VYPR

rpm package

opensuse/kernel-source&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/kernel-source&distro=openSUSE%20Tumbleweed

Vulnerabilities (1,435)

  • CVE-2025-40046Oct 28, 2025
    affected < 6.17.7-1.1fixed 6.17.7-1.1

    In the Linux kernel, the following vulnerability has been resolved: io_uring/zcrx: fix overshooting recv limit It's reported that sometimes a zcrx request can receive more than was requested. It's caused by io_zcrx_recv_skb() adjusting desc->count for all received buffers inclu

  • CVE-2025-40045Oct 28, 2025
    affected < 6.17.7-1.1fixed 6.17.7-1.1

    In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: wcd937x: set the comp soundwire port correctly For some reason we endup with setting soundwire port for HPHL_COMP and HPHR_COMP as zero, this can potentially result in a memory corruption due to a

  • CVE-2025-40044Oct 28, 2025
    affected < 6.17.7-1.1fixed 6.17.7-1.1

    In the Linux kernel, the following vulnerability has been resolved: fs: udf: fix OOB read in lengthAllocDescs handling When parsing Allocation Extent Descriptor, lengthAllocDescs comes from on-disk data and must be validated against the block size. Crafted or corrupted images m

  • CVE-2025-40043Oct 28, 2025
    affected < 6.17.7-1.1fixed 6.17.7-1.1

    In the Linux kernel, the following vulnerability has been resolved: net: nfc: nci: Add parameter validation for packet data Syzbot reported an uninitialized value bug in nci_init_req, which was introduced by commit 5aca7966d2a7 ("Merge tag 'perf-tools-fixes-for-v6.17-2025-09-16

  • CVE-2025-40042Oct 28, 2025
    affected < 6.17.7-1.1fixed 6.17.7-1.1

    In the Linux kernel, the following vulnerability has been resolved: tracing: Fix race condition in kprobe initialization causing NULL pointer dereference There is a critical race condition in kprobe initialization that can lead to NULL pointer dereference and kernel crash. [11

  • CVE-2025-40041Oct 28, 2025
    affected < 6.17.7-1.1fixed 6.17.7-1.1

    In the Linux kernel, the following vulnerability has been resolved: LoongArch: BPF: Sign-extend struct ops return values properly The ns_bpf_qdisc selftest triggers a kernel panic: Oops[#1]: CPU 0 Unable to handle kernel paging request at virtual address 0000000000741d58,

  • CVE-2025-40038Oct 28, 2025
    affected < 6.17.7-1.1fixed 6.17.7-1.1

    In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Skip fastpath emulation on VM-Exit if next RIP isn't valid Skip the WRMSR and HLT fastpaths in SVM's VM-Exit handler if the next RIP isn't valid, e.g. because KVM is running with nrips=false. SVM mus

  • CVE-2025-40037Oct 28, 2025
    affected < 6.17.7-1.1fixed 6.17.7-1.1

    In the Linux kernel, the following vulnerability has been resolved: fbdev: simplefb: Fix use after free in simplefb_detach_genpds() The pm_domain cleanup can not be devres managed as it uses struct simplefb_par which is allocated within struct fb_info by framebuffer_alloc(). Th

  • CVE-2025-40036Oct 28, 2025
    affected < 6.17.7-1.1fixed 6.17.7-1.1

    In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: fix possible map leak in fastrpc_put_args copy_to_user() failure would cause an early return without cleaning up the fdlist, which has been updated by the DSP. This could lead to map leak. Fix th

  • CVE-2025-40035Oct 28, 2025
    affected < 6.17.7-1.1fixed 6.17.7-1.1

    In the Linux kernel, the following vulnerability has been resolved: Input: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak Struct ff_effect_compat is embedded twice inside uinput_ff_upload_compat, contains internal padding. In particular, there is a hole aft

  • CVE-2025-40034Oct 28, 2025
    affected < 6.17.7-1.1fixed 6.17.7-1.1

    In the Linux kernel, the following vulnerability has been resolved: PCI/AER: Avoid NULL pointer dereference in aer_ratelimit() When platform firmware supplies error information to the OS, e.g., via the ACPI APEI GHES mechanism, it may identify an error source device that doesn'

  • CVE-2025-40033Oct 28, 2025
    affected < 6.17.7-1.1fixed 6.17.7-1.1

    In the Linux kernel, the following vulnerability has been resolved: remoteproc: pru: Fix potential NULL pointer dereference in pru_rproc_set_ctable() pru_rproc_set_ctable() accessed rproc->priv before the IS_ERR_OR_NULL check, which could lead to a null pointer dereference. Mov

  • CVE-2025-40032Oct 28, 2025
    affected < 6.17.7-1.1fixed 6.17.7-1.1

    In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: pci-epf-test: Add NULL check for DMA channels before release The fields dma_chan_tx and dma_chan_rx of the struct pci_epf_test can be NULL even after EPF initialization. Then it is prudent to che

  • CVE-2025-40031Oct 28, 2025
    affected < 6.17.7-1.1fixed 6.17.7-1.1

    In the Linux kernel, the following vulnerability has been resolved: tee: fix register_shm_helper() In register_shm_helper(), fix incorrect error handling for a call to iov_iter_extract_pages(). A case is missing for when iov_iter_extract_pages() only got some pages and return a

  • CVE-2025-40030Oct 28, 2025
    affected < 6.17.7-1.1fixed 6.17.7-1.1

    In the Linux kernel, the following vulnerability has been resolved: pinctrl: check the return value of pinmux_ops::get_function_name() While the API contract in docs doesn't specify it explicitly, the generic implementation of the get_function_name() callback from struct pinmux

  • CVE-2025-40029Oct 28, 2025
    affected < 6.17.7-1.1fixed 6.17.7-1.1

    In the Linux kernel, the following vulnerability has been resolved: bus: fsl-mc: Check return value of platform_get_resource() platform_get_resource() returns NULL in case of failure, so check its return value and propagate the error in order to prevent NULL pointer dereference

  • CVE-2025-40082Oct 28, 2025
    affected < 6.17.7-1.1fixed 6.17.7-1.1

    In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0xa71/0xb90 fs/hfsplus/unicode.c:186 Read of size 2 at addr ffff8880289ef218 by task syz.6.248/14290

  • CVE-2025-40040Oct 28, 2025
    affected < 6.17.7-1.1fixed 6.17.7-1.1

    In the Linux kernel, the following vulnerability has been resolved: mm/ksm: fix flag-dropping behavior in ksm_madvise syzkaller discovered the following crash: (kernel BUG) [ 44.607039] ------------[ cut here ]------------ [ 44.607422] kernel BUG at mm/userfaultfd.c:2067!

  • CVE-2025-40039Oct 28, 2025
    affected < 6.17.7-1.1fixed 6.17.7-1.1

    In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fix race condition in RPC handle list access The 'sess->rpc_handle_list' XArray manages RPC handles within a ksmbd session. Access to this list is intended to be protected by 'sess->rpc_lock' (an rw_sema

  • CVE-2025-40028Oct 28, 2025
    affected < 6.17.7-1.1fixed 6.17.7-1.1

    In the Linux kernel, the following vulnerability has been resolved: binder: fix double-free in dbitmap A process might fail to allocate a new bitmap when trying to expand its proc->dmap. In that case, dbitmap_grow() fails and frees the old bitmap via dbitmap_free(). However, th

Page 32 of 72