Aggregator

Attila Szász discovered that the HFS+ file system implementation in the Linux Kernel contained a heap overflow vulnerability. An attacker could use a specially crafted file system image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2025-0927) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - MIPS architecture; - PowerPC architecture; - RISC-V architecture; - S390 architecture; - x86 architecture; - Block layer subsystem; - Compute Acceleration Framework; - ACPI drivers; - Drivers core; - Ublk userspace block driver; - Virtio block driver; - Bluetooth drivers; - Buffer Sharing and Synchronization framework; - DMA engine subsystem; - EFI core; - GPIO subsystem; - GPU drivers; - HID subsystem; - Microsoft Hyper-V drivers; - Hardware monitoring drivers; - I3C subsystem; - IIO ADC drivers; - IIO subsystem; - InfiniBand drivers; - IOMMU subsystem; - LED subsystem; - Multiple devices driver; - Media drivers; - Microchip PCI driver; - MTD block device drivers; - Network drivers; - Mellanox network drivers; - STMicroelectronics network drivers; - NVME drivers; - PCI subsystem; - PHY drivers; - Pin controllers subsystem; - x86 platform drivers; - i.MX PM domains; - Power supply drivers; - Voltage and Current Regulator drivers; - SCSI subsystem; - i.MX SoC drivers; - SPI subsystem; - UFS subsystem; - USB Gadget drivers; - TDX Guest driver; - AFS file system; - BTRFS file system; - Ceph distributed file system; - File systems infrastructure; - F2FS file system; - JFFS2 file system; - JFS file system; - Network file systems library; - Network file system (NFS) server daemon; - NILFS2 file system; - File system notification infrastructure; - Overlay file system; - Diskquota system; - SMB network file system; - DRM display driver; - BPF subsystem; - VLANs driver; - KASAN memory debugging framework; - Memory management; - StackDepot library; - Bluetooth subsystem; - LAPB network protocol; - Network namespace; - Netfilter; - io_uring subsystem; - Control group (cgroup); - DMA mapping infrastructure; - KCSAN framework; - Scheduler infrastructure; - Seccomp subsystem; - Tracing infrastructure; - Workqueue subsystem; - KUnit library; - CAN network layer; - Networking core; - DCCP (Datagram Congestion Control Protocol); - HSR network protocol; - IEEE802154.4 network protocol; - IPv4 networking; - IPv6 networking; - MAC80211 subsystem; - Multipath TCP; - NET/ROM layer; - Packet sockets; - RDS protocol; - Network traffic control; - SCTP protocol; - SMC sockets; - TIPC protocol; - Wireless networking; - eXpress Data Path; - SELinux security module; - ALSA framework; - Intel ASoC drivers; - SOF drivers; (CVE-2024-56712, CVE-2024-56761, CVE-2025-21661, CVE-2024-56565, CVE-2024-57804, CVE-2024-57887, CVE-2025-21642, CVE-2024-56779, CVE-2025-21656, CVE-2024-57890, CVE-2024-36476, CVE-2024-57843, CVE-2024-56594, CVE-2024-41932, CVE-2025-21653, CVE-2024-56567, CVE-2024-56665, CVE-2024-54191, CVE-2024-57893, CVE-2024-57932, CVE-2024-56656, CVE-2024-57945, CVE-2024-57931, CVE-2024-56599, CVE-2024-57897, CVE-2024-57903, CVE-2024-57918, CVE-2024-57795, CVE-2024-56662, CVE-2025-21639, CVE-2024-55881, CVE-2024-57889, CVE-2024-57884, CVE-2024-57934, CVE-2024-39282, CVE-2024-56718, CVE-2024-56644, CVE-2024-56760, CVE-2024-43098, CVE-2024-47143, CVE-2024-55642, CVE-2024-56634, CVE-2024-56564, CVE-2024-56768, CVE-2024-56649, CVE-2024-57919, CVE-2024-56620, CVE-2024-56625, CVE-2024-56655, CVE-2024-56772, CVE-2025-21637, CVE-2024-56617, CVE-2024-57879, CVE-2024-56715, CVE-2024-56550, CVE-2024-50051, CVE-2024-56673, CVE-2024-51729, CVE-2025-21664, CVE-2025-21649, CVE-2024-56605, CVE-2024-56622, CVE-2024-56591, CVE-2024-56782, CVE-2024-57801, CVE-2024-56664, CVE-2024-57916, CVE-2024-53680, CVE-2024-57926, CVE-2024-56637, CVE-2024-56769, CVE-2024-57924, CVE-2024-56648, CVE-2024-57872, CVE-2024-56593, CVE-2024-57913, CVE-2024-53682, CVE-2024-56670, CVE-2024-56767, CVE-2024-56778, CVE-2024-56777, CVE-2025-21658, CVE-2025-21646, CVE-2024-48875, CVE-2024-56758, CVE-2024-56604, CVE-2024-56787, CVE-2024-56581, CVE-2025-21635, CVE-2024-56641, CVE-2024-56608, CVE-2024-57885, CVE-2024-56716, CVE-2024-56671, CVE-2024-56559, CVE-2025-21633, CVE-2024-56372, CVE-2024-57888, CVE-2024-56623, CVE-2025-21638, CVE-2024-56600, CVE-2024-56647, CVE-2025-21659, CVE-2024-41935, CVE-2024-56624, CVE-2024-56574, CVE-2025-21648, CVE-2024-56621, CVE-2024-54460, CVE-2024-56659, CVE-2024-47141, CVE-2024-57805, CVE-2024-57792, CVE-2024-45828, CVE-2024-53681, CVE-2024-56568, CVE-2024-56764, CVE-2025-21650, CVE-2024-56601, CVE-2024-56663, CVE-2025-21660, CVE-2025-21629, CVE-2024-56595, CVE-2024-57917, CVE-2024-53685, CVE-2024-57882, CVE-2024-57894, CVE-2024-56651, CVE-2024-56657, CVE-2024-57876, CVE-2024-56717, CVE-2024-57935, CVE-2024-56667, CVE-2024-57910, CVE-2024-57793, CVE-2024-56631, CVE-2024-56638, CVE-2025-21640, CVE-2024-56710, CVE-2024-56583, CVE-2024-56557, CVE-2024-56658, CVE-2025-21632, CVE-2024-56645, CVE-2024-56646, CVE-2024-56640, CVE-2024-57944, CVE-2024-56598, CVE-2024-57857, CVE-2024-56709, CVE-2024-56654, CVE-2024-57809, CVE-2024-57895, CVE-2025-21834, CVE-2024-56763, CVE-2024-48881, CVE-2024-57841, CVE-2024-57878, CVE-2024-56774, CVE-2024-57791, CVE-2024-56575, CVE-2024-56619, CVE-2024-56570, CVE-2024-56616, CVE-2024-56569, CVE-2025-21636, CVE-2024-56572, CVE-2024-56552, CVE-2024-56596, CVE-2025-21654, CVE-2024-56573, CVE-2024-56784, CVE-2024-56626, CVE-2024-56642, CVE-2024-56643, CVE-2024-56719, CVE-2024-56632, CVE-2024-57839, CVE-2024-56578, CVE-2024-53690, CVE-2024-56609, CVE-2024-56562, CVE-2024-56589, CVE-2024-56781, CVE-2024-56672, CVE-2024-56775, CVE-2024-56713, CVE-2024-56580, CVE-2024-57874, CVE-2024-56369, CVE-2024-56711, CVE-2025-21651, CVE-2024-56584, CVE-2024-57904, CVE-2024-54680, CVE-2024-56577, CVE-2024-56558, CVE-2024-56780, CVE-2024-58087, CVE-2024-57892, CVE-2025-21644, CVE-2024-57911, CVE-2024-56579, CVE-2025-21663, CVE-2024-56618, CVE-2024-56766, CVE-2024-56653, CVE-2025-21655, CVE-2024-56669, CVE-2024-56759, CVE-2024-48876, CVE-2025-21631, CVE-2024-56765, CVE-2024-56770, CVE-2024-57838, CVE-2025-21634, CVE-2024-56650, CVE-2024-57939, CVE-2024-56606, CVE-2024-56610, CVE-2025-21662, CVE-2024-56785, CVE-2024-55916, CVE-2025-21643, CVE-2024-56586, CVE-2024-56582, CVE-2024-56614, CVE-2024-49571, CVE-2024-49569, CVE-2024-57798, CVE-2024-56633, CVE-2024-55641, CVE-2025-21647, CVE-2025-21652, CVE-2024-56757, CVE-2024-56597, CVE-2024-47794, CVE-2024-57902, CVE-2024-57925, CVE-2024-54683, CVE-2024-57938, CVE-2024-56615, CVE-2024-57906, CVE-2024-53687, CVE-2024-57899, CVE-2024-56783, CVE-2024-56786, CVE-2024-56635, CVE-2024-56551, CVE-2024-53179, CVE-2024-56588, CVE-2024-47408, CVE-2024-57849, CVE-2024-52319, CVE-2024-56576, CVE-2024-57905, CVE-2024-57946, CVE-2024-56607, CVE-2024-57806, CVE-2024-57933, CVE-2024-55639, CVE-2024-56561, CVE-2024-48873, CVE-2024-52332, CVE-2025-21645, CVE-2024-56602, CVE-2024-56590, CVE-2024-57799, CVE-2024-57929, CVE-2024-56639, CVE-2024-56613, CVE-2024-56675, CVE-2024-57912, CVE-2024-57883, CVE-2024-56636, CVE-2024-56592, CVE-2024-57802, CVE-2024-54455, CVE-2024-57908, CVE-2024-56603, CVE-2024-57875, CVE-2024-56773, CVE-2024-47809, CVE-2024-56630, CVE-2024-56587, CVE-2024-56627, CVE-2024-57921, CVE-2024-56660, CVE-2024-56771, CVE-2024-57886, CVE-2024-57896, CVE-2024-57807, CVE-2024-57907, CVE-2024-49568, CVE-2024-54193, CVE-2024-56652, CVE-2024-57940, CVE-2024-57898, CVE-2024-57901, CVE-2024-56714, CVE-2024-56566, CVE-2024-56563, CVE-2024-56368, CVE-2024-56611, CVE-2024-56776, CVE-2024-57850, CVE-2024-56629, CVE-2024-57881, CVE-2024-57880, CVE-2024-57900)

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - MIPS architecture; - PowerPC architecture; - RISC-V architecture; - S390 architecture; - x86 architecture; - Block layer subsystem; - Compute Acceleration Framework; - ACPI drivers; - Drivers core; - Ublk userspace block driver; - Virtio block driver; - Bluetooth drivers; - Buffer Sharing and Synchronization framework; - DMA engine subsystem; - EFI core; - GPIO subsystem; - GPU drivers; - HID subsystem; - Microsoft Hyper-V drivers; - Hardware monitoring drivers; - I3C subsystem; - IIO ADC drivers; - IIO subsystem; - InfiniBand drivers; - IOMMU subsystem; - LED subsystem; - Multiple devices driver; - Media drivers; - Microchip PCI driver; - MTD block device drivers; - Network drivers; - Mellanox network drivers; - STMicroelectronics network drivers; - NVME drivers; - PCI subsystem; - PHY drivers; - Pin controllers subsystem; - x86 platform drivers; - i.MX PM domains; - Power supply drivers; - Voltage and Current Regulator drivers; - SCSI subsystem; - i.MX SoC drivers; - SPI subsystem; - UFS subsystem; - USB Gadget drivers; - TDX Guest driver; - AFS file system; - BTRFS file system; - Ceph distributed file system; - File systems infrastructure; - F2FS file system; - JFFS2 file system; - JFS file system; - Network file systems library; - Network file system (NFS) server daemon; - NILFS2 file system; - File system notification infrastructure; - Overlay file system; - Diskquota system; - SMB network file system; - DRM display driver; - BPF subsystem; - VLANs driver; - KASAN memory debugging framework; - Memory management; - StackDepot library; - Bluetooth subsystem; - LAPB network protocol; - Network namespace; - Netfilter; - io_uring subsystem; - Control group (cgroup); - DMA mapping infrastructure; - KCSAN framework; - Scheduler infrastructure; - Seccomp subsystem; - Tracing infrastructure; - Workqueue subsystem; - KUnit library; - CAN network layer; - Networking core; - DCCP (Datagram Congestion Control Protocol); - HSR network protocol; - IEEE802154.4 network protocol; - IPv4 networking; - IPv6 networking; - MAC80211 subsystem; - Multipath TCP; - NET/ROM layer; - Packet sockets; - RDS protocol; - Network traffic control; - SCTP protocol; - SMC sockets; - TIPC protocol; - Wireless networking; - eXpress Data Path; - SELinux security module; - ALSA framework; - Intel ASoC drivers; - SOF drivers; (CVE-2024-57850, CVE-2024-57895, CVE-2024-57843, CVE-2024-56587, CVE-2024-56590, CVE-2024-56584, CVE-2024-56673, CVE-2024-56552, CVE-2024-56644, CVE-2024-57940, CVE-2024-47809, CVE-2024-56784, CVE-2024-57935, CVE-2024-56561, CVE-2025-21642, CVE-2024-56573, CVE-2024-53682, CVE-2024-39282, CVE-2024-56653, CVE-2024-56606, CVE-2024-56651, CVE-2024-56608, CVE-2024-56649, CVE-2024-56761, CVE-2024-57921, CVE-2024-57804, CVE-2024-57902, CVE-2024-56630, CVE-2024-56769, CVE-2024-56782, CVE-2025-21652, CVE-2025-21634, CVE-2024-48881, CVE-2024-41935, CVE-2024-57912, CVE-2024-56659, CVE-2025-21663, CVE-2024-57857, CVE-2024-56670, CVE-2024-56631, CVE-2024-52319, CVE-2024-56637, CVE-2024-56643, CVE-2025-21643, CVE-2024-55881, CVE-2024-56619, CVE-2024-53687, CVE-2025-21654, CVE-2025-21655, CVE-2024-56648, CVE-2024-57893, CVE-2025-21651, CVE-2024-57939, CVE-2024-56622, CVE-2024-56763, CVE-2024-56591, CVE-2024-56559, CVE-2024-57883, CVE-2024-56592, CVE-2024-57795, CVE-2024-56578, CVE-2024-56780, CVE-2024-57904, CVE-2024-57934, CVE-2024-56369, CVE-2024-57931, CVE-2024-47408, CVE-2025-21644, CVE-2024-56625, CVE-2025-21659, CVE-2024-56640, CVE-2024-56605, CVE-2024-56638, CVE-2024-56775, CVE-2024-47141, CVE-2024-56773, CVE-2024-53681, CVE-2024-57802, CVE-2024-56550, CVE-2024-56717, CVE-2025-21662, CVE-2024-53685, CVE-2024-57890, CVE-2024-56765, CVE-2025-21629, CVE-2024-57918, CVE-2024-57841, CVE-2024-57894, CVE-2025-21649, CVE-2024-56613, CVE-2024-56611, CVE-2024-57946, CVE-2024-57908, CVE-2024-57900, CVE-2024-56665, CVE-2024-56786, CVE-2024-56778, CVE-2024-56627, CVE-2024-56712, CVE-2024-52332, CVE-2025-21834, CVE-2024-56616, CVE-2024-56595, CVE-2024-56623, CVE-2024-57807, CVE-2024-41932, CVE-2024-57809, CVE-2024-54193, CVE-2025-21637, CVE-2024-54455, CVE-2024-56565, CVE-2024-57849, CVE-2024-56647, CVE-2024-57896, CVE-2024-57924, CVE-2024-57944, CVE-2024-56711, CVE-2024-57881, CVE-2024-56614, CVE-2024-54460, CVE-2024-56563, CVE-2024-58087, CVE-2024-57798, CVE-2024-56615, CVE-2024-53179, CVE-2024-57919, CVE-2024-56580, CVE-2024-56771, CVE-2024-56572, CVE-2024-56581, CVE-2024-56586, CVE-2024-56654, CVE-2024-57916, CVE-2024-56645, CVE-2024-56672, CVE-2024-56597, CVE-2024-56671, CVE-2024-56658, CVE-2024-56634, CVE-2024-49568, CVE-2024-56588, CVE-2024-56655, CVE-2024-48876, CVE-2024-57889, CVE-2025-21647, CVE-2024-47794, CVE-2024-57938, CVE-2024-56767, CVE-2025-21664, CVE-2024-56656, CVE-2024-56787, CVE-2024-57925, CVE-2024-57876, CVE-2024-57874, CVE-2024-56766, CVE-2024-57878, CVE-2024-57898, CVE-2024-56617, CVE-2024-56604, CVE-2025-21645, CVE-2024-56551, CVE-2024-57892, CVE-2024-49571, CVE-2024-45828, CVE-2024-57911, CVE-2025-21660, CVE-2024-56558, CVE-2024-57805, CVE-2024-53680, CVE-2024-57839, CVE-2024-56626, CVE-2024-57901, CVE-2024-56636, CVE-2024-56646, CVE-2024-56667, CVE-2025-21648, CVE-2024-56660, CVE-2024-56368, CVE-2024-56600, CVE-2024-57793, CVE-2024-36476, CVE-2024-56610, CVE-2024-57888, CVE-2024-57886, CVE-2024-57885, CVE-2024-56776, CVE-2025-21635, CVE-2025-21661, CVE-2024-56576, CVE-2024-56662, CVE-2024-56589, CVE-2024-57806, CVE-2024-57887, CVE-2025-21650, CVE-2024-56582, CVE-2024-56709, CVE-2024-57913, CVE-2024-56633, CVE-2024-56639, CVE-2024-56768, CVE-2024-57799, CVE-2024-56715, CVE-2025-21653, CVE-2024-57929, CVE-2024-54680, CVE-2024-56635, CVE-2024-57801, CVE-2024-50051, CVE-2024-56609, CVE-2024-56624, CVE-2024-51729, CVE-2024-56772, CVE-2024-56785, CVE-2024-56568, CVE-2024-56577, CVE-2025-21646, CVE-2024-56713, CVE-2024-56567, CVE-2024-56777, CVE-2024-56760, CVE-2024-57899, CVE-2024-56664, CVE-2024-57879, CVE-2024-56579, CVE-2024-56758, CVE-2024-56710, CVE-2024-48875, CVE-2024-56574, CVE-2024-55641, CVE-2024-56663, CVE-2024-55639, CVE-2024-57875, CVE-2024-57910, CVE-2024-56621, CVE-2024-57791, CVE-2024-56557, CVE-2024-56774, CVE-2024-56641, CVE-2024-56601, CVE-2024-56603, CVE-2024-57897, CVE-2024-56594, CVE-2024-57882, CVE-2024-56583, CVE-2025-21639, CVE-2025-21658, CVE-2024-56575, CVE-2024-57945, CVE-2024-57907, CVE-2024-56632, CVE-2024-56629, CVE-2025-21632, CVE-2024-56596, CVE-2024-56602, CVE-2024-54683, CVE-2024-56607, CVE-2024-56764, CVE-2024-53690, CVE-2024-56719, CVE-2024-56783, CVE-2024-57905, CVE-2024-57872, CVE-2024-56598, CVE-2024-55916, CVE-2024-54191, CVE-2024-56779, CVE-2024-57917, CVE-2024-56562, CVE-2024-56599, CVE-2024-56620, CVE-2024-56650, CVE-2024-57926, CVE-2024-56757, CVE-2024-56669, CVE-2025-21638, CVE-2024-56675, CVE-2024-56618, CVE-2024-56593, CVE-2025-21631, CVE-2024-57933, CVE-2024-55642, CVE-2024-57884, CVE-2024-56652, CVE-2024-57903, CVE-2024-56657, CVE-2024-56642, CVE-2024-43098, CVE-2024-57838, CVE-2024-56714, CVE-2024-56716, CVE-2024-56566, CVE-2024-56781, CVE-2025-21656, CVE-2024-56372, CVE-2024-56718, CVE-2024-57932, CVE-2024-57906, CVE-2024-56759, CVE-2024-48873, CVE-2024-49569, CVE-2024-56564, CVE-2024-56770, CVE-2025-21640, CVE-2024-57792, CVE-2024-56569, CVE-2025-21633, CVE-2025-21636, CVE-2024-47143, CVE-2024-56570, CVE-2024-57880)

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - MIPS architecture; - PowerPC architecture; - RISC-V architecture; - S390 architecture; - x86 architecture; - Block layer subsystem; - Compute Acceleration Framework; - ACPI drivers; - Drivers core; - Ublk userspace block driver; - Virtio block driver; - Bluetooth drivers; - Buffer Sharing and Synchronization framework; - DMA engine subsystem; - EFI core; - GPIO subsystem; - GPU drivers; - HID subsystem; - Microsoft Hyper-V drivers; - Hardware monitoring drivers; - I3C subsystem; - IIO ADC drivers; - IIO subsystem; - InfiniBand drivers; - IOMMU subsystem; - LED subsystem; - Multiple devices driver; - Media drivers; - Microchip PCI driver; - MTD block device drivers; - Network drivers; - Mellanox network drivers; - STMicroelectronics network drivers; - NVME drivers; - PCI subsystem; - PHY drivers; - Pin controllers subsystem; - x86 platform drivers; - i.MX PM domains; - Power supply drivers; - Voltage and Current Regulator drivers; - SCSI subsystem; - i.MX SoC drivers; - SPI subsystem; - UFS subsystem; - USB Gadget drivers; - TDX Guest driver; - AFS file system; - BTRFS file system; - Ceph distributed file system; - File systems infrastructure; - F2FS file system; - JFFS2 file system; - JFS file system; - Network file systems library; - Network file system (NFS) server daemon; - NILFS2 file system; - File system notification infrastructure; - Overlay file system; - Diskquota system; - SMB network file system; - DRM display driver; - BPF subsystem; - VLANs driver; - KASAN memory debugging framework; - Memory management; - StackDepot library; - Bluetooth subsystem; - LAPB network protocol; - Netfilter; - io_uring subsystem; - Control group (cgroup); - DMA mapping infrastructure; - KCSAN framework; - Scheduler infrastructure; - Seccomp subsystem; - Tracing infrastructure; - Workqueue subsystem; - KUnit library; - CAN network layer; - Networking core; - DCCP (Datagram Congestion Control Protocol); - HSR network protocol; - IEEE802154.4 network protocol; - IPv4 networking; - IPv6 networking; - MAC80211 subsystem; - Multipath TCP; - NET/ROM layer; - Packet sockets; - RDS protocol; - Network traffic control; - SCTP protocol; - SMC sockets; - TIPC protocol; - Wireless networking; - eXpress Data Path; - SELinux security module; - ALSA framework; - Intel ASoC drivers; - SOF drivers; (CVE-2024-57921, CVE-2024-56614, CVE-2024-56558, CVE-2024-56589, CVE-2024-56662, CVE-2024-56610, CVE-2024-56717, CVE-2024-57890, CVE-2024-55639, CVE-2024-56562, CVE-2025-21633, CVE-2024-56598, CVE-2024-47794, CVE-2024-41935, CVE-2024-57901, CVE-2024-56587, CVE-2024-56581, CVE-2024-56783, CVE-2024-57888, CVE-2024-57809, CVE-2024-57926, CVE-2025-21650, CVE-2024-56634, CVE-2025-21639, CVE-2025-21656, CVE-2024-56578, CVE-2025-21632, CVE-2024-56784, CVE-2025-21644, CVE-2024-56776, CVE-2024-56764, CVE-2024-56652, CVE-2024-56550, CVE-2024-56569, CVE-2024-57904, CVE-2024-49569, CVE-2024-56770, CVE-2024-56606, CVE-2024-57806, CVE-2024-56646, CVE-2024-57895, CVE-2024-57880, CVE-2024-56650, CVE-2024-56591, CVE-2024-56590, CVE-2024-56642, CVE-2024-56713, CVE-2025-21663, CVE-2024-57938, CVE-2024-56760, CVE-2024-56583, CVE-2025-21662, CVE-2024-56629, CVE-2024-47408, CVE-2024-57850, CVE-2024-56777, CVE-2024-56626, CVE-2024-56773, CVE-2024-56647, CVE-2025-21664, CVE-2024-56564, CVE-2024-56597, CVE-2024-56623, CVE-2024-57897, CVE-2024-56670, CVE-2024-56567, CVE-2024-57931, CVE-2024-56761, CVE-2024-57935, CVE-2024-53690, CVE-2025-21640, CVE-2024-56608, CVE-2024-57878, CVE-2025-21648, CVE-2024-57898, CVE-2024-57889, CVE-2024-56644, CVE-2024-56763, CVE-2024-57900, CVE-2024-56575, CVE-2024-56786, CVE-2025-21635, CVE-2024-56559, CVE-2024-56659, CVE-2024-56621, CVE-2024-57908, CVE-2024-52319, CVE-2024-43098, CVE-2024-57838, CVE-2024-56782, CVE-2025-21631, CVE-2024-36476, CVE-2025-21649, CVE-2024-56667, CVE-2024-49571, CVE-2024-55916, CVE-2024-57887, CVE-2024-56640, CVE-2024-57801, CVE-2024-57886, CVE-2024-56582, CVE-2024-56561, CVE-2024-56665, CVE-2024-57805, CVE-2024-51729, CVE-2024-57857, CVE-2024-57876, CVE-2024-57896, CVE-2024-57799, CVE-2024-57925, CVE-2024-57917, CVE-2024-56664, CVE-2024-57913, CVE-2025-21660, CVE-2024-56596, CVE-2024-56671, CVE-2024-56595, CVE-2024-56781, CVE-2024-57912, CVE-2024-56638, CVE-2024-56636, CVE-2024-56669, CVE-2024-57945, CVE-2024-56633, CVE-2024-56605, CVE-2024-57882, CVE-2025-21652, CVE-2024-53179, CVE-2024-56599, CVE-2024-57892, CVE-2025-21647, CVE-2024-57910, CVE-2024-57792, CVE-2024-56768, CVE-2024-56711, CVE-2024-47143, CVE-2024-56577, CVE-2024-56574, CVE-2024-56765, CVE-2024-58087, CVE-2024-53685, CVE-2024-56787, CVE-2024-56592, CVE-2024-56368, CVE-2024-56615, CVE-2024-56712, CVE-2024-56648, CVE-2024-57874, CVE-2024-56653, CVE-2024-56656, CVE-2024-56641, CVE-2024-56719, CVE-2025-21658, CVE-2024-56637, CVE-2024-56709, CVE-2024-57843, CVE-2024-56588, CVE-2024-57807, CVE-2024-57939, CVE-2024-56594, CVE-2024-55642, CVE-2024-57841, CVE-2024-50051, CVE-2024-56663, CVE-2024-56654, CVE-2024-56369, CVE-2024-57885, CVE-2024-56779, CVE-2024-56772, CVE-2024-56617, CVE-2024-56624, CVE-2024-56570, CVE-2024-56639, CVE-2025-21642, CVE-2024-56603, CVE-2024-56604, CVE-2024-57875, CVE-2025-21653, CVE-2025-21654, CVE-2024-56645, CVE-2024-56775, CVE-2024-52332, CVE-2024-48875, CVE-2024-41932, CVE-2024-57804, CVE-2025-21661, CVE-2024-57932, CVE-2024-53681, CVE-2024-56563, CVE-2024-56609, CVE-2024-57798, CVE-2025-21637, CVE-2024-57940, CVE-2024-56675, CVE-2024-56630, CVE-2024-56565, CVE-2024-54460, CVE-2024-56573, CVE-2025-21645, CVE-2024-56715, CVE-2024-56632, CVE-2024-56622, CVE-2024-56673, CVE-2024-48881, CVE-2024-56593, CVE-2024-56620, CVE-2024-48876, CVE-2025-21643, CVE-2024-56657, CVE-2024-57905, CVE-2024-57802, CVE-2024-56766, CVE-2024-57893, CVE-2024-57894, CVE-2024-57903, CVE-2024-57902, CVE-2024-57934, CVE-2024-57881, CVE-2024-56602, CVE-2024-47809, CVE-2024-56580, CVE-2024-57899, CVE-2024-56759, CVE-2024-56586, CVE-2024-57839, CVE-2024-49568, CVE-2024-56660, CVE-2024-53687, CVE-2024-57907, CVE-2024-56601, CVE-2024-56767, CVE-2024-57916, CVE-2024-56616, CVE-2024-56557, CVE-2024-56566, CVE-2024-56643, CVE-2025-21638, CVE-2024-57879, CVE-2025-21655, CVE-2024-56618, CVE-2024-56758, CVE-2024-56576, CVE-2024-57849, CVE-2024-56372, CVE-2024-45828, CVE-2024-57795, CVE-2024-56710, CVE-2024-56568, CVE-2024-56769, CVE-2025-21834, CVE-2024-56716, CVE-2024-56613, CVE-2024-56584, CVE-2024-56552, CVE-2025-21659, CVE-2024-57929, CVE-2024-57946, CVE-2025-21646, CVE-2024-56572, CVE-2024-55881, CVE-2025-21651, CVE-2024-57924, CVE-2025-21634, CVE-2024-53682, CVE-2024-57872, CVE-2024-53680, CVE-2024-54680, CVE-2024-57918, CVE-2024-56780, CVE-2025-21636, CVE-2024-57906, CVE-2024-55641, CVE-2024-54455, CVE-2024-57919, CVE-2024-54683, CVE-2024-54193, CVE-2024-56635, CVE-2024-57933, CVE-2024-56611, CVE-2024-56551, CVE-2024-57883, CVE-2024-57793, CVE-2024-56631, CVE-2024-56600, CVE-2024-56651, CVE-2024-56714, CVE-2024-39282, CVE-2024-56627, CVE-2024-56649, CVE-2024-56579, CVE-2024-57791, CVE-2024-56774, CVE-2024-57944, CVE-2024-57911, CVE-2024-48873, CVE-2024-57884, CVE-2025-21629, CVE-2024-56778, CVE-2024-56619, CVE-2024-54191, CVE-2024-56771, CVE-2024-47141, CVE-2024-56757, CVE-2024-56718, CVE-2024-56655, CVE-2024-56607, CVE-2024-56785, CVE-2024-56625)

It was discovered that SnakeYAML incorrectly handled recursive entity references. An attacker could possibly use this issue to cause SnakeYAML to crash, resulting in a denial of service.

It was discovered that Ghostscript incorrectly serialized DollarBlend in certain fonts. An attacker could use this issue to cause Ghostscript to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2025-27830) It was discovered that Ghostscript incorrectly handled the DOCXWRITE TXTWRITE device. An attacker could use this issue to cause Ghostscript to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 24.10. (CVE-2025-27831) It was discovered that Ghostscript incorrectly handled the NPDL device. An attacker could use this issue to cause Ghostscript to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2025-27832) It was discovered that Ghostscript incorrectly handled certain long TTF file names. An attacker could use this issue to cause Ghostscript to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 24.04 LTS and Ubuntu 24.10. (CVE-2025-27833) It was discovered that Ghostscript incorrectly handled oversized Type 4 functions in certain PDF documents. An attacker could use this issue to cause Ghostscript to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 24.10. (CVE-2025-27834) It was discovered that Ghostscript incorrectly handled converting certain glyphs to Unicode. An attacker could use this issue to cause Ghostscript to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2025-27835) It was discovered that Ghostscript incorrectly handled the BJ10V device. An attacker could use this issue to cause Ghostscript to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2025-27836)

A security issue was discovered in MariaDB and this update includes a new upstream MariaDB version to fix the issue. In addition to security fixes, the updated packages contain bug and regression fixes, new features, and possibly incompatible changes.

Version:next-20250327 (linux-next) Released:2025-03-27

It was discovered that Org Mode did not correctly handle filenames containing shell metacharacters. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. (CVE-2023-28617) It was discovered that Org Mode could run untrusted code left in its buffer. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2024-30202) It was discovered that Org Mode did not correctly handle the contents of remote files. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2024-30205) It was discovered that Org Mode could be made to run arbitrary Elisp code. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2024-39331)

Benjamin Koltermann discovered that containerd incorrectly handled large user id values. This could result in containers possibly being run as root, contrary to expectations.

FEDORA-EPEL-2025-9b4f4b88ff Packages in this update:

• exim-4.98.2-1.el8

Update description:

This is update fixing CVE 2025-30232.

FEDORA-EPEL-2025-ff88bfea14 Packages in this update:

• exim-4.98.2-1.el9

Update description:

This is an update fixing CVE 2025-30232.

FEDORA-2025-3a56fe6159 Packages in this update:

• exim-4.98.2-1.fc40

Update description:

This is an update fixing CVE 2025-30232.

FEDORA-2025-ab7148736c Packages in this update:

• exim-4.98.2-1.fc41

Update description:

This is an update fixing CVE 2025-30232.

FEDORA-2025-d7548ec9e2 Packages in this update:

• exim-4.98.2-1.fc42

Update description:

This is an update fixing CVE 2025-30232.

This is new version fixing possible remote SQL injection and FTBFS with gcc-15.

It was discovered that Exim incorrectly handled certain memory operations. A remote attacker could use this issue to cause Exim to crash, resulting in a denial of service, or possibly execute arbitrary code.

FEDORA-2025-0bafd025de Packages in this update:

• corosync-3.1.9-2.fc40

Update description:

Security fix for CVE-2025-30472

FEDORA-2025-4453f596a8 Packages in this update:

• varnish-7.5.0-3.fc41

Update description:

Security: This update includes fix for VSV00015 aka CVE-2025-30346. Upstream considers this a low risk problem. For details, refer to https://varnish-cache.org/security/VSV00015.html

FEDORA-2025-c55f39aeb3 Packages in this update:

• corosync-3.1.9-2.fc41

Update description:

Security fix for CVE-2025-30472

FEDORA-2025-a350309ddb Packages in this update:

• corosync-3.1.9-3.fc42

Update description:

Security fix for CVE-2025-30472

In the Linux kernel, the following vulnerability has been resolved: tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc Any unprivileged user can attach N_GSM0710 ldisc, but it requires CAP_NET_ADMIN to create a GSM network anyway. Require initial namespace CAP_NET_ADMIN to do that.)(CVE-2023-52880) In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix overwriting ct original tuple for ICMPv6 OVS_PACKET_CMD_EXECUTE has 3 main attributes: - OVS_PACKET_ATTR_KEY - Packet metadata in a netlink format. - OVS_PACKET_ATTR_PACKET - Binary packet content. - OVS_PACKET_ATTR_ACTIONS - Actions to execute on the packet. OVS_PACKET_ATTR_KEY is parsed first to populate sw_flow_key structure with the metadata like conntrack state, input port, recirculation id, etc. Then the packet itself gets parsed to populate the rest of the keys from the packet headers. Whenever the packet parsing code starts parsing the ICMPv6 header, it first zeroes out fields in the key corresponding to Neighbor Discovery information even if it is not an ND packet. It is an 'ipv6.nd' field. However, the 'ipv6' is a union that shares the space between 'nd' and 'ct_orig' that holds the original tuple conntrack metadata parsed from the OVS_PACKET_ATTR_KEY. ND packets should not normally have conntrack state, so it's fine to share the space, but normal ICMPv6 Echo packets or maybe other types of ICMPv6 can have the state attached and it should not be overwritten. The issue results in all but the last 4 bytes of the destination address being wiped from the original conntrack tuple leading to incorrect packet matching and potentially executing wrong actions in case this packet recirculates within the datapath or goes back to userspace. ND fields should not be accessed in non-ND packets, so not clearing them should be fine. Executing memset() only for actual ND packets to avoid the issue. Initializing the whole thing before parsing is needed because ND packet may not contain all the options. The issue only affects the OVS_PACKET_CMD_EXECUTE path and doesn't affect packets entering OVS datapath from network interfaces, because in this case CT metadata is populated from skb after the packet is already parsed.)(CVE-2024-38558) In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format This can lead to out of bounds writes since frames of this type were not taken into account when calculating the size of the frames buffer in uvc_parse_streaming.)(CVE-2024-53104) In the Linux kernel, the following vulnerability has been resolved: netlink: terminate outstanding dump on socket close Netlink supports iterative dumping of data. It provides the families the following ops: - start - (optional) kicks off the dumping process - dump - actual dump helper, keeps getting called until it returns 0 - done - (optional) pairs with .start, can be used for cleanup The whole process is asynchronous and the repeated calls to .dump don't actually happen in a tight loop, but rather are triggered in response to recvmsg() on the socket. This gives the user full control over the dump, but also means that the user can close the socket without getting to the end of the dump. To make sure .start is always paired with .done we check if there is an ongoing dump before freeing the socket, and if so call .done. The complication is that sockets can get freed from BH and .done is allowed to sleep. So we use a workqueue to defer the call, when needed. Unfortunately this does not work correctly. What we defer is not the cleanup but rather releasing a reference on the socket. We have no guarantee that we own the last reference, if someone else holds the socket they may release it in BH and we're back to square one. The whole dance, however, appears to be unnecessary. Only the user can interact with dumps, so we can clean up when socket is closed. And close always happens in process context. Some async code may still access the socket after close, queue notification skbs to it etc. but no dumps can start, end or otherwise make progress. Delete the workqueue and flush the dump state directly from the release handler. Note that further cleanup is possible in -next, for instance we now always call .done before releasing the main module reference, so dump doesn't have to take a reference of its own.)(CVE-2024-53140) In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: Fix UAF in blkcg_unpin_online() blkcg_unpin_online() walks up the blkcg hierarchy putting the online pin. To walk up, it uses blkcg_parent(blkcg) but it was calling that after blkcg_destroy_blkgs(blkcg) which could free the blkcg, leading to the following UAF: ================================================================== BUG: KASAN: slab-use-after-free in blkcg_unpin_online+0x15a/0x270 Read of size 8 at addr ffff8881057678c0 by task kworker/9:1/117 CPU: 9 UID: 0 PID: 117 Comm: kworker/9:1 Not tainted 6.13.0-rc1-work-00182-gb8f52214c61a-dirty #48 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS unknown 02/02/2022 Workqueue: cgwb_release cgwb_release_workfn Call Trace: dump_stack_lvl+0x27/0x80 print_report+0x151/0x710 kasan_report+0xc0/0x100 blkcg_unpin_online+0x15a/0x270 cgwb_release_workfn+0x194/0x480 process_scheduled_works+0x71b/0xe20 worker_thread+0x82a/0xbd0 kthread+0x242/0x2c0 ret_from_fork+0x33/0x70 ret_from_fork_asm+0x1a/0x30 ... Freed by task 1944: kasan_save_track+0x2b/0x70 kasan_save_free_info+0x3c/0x50 __kasan_slab_free+0x33/0x50 kfree+0x10c/0x330 css_free_rwork_fn+0xe6/0xb30 process_scheduled_works+0x71b/0xe20 worker_thread+0x82a/0xbd0 kthread+0x242/0x2c0 ret_from_fork+0x33/0x70 ret_from_fork_asm+0x1a/0x30 Note that the UAF is not easy to trigger as the free path is indirected behind a couple RCU grace periods and a work item execution. I could only trigger it with artifical msleep() injected in blkcg_unpin_online(). Fix it by reading the parent pointer before destroying the blkcg's blkg's.)(CVE-2024-56672) Attila Szász discovered that the HFS+ file system implementation in the Linux Kernel contained a heap overflow vulnerability. An attacker could use a specially crafted file system image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code.)(CVE-2025-0927)