < 6.12.59fixed 6.12.59

    In the Linux kernel, the following vulnerability has been resolved: nfsd: fix refcount leak in nfsd_set_fh_dentry() nfsd exports a "pseudo root filesystem" which is used by NFSv4 to find the various exported filesystems using LOOKUP requests from a known root filehandle. NFSv3

  • CVE-2025-40211Nov 21, 2025
    affected >= 3.17.0, < 5.4.302fixed 5.4.302

    In the Linux kernel, the following vulnerability has been resolved: ACPI: video: Fix use-after-free in acpi_video_switch_brightness() The switch_brightness_work delayed work accesses device->brightness and device->backlight, freed by acpi_video_dev_unregister_backlight() during

  • CVE-2025-40210Nov 21, 2025
    affected >= 6.17.0, < 6.17.8fixed 6.17.8

    In the Linux kernel, the following vulnerability has been resolved: Revert "NFSD: Remove the cap on number of operations per NFSv4 COMPOUND" I've found that pynfs COMP6 now leaves the connection or lease in a strange state, which causes CLOSE9 to hang indefinitely. I've dug int

  • CVE-2025-40209Nov 21, 2025
    affected >= 6.11.0, < 6.12.58fixed 6.12.58

    In the Linux kernel, the following vulnerability has been resolved: btrfs: fix memory leak of qgroup_list in btrfs_add_qgroup_relation When btrfs_add_qgroup_relation() is called with invalid qgroup levels (src >= dst), the function returns -EINVAL directly without freeing the p

  • CVE-2025-40208Nov 12, 2025
    affected >= 6.15.0, < 6.17.4fixed 6.17.4

    In the Linux kernel, the following vulnerability has been resolved: media: iris: fix module removal if firmware download failed Fix remove if firmware failed to load: qcom-iris aa00000.video-codec: Direct firmware load for qcom/vpu/vpu33_p4.mbn failed with error -2 qcom-iris aa

  • CVE-2025-40207Nov 12, 2025
    affected >= 6.0.0, < 6.1.157fixed 6.1.157

    In the Linux kernel, the following vulnerability has been resolved: media: v4l2-subdev: Fix alloc failure check in v4l2_subdev_call_state_try() v4l2_subdev_call_state_try() macro allocates a subdev state with __v4l2_subdev_state_alloc(), but does not check the returned value. I

  • CVE-2025-40206Nov 12, 2025
    affected >= 5.4.0, < 6.6.113fixed 6.6.113

    In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_objref: validate objref and objrefmap expressions Referencing a synproxy stateful object from OUTPUT hook causes kernel crash due to infinite recursive calls: BUG: TASK stack guard page was hit

  • CVE-2025-40205Nov 12, 2025
    affected >= 2.6.29, < 5.4.301fixed 5.4.301

    In the Linux kernel, the following vulnerability has been resolved: btrfs: avoid potential out-of-bounds in btrfs_encode_fh() The function btrfs_encode_fh() does not properly account for the three cases it handles. Before writing to the file handle (fh), the function only retu

  • CVE-2025-40204Nov 12, 2025
    affected >= 2.6.12, < 5.4.301fixed 5.4.301

    In the Linux kernel, the following vulnerability has been resolved: sctp: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this.

  • CVE-2025-40203Nov 12, 2025
    affected >= 6.8.0, < 6.12.54fixed 6.12.54

    In the Linux kernel, the following vulnerability has been resolved: listmount: don't call path_put() under namespace semaphore Massage listmount() and make sure we don't call path_put() under the namespace semaphore. If we put the last reference we're fscked.

Page 73 of 88