CVE-2025-38018: In the Linux kernel, the following vulnerability has been resolved: net/tls: fix kernel panic when alloc_page failed We cannot set frag_list to NULL pointer…

[LOW] linux-azure-6.8 vulnerabilities linux-azure-6.8 vulnerabilities Qualys discovered that several vulnerabilities existed in the AppArmor Linux kernel Security Module (LSM). An unprivileged local attacker could use these issues to load, replace, and remove arbitrary AppArmor profiles causing denial of service, exposure of sensitive information (kernel memory), local privilege escalation, or possibly escape a container. (LP: #2143853) It was discovered that improper initialization of CPU cache memory could allow a local attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity. (CVE-2024-36331) Oleksii Oleksenko, Cedric Fournet, Jana Hofmann, Boris Köpf, Stavros Volos, and Flavien Solt discovered that some AMD processors may allow an attacker to infer data from previous stores,

CVE-2024-36331 [LOW] linux-azure-fips vulnerabilities linux-azure-fips vulnerabilities It was discovered that improper initialization of CPU cache memory could allow a local attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity. (CVE-2024-36331) Oleksii Oleksenko, Cedric Fournet, Jana Hofmann, Boris Köpf, Stavros Volos, and Flavien Solt discovered that some AMD processors may allow an attacker to infer data from previous stores, potentially resulting in the leakage of privileged information. A local attacker could possibly use this to expose sensitive information. (CVE-2024-36350, CVE-2024-36357) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM32 architectur

CVE-2024-36331 [LOW] linux-azure vulnerabilities linux-azure vulnerabilities It was discovered that improper initialization of CPU cache memory could allow a local attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity. (CVE-2024-36331) Oleksii Oleksenko, Cedric Fournet, Jana Hofmann, Boris Köpf, Stavros Volos, and Flavien Solt discovered that some AMD processors may allow an attacker to infer data from previous stores, potentially resulting in the leakage of privileged information. A local attacker could possibly use this to expose sensitive information. (CVE-2024-36350, CVE-2024-36357) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM32 architecture; -

CVE-2024-36331 [LOW] linux-ibm, linux-ibm-6.8 vulnerabilities linux-ibm, linux-ibm-6.8 vulnerabilities It was discovered that improper initialization of CPU cache memory could allow a local attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity. (CVE-2024-36331) Oleksii Oleksenko, Cedric Fournet, Jana Hofmann, Boris Köpf, Stavros Volos, and Flavien Solt discovered that some AMD processors may allow an attacker to infer data from previous stores, potentially resulting in the leakage of privileged information. A local attacker could possibly use this to expose sensitive information. (CVE-2024-36350, CVE-2024-36357) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM32 arc

CVE-2024-36331 [LOW] linux-xilinx vulnerabilities linux-xilinx vulnerabilities It was discovered that improper initialization of CPU cache memory could allow a local attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity. (CVE-2024-36331) Oleksii Oleksenko, Cedric Fournet, Jana Hofmann, Boris Köpf, Stavros Volos, and Flavien Solt discovered that some AMD processors may allow an attacker to infer data from previous stores, potentially resulting in the leakage of privileged information. A local attacker could possibly use this to expose sensitive information. (CVE-2024-36350, CVE-2024-36357) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM32 architecture; -

CVE-2024-36331 [LOW] linux-hwe-6.8, linux-lowlatency-hwe-6.8 vulnerabilities linux-hwe-6.8, linux-lowlatency-hwe-6.8 vulnerabilities It was discovered that improper initialization of CPU cache memory could allow a local attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity. (CVE-2024-36331) Oleksii Oleksenko, Cedric Fournet, Jana Hofmann, Boris Köpf, Stavros Volos, and Flavien Solt discovered that some AMD processors may allow an attacker to infer data from previous stores, potentially resulting in the leakage of privileged information. A local attacker could possibly use this to expose sensitive information. (CVE-2024-36350, CVE-2024-36357) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsyste

CVE-2024-36331 [LOW] linux-gcp, linux-gke vulnerabilities linux-gcp, linux-gke vulnerabilities It was discovered that improper initialization of CPU cache memory could allow a local attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity. (CVE-2024-36331) Oleksii Oleksenko, Cedric Fournet, Jana Hofmann, Boris Köpf, Stavros Volos, and Flavien Solt discovered that some AMD processors may allow an attacker to infer data from previous stores, potentially resulting in the leakage of privileged information. A local attacker could possibly use this to expose sensitive information. (CVE-2024-36350, CVE-2024-36357) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM32 archite

CVE-2024-36331 [LOW] linux-nvidia-lowlatency vulnerabilities linux-nvidia-lowlatency vulnerabilities It was discovered that improper initialization of CPU cache memory could allow a local attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity. (CVE-2024-36331) Oleksii Oleksenko, Cedric Fournet, Jana Hofmann, Boris Köpf, Stavros Volos, and Flavien Solt discovered that some AMD processors may allow an attacker to infer data from previous stores, potentially resulting in the leakage of privileged information. A local attacker could possibly use this to expose sensitive information. (CVE-2024-36350, CVE-2024-36357) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM32 arch

CVE-2024-36331 [LOW] linux-lowlatency vulnerabilities linux-lowlatency vulnerabilities It was discovered that improper initialization of CPU cache memory could allow a local attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity. (CVE-2024-36331) Oleksii Oleksenko, Cedric Fournet, Jana Hofmann, Boris Köpf, Stavros Volos, and Flavien Solt discovered that some AMD processors may allow an attacker to infer data from previous stores, potentially resulting in the leakage of privileged information. A local attacker could possibly use this to expose sensitive information. (CVE-2024-36350, CVE-2024-36357) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM32 architectur

CVE-2024-36331 [LOW] linux-gcp-fips vulnerabilities linux-gcp-fips vulnerabilities It was discovered that improper initialization of CPU cache memory could allow a local attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity. (CVE-2024-36331) Oleksii Oleksenko, Cedric Fournet, Jana Hofmann, Boris Köpf, Stavros Volos, and Flavien Solt discovered that some AMD processors may allow an attacker to infer data from previous stores, potentially resulting in the leakage of privileged information. A local attacker could possibly use this to expose sensitive information. (CVE-2024-36350, CVE-2024-36357) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM32 architecture;

CVE-2024-36331 [LOW] linux-aws-fips, linux-fips vulnerabilities linux-aws-fips, linux-fips vulnerabilities It was discovered that improper initialization of CPU cache memory could allow a local attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity. (CVE-2024-36331) Oleksii Oleksenko, Cedric Fournet, Jana Hofmann, Boris Köpf, Stavros Volos, and Flavien Solt discovered that some AMD processors may allow an attacker to infer data from previous stores, potentially resulting in the leakage of privileged information. A local attacker could possibly use this to expose sensitive information. (CVE-2024-36350, CVE-2024-36357) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM32 a

CVE-2024-36331 [LOW] linux-realtime, linux-raspi-realtime vulnerabilities linux-realtime, linux-raspi-realtime vulnerabilities It was discovered that improper initialization of CPU cache memory could allow a local attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity. (CVE-2024-36331) Oleksii Oleksenko, Cedric Fournet, Jana Hofmann, Boris Köpf, Stavros Volos, and Flavien Solt discovered that some AMD processors may allow an attacker to infer data from previous stores, potentially resulting in the leakage of privileged information. A local attacker could possibly use this to expose sensitive information. (CVE-2024-36350, CVE-2024-36357) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems:

CVE-2024-36331 [LOW] linux-aws, linux-aws-6.8, linux-gkeop, linux-nvidia, linux-nvidia-6.8, linux-oracle, linux-oracle-6.8 vulnerabilities linux-aws, linux-aws-6.8, linux-gkeop, linux-nvidia, linux-nvidia-6.8, linux-oracle, linux-oracle-6.8 vulnerabilities It was discovered that improper initialization of CPU cache memory could allow a local attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity. (CVE-2024-36331) Oleksii Oleksenko, Cedric Fournet, Jana Hofmann, Boris Köpf, Stavros Volos, and Flavien Solt discovered that some AMD processors may allow an attacker to infer data from previous stores, potentially resulting in the leakage of privileged information. A local attacker could possibly use this to expose sensitive information. (CVE-2024-36350, CVE-2024-36357) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise th

CVE-2024-36331 [LOW] linux-gcp-6.8 vulnerabilities linux-gcp-6.8 vulnerabilities It was discovered that improper initialization of CPU cache memory could allow a local attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity. (CVE-2024-36331) Oleksii Oleksenko, Cedric Fournet, Jana Hofmann, Boris Köpf, Stavros Volos, and Flavien Solt discovered that some AMD processors may allow an attacker to infer data from previous stores, potentially resulting in the leakage of privileged information. A local attacker could possibly use this to expose sensitive information. (CVE-2024-36350, CVE-2024-36357) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM32 architecture;

CVE-2024-36331 [LOW] linux-realtime-6.8 vulnerabilities linux-realtime-6.8 vulnerabilities It was discovered that improper initialization of CPU cache memory could allow a local attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity. (CVE-2024-36331) Oleksii Oleksenko, Cedric Fournet, Jana Hofmann, Boris Köpf, Stavros Volos, and Flavien Solt discovered that some AMD processors may allow an attacker to infer data from previous stores, potentially resulting in the leakage of privileged information. A local attacker could possibly use this to expose sensitive information. (CVE-2024-36350, CVE-2024-36357) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM32 architect

CVE-2024-36331 [LOW] linux, linux-raspi vulnerabilities linux, linux-raspi vulnerabilities It was discovered that improper initialization of CPU cache memory could allow a local attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity. (CVE-2024-36331) Oleksii Oleksenko, Cedric Fournet, Jana Hofmann, Boris Köpf, Stavros Volos, and Flavien Solt discovered that some AMD processors may allow an attacker to infer data from previous stores, potentially resulting in the leakage of privileged information. A local attacker could possibly use this to expose sensitive information. (CVE-2024-36350, CVE-2024-36357) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM32 architect

[HIGH] linux-azure vulnerabilities linux-azure vulnerabilities Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PA-RISC architecture; - PowerPC architecture; - RISC-V architecture; - S390 architecture; - x86 architecture; - Compute Acceleration Framework; - Ublk userspace block driver; - Bluetooth drivers; - Buffer Sharing and Synchronization framework; - DMA engine subsystem; - ARM SCMI message protocol; - GPU drivers; - HID subsystem; - IIO ADC drivers; - IIO subsystem; - InfiniBand drivers; - Input Device core drivers; - IOMMU subsystem; - IRQ chip drivers; - Multiple devices driver; - Network drivers; - Mellanox network drivers; - PCI subsystem; - PHY drivers; - PTP

[HIGH] linux-hwe-6.14, linux-oem-6.14 vulnerabilities linux-hwe-6.14, linux-oem-6.14 vulnerabilities Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - RISC-V architecture; - x86 architecture; - Buffer Sharing and Synchronization framework; - DMA engine subsystem; - GPU drivers; - HID subsystem; - IIO ADC drivers; - IIO subsystem; - InfiniBand drivers; - Input Device core drivers; - Network drivers; - Mellanox network drivers; - PHY drivers; - Voltage and Current Regulator drivers; - VideoCore services drivers; - USB Type-C Connector System Software Interface driver; - Xen hypervisor drivers; - EROFS file system; - Network file system (NFS) client; - File systems infrastructure; - SMB networ

[HIGH] linux, linux-aws, linux-aws-6.14, linux-gcp, linux-gcp-6.14, linux-oracle, linux-oracle-6.14, linux-raspi, linux-realtime vulnerabilities linux, linux-aws, linux-aws-6.14, linux-gcp, linux-gcp-6.14, linux-oracle, linux-oracle-6.14, linux-raspi, linux-realtime vulnerabilities Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - RISC-V architecture; - x86 architecture; - Buffer Sharing and Synchronization framework; - DMA engine subsystem; - GPU drivers; - HID subsystem; - IIO ADC drivers; - IIO subsystem; - InfiniBand drivers; - Input Device core drivers; - Network drivers; - Mellanox network drivers; - PHY drivers; - Voltage and Current Regulator drivers; - VideoCore services drivers; - USB Type-C Connector System Software Interface driver; - Xen hypervisor drivers; - EROFS f

CVE-2025-38018 [MEDIUM] CWE-476 GHSA-7vm4-fp9q-w3p6: In the Linux kernel, the following vulnerability has been resolved: net/tls: fix kernel panic when alloc_page failed We cannot set frag_list to NULL In the Linux kernel, the following vulnerability has been resolved: net/tls: fix kernel panic when alloc_page failed We cannot set frag_list to NULL pointer when alloc_page failed. It will be used in tls_strp_check_queue_ok when the next time tls_strp_read_sock is called. This is because we don't reset full_len in tls_strp_flush_anchor_copy() so the recv path will try to continue handling the partial record on the next call but we dettached the rcvq from the frag list. Alternative fix would be to reset full_len. Unable to handle kernel NULL pointer dereference at virtual address 0000000000000028 Call trace: tls_strp_check_rcv+0x128/0x27c tls_strp_data_ready+0x34/0x44 tls_data_ready+0x3c/0x1f0 tcp_data_ready+0x9c/0xe4 tcp_data_queue+0xf6c/0x12d0 tcp_rcv_established+0x52c/0x798

CVE-2025-38018 [MEDIUM] CVE-2025-38018: In the Linux kernel, the following vulnerability has been resolved: net/tls: fix kernel panic when alloc_page failed We cannot set frag_list to NULL p In the Linux kernel, the following vulnerability has been resolved: net/tls: fix kernel panic when alloc_page failed We cannot set frag_list to NULL pointer when alloc_page failed. It will be used in tls_strp_check_queue_ok when the next time tls_strp_read_sock is called. This is because we don't reset full_len in tls_strp_flush_anchor_copy() so the recv path will try to continue handling the partial record on the next call but we dettached the rcvq from the frag list. Alternative fix would be to reset full_len. Unable to handle kernel NULL pointer dereference at virtual address 0000000000000028 Call trace: tls_strp_check_rcv+0x128/0x27c tls_strp_data_ready+0x34/0x44 tls_data_ready+0x3c/0x1f0 tcp_data_ready+0x9c/0xe4 tcp_data_queue+0xf6c/0x12d0 tcp_rcv_established+0x52c/0x798

CVE-2025-40068 [LOW] Linux kernel (Azure) vulnerabilities Title: Linux kernel (Azure) vulnerabilities Summary: Several security issues were fixed in the Linux kernel. Qualys discovered that several vulnerabilities existed in the AppArmor Linux kernel Security Module (LSM). An unprivileged local attacker could use these issues to load, replace, and remove arbitrary AppArmor profiles causing denial of service, exposure of sensitive information (kernel memory), local privilege escalation, or possibly escape a container. (LP: #2143853) It was discovered that improper initialization of CPU cache memory could allow a local attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity. (CVE-2024-36331) Oleksii Oleksenko, Cedric Fournet, Jana Hofmann, Boris Köpf, Stavros Volos, and Flavien Solt discovered that

CVE-2025-37956 [LOW] Linux kernel (Azure) vulnerabilities Title: Linux kernel (Azure) vulnerabilities Summary: Several security issues were fixed in the Linux kernel. It was discovered that improper initialization of CPU cache memory could allow a local attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity. (CVE-2024-36331) Oleksii Oleksenko, Cedric Fournet, Jana Hofmann, Boris Köpf, Stavros Volos, and Flavien Solt discovered that some AMD processors may allow an attacker to infer data from previous stores, potentially resulting in the leakage of privileged information. A local attacker could possibly use this to expose sensitive information. (CVE-2024-36350, CVE-2024-36357) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system

CVE-2025-38476 [LOW] Linux kernel (Azure FIPS) vulnerabilities Title: Linux kernel (Azure FIPS) vulnerabilities Summary: Several security issues were fixed in the Linux kernel. It was discovered that improper initialization of CPU cache memory could allow a local attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity. (CVE-2024-36331) Oleksii Oleksenko, Cedric Fournet, Jana Hofmann, Boris Köpf, Stavros Volos, and Flavien Solt discovered that some AMD processors may allow an attacker to infer data from previous stores, potentially resulting in the leakage of privileged information. A local attacker could possibly use this to expose sensitive information. (CVE-2024-36350, CVE-2024-36357) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the s

CVE-2025-38652 [LOW] Linux kernel (Xilinx) vulnerabilities Title: Linux kernel (Xilinx) vulnerabilities Summary: Several security issues were fixed in the Linux kernel. It was discovered that improper initialization of CPU cache memory could allow a local attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity. (CVE-2024-36331) Oleksii Oleksenko, Cedric Fournet, Jana Hofmann, Boris Köpf, Stavros Volos, and Flavien Solt discovered that some AMD processors may allow an attacker to infer data from previous stores, potentially resulting in the leakage of privileged information. A local attacker could possibly use this to expose sensitive information. (CVE-2024-36350, CVE-2024-36357) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the syste

CVE-2025-38014 [LOW] Linux kernel (IBM) vulnerabilities Title: Linux kernel (IBM) vulnerabilities Summary: Several security issues were fixed in the Linux kernel. It was discovered that improper initialization of CPU cache memory could allow a local attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity. (CVE-2024-36331) Oleksii Oleksenko, Cedric Fournet, Jana Hofmann, Boris Köpf, Stavros Volos, and Flavien Solt discovered that some AMD processors may allow an attacker to infer data from previous stores, potentially resulting in the leakage of privileged information. A local attacker could possibly use this to expose sensitive information. (CVE-2024-36350, CVE-2024-36357) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

CVE-2025-38702 [LOW] Linux kernel (Low Latency) vulnerabilities Title: Linux kernel (Low Latency) vulnerabilities Summary: Several security issues were fixed in the Linux kernel. It was discovered that improper initialization of CPU cache memory could allow a local attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity. (CVE-2024-36331) Oleksii Oleksenko, Cedric Fournet, Jana Hofmann, Boris Köpf, Stavros Volos, and Flavien Solt discovered that some AMD processors may allow an attacker to infer data from previous stores, potentially resulting in the leakage of privileged information. A local attacker could possibly use this to expose sensitive information. (CVE-2024-36350, CVE-2024-36357) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the

CVE-2025-38702 [LOW] Linux kernel (Low Latency NVIDIA) vulnerabilities Title: Linux kernel (Low Latency NVIDIA) vulnerabilities Summary: Several security issues were fixed in the Linux kernel. It was discovered that improper initialization of CPU cache memory could allow a local attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity. (CVE-2024-36331) Oleksii Oleksenko, Cedric Fournet, Jana Hofmann, Boris Köpf, Stavros Volos, and Flavien Solt discovered that some AMD processors may allow an attacker to infer data from previous stores, potentially resulting in the leakage of privileged information. A local attacker could possibly use this to expose sensitive information. (CVE-2024-36350, CVE-2024-36357) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromi

CVE-2025-38702 [LOW] Linux kernel (HWE) vulnerabilities Title: Linux kernel (HWE) vulnerabilities Summary: Several security issues were fixed in the Linux kernel. It was discovered that improper initialization of CPU cache memory could allow a local attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity. (CVE-2024-36331) Oleksii Oleksenko, Cedric Fournet, Jana Hofmann, Boris Köpf, Stavros Volos, and Flavien Solt discovered that some AMD processors may allow an attacker to infer data from previous stores, potentially resulting in the leakage of privileged information. A local attacker could possibly use this to expose sensitive information. (CVE-2024-36350, CVE-2024-36357) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

CVE-2025-38014 [LOW] Linux kernel vulnerabilities Title: Linux kernel vulnerabilities Summary: Several security issues were fixed in the Linux kernel. It was discovered that improper initialization of CPU cache memory could allow a local attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity. (CVE-2024-36331) Oleksii Oleksenko, Cedric Fournet, Jana Hofmann, Boris Köpf, Stavros Volos, and Flavien Solt discovered that some AMD processors may allow an attacker to infer data from previous stores, potentially resulting in the leakage of privileged information. A local attacker could possibly use this to expose sensitive information. (CVE-2024-36350, CVE-2024-36357) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This u

CVE-2025-38014 [LOW] Linux kernel (GCP FIPS) vulnerabilities Title: Linux kernel (GCP FIPS) vulnerabilities Summary: Several security issues were fixed in the Linux kernel. It was discovered that improper initialization of CPU cache memory could allow a local attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity. (CVE-2024-36331) Oleksii Oleksenko, Cedric Fournet, Jana Hofmann, Boris Köpf, Stavros Volos, and Flavien Solt discovered that some AMD processors may allow an attacker to infer data from previous stores, potentially resulting in the leakage of privileged information. A local attacker could possibly use this to expose sensitive information. (CVE-2024-36350, CVE-2024-36357) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the sys

CVE-2025-38702 [LOW] Linux kernel vulnerabilities Title: Linux kernel vulnerabilities Summary: Several security issues were fixed in the Linux kernel. It was discovered that improper initialization of CPU cache memory could allow a local attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity. (CVE-2024-36331) Oleksii Oleksenko, Cedric Fournet, Jana Hofmann, Boris Köpf, Stavros Volos, and Flavien Solt discovered that some AMD processors may allow an attacker to infer data from previous stores, potentially resulting in the leakage of privileged information. A local attacker could possibly use this to expose sensitive information. (CVE-2024-36350, CVE-2024-36357) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This u

CVE-2025-38702 [LOW] Linux kernel (FIPS) vulnerabilities Title: Linux kernel (FIPS) vulnerabilities Summary: Several security issues were fixed in the Linux kernel. It was discovered that improper initialization of CPU cache memory could allow a local attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity. (CVE-2024-36331) Oleksii Oleksenko, Cedric Fournet, Jana Hofmann, Boris Köpf, Stavros Volos, and Flavien Solt discovered that some AMD processors may allow an attacker to infer data from previous stores, potentially resulting in the leakage of privileged information. A local attacker could possibly use this to expose sensitive information. (CVE-2024-36350, CVE-2024-36357) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

CVE-2025-38014 [LOW] Linux kernel (Real-time) vulnerabilities Title: Linux kernel (Real-time) vulnerabilities Summary: Several security issues were fixed in the Linux kernel. It was discovered that improper initialization of CPU cache memory could allow a local attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity. (CVE-2024-36331) Oleksii Oleksenko, Cedric Fournet, Jana Hofmann, Boris Köpf, Stavros Volos, and Flavien Solt discovered that some AMD processors may allow an attacker to infer data from previous stores, potentially resulting in the leakage of privileged information. A local attacker could possibly use this to expose sensitive information. (CVE-2024-36350, CVE-2024-36357) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the sy

CVE-2025-38702 [LOW] Linux kernel (GCP) vulnerabilities Title: Linux kernel (GCP) vulnerabilities Summary: Several security issues were fixed in the Linux kernel. It was discovered that improper initialization of CPU cache memory could allow a local attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity. (CVE-2024-36331) Oleksii Oleksenko, Cedric Fournet, Jana Hofmann, Boris Köpf, Stavros Volos, and Flavien Solt discovered that some AMD processors may allow an attacker to infer data from previous stores, potentially resulting in the leakage of privileged information. A local attacker could possibly use this to expose sensitive information. (CVE-2024-36350, CVE-2024-36357) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

CVE-2025-38014 [LOW] Linux kernel (Real-time) vulnerabilities Title: Linux kernel (Real-time) vulnerabilities Summary: Several security issues were fixed in the Linux kernel. It was discovered that improper initialization of CPU cache memory could allow a local attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity. (CVE-2024-36331) Oleksii Oleksenko, Cedric Fournet, Jana Hofmann, Boris Köpf, Stavros Volos, and Flavien Solt discovered that some AMD processors may allow an attacker to infer data from previous stores, potentially resulting in the leakage of privileged information. A local attacker could possibly use this to expose sensitive information. (CVE-2024-36350, CVE-2024-36357) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the sy

CVE-2025-38702 [LOW] Linux kernel vulnerabilities Title: Linux kernel vulnerabilities Summary: Several security issues were fixed in the Linux kernel. It was discovered that improper initialization of CPU cache memory could allow a local attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity. (CVE-2024-36331) Oleksii Oleksenko, Cedric Fournet, Jana Hofmann, Boris Köpf, Stavros Volos, and Flavien Solt discovered that some AMD processors may allow an attacker to infer data from previous stores, potentially resulting in the leakage of privileged information. A local attacker could possibly use this to expose sensitive information. (CVE-2024-36350, CVE-2024-36357) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This u

CVE-2025-37895 [HIGH] Linux kernel (Azure) vulnerabilities Title: Linux kernel (Azure) vulnerabilities Summary: Several security issues were fixed in the Linux kernel. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PA-RISC architecture; - PowerPC architecture; - RISC-V architecture; - S390 architecture; - x86 architecture; - Compute Acceleration Framework; - Ublk userspace block driver; - Bluetooth drivers; - Buffer Sharing and Synchronization framework; - DMA engine subsystem; - ARM SCMI message protocol; - GPU drivers; - HID subsystem; - IIO ADC drivers; - IIO subsystem; - InfiniBand drivers; - Input Device core drivers; - IOMMU subsystem; - IRQ chip drivers; - Multiple devices driver; - N

CVE-2025-38019 [HIGH] Linux kernel (HWE) vulnerabilities Title: Linux kernel (HWE) vulnerabilities Summary: Several security issues were fixed in the Linux kernel. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - RISC-V architecture; - x86 architecture; - Buffer Sharing and Synchronization framework; - DMA engine subsystem; - GPU drivers; - HID subsystem; - IIO ADC drivers; - IIO subsystem; - InfiniBand drivers; - Input Device core drivers; - Network drivers; - Mellanox network drivers; - PHY drivers; - Voltage and Current Regulator drivers; - VideoCore services drivers; - USB Type-C Connector System Software Interface driver; - Xen hypervisor drivers; - EROFS file system; - Network file sys

CVE-2025-38094 [HIGH] Linux kernel vulnerabilities Title: Linux kernel vulnerabilities Summary: Several security issues were fixed in the Linux kernel. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - RISC-V architecture; - x86 architecture; - Buffer Sharing and Synchronization framework; - DMA engine subsystem; - GPU drivers; - HID subsystem; - IIO ADC drivers; - IIO subsystem; - InfiniBand drivers; - Input Device core drivers; - Network drivers; - Mellanox network drivers; - PHY drivers; - Voltage and Current Regulator drivers; - VideoCore services drivers; - USB Type-C Connector System Software Interface driver; - Xen hypervisor drivers; - EROFS file system; - Network file system (N

CVE-2025-38018 [MEDIUM] CWE-476 kernel: Linux kernel: Local Denial of Service due to NULL pointer dereference in net/tls kernel: Linux kernel: Local Denial of Service due to NULL pointer dereference in net/tls In the Linux kernel, the following vulnerability has been resolved: net/tls: fix kernel panic when alloc_page failed We cannot set frag_list to NULL pointer when alloc_page failed. It will be used in tls_strp_check_queue_ok when the next time tls_strp_read_sock is called. This is because we don't reset full_len in tls_strp_flush_anchor_copy() so the recv path will try to continue handling the partial record on the next call but we dettached the rcvq from the frag list. Alternative fix would be to reset full_len. Unable to handle kernel NULL pointer dereference at virtual address 0000000000000028 Call trace: tls_strp_check_rcv+0x128/0x27c tls_strp_data_ready+0x34/0x44 tls_data_ready+0x3c/0x1f0 tcp_data

CVE-2025-38018 [MEDIUM] CVE-2025-38018: linux - In the Linux kernel, the following vulnerability has been resolved: net/tls: fi... In the Linux kernel, the following vulnerability has been resolved: net/tls: fix kernel panic when alloc_page failed We cannot set frag_list to NULL pointer when alloc_page failed. It will be used in tls_strp_check_queue_ok when the next time tls_strp_read_sock is called. This is because we don't reset full_len in tls_strp_flush_anchor_copy() so the recv path will try to continue handling the partial record on the next call but we dettached the rcvq from the frag list. Alternative fix would be to reset full_len. Unable to handle kernel NULL pointer dereference at virtual address 0000000000000028 Call trace: tls_strp_check_rcv+0x128/0x27c tls_strp_data_ready+0x34/0x44 tls_data_ready+0x3c/0x1f0 tcp_data_ready+0x9c/0xe4 tcp_data_queue+0xf6c/0x12d0 tcp_rcv_established+0x52c/0x798 Scope: local