Количество 45
Количество 45
RLSA-2025:13589
Moderate: kernel security update
ELSA-2025-13589
ELSA-2025-13589: kernel security update (MODERATE)
GHSA-5w6m-x8hm-6jcv
In the Linux kernel, the following vulnerability has been resolved: vmxnet3: Fix malformed packet sizing in vmxnet3_process_xdp vmxnet3 driver's XDP handling is buggy for packet sizes using ring0 (that is, packet sizes between 128 - 3k bytes). We noticed MTU-related connectivity issues with Cilium's service load- balancing in case of vmxnet3 as NIC underneath. A simple curl to a HTTP backend service where the XDP LB was doing IPIP encap led to overly large packet sizes but only for *some* of the packets (e.g. HTTP GET request) while others (e.g. the prior TCP 3WHS) looked completely fine on the wire. In fact, the pcap recording on the backend node actually revealed that the node with the XDP LB was leaking uninitialized kernel data onto the wire for the affected packets, for example, while the packets should have been 152 bytes their actual size was 1482 bytes, so the remainder after 152 bytes was padded with whatever other data was in that page at the time (e.g. we saw user/pay...
BDU:2026-02461
Уязвимость функции vmxnet3_process_xdp() в модуле drivers/net/vmxnet3/vmxnet3_xdp.c драйвера поддержки сетевых устройств ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
RLSA-2025:10837
Moderate: kernel security update
GHSA-vp9x-33x6-jvvm
In the Linux kernel, the following vulnerability has been resolved: x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes Currently, load_microcode_amd() iterates over all NUMA nodes, retrieves their CPU masks and unconditionally accesses per-CPU data for the first CPU of each mask. According to Documentation/admin-guide/mm/numaperf.rst: "Some memory may share the same node as a CPU, and others are provided as memory only nodes." Therefore, some node CPU masks may be empty and wouldn't have a "first CPU". On a machine with far memory (and therefore CPU-less NUMA nodes): - cpumask_of_node(nid) is 0 - cpumask_first(0) is CONFIG_NR_CPUS - cpu_data(CONFIG_NR_CPUS) accesses the cpu_info per-CPU array at an index that is 1 out of bounds This does not have any security implications since flashing microcode is a privileged operation but I believe this has reliability implications by potentially corrupting memory while flashing a microcode update. When bootin...
ELSA-2025-10837
ELSA-2025-10837: kernel security update (MODERATE)
BDU:2025-05649
Уязвимость функции load_microcode_amd() ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
SUSE-SU-2025:01951-1
Security update for the Linux Kernel
SUSE-SU-2025:01967-1
Security update for the Linux Kernel
SUSE-SU-2025:01919-1
Security update for the Linux Kernel
ROS-20260120-7362
Уязвимость kernel-lt
RLSA-2025:11298
Moderate: kernel security update
ELSA-2025-11298
ELSA-2025-11298: kernel security update (MODERATE)
ELSA-2025-20530
ELSA-2025-20530: Unbreakable Enterprise kernel security update (IMPORTANT)
ELSA-2025-20480
ELSA-2025-20480: Unbreakable Enterprise kernel security update (IMPORTANT)
SUSE-SU-2025:01707-1
Security update for the Linux Kernel
SUSE-SU-2025:01614-1
Security update for the Linux Kernel
SUSE-SU-2025:01964-1
Security update for the Linux Kernel
ELSA-2025-20372
ELSA-2025-20372: Unbreakable Enterprise kernel security update (IMPORTANT)
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | RLSA-2025:13589 Moderate: kernel security update | 10 месяцев назад | ||
| ELSA-2025-13589 ELSA-2025-13589: kernel security update (MODERATE) | 11 месяцев назад | ||
| GHSA-5w6m-x8hm-6jcv In the Linux kernel, the following vulnerability has been resolved: vmxnet3: Fix malformed packet sizing in vmxnet3_process_xdp vmxnet3 driver's XDP handling is buggy for packet sizes using ring0 (that is, packet sizes between 128 - 3k bytes). We noticed MTU-related connectivity issues with Cilium's service load- balancing in case of vmxnet3 as NIC underneath. A simple curl to a HTTP backend service where the XDP LB was doing IPIP encap led to overly large packet sizes but only for *some* of the packets (e.g. HTTP GET request) while others (e.g. the prior TCP 3WHS) looked completely fine on the wire. In fact, the pcap recording on the backend node actually revealed that the node with the XDP LB was leaking uninitialized kernel data onto the wire for the affected packets, for example, while the packets should have been 152 bytes their actual size was 1482 bytes, so the remainder after 152 bytes was padded with whatever other data was in that page at the time (e.g. we saw user/pay... | CVSS3: 5.5 | 0% Низкий | около 1 года назад |
 | BDU:2026-02461 Уязвимость функции vmxnet3_process_xdp() в модуле drivers/net/vmxnet3/vmxnet3_xdp.c драйвера поддержки сетевых устройств ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании | CVSS3: 5.5 | 0% Низкий | около 1 года назад |
| RLSA-2025:10837 Moderate: kernel security update | 0% Низкий | 9 месяцев назад | |
| GHSA-vp9x-33x6-jvvm In the Linux kernel, the following vulnerability has been resolved: x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes Currently, load_microcode_amd() iterates over all NUMA nodes, retrieves their CPU masks and unconditionally accesses per-CPU data for the first CPU of each mask. According to Documentation/admin-guide/mm/numaperf.rst: "Some memory may share the same node as a CPU, and others are provided as memory only nodes." Therefore, some node CPU masks may be empty and wouldn't have a "first CPU". On a machine with far memory (and therefore CPU-less NUMA nodes): - cpumask_of_node(nid) is 0 - cpumask_first(0) is CONFIG_NR_CPUS - cpu_data(CONFIG_NR_CPUS) accesses the cpu_info per-CPU array at an index that is 1 out of bounds This does not have any security implications since flashing microcode is a privileged operation but I believe this has reliability implications by potentially corrupting memory while flashing a microcode update. When bootin... | CVSS3: 7.8 | 0% Низкий | около 1 года назад |
| ELSA-2025-10837 ELSA-2025-10837: kernel security update (MODERATE) | 11 месяцев назад | ||
| BDU:2025-05649 Уязвимость функции load_microcode_amd() ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании | CVSS3: 7.8 | 0% Низкий | больше 1 года назад |
 | SUSE-SU-2025:01951-1 Security update for the Linux Kernel | около 1 года назад | ||
| SUSE-SU-2025:01967-1 Security update for the Linux Kernel | около 1 года назад | ||
| SUSE-SU-2025:01919-1 Security update for the Linux Kernel | около 1 года назад | ||
 | ROS-20260120-7362 Уязвимость kernel-lt | CVSS3: 7.8 | 0% Низкий | 5 месяцев назад |
| RLSA-2025:11298 Moderate: kernel security update | 11 месяцев назад | ||
| ELSA-2025-11298 ELSA-2025-11298: kernel security update (MODERATE) | 11 месяцев назад | ||
| ELSA-2025-20530 ELSA-2025-20530: Unbreakable Enterprise kernel security update (IMPORTANT) | 10 месяцев назад | ||
| ELSA-2025-20480 ELSA-2025-20480: Unbreakable Enterprise kernel security update (IMPORTANT) | 11 месяцев назад | ||
| SUSE-SU-2025:01707-1 Security update for the Linux Kernel | около 1 года назад | ||
| SUSE-SU-2025:01614-1 Security update for the Linux Kernel | около 1 года назад | ||
| SUSE-SU-2025:01964-1 Security update for the Linux Kernel | около 1 года назад | ||
| ELSA-2025-20372 ELSA-2025-20372: Unbreakable Enterprise kernel security update (IMPORTANT) | около 1 года назад |
Уязвимостей на страницу