Vulnerability-Lookup

SUSE-SU-2026:0200-1

Vulnerability from csaf_suse - Published: 2026-01-21 12:17 - Updated: 2026-01-21 12:17

Summary

Security update for the Linux Kernel (Live Patch 73 for SUSE Linux Enterprise 12 SP5)

Notes

Title of the patch

Security update for the Linux Kernel (Live Patch 73 for SUSE Linux Enterprise 12 SP5)

Description of the patch

This update for the SUSE Linux Enterprise kernel 4.12.14-122.275 fixes various security issues The following security issues were fixed: - CVE-2022-50327: ACPI: processor: idle: Check acpi_fetch_acpi_dev() return value (bsc#1254451). - CVE-2022-50367: fs: fix UAF/GPF bug in nilfs_mdt_destroy (bsc#1250280). - CVE-2023-53676: scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show() (bsc#1251787). - CVE-2023-53717: wifi: ath9k: Fix potential stack-out-of-bounds write in ath9k_wmi_rsp_callback() (bsc#1252563). - CVE-2025-40204: sctp: Fix MAC comparison to be constant-time (bsc#1253437).

Patchnames

SUSE-2026-200,SUSE-SLE-Live-Patching-12-SP5-2026-200

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for the Linux Kernel (Live Patch 73 for SUSE Linux Enterprise 12 SP5)",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "\nThis update for the SUSE Linux Enterprise kernel 4.12.14-122.275 fixes various security issues\n\nThe following security issues were fixed:\n\n- CVE-2022-50327: ACPI: processor: idle: Check acpi_fetch_acpi_dev() return value (bsc#1254451).\n- CVE-2022-50367: fs: fix UAF/GPF bug in nilfs_mdt_destroy (bsc#1250280).\n- CVE-2023-53676: scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show() (bsc#1251787).\n- CVE-2023-53717: wifi: ath9k: Fix potential stack-out-of-bounds write in ath9k_wmi_rsp_callback() (bsc#1252563).\n- CVE-2025-40204: sctp: Fix MAC comparison to be constant-time (bsc#1253437).\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2026-200,SUSE-SLE-Live-Patching-12-SP5-2026-200",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_0200-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2026:0200-1",
        "url": "https://www.suse.com/support/update/announcement/2026/suse-su-20260200-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2026:0200-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-January/023840.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1250280",
        "url": "https://bugzilla.suse.com/1250280"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1251787",
        "url": "https://bugzilla.suse.com/1251787"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1252563",
        "url": "https://bugzilla.suse.com/1252563"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1253437",
        "url": "https://bugzilla.suse.com/1253437"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1254451",
        "url": "https://bugzilla.suse.com/1254451"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-50327 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-50327/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-50367 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-50367/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-53676 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-53676/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-53717 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-53717/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-40204 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-40204/"
      }
    ],
    "title": "Security update for the Linux Kernel (Live Patch 73 for SUSE Linux Enterprise 12 SP5)",
    "tracking": {
      "current_release_date": "2026-01-21T12:17:09Z",
      "generator": {
        "date": "2026-01-21T12:17:09Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2026:0200-1",
      "initial_release_date": "2026-01-21T12:17:09Z",
      "revision_history": [
        {
          "date": "2026-01-21T12:17:09Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kgraft-patch-4_12_14-122_275-default-2-2.1.ppc64le",
                "product": {
                  "name": "kgraft-patch-4_12_14-122_275-default-2-2.1.ppc64le",
                  "product_id": "kgraft-patch-4_12_14-122_275-default-2-2.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kgraft-patch-4_12_14-122_275-default-2-2.1.s390x",
                "product": {
                  "name": "kgraft-patch-4_12_14-122_275-default-2-2.1.s390x",
                  "product_id": "kgraft-patch-4_12_14-122_275-default-2-2.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kgraft-patch-4_12_14-122_275-default-2-2.1.x86_64",
                "product": {
                  "name": "kgraft-patch-4_12_14-122_275-default-2-2.1.x86_64",
                  "product_id": "kgraft-patch-4_12_14-122_275-default-2-2.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Live Patching 12 SP5",
                "product": {
                  "name": "SUSE Linux Enterprise Live Patching 12 SP5",
                  "product_id": "SUSE Linux Enterprise Live Patching 12 SP5",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-live-patching:12:sp5"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-4_12_14-122_275-default-2-2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 12 SP5",
          "product_id": "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_275-default-2-2.1.ppc64le"
        },
        "product_reference": "kgraft-patch-4_12_14-122_275-default-2-2.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-4_12_14-122_275-default-2-2.1.s390x as component of SUSE Linux Enterprise Live Patching 12 SP5",
          "product_id": "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_275-default-2-2.1.s390x"
        },
        "product_reference": "kgraft-patch-4_12_14-122_275-default-2-2.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-4_12_14-122_275-default-2-2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 12 SP5",
          "product_id": "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_275-default-2-2.1.x86_64"
        },
        "product_reference": "kgraft-patch-4_12_14-122_275-default-2-2.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP5"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-50327",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-50327"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: processor: idle: Check acpi_fetch_acpi_dev() return value\n\nThe return value of acpi_fetch_acpi_dev() could be NULL, which would\ncause a NULL pointer dereference to occur in acpi_device_hid().\n\n[ rjw: Subject and changelog edits, added empty line after if () ]",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_275-default-2-2.1.ppc64le",
          "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_275-default-2-2.1.s390x",
          "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_275-default-2-2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-50327",
          "url": "https://www.suse.com/security/cve/CVE-2022-50327"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1249859 for CVE-2022-50327",
          "url": "https://bugzilla.suse.com/1249859"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1254451 for CVE-2022-50327",
          "url": "https://bugzilla.suse.com/1254451"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_275-default-2-2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_275-default-2-2.1.s390x",
            "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_275-default-2-2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_275-default-2-2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_275-default-2-2.1.s390x",
            "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_275-default-2-2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-01-21T12:17:09Z",
          "details": "important"
        }
      ],
      "title": "CVE-2022-50327"
    },
    {
      "cve": "CVE-2022-50367",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-50367"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs: fix UAF/GPF bug in nilfs_mdt_destroy\n\nIn alloc_inode, inode_init_always() could return -ENOMEM if\nsecurity_inode_alloc() fails, which causes inode-\u003ei_private\nuninitialized. Then nilfs_is_metadata_file_inode() returns\ntrue and nilfs_free_inode() wrongly calls nilfs_mdt_destroy(),\nwhich frees the uninitialized inode-\u003ei_private\nand leads to crashes(e.g., UAF/GPF).\n\nFix this by moving security_inode_alloc just prior to\nthis_cpu_inc(nr_inodes)",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_275-default-2-2.1.ppc64le",
          "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_275-default-2-2.1.s390x",
          "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_275-default-2-2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-50367",
          "url": "https://www.suse.com/security/cve/CVE-2022-50367"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1247374 for CVE-2022-50367",
          "url": "https://bugzilla.suse.com/1247374"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1250277 for CVE-2022-50367",
          "url": "https://bugzilla.suse.com/1250277"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_275-default-2-2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_275-default-2-2.1.s390x",
            "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_275-default-2-2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_275-default-2-2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_275-default-2-2.1.s390x",
            "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_275-default-2-2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-01-21T12:17:09Z",
          "details": "important"
        }
      ],
      "title": "CVE-2022-50367"
    },
    {
      "cve": "CVE-2023-53676",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-53676"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show()\n\nThe function lio_target_nacl_info_show() uses sprintf() in a loop to print\ndetails for every iSCSI connection in a session without checking for the\nbuffer length. With enough iSCSI connections it\u0027s possible to overflow the\nbuffer provided by configfs and corrupt the memory.\n\nThis patch replaces sprintf() with sysfs_emit_at() that checks for buffer\nboundries.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_275-default-2-2.1.ppc64le",
          "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_275-default-2-2.1.s390x",
          "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_275-default-2-2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-53676",
          "url": "https://www.suse.com/security/cve/CVE-2023-53676"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1251786 for CVE-2023-53676",
          "url": "https://bugzilla.suse.com/1251786"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1251787 for CVE-2023-53676",
          "url": "https://bugzilla.suse.com/1251787"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_275-default-2-2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_275-default-2-2.1.s390x",
            "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_275-default-2-2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_275-default-2-2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_275-default-2-2.1.s390x",
            "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_275-default-2-2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-01-21T12:17:09Z",
          "details": "important"
        }
      ],
      "title": "CVE-2023-53676"
    },
    {
      "cve": "CVE-2023-53717",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-53717"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath9k: Fix potential stack-out-of-bounds write in ath9k_wmi_rsp_callback()\n\nFix a stack-out-of-bounds write that occurs in a WMI response callback\nfunction that is called after a timeout occurs in ath9k_wmi_cmd().\nThe callback writes to wmi-\u003ecmd_rsp_buf, a stack-allocated buffer that\ncould no longer be valid when a timeout occurs. Set wmi-\u003elast_seq_id to\n0 when a timeout occurred.\n\nFound by a modified version of syzkaller.\n\nBUG: KASAN: stack-out-of-bounds in ath9k_wmi_ctrl_rx\nWrite of size 4\nCall Trace:\n memcpy\n ath9k_wmi_ctrl_rx\n ath9k_htc_rx_msg\n ath9k_hif_usb_reg_in_cb\n __usb_hcd_giveback_urb\n usb_hcd_giveback_urb\n dummy_timer\n call_timer_fn\n run_timer_softirq\n __do_softirq\n irq_exit_rcu\n sysvec_apic_timer_interrupt",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_275-default-2-2.1.ppc64le",
          "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_275-default-2-2.1.s390x",
          "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_275-default-2-2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-53717",
          "url": "https://www.suse.com/security/cve/CVE-2023-53717"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1252560 for CVE-2023-53717",
          "url": "https://bugzilla.suse.com/1252560"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1252563 for CVE-2023-53717",
          "url": "https://bugzilla.suse.com/1252563"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_275-default-2-2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_275-default-2-2.1.s390x",
            "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_275-default-2-2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_275-default-2-2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_275-default-2-2.1.s390x",
            "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_275-default-2-2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-01-21T12:17:09Z",
          "details": "important"
        }
      ],
      "title": "CVE-2023-53717"
    },
    {
      "cve": "CVE-2025-40204",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-40204"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: Fix MAC comparison to be constant-time\n\nTo prevent timing attacks, MACs need to be compared in constant time.\nUse the appropriate helper function for this.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_275-default-2-2.1.ppc64le",
          "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_275-default-2-2.1.s390x",
          "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_275-default-2-2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-40204",
          "url": "https://www.suse.com/security/cve/CVE-2025-40204"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1253436 for CVE-2025-40204",
          "url": "https://bugzilla.suse.com/1253436"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1253437 for CVE-2025-40204",
          "url": "https://bugzilla.suse.com/1253437"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_275-default-2-2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_275-default-2-2.1.s390x",
            "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_275-default-2-2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_275-default-2-2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_275-default-2-2.1.s390x",
            "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_275-default-2-2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-01-21T12:17:09Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-40204"
    }
  ]
}

CVE-2025-40204 (GCVE-0-2025-40204)

Vulnerability from cvelistv5 – Published: 2025-11-12 21:56 – Updated: 2025-12-01 06:20

Title

sctp: Fix MAC comparison to be constant-time

Summary

In the Linux kernel, the following vulnerability has been resolved: sctp: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/b93fa8dc521d00d2d…
	https://git.kernel.org/stable/c/0e8b8c326c2a6de4d…
	https://git.kernel.org/stable/c/1cd60e0d0fb8f0e62…
	https://git.kernel.org/stable/c/9c05d44ec24126fc2…
	https://git.kernel.org/stable/c/ed3044b9c810c5c24…
	https://git.kernel.org/stable/c/8019b3699289fce3f…
	https://git.kernel.org/stable/c/0b32ff285ff6f6f1a…
	https://git.kernel.org/stable/c/dd91c79e4f58fbe28…

Impacted products

Vendor

Product

Version

Linux

Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < b93fa8dc521d00d2d44bf034fb90e0d79b036617 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 0e8b8c326c2a6de4d837b1bb034ea704f4690d77 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 1cd60e0d0fb8f0e62ec4499138afce6342dc9d4c (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 9c05d44ec24126fc283835b68f82dba3ae985209 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < ed3044b9c810c5c24eb2830053fbfe5fd134c5d4 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 8019b3699289fce3f10b63f98601db97b8d105b0 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 0b32ff285ff6f6f1ac1d9495787ccce8837d6405 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < dd91c79e4f58fbe2898dac84858033700e0e99fb (git)

Linux

Affected: 2.6.12
Unaffected: 0 , < 2.6.12 (semver)
Unaffected: 5.4.301 , ≤ 5.4.* (semver)
Unaffected: 5.10.246 , ≤ 5.10.* (semver)
Unaffected: 5.15.195 , ≤ 5.15.* (semver)
Unaffected: 6.1.157 , ≤ 6.1.* (semver)
Unaffected: 6.6.113 , ≤ 6.6.* (semver)
Unaffected: 6.12.54 , ≤ 6.12.* (semver)
Unaffected: 6.17.4 , ≤ 6.17.* (semver)
Unaffected: 6.18 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/sctp/sm_make_chunk.c",
            "net/sctp/sm_statefuns.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "b93fa8dc521d00d2d44bf034fb90e0d79b036617",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "0e8b8c326c2a6de4d837b1bb034ea704f4690d77",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "1cd60e0d0fb8f0e62ec4499138afce6342dc9d4c",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "9c05d44ec24126fc283835b68f82dba3ae985209",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "ed3044b9c810c5c24eb2830053fbfe5fd134c5d4",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "8019b3699289fce3f10b63f98601db97b8d105b0",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "0b32ff285ff6f6f1ac1d9495787ccce8837d6405",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "dd91c79e4f58fbe2898dac84858033700e0e99fb",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/sctp/sm_make_chunk.c",
            "net/sctp/sm_statefuns.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.12"
            },
            {
              "lessThan": "2.6.12",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.301",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.246",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.195",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.157",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.113",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.54",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.17.*",
              "status": "unaffected",
              "version": "6.17.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.18",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.301",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.246",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.195",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.157",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.113",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.54",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.17.4",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: Fix MAC comparison to be constant-time\n\nTo prevent timing attacks, MACs need to be compared in constant time.\nUse the appropriate helper function for this."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-01T06:20:07.600Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/b93fa8dc521d00d2d44bf034fb90e0d79b036617"
        },
        {
          "url": "https://git.kernel.org/stable/c/0e8b8c326c2a6de4d837b1bb034ea704f4690d77"
        },
        {
          "url": "https://git.kernel.org/stable/c/1cd60e0d0fb8f0e62ec4499138afce6342dc9d4c"
        },
        {
          "url": "https://git.kernel.org/stable/c/9c05d44ec24126fc283835b68f82dba3ae985209"
        },
        {
          "url": "https://git.kernel.org/stable/c/ed3044b9c810c5c24eb2830053fbfe5fd134c5d4"
        },
        {
          "url": "https://git.kernel.org/stable/c/8019b3699289fce3f10b63f98601db97b8d105b0"
        },
        {
          "url": "https://git.kernel.org/stable/c/0b32ff285ff6f6f1ac1d9495787ccce8837d6405"
        },
        {
          "url": "https://git.kernel.org/stable/c/dd91c79e4f58fbe2898dac84858033700e0e99fb"
        }
      ],
      "title": "sctp: Fix MAC comparison to be constant-time",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-40204",
    "datePublished": "2025-11-12T21:56:35.110Z",
    "dateReserved": "2025-04-16T07:20:57.179Z",
    "dateUpdated": "2025-12-01T06:20:07.600Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2023-53676 (GCVE-0-2023-53676)

Vulnerability from cvelistv5 – Published: 2025-10-07 15:21 – Updated: 2026-01-05 10:21

Title

scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show()

Summary

In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show() The function lio_target_nacl_info_show() uses sprintf() in a loop to print details for every iSCSI connection in a session without checking for the buffer length. With enough iSCSI connections it's possible to overflow the buffer provided by configfs and corrupt the memory. This patch replaces sprintf() with sysfs_emit_at() that checks for buffer boundries.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/df349e84c2cb0dd05…
	https://git.kernel.org/stable/c/114b44dddea1f8f99…
	https://git.kernel.org/stable/c/2cbe6a88fbdd6e8ae…
	https://git.kernel.org/stable/c/bbe3ff47bf09db895…
	https://git.kernel.org/stable/c/5353df78c22623b42…
	https://git.kernel.org/stable/c/4738bf8b2d3635c29…
	https://git.kernel.org/stable/c/0cac6cbb990830935…
	https://git.kernel.org/stable/c/801f287c93ff95582…

Impacted products

Vendor

Product

Version

Linux

Affected: e48354ce078c079996f89d715dfa44814b4eba01 , < df349e84c2cb0dd05d98c8e1189c26ab4b116083 (git)
Affected: e48354ce078c079996f89d715dfa44814b4eba01 , < 114b44dddea1f8f99576de3c0e6e9059012002fc (git)
Affected: e48354ce078c079996f89d715dfa44814b4eba01 , < 2cbe6a88fbdd6e8aeab358eef61472e2de43d6f6 (git)
Affected: e48354ce078c079996f89d715dfa44814b4eba01 , < bbe3ff47bf09db8956bc2eeb49d2d514d256ad2a (git)
Affected: e48354ce078c079996f89d715dfa44814b4eba01 , < 5353df78c22623b42a71d51226d228a8413097e2 (git)
Affected: e48354ce078c079996f89d715dfa44814b4eba01 , < 4738bf8b2d3635c2944b81b2a84d97b8c8b0978d (git)
Affected: e48354ce078c079996f89d715dfa44814b4eba01 , < 0cac6cbb9908309352a5d30c1876882771d3da50 (git)
Affected: e48354ce078c079996f89d715dfa44814b4eba01 , < 801f287c93ff95582b0a2d2163f12870a2f076d4 (git)

Linux

Affected: 3.1
Unaffected: 0 , < 3.1 (semver)
Unaffected: 4.14.326 , ≤ 4.14.* (semver)
Unaffected: 4.19.295 , ≤ 4.19.* (semver)
Unaffected: 5.4.257 , ≤ 5.4.* (semver)
Unaffected: 5.10.197 , ≤ 5.10.* (semver)
Unaffected: 5.15.133 , ≤ 5.15.* (semver)
Unaffected: 6.1.55 , ≤ 6.1.* (semver)
Unaffected: 6.5.5 , ≤ 6.5.* (semver)
Unaffected: 6.6 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/target/iscsi/iscsi_target_configfs.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "df349e84c2cb0dd05d98c8e1189c26ab4b116083",
              "status": "affected",
              "version": "e48354ce078c079996f89d715dfa44814b4eba01",
              "versionType": "git"
            },
            {
              "lessThan": "114b44dddea1f8f99576de3c0e6e9059012002fc",
              "status": "affected",
              "version": "e48354ce078c079996f89d715dfa44814b4eba01",
              "versionType": "git"
            },
            {
              "lessThan": "2cbe6a88fbdd6e8aeab358eef61472e2de43d6f6",
              "status": "affected",
              "version": "e48354ce078c079996f89d715dfa44814b4eba01",
              "versionType": "git"
            },
            {
              "lessThan": "bbe3ff47bf09db8956bc2eeb49d2d514d256ad2a",
              "status": "affected",
              "version": "e48354ce078c079996f89d715dfa44814b4eba01",
              "versionType": "git"
            },
            {
              "lessThan": "5353df78c22623b42a71d51226d228a8413097e2",
              "status": "affected",
              "version": "e48354ce078c079996f89d715dfa44814b4eba01",
              "versionType": "git"
            },
            {
              "lessThan": "4738bf8b2d3635c2944b81b2a84d97b8c8b0978d",
              "status": "affected",
              "version": "e48354ce078c079996f89d715dfa44814b4eba01",
              "versionType": "git"
            },
            {
              "lessThan": "0cac6cbb9908309352a5d30c1876882771d3da50",
              "status": "affected",
              "version": "e48354ce078c079996f89d715dfa44814b4eba01",
              "versionType": "git"
            },
            {
              "lessThan": "801f287c93ff95582b0a2d2163f12870a2f076d4",
              "status": "affected",
              "version": "e48354ce078c079996f89d715dfa44814b4eba01",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/target/iscsi/iscsi_target_configfs.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.1"
            },
            {
              "lessThan": "3.1",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.14.*",
              "status": "unaffected",
              "version": "4.14.326",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.295",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.257",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.197",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.133",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.55",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.5.*",
              "status": "unaffected",
              "version": "6.5.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.6",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.14.326",
                  "versionStartIncluding": "3.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.295",
                  "versionStartIncluding": "3.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.257",
                  "versionStartIncluding": "3.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.197",
                  "versionStartIncluding": "3.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.133",
                  "versionStartIncluding": "3.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.55",
                  "versionStartIncluding": "3.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.5.5",
                  "versionStartIncluding": "3.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6",
                  "versionStartIncluding": "3.1",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show()\n\nThe function lio_target_nacl_info_show() uses sprintf() in a loop to print\ndetails for every iSCSI connection in a session without checking for the\nbuffer length. With enough iSCSI connections it\u0027s possible to overflow the\nbuffer provided by configfs and corrupt the memory.\n\nThis patch replaces sprintf() with sysfs_emit_at() that checks for buffer\nboundries."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:21:49.841Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/df349e84c2cb0dd05d98c8e1189c26ab4b116083"
        },
        {
          "url": "https://git.kernel.org/stable/c/114b44dddea1f8f99576de3c0e6e9059012002fc"
        },
        {
          "url": "https://git.kernel.org/stable/c/2cbe6a88fbdd6e8aeab358eef61472e2de43d6f6"
        },
        {
          "url": "https://git.kernel.org/stable/c/bbe3ff47bf09db8956bc2eeb49d2d514d256ad2a"
        },
        {
          "url": "https://git.kernel.org/stable/c/5353df78c22623b42a71d51226d228a8413097e2"
        },
        {
          "url": "https://git.kernel.org/stable/c/4738bf8b2d3635c2944b81b2a84d97b8c8b0978d"
        },
        {
          "url": "https://git.kernel.org/stable/c/0cac6cbb9908309352a5d30c1876882771d3da50"
        },
        {
          "url": "https://git.kernel.org/stable/c/801f287c93ff95582b0a2d2163f12870a2f076d4"
        }
      ],
      "title": "scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-53676",
    "datePublished": "2025-10-07T15:21:31.757Z",
    "dateReserved": "2025-10-07T15:16:59.664Z",
    "dateUpdated": "2026-01-05T10:21:49.841Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2022-50327 (GCVE-0-2022-50327)

Vulnerability from cvelistv5 – Published: 2025-09-15 14:49 – Updated: 2025-12-23 13:28

Title

ACPI: processor: idle: Check acpi_fetch_acpi_dev() return value

Summary

In the Linux kernel, the following vulnerability has been resolved: ACPI: processor: idle: Check acpi_fetch_acpi_dev() return value The return value of acpi_fetch_acpi_dev() could be NULL, which would cause a NULL pointer dereference to occur in acpi_device_hid(). [ rjw: Subject and changelog edits, added empty line after if () ]

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/8e8b5f12ee4ab6f5d…
	https://git.kernel.org/stable/c/fdee7a0acc566c419…
	https://git.kernel.org/stable/c/ad1190744da9d812d…
	https://git.kernel.org/stable/c/2ecd629c788bbfb96…
	https://git.kernel.org/stable/c/b85f0e292f73f353e…
	https://git.kernel.org/stable/c/2437513a814b3e93b…

Impacted products

Vendor

Product

Version

Linux

Affected: a36a7fecfe6071732075ad5aa31196adce13181b , < 8e8b5f12ee4ab6f5d252c9ca062a4ada9554e6d9 (git)
Affected: a36a7fecfe6071732075ad5aa31196adce13181b , < fdee7a0acc566c4194d40a501b8a1584e86cc208 (git)
Affected: a36a7fecfe6071732075ad5aa31196adce13181b , < ad1190744da9d812da55b76f2afce750afb0a3bd (git)
Affected: a36a7fecfe6071732075ad5aa31196adce13181b , < 2ecd629c788bbfb96be058edade2e934d3763eaf (git)
Affected: a36a7fecfe6071732075ad5aa31196adce13181b , < b85f0e292f73f353eea915499604fbf50c8238b4 (git)
Affected: a36a7fecfe6071732075ad5aa31196adce13181b , < 2437513a814b3e93bd02879740a8a06e52e2cf7d (git)

Linux

Affected: 4.8
Unaffected: 0 , < 4.8 (semver)
Unaffected: 5.4.297 , ≤ 5.4.* (semver)
Unaffected: 5.10.241 , ≤ 5.10.* (semver)
Unaffected: 5.15.190 , ≤ 5.15.* (semver)
Unaffected: 6.0.16 , ≤ 6.0.* (semver)
Unaffected: 6.1.2 , ≤ 6.1.* (semver)
Unaffected: 6.2 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T17:31:03.047Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/acpi/processor_idle.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "8e8b5f12ee4ab6f5d252c9ca062a4ada9554e6d9",
              "status": "affected",
              "version": "a36a7fecfe6071732075ad5aa31196adce13181b",
              "versionType": "git"
            },
            {
              "lessThan": "fdee7a0acc566c4194d40a501b8a1584e86cc208",
              "status": "affected",
              "version": "a36a7fecfe6071732075ad5aa31196adce13181b",
              "versionType": "git"
            },
            {
              "lessThan": "ad1190744da9d812da55b76f2afce750afb0a3bd",
              "status": "affected",
              "version": "a36a7fecfe6071732075ad5aa31196adce13181b",
              "versionType": "git"
            },
            {
              "lessThan": "2ecd629c788bbfb96be058edade2e934d3763eaf",
              "status": "affected",
              "version": "a36a7fecfe6071732075ad5aa31196adce13181b",
              "versionType": "git"
            },
            {
              "lessThan": "b85f0e292f73f353eea915499604fbf50c8238b4",
              "status": "affected",
              "version": "a36a7fecfe6071732075ad5aa31196adce13181b",
              "versionType": "git"
            },
            {
              "lessThan": "2437513a814b3e93bd02879740a8a06e52e2cf7d",
              "status": "affected",
              "version": "a36a7fecfe6071732075ad5aa31196adce13181b",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/acpi/processor_idle.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.8"
            },
            {
              "lessThan": "4.8",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.297",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.241",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.190",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.*",
              "status": "unaffected",
              "version": "6.0.16",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.2",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.297",
                  "versionStartIncluding": "4.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.241",
                  "versionStartIncluding": "4.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.190",
                  "versionStartIncluding": "4.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.0.16",
                  "versionStartIncluding": "4.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.2",
                  "versionStartIncluding": "4.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.2",
                  "versionStartIncluding": "4.8",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: processor: idle: Check acpi_fetch_acpi_dev() return value\n\nThe return value of acpi_fetch_acpi_dev() could be NULL, which would\ncause a NULL pointer dereference to occur in acpi_device_hid().\n\n[ rjw: Subject and changelog edits, added empty line after if () ]"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-23T13:28:29.153Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/8e8b5f12ee4ab6f5d252c9ca062a4ada9554e6d9"
        },
        {
          "url": "https://git.kernel.org/stable/c/fdee7a0acc566c4194d40a501b8a1584e86cc208"
        },
        {
          "url": "https://git.kernel.org/stable/c/ad1190744da9d812da55b76f2afce750afb0a3bd"
        },
        {
          "url": "https://git.kernel.org/stable/c/2ecd629c788bbfb96be058edade2e934d3763eaf"
        },
        {
          "url": "https://git.kernel.org/stable/c/b85f0e292f73f353eea915499604fbf50c8238b4"
        },
        {
          "url": "https://git.kernel.org/stable/c/2437513a814b3e93bd02879740a8a06e52e2cf7d"
        }
      ],
      "title": "ACPI: processor: idle: Check acpi_fetch_acpi_dev() return value",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2022-50327",
    "datePublished": "2025-09-15T14:49:26.711Z",
    "dateReserved": "2025-09-15T14:18:36.815Z",
    "dateUpdated": "2025-12-23T13:28:29.153Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2023-53717 (GCVE-0-2023-53717)

Vulnerability from cvelistv5 – Published: 2025-10-22 13:23 – Updated: 2025-10-22 13:23

Title

wifi: ath9k: Fix potential stack-out-of-bounds write in ath9k_wmi_rsp_callback()

Summary

In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: Fix potential stack-out-of-bounds write in ath9k_wmi_rsp_callback() Fix a stack-out-of-bounds write that occurs in a WMI response callback function that is called after a timeout occurs in ath9k_wmi_cmd(). The callback writes to wmi->cmd_rsp_buf, a stack-allocated buffer that could no longer be valid when a timeout occurs. Set wmi->last_seq_id to 0 when a timeout occurred. Found by a modified version of syzkaller. BUG: KASAN: stack-out-of-bounds in ath9k_wmi_ctrl_rx Write of size 4 Call Trace: memcpy ath9k_wmi_ctrl_rx ath9k_htc_rx_msg ath9k_hif_usb_reg_in_cb __usb_hcd_giveback_urb usb_hcd_giveback_urb dummy_timer call_timer_fn run_timer_softirq __do_softirq irq_exit_rcu sysvec_apic_timer_interrupt

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/89a33c3c847b19b19…
	https://git.kernel.org/stable/c/ae4933b4f17de8e2b…
	https://git.kernel.org/stable/c/bf6dc175a2b53098a…
	https://git.kernel.org/stable/c/78b56b0a613a87b61…
	https://git.kernel.org/stable/c/1af7eacfad45149c5…
	https://git.kernel.org/stable/c/8f28513d952018405…
	https://git.kernel.org/stable/c/554048a72d7ecfdd5…
	https://git.kernel.org/stable/c/8a2f35b9830692f7a…

Impacted products

Vendor

Product

Version

Linux

Affected: fb9987d0f748c983bb795a86f47522313f701a08 , < 89a33c3c847b19b19205cde1d924df2a6c70d8eb (git)
Affected: fb9987d0f748c983bb795a86f47522313f701a08 , < ae4933b4f17de8e2b7ff6f91b17d3b0099a6d6bc (git)
Affected: fb9987d0f748c983bb795a86f47522313f701a08 , < bf6dc175a2b53098a69db1236d9d53982f4b1bc0 (git)
Affected: fb9987d0f748c983bb795a86f47522313f701a08 , < 78b56b0a613a87b61290b95be497fdfe2fe58aa6 (git)
Affected: fb9987d0f748c983bb795a86f47522313f701a08 , < 1af7eacfad45149c54893a8a9df9e92ef89f0a90 (git)
Affected: fb9987d0f748c983bb795a86f47522313f701a08 , < 8f28513d9520184059530c01a9f928a1b3809d3f (git)
Affected: fb9987d0f748c983bb795a86f47522313f701a08 , < 554048a72d7ecfdd58cc1bfb56e0a1864e64e82c (git)
Affected: fb9987d0f748c983bb795a86f47522313f701a08 , < 8a2f35b9830692f7a616f2f627f943bc748af13a (git)

Linux

Affected: 2.6.35
Unaffected: 0 , < 2.6.35 (semver)
Unaffected: 4.14.308 , ≤ 4.14.* (semver)
Unaffected: 4.19.276 , ≤ 4.19.* (semver)
Unaffected: 5.4.235 , ≤ 5.4.* (semver)
Unaffected: 5.10.173 , ≤ 5.10.* (semver)
Unaffected: 5.15.99 , ≤ 5.15.* (semver)
Unaffected: 6.1.16 , ≤ 6.1.* (semver)
Unaffected: 6.2.3 , ≤ 6.2.* (semver)
Unaffected: 6.3 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/wireless/ath/ath9k/wmi.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "89a33c3c847b19b19205cde1d924df2a6c70d8eb",
              "status": "affected",
              "version": "fb9987d0f748c983bb795a86f47522313f701a08",
              "versionType": "git"
            },
            {
              "lessThan": "ae4933b4f17de8e2b7ff6f91b17d3b0099a6d6bc",
              "status": "affected",
              "version": "fb9987d0f748c983bb795a86f47522313f701a08",
              "versionType": "git"
            },
            {
              "lessThan": "bf6dc175a2b53098a69db1236d9d53982f4b1bc0",
              "status": "affected",
              "version": "fb9987d0f748c983bb795a86f47522313f701a08",
              "versionType": "git"
            },
            {
              "lessThan": "78b56b0a613a87b61290b95be497fdfe2fe58aa6",
              "status": "affected",
              "version": "fb9987d0f748c983bb795a86f47522313f701a08",
              "versionType": "git"
            },
            {
              "lessThan": "1af7eacfad45149c54893a8a9df9e92ef89f0a90",
              "status": "affected",
              "version": "fb9987d0f748c983bb795a86f47522313f701a08",
              "versionType": "git"
            },
            {
              "lessThan": "8f28513d9520184059530c01a9f928a1b3809d3f",
              "status": "affected",
              "version": "fb9987d0f748c983bb795a86f47522313f701a08",
              "versionType": "git"
            },
            {
              "lessThan": "554048a72d7ecfdd58cc1bfb56e0a1864e64e82c",
              "status": "affected",
              "version": "fb9987d0f748c983bb795a86f47522313f701a08",
              "versionType": "git"
            },
            {
              "lessThan": "8a2f35b9830692f7a616f2f627f943bc748af13a",
              "status": "affected",
              "version": "fb9987d0f748c983bb795a86f47522313f701a08",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/wireless/ath/ath9k/wmi.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.35"
            },
            {
              "lessThan": "2.6.35",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.14.*",
              "status": "unaffected",
              "version": "4.14.308",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.276",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.235",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.173",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.99",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.16",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.*",
              "status": "unaffected",
              "version": "6.2.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.3",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.14.308",
                  "versionStartIncluding": "2.6.35",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.276",
                  "versionStartIncluding": "2.6.35",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.235",
                  "versionStartIncluding": "2.6.35",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.173",
                  "versionStartIncluding": "2.6.35",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.99",
                  "versionStartIncluding": "2.6.35",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.16",
                  "versionStartIncluding": "2.6.35",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.2.3",
                  "versionStartIncluding": "2.6.35",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.3",
                  "versionStartIncluding": "2.6.35",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath9k: Fix potential stack-out-of-bounds write in ath9k_wmi_rsp_callback()\n\nFix a stack-out-of-bounds write that occurs in a WMI response callback\nfunction that is called after a timeout occurs in ath9k_wmi_cmd().\nThe callback writes to wmi-\u003ecmd_rsp_buf, a stack-allocated buffer that\ncould no longer be valid when a timeout occurs. Set wmi-\u003elast_seq_id to\n0 when a timeout occurred.\n\nFound by a modified version of syzkaller.\n\nBUG: KASAN: stack-out-of-bounds in ath9k_wmi_ctrl_rx\nWrite of size 4\nCall Trace:\n memcpy\n ath9k_wmi_ctrl_rx\n ath9k_htc_rx_msg\n ath9k_hif_usb_reg_in_cb\n __usb_hcd_giveback_urb\n usb_hcd_giveback_urb\n dummy_timer\n call_timer_fn\n run_timer_softirq\n __do_softirq\n irq_exit_rcu\n sysvec_apic_timer_interrupt"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-22T13:23:50.161Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/89a33c3c847b19b19205cde1d924df2a6c70d8eb"
        },
        {
          "url": "https://git.kernel.org/stable/c/ae4933b4f17de8e2b7ff6f91b17d3b0099a6d6bc"
        },
        {
          "url": "https://git.kernel.org/stable/c/bf6dc175a2b53098a69db1236d9d53982f4b1bc0"
        },
        {
          "url": "https://git.kernel.org/stable/c/78b56b0a613a87b61290b95be497fdfe2fe58aa6"
        },
        {
          "url": "https://git.kernel.org/stable/c/1af7eacfad45149c54893a8a9df9e92ef89f0a90"
        },
        {
          "url": "https://git.kernel.org/stable/c/8f28513d9520184059530c01a9f928a1b3809d3f"
        },
        {
          "url": "https://git.kernel.org/stable/c/554048a72d7ecfdd58cc1bfb56e0a1864e64e82c"
        },
        {
          "url": "https://git.kernel.org/stable/c/8a2f35b9830692f7a616f2f627f943bc748af13a"
        }
      ],
      "title": "wifi: ath9k: Fix potential stack-out-of-bounds write in ath9k_wmi_rsp_callback()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-53717",
    "datePublished": "2025-10-22T13:23:50.161Z",
    "dateReserved": "2025-10-22T13:21:37.347Z",
    "dateUpdated": "2025-10-22T13:23:50.161Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-50367 (GCVE-0-2022-50367)

Vulnerability from cvelistv5 – Published: 2025-09-17 14:56 – Updated: 2026-01-14 18:42

Title

fs: fix UAF/GPF bug in nilfs_mdt_destroy

Summary

In the Linux kernel, the following vulnerability has been resolved: fs: fix UAF/GPF bug in nilfs_mdt_destroy In alloc_inode, inode_init_always() could return -ENOMEM if security_inode_alloc() fails, which causes inode->i_private uninitialized. Then nilfs_is_metadata_file_inode() returns true and nilfs_free_inode() wrongly calls nilfs_mdt_destroy(), which frees the uninitialized inode->i_private and leads to crashes(e.g., UAF/GPF). Fix this by moving security_inode_alloc just prior to this_cpu_inc(nr_inodes)

Severity ?

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-416 - Use After Free

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/d1ff475d7c83289d0…
	https://git.kernel.org/stable/c/c0aa76b0f17f59dd9…
	https://git.kernel.org/stable/c/ec2aab115eb38ac49…
	https://git.kernel.org/stable/c/70e4f70d54e0225f9…
	https://git.kernel.org/stable/c/1e555c3ed1fce4b27…
	https://git.kernel.org/stable/c/64b79e632869ad3ef…
	https://git.kernel.org/stable/c/81de80330fa6907ae…
	https://git.kernel.org/stable/c/2a96b532098284ecf…
	https://git.kernel.org/stable/c/2e488f13755ffbb60…

Impacted products

Vendor

Product

Version

Linux

Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < d1ff475d7c83289d0a7faef346ea3bbf90818bad (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < c0aa76b0f17f59dd9c9d3463550a2986a1d592e4 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < ec2aab115eb38ac4992ea2fcc2a02fbe7af5cf48 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 70e4f70d54e0225f91814e8610477d65f33cefe4 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 1e555c3ed1fce4b278aaebe18a64a934cece57d8 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 64b79e632869ad3ef6c098a4731d559381da1115 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 81de80330fa6907aec32eb54c5619059e6e36452 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 2a96b532098284ecf8e4849b8b9e5fc7a28bdee9 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 2e488f13755ffbb60f307e991b27024716a33b29 (git)

Linux

Affected: 2.6.12
Unaffected: 0 , < 2.6.12 (semver)
Unaffected: 4.9.331 , ≤ 4.9.* (semver)
Unaffected: 4.14.296 , ≤ 4.14.* (semver)
Unaffected: 4.19.262 , ≤ 4.19.* (semver)
Unaffected: 5.4.218 , ≤ 5.4.* (semver)
Unaffected: 5.10.148 , ≤ 5.10.* (semver)
Unaffected: 5.15.73 , ≤ 5.15.* (semver)
Unaffected: 5.19.15 , ≤ 5.19.* (semver)
Unaffected: 6.0.1 , ≤ 6.0.* (semver)
Unaffected: 6.1 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2022-50367",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-14T18:35:10.102018Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-416",
                "description": "CWE-416 Use After Free",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-14T18:42:59.212Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/inode.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "d1ff475d7c83289d0a7faef346ea3bbf90818bad",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "c0aa76b0f17f59dd9c9d3463550a2986a1d592e4",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "ec2aab115eb38ac4992ea2fcc2a02fbe7af5cf48",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "70e4f70d54e0225f91814e8610477d65f33cefe4",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "1e555c3ed1fce4b278aaebe18a64a934cece57d8",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "64b79e632869ad3ef6c098a4731d559381da1115",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "81de80330fa6907aec32eb54c5619059e6e36452",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "2a96b532098284ecf8e4849b8b9e5fc7a28bdee9",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "2e488f13755ffbb60f307e991b27024716a33b29",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/inode.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.12"
            },
            {
              "lessThan": "2.6.12",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.9.*",
              "status": "unaffected",
              "version": "4.9.331",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.14.*",
              "status": "unaffected",
              "version": "4.14.296",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.262",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.218",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.148",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.73",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.19.*",
              "status": "unaffected",
              "version": "5.19.15",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.*",
              "status": "unaffected",
              "version": "6.0.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.1",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.9.331",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.14.296",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.262",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.218",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.148",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.73",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.19.15",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.0.1",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs: fix UAF/GPF bug in nilfs_mdt_destroy\n\nIn alloc_inode, inode_init_always() could return -ENOMEM if\nsecurity_inode_alloc() fails, which causes inode-\u003ei_private\nuninitialized. Then nilfs_is_metadata_file_inode() returns\ntrue and nilfs_free_inode() wrongly calls nilfs_mdt_destroy(),\nwhich frees the uninitialized inode-\u003ei_private\nand leads to crashes(e.g., UAF/GPF).\n\nFix this by moving security_inode_alloc just prior to\nthis_cpu_inc(nr_inodes)"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-23T13:29:06.406Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/d1ff475d7c83289d0a7faef346ea3bbf90818bad"
        },
        {
          "url": "https://git.kernel.org/stable/c/c0aa76b0f17f59dd9c9d3463550a2986a1d592e4"
        },
        {
          "url": "https://git.kernel.org/stable/c/ec2aab115eb38ac4992ea2fcc2a02fbe7af5cf48"
        },
        {
          "url": "https://git.kernel.org/stable/c/70e4f70d54e0225f91814e8610477d65f33cefe4"
        },
        {
          "url": "https://git.kernel.org/stable/c/1e555c3ed1fce4b278aaebe18a64a934cece57d8"
        },
        {
          "url": "https://git.kernel.org/stable/c/64b79e632869ad3ef6c098a4731d559381da1115"
        },
        {
          "url": "https://git.kernel.org/stable/c/81de80330fa6907aec32eb54c5619059e6e36452"
        },
        {
          "url": "https://git.kernel.org/stable/c/2a96b532098284ecf8e4849b8b9e5fc7a28bdee9"
        },
        {
          "url": "https://git.kernel.org/stable/c/2e488f13755ffbb60f307e991b27024716a33b29"
        }
      ],
      "title": "fs: fix UAF/GPF bug in nilfs_mdt_destroy",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2022-50367",
    "datePublished": "2025-09-17T14:56:23.190Z",
    "dateReserved": "2025-09-17T14:53:06.995Z",
    "dateUpdated": "2026-01-14T18:42:59.212Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

SUSE-SU-2026:0200-1

CVE-2025-40204 (GCVE-0-2025-40204)

CVE-2023-53676 (GCVE-0-2023-53676)

CVE-2022-50327 (GCVE-0-2022-50327)

CVE-2023-53717 (GCVE-0-2023-53717)

CVE-2022-50367 (GCVE-0-2022-50367)

Tags

Sightings

Nomenclature