VYPR

linux package

kernel

pkg:linux/kernel

Vulnerabilities (1,755)

  • CVE-2025-40139Nov 12, 2025
    affected >= 4.11.0, < 6.17.3fixed 6.17.3

    In the Linux kernel, the following vulnerability has been resolved: smc: Use __sk_dst_get() and dst_dev_rcu() in in smc_clc_prfx_set(). smc_clc_prfx_set() is called during connect() and not under RCU nor RTNL. Using sk_dst_get(sk)->dev could trigger UAF. Let's use __sk_dst_ge

  • CVE-2025-40138Nov 12, 2025
    affected >= 6.17.0, < 6.17.3fixed 6.17.3

    In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid NULL pointer dereference in f2fs_check_quota_consistency() syzbot reported a f2fs bug as below: Oops: gen[ 107.736417][ T5848] Oops: general protection fault, probably for non-canonical add

  • CVE-2025-40137Nov 12, 2025
    affected >= 3.19.0, < 6.6.112fixed 6.6.112

    In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to truncate first page in error path of f2fs_truncate() syzbot reports a bug as below: loop0: detected capacity change from 0 to 40427 F2FS-fs (loop0): Wrong SSA boundary, start(3584) end(4096) block

  • CVE-2025-40136Nov 12, 2025
    affected >= 6.1.0, < 6.17.3fixed 6.17.3

    In the Linux kernel, the following vulnerability has been resolved: crypto: hisilicon/qm - request reserved interrupt for virtual function The device interrupt vector 3 is an error interrupt for physical function and a reserved interrupt for virtual function. However, the drive

  • CVE-2025-40135Nov 12, 2025
    affected >= 4.13.0, < 6.1.167fixed 6.1.167

    In the Linux kernel, the following vulnerability has been resolved: ipv6: use RCU in ip6_xmit() Use RCU in ip6_xmit() in order to use dst_dev_rcu() to prevent possible UAF.

  • CVE-2025-40134Nov 12, 2025
    affected >= 5.0.0, < 5.4.301fixed 5.4.301

    In the Linux kernel, the following vulnerability has been resolved: dm: fix NULL pointer dereference in __dm_suspend() There is a race condition between dm device suspend and table load that can lead to null pointer dereference. The issue occurs when suspend is invoked before t

  • CVE-2025-40133Nov 12, 2025
    affected >= 6.12.0, < 6.12.55fixed 6.12.55

    In the Linux kernel, the following vulnerability has been resolved: mptcp: Use __sk_dst_get() and dst_dev_rcu() in mptcp_active_enable(). mptcp_active_enable() is called from subflow_finish_connect(), which is icsk->icsk_af_ops->sk_rx_dst_set() and it's not always under RCU. U

  • CVE-2025-40132Nov 12, 2025
    affected >= 6.10.0, < 6.12.53fixed 6.12.53

    In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: sof_sdw: Prevent jump to NULL add_sidecar callback In create_sdw_dailink() check that sof_end->codec_info->add_sidecar is not NULL before calling it. The original code assumed that if include_side

  • CVE-2025-40131Nov 12, 2025
    affected >= 6.16.0, < 6.17.3fixed 6.17.3

    In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Fix peer lookup in ath12k_dp_mon_rx_deliver_msdu() In ath12k_dp_mon_rx_deliver_msdu(), peer lookup fails because rxcb->peer_id is not updated with a valid value. This is expected in monitor mode,

  • CVE-2025-40130Nov 12, 2025
    affected >= 6.9.0, < 6.17.3fixed 6.17.3

    In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fix data race in CPU latency PM QoS request handling The cpu_latency_qos_add/remove/update_request interfaces lack internal synchronization by design, requiring the caller to ensure thread safe

  • CVE-2025-40129Nov 12, 2025
    affected >= 6.3.0, < 6.6.112fixed 6.6.112

    In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix null pointer dereference on zero-length checksum In xdr_stream_decode_opaque_auth(), zero-length checksum.len causes checksum.data to be set to NULL. This triggers a NPD when accessing checksum.data

  • CVE-2025-40127Nov 12, 2025
    affected >= 5.5.0, < 5.10.246fixed 5.10.246

    In the Linux kernel, the following vulnerability has been resolved: hwrng: ks-sa - fix division by zero in ks_sa_rng_init Fix division by zero in ks_sa_rng_init caused by missing clock pointer initialization. The clk_get_rate() call is performed on an uninitialized clk pointer,

  • CVE-2025-40126Nov 12, 2025
    affected >= 4.9.0, < 5.4.301fixed 5.4.301

    In the Linux kernel, the following vulnerability has been resolved: sparc: fix accurate exception reporting in copy_{from_to}_user for UltraSPARC The referenced commit introduced exception handlers on user-space memory references in copy_from_user and copy_to_user. These handle

  • CVE-2025-40125Nov 12, 2025
    affected >= 4.20.0, < 5.4.301fixed 5.4.301

    In the Linux kernel, the following vulnerability has been resolved: blk-mq: check kobject state_in_sysfs before deleting in blk_mq_unregister_hctx In __blk_mq_update_nr_hw_queues() the return value of blk_mq_sysfs_register_hctxs() is not checked. If sysfs creation for hctx fail

  • CVE-2025-40124Nov 12, 2025
    affected >= 4.9.0, < 5.4.301fixed 5.4.301

    In the Linux kernel, the following vulnerability has been resolved: sparc: fix accurate exception reporting in copy_{from_to}_user for UltraSPARC III Anthony Yznaga tracked down that a BUG_ON in ext4 code with large folios enabled resulted from copy_from_user() returning imposs

  • CVE-2025-40123Nov 12, 2025
    affected >= 4.17.0, < 6.1.156fixed 6.1.156

    In the Linux kernel, the following vulnerability has been resolved: bpf: Enforce expected_attach_type for tailcall compatibility Yinhao et al. recently reported: Our fuzzer tool discovered an uninitialized pointer issue in the bpf_prog_test_run_xdp() function within the Li

  • CVE-2025-40122Nov 12, 2025
    affected >= 6.16.0, < 6.17.3fixed 6.17.3

    In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel: Fix IA32_PMC_x_CFG_B MSRs access error When running perf_fuzzer on PTL, sometimes the below "unchecked MSR access error" is seen when accessing IA32_PMC_x_CFG_B MSRs. [ 55.611268] unchecked

  • CVE-2025-40121Nov 12, 2025
    affected >= 4.18.0, < 5.4.301fixed 5.4.301

    In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping When an invalid value is passed via quirk option, currently bytcr_rt5640 driver just ignores and leaves as is, which may lead to unepxected results lik

  • CVE-2025-40120Nov 12, 2025
    affected >= 5.14.0, < 5.15.195fixed 5.15.195

    In the Linux kernel, the following vulnerability has been resolved: net: usb: asix: hold PM usage ref to avoid PM/MDIO + RTNL deadlock Prevent USB runtime PM (autosuspend) for AX88772* in bind. usbnet enables runtime PM (autosuspend) by default, so disabling it via the usb_dri

  • CVE-2025-40119Nov 12, 2025
    affected >= 6.17.0, < 6.17.3fixed 6.17.3

    In the Linux kernel, the following vulnerability has been resolved: ext4: fix potential null deref in ext4_mb_init() In ext4_mb_init(), ext4_mb_avg_fragment_size_destroy() may be called when sbi->s_mb_avg_fragment_size remains uninitialized (e.g., if groupinfo slab cache alloca

Page 77 of 88