LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-1999-0656 CVE STATUS: Unpatched CVE SUMMARY: The ugidd RPC interface, by design, allows remote attackers to enumerate valid usernames by specifying arbitrary UIDs that ugidd maps to local user and group names. LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2006-2932 CVE STATUS: Unpatched CVE SUMMARY: A regression error in the restore_all code path of the 4/4GB split support for non-hugemem Linux kernels on Red Hat Linux Desktop and Enterprise Linux 4 allows local users to cause a denial of service (panic) via unspecified vectors. LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2007-2764 CVE STATUS: Unpatched CVE SUMMARY: The embedded Linux kernel in certain Sun-Brocade SilkWorm switches before 20070516 does not properly handle a situation in which a non-root user creates a kernel process, which allows attackers to cause a denial of service (oops and device reboot) via unspecified vectors. LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2007-4998 CVE STATUS: Unpatched CVE SUMMARY: cp, when running with an option to preserve symlinks on multiple OSes, allows local, user-assisted attackers to overwrite arbitrary files via a symlink attack using crafted directories containing multiple source files that are copied to the same destination. LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2008-2544 CVE STATUS: Unpatched CVE SUMMARY: Mounting /proc filesystem via chroot command silently mounts it in read-write mode. The user could bypass the chroot environment and gain write access to files, he would never have otherwise. LAYER: meta-xilinx-virtualization PACKAGE NAME: xen PACKAGE VERSION: 4.20.0+stable-xilinx+git CVE: CVE-2011-1763 CVE STATUS: Unpatched CVE SUMMARY: The get_free_port function in Xen allows local authenticated DomU users to cause a denial of service or possibly gain privileges via unspecified vectors involving a new event channel port. LAYER: meta-xilinx-virtualization PACKAGE NAME: xen PACKAGE VERSION: 4.20.0+stable-xilinx+git CVE: CVE-2011-1936 CVE STATUS: Unpatched CVE SUMMARY: Xen, when using x86 Intel processors and the VMX virtualization extension is enabled, does not properly handle cpuid instruction emulation when exiting the VM, which allows local guest users to cause a denial of service (guest crash) via unspecified vectors. LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2011-3346 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in hw/scsi-disk.c in the SCSI subsystem in QEMU before 0.15.2, as used by Xen, might allow local guest users with permission to access the CD-ROM to cause a denial of service (guest crash) via a crafted SAI READ CAPACITY SCSI command. NOTE: this is only a vulnerability when root has manually modified certain permissions or ACLs. -- LAYER: meta-xilinx-virtualization PACKAGE NAME: xen PACKAGE VERSION: 4.20.0+stable-xilinx+git CVE: CVE-2011-3346 CVE STATUS: Unpatched CVE SUMMARY: Buffer overflow in hw/scsi-disk.c in the SCSI subsystem in QEMU before 0.15.2, as used by Xen, might allow local guest users with permission to access the CD-ROM to cause a denial of service (guest crash) via a crafted SAI READ CAPACITY SCSI command. NOTE: this is only a vulnerability when root has manually modified certain permissions or ACLs. LAYER: meta-xilinx-virtualization PACKAGE NAME: xen PACKAGE VERSION: 4.20.0+stable-xilinx+git CVE: CVE-2014-2580 CVE STATUS: Unpatched CVE SUMMARY: The netback driver in Xen, when using certain Linux versions that do not allow sleeping in softirq context, allows local guest administrators to cause a denial of service ("scheduling while atomic" error and host crash) via a malformed packet, which causes a mutex to be taken when trying to disable the interface. LAYER: meta-xilinx-virtualization PACKAGE NAME: xen PACKAGE VERSION: 4.20.0+stable-xilinx+git CVE: CVE-2014-3672 CVE STATUS: Unpatched CVE SUMMARY: The qemu implementation in libvirt before 1.3.0 and Xen allows local guest OS users to cause a denial of service (host disk consumption) by writing to stdout or stderr. LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2014-8171 CVE STATUS: Unpatched CVE SUMMARY: The memory resource controller (aka memcg) in the Linux kernel allows local users to cause a denial of service (deadlock) by spawning new processes within a memory-constrained cgroup. LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2015-7504 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU allows guest OS administrators to cause a denial of service (instance crash) or possibly execute arbitrary code via a series of packets in loopback mode. -- LAYER: meta-xilinx-virtualization PACKAGE NAME: xen PACKAGE VERSION: 4.20.0+stable-xilinx+git CVE: CVE-2015-7504 CVE STATUS: Unpatched CVE SUMMARY: Heap-based buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU allows guest OS administrators to cause a denial of service (instance crash) or possibly execute arbitrary code via a series of packets in loopback mode. LAYER: meta-xilinx-virtualization PACKAGE NAME: xen PACKAGE VERSION: 4.20.0+stable-xilinx+git CVE: CVE-2015-8550 CVE STATUS: Unpatched CVE SUMMARY: Xen, when used on a system providing PV backends, allows local guest OS administrators to cause a denial of service (host OS crash) or gain privileges by writing to memory shared between the frontend and backend, aka a double fetch vulnerability. LAYER: meta-xilinx-virtualization PACKAGE NAME: xen PACKAGE VERSION: 4.20.0+stable-xilinx+git CVE: CVE-2015-8553 CVE STATUS: Unpatched CVE SUMMARY: Xen allows guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory by not enabling memory and I/O decoding control bits. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0777. LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2016-0774 CVE STATUS: Unpatched CVE SUMMARY: The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in a certain Linux kernel backport in the linux package before 3.2.73-2+deb7u3 on Debian wheezy and the kernel package before 3.10.0-229.26.2 on Red Hat Enterprise Linux (RHEL) 7.1 do not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted application, aka an "I/O vector array overrun." NOTE: this vulnerability exists because of an incorrect fix for CVE-2015-1805. LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2016-3695 CVE STATUS: Unpatched CVE SUMMARY: The einj_error_inject function in drivers/acpi/apei/einj.c in the Linux kernel allows local users to simulate hardware errors and consequently cause a denial of service by leveraging failure to disable APEI error injection through EINJ when securelevel is set. LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2016-3699 CVE STATUS: Unpatched CVE SUMMARY: The Linux kernel, as used in Red Hat Enterprise Linux 7.2 and Red Hat Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended Secure Boot restrictions and execute untrusted code by appending ACPI tables to the initrd. LAYER: meta-xilinx-virtualization PACKAGE NAME: xen PACKAGE VERSION: 4.20.0+stable-xilinx+git CVE: CVE-2016-3960 CVE STATUS: Unpatched CVE SUMMARY: Integer overflow in the x86 shadow pagetable code in Xen allows local guest OS users to cause a denial of service (host crash) or possibly gain privileges by shadowing a superpage mapping. LAYER: meta-xilinx-virtualization PACKAGE NAME: xen PACKAGE VERSION: 4.20.0+stable-xilinx+git CVE: CVE-2016-7092 CVE STATUS: Unpatched CVE SUMMARY: The get_page_from_l3e function in arch/x86/mm.c in Xen allows local 32-bit PV guest OS administrators to gain host OS privileges via vectors related to L3 recursive pagetables. LAYER: meta-xilinx-virtualization PACKAGE NAME: xen PACKAGE VERSION: 4.20.0+stable-xilinx+git CVE: CVE-2016-9379 CVE STATUS: Unpatched CVE SUMMARY: The pygrub boot loader emulator in Xen, when S-expression output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via string quotes and S-expressions in the bootloader configuration file. LAYER: meta-xilinx-virtualization PACKAGE NAME: xen PACKAGE VERSION: 4.20.0+stable-xilinx+git CVE: CVE-2016-9380 CVE STATUS: Unpatched CVE SUMMARY: The pygrub boot loader emulator in Xen, when nul-delimited output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via NUL bytes in the bootloader configuration file. LAYER: meta-xilinx-virtualization PACKAGE NAME: xen PACKAGE VERSION: 4.20.0+stable-xilinx+git CVE: CVE-2016-9383 CVE STATUS: Unpatched CVE SUMMARY: Xen, when running on a 64-bit hypervisor, allows local x86 guest OS users to modify arbitrary memory and consequently obtain sensitive information, cause a denial of service (host crash), or execute arbitrary code on the host by leveraging broken emulation of bit test instructions. LAYER: meta-xilinx-virtualization PACKAGE NAME: xen PACKAGE VERSION: 4.20.0+stable-xilinx+git CVE: CVE-2016-9386 CVE STATUS: Unpatched CVE SUMMARY: The x86 emulator in Xen does not properly treat x86 NULL segments as unusable when accessing memory, which might allow local HVM guest users to gain privileges via vectors involving "unexpected" base/limit values. LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2017-1000255 CVE STATUS: Unpatched CVE SUMMARY: On Linux running on PowerPC hardware (Power8 or later) a user process can craft a signal frame and then do a sigreturn so that the kernel will take an exception (interrupt), and use the r1 value *from the signal frame* as the kernel stack pointer. As part of the exception entry the content of the signal frame is written to the kernel stack, allowing an attacker to overwrite arbitrary locations with arbitrary values. The exception handling does produce an oops, and a panic if panic_on_oops=1, but only after kernel memory has been over written. This flaw was introduced in commit: "5d176f751ee3 (powerpc: tm: Enable transactional memory (TM) lazily for userspace)" which was merged upstream into v4.9-rc1. Please note that kernels built with CONFIG_PPC_TRANSACTIONAL_MEM=n are not vulnerable. LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2017-1000377 CVE STATUS: Unpatched CVE SUMMARY: An issue was discovered in the size of the default stack guard page on PAX Linux (originally from GRSecurity but shipped by other Linux vendors), specifically the default stack guard page is not sufficiently large and can be "jumped" over (the stack guard page is bypassed), this affects PAX Linux Kernel versions as of June 19, 2017 (specific version information is not available at this time). LAYER: meta-xilinx-virtualization PACKAGE NAME: xen PACKAGE VERSION: 4.20.0+stable-xilinx+git CVE: CVE-2017-12134 CVE STATUS: Unpatched CVE SUMMARY: The xen_biovec_phys_mergeable function in drivers/xen/biomerge.c in Xen might allow local OS guest users to corrupt block device data streams and consequently obtain sensitive memory information, cause a denial of service, or gain host OS privileges by leveraging incorrect block IO merge-ability calculation. LAYER: meta-xilinx-virtualization PACKAGE NAME: xen PACKAGE VERSION: 4.20.0+stable-xilinx+git CVE: CVE-2017-12135 CVE STATUS: Unpatched CVE SUMMARY: Xen allows local OS guest users to cause a denial of service (crash) or possibly obtain sensitive information or gain privileges via vectors involving transitive grants. LAYER: meta-xilinx-virtualization PACKAGE NAME: xen PACKAGE VERSION: 4.20.0+stable-xilinx+git CVE: CVE-2017-12137 CVE STATUS: Unpatched CVE SUMMARY: arch/x86/mm.c in Xen allows local PV guest OS users to gain host OS privileges via vectors related to map_grant_ref. LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2017-6264 CVE STATUS: Unpatched CVE SUMMARY: An elevation of privilege vulnerability exists in the NVIDIA GPU driver (gm20b_clk_throt_set_cdev_state), where an out of bound memory read is used as a function pointer could lead to code execution in the kernel.This issue is rated as high because it could allow a local malicious application to execute arbitrary code within the context of a privileged process. Product: Android. Version: N/A. Android ID: A-34705430. References: N-CVE-2017-6264. LAYER: meta-xilinx-virtualization PACKAGE NAME: xen PACKAGE VERSION: 4.20.0+stable-xilinx+git CVE: CVE-2017-7228 CVE STATUS: Unpatched CVE SUMMARY: An issue (known as XSA-212) was discovered in Xen, with fixes available for 4.8.x, 4.7.x, 4.6.x, 4.5.x, and 4.4.x. The earlier XSA-29 fix introduced an insufficient check on XENMEM_exchange input, allowing the caller to drive hypervisor memory accesses outside of the guest provided input/output arrays. LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2018-10840 CVE STATUS: Unpatched CVE SUMMARY: Linux kernel is vulnerable to a heap-based buffer overflow in the fs/ext4/xattr.c:ext4_xattr_set_entry() function. An attacker could exploit this by operating on a mounted crafted ext4 image. LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2018-10876 CVE STATUS: Unpatched CVE SUMMARY: A flaw was found in Linux kernel in the ext4 filesystem code. A use-after-free is possible in ext4_ext_remove_space() function when mounting and operating a crafted ext4 image. LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2018-10882 CVE STATUS: Unpatched CVE SUMMARY: A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound write in in fs/jbd2/transaction.c code, a denial of service, and a system crash by unmounting a crafted ext4 filesystem image. LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2018-10902 CVE STATUS: Unpatched CVE SUMMARY: It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in rawmidi.c file. A malicious local attacker could possibly use this for privilege escalation. LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2018-14625 CVE STATUS: Unpatched CVE SUMMARY: A flaw was found in the Linux Kernel where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly intercept or corrupt AF_VSOCK messages destined to other clients. LAYER: meta-ros-common PACKAGE NAME: yaml-cpp PACKAGE VERSION: 0.6.2 CVE: CVE-2018-20573 CVE STATUS: Unpatched CVE SUMMARY: The Scanner::EnsureTokensInQueue function in yaml-cpp (aka LibYaml-C++) 0.6.2 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file. LAYER: meta-ros-common PACKAGE NAME: yaml-cpp PACKAGE VERSION: 0.6.2 CVE: CVE-2018-20574 CVE STATUS: Unpatched CVE SUMMARY: The SingleDocParser::HandleFlowMap function in yaml-cpp (aka LibYaml-C++) 0.6.2 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file. LAYER: meta-xilinx-virtualization PACKAGE NAME: xen PACKAGE VERSION: 4.20.0+stable-xilinx+git CVE: CVE-2018-5244 CVE STATUS: Unpatched CVE SUMMARY: In Xen 4.10, new infrastructure was introduced as part of an overhaul to how MSR emulation happens for guests. Unfortunately, one tracking structure isn't freed when a vcpu is destroyed. This allows guest OS administrators to cause a denial of service (host OS memory consumption) by rebooting many times. LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2018-6559 CVE STATUS: Unpatched CVE SUMMARY: The Linux kernel, as used in Ubuntu 18.04 LTS and Ubuntu 18.10, allows local users to obtain names of files in which they would not normally be able to access via an overlayfs mount inside of a user namespace. LAYER: meta-xilinx-virtualization PACKAGE NAME: xen PACKAGE VERSION: 4.20.0+stable-xilinx+git CVE: CVE-2018-8897 CVE STATUS: Unpatched CVE SUMMARY: A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs. LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2019-14899 CVE STATUS: Unpatched CVE SUMMARY: A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a malicious access point, or an adjacent user, to determine if a connected user is using a VPN, make positive inferences about the websites they are visiting, and determine the correct sequence and acknowledgement numbers in use, allowing the bad actor to inject data into the TCP stream. This provides everything that is needed for an attacker to hijack active connections inside the VPN tunnel. LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2019-3016 CVE STATUS: Unpatched CVE SUMMARY: In a Linux KVM guest that has PV TLB enabled, a process in the guest kernel may be able to read memory locations from another process in the same guest. This problem is limit to the host running linux kernel 4.10 with a guest running linux kernel 4.16 or later. The problem mainly affects AMD processors but Intel CPUs cannot be ruled out. LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2019-3819 CVE STATUS: Unpatched CVE SUMMARY: A flaw was found in the Linux kernel in the function hid_debug_events_read() in drivers/hid/hid-debug.c file which may enter an infinite loop with certain parameters passed from a userspace. A local privileged user ("root") can cause a system lock up and a denial of service. Versions from v4.18 and newer are vulnerable. LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2019-3887 CVE STATUS: Unpatched CVE SUMMARY: A flaw was found in the way KVM hypervisor handled x2APIC Machine Specific Rregister (MSR) access with nested(=1) virtualization enabled. In that, L1 guest could access L0's APIC register values via L2 guest, when 'virtualize x2APIC mode' is enabled. A guest could use this flaw to potentially crash the host kernel resulting in DoS issue. Kernel versions from 4.16 and newer are vulnerable to this issue. LAYER: meta-ros-common PACKAGE NAME: yaml-cpp PACKAGE VERSION: 0.6.2 CVE: CVE-2019-6285 CVE STATUS: Unpatched CVE SUMMARY: The SingleDocParser::HandleFlowSequence function in yaml-cpp (aka LibYaml-C++) 0.6.2 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file. LAYER: meta-ros-common PACKAGE NAME: yaml-cpp PACKAGE VERSION: 0.6.2 CVE: CVE-2019-6292 CVE STATUS: Unpatched CVE SUMMARY: An issue was discovered in singledocparser.cpp in yaml-cpp (aka LibYaml-C++) 0.6.2. Stack Exhaustion occurs in YAML::SingleDocParser, and there is a stack consumption problem caused by recursive stack frames: HandleCompactMap, HandleMap, HandleFlowSequence, HandleSequence, HandleNode. Remote attackers could leverage this vulnerability to cause a denial-of-service via a cpp file. LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2020-10742 CVE STATUS: Unpatched CVE SUMMARY: A flaw was found in the Linux kernel. An index buffer overflow during Direct IO write leading to the NFS client to crash. In some cases, a reach out of the index after one memory allocation by kmalloc will cause a kernel panic. The highest threat from this vulnerability is to data confidentiality and system availability. LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2020-16119 CVE STATUS: Unpatched CVE SUMMARY: Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a DCCP socket with an attached dccps_hc_tx_ccid object as a listener after being released. Fixed in Ubuntu Linux kernel 5.4.0-51.56, 5.3.0-68.63, 4.15.0-121.123, 4.4.0-193.224, 3.13.0.182.191 and 3.2.0-149.196. LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2020-1749 CVE STATUS: Unpatched CVE SUMMARY: A flaw was found in the Linux kernel's implementation of some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6. When an encrypted tunnel is created between two hosts, the kernel isn't correctly routing tunneled data over the encrypted link; rather sending the data unencrypted. This would allow anyone in between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality. -- LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2020-17498 CVE STATUS: Patched CVE SUMMARY: In Wireshark 3.2.0 to 3.2.5, the Kafka protocol dissector could crash. This was addressed in epan/dissectors/packet-kafka.c by avoiding a double free during LZ4 decompression. LAYER: meta-oe PACKAGE NAME: dhrystone PACKAGE VERSION: 2.1 CVE: CVE-2020-23026 CVE STATUS: Unpatched CVE SUMMARY: A NULL pointer dereference in the main() function dhry_1.c of dhrystone 2.1 causes a denial of service (DoS). LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2020-25672 CVE STATUS: Unpatched CVE SUMMARY: A memory leak vulnerability was found in Linux kernel in llcp_sock_connect LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2020-27815 CVE STATUS: Unpatched CVE SUMMARY: A flaw was found in the JFS filesystem code in the Linux Kernel which allows a local attacker with the ability to set extended attributes to panic the system, causing memory corruption or escalating privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2020-8834 CVE STATUS: Unpatched CVE SUMMARY: KVM in the Linux kernel on Power8 processors has a conflicting use of HSTATE_HOST_R1 to store r1 state in kvmppc_hv_entry plus in kvmppc_{save,restore}_tm, leading to a stack corruption. Because of this, an attacker with the ability run code in kernel space of a guest VM can cause the host kernel to panic. There were two commits that, according to the reporter, introduced the vulnerability: f024ee098476 ("KVM: PPC: Book3S HV: Pull out TM state save/restore into separate procedures") 87a11bb6a7f7 ("KVM: PPC: Book3S HV: Work around XER[SO] bug in fake suspend mode") The former landed in 4.8, the latter in 4.17. This was fixed without realizing the impact in 4.18 with the following three commits, though it's believed the first is the only strictly necessary commit: 6f597c6b63b6 ("KVM: PPC: Book3S PR: Add guest MSR parameter for kvmppc_save_tm()/kvmppc_restore_tm()") 7b0e827c6970 ("KVM: PPC: Book3S HV: Factor fake-suspend handling out of kvmppc_save/restore_tm") 009c872a8bc4 ("KVM: PPC: Book3S PR: Move kvmppc_save_tm/kvmppc_restore_tm to separate file") LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2021-20194 CVE STATUS: Unpatched CVE SUMMARY: There is a vulnerability in the linux kernel versions higher than 5.2 (if kernel compiled with config params CONFIG_BPF_SYSCALL=y , CONFIG_BPF=y , CONFIG_CGROUPS=y , CONFIG_CGROUP_BPF=y , CONFIG_HARDENED_USERCOPY not set, and BPF hook to getsockopt is registered). As result of BPF execution, the local user can trigger bug in __cgroup_bpf_run_filter_getsockopt() function that can lead to heap overflow (because of non-hardened usercopy). The impact of attack could be deny of service or possibly privileges escalation. LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2021-20265 CVE STATUS: Unpatched CVE SUMMARY: A flaw was found in the way memory resources were freed in the unix_stream_recvmsg function in the Linux kernel when a signal was pending. This flaw allows an unprivileged local user to crash the system by exhausting available memory. The highest threat from this vulnerability is to system availability. LAYER: meta-xilinx-virtualization PACKAGE NAME: xen PACKAGE VERSION: 4.20.0+stable-xilinx+git CVE: CVE-2021-26313 CVE STATUS: Unpatched CVE SUMMARY: Potential speculative code store bypass in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution of overwritten instructions, may cause an incorrect speculation and could result in data leakage. LAYER: meta-xilinx-virtualization PACKAGE NAME: xen PACKAGE VERSION: 4.20.0+stable-xilinx+git CVE: CVE-2021-26314 CVE STATUS: Unpatched CVE SUMMARY: Potential floating point value injection in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution with incorrect floating point results, may cause the use of incorrect data from FPVI and may result in data leakage. LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2021-28039 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in the Linux kernel 5.9.x through 5.11.3, as used with Xen. In some less-common configurations, an x86 PV guest OS user can crash a Dom0 or driver domain via a large amount of I/O activity. The issue relates to misuse of guest physical addresses when a configuration has CONFIG_XEN_UNPOPULATED_ALLOC but not CONFIG_XEN_BALLOON_MEMORY_HOTPLUG. -- LAYER: meta-xilinx-virtualization PACKAGE NAME: xen PACKAGE VERSION: 4.20.0+stable-xilinx+git CVE: CVE-2021-28039 CVE STATUS: Unpatched CVE SUMMARY: An issue was discovered in the Linux kernel 5.9.x through 5.11.3, as used with Xen. In some less-common configurations, an x86 PV guest OS user can crash a Dom0 or driver domain via a large amount of I/O activity. The issue relates to misuse of guest physical addresses when a configuration has CONFIG_XEN_UNPOPULATED_ALLOC but not CONFIG_XEN_BALLOON_MEMORY_HOTPLUG. LAYER: meta-xilinx-virtualization PACKAGE NAME: xen PACKAGE VERSION: 4.20.0+stable-xilinx+git CVE: CVE-2021-28692 CVE STATUS: Unpatched CVE SUMMARY: inappropriate x86 IOMMU timeout detection / handling IOMMUs process commands issued to them in parallel with the operation of the CPU(s) issuing such commands. In the current implementation in Xen, asynchronous notification of the completion of such commands is not used. Instead, the issuing CPU spin-waits for the completion of the most recently issued command(s). Some of these waiting loops try to apply a timeout to fail overly-slow commands. The course of action upon a perceived timeout actually being detected is inappropriate: - on Intel hardware guests which did not originally cause the timeout may be marked as crashed, - on AMD hardware higher layer callers would not be notified of the issue, making them continue as if the IOMMU operation succeeded. LAYER: meta-xilinx-virtualization PACKAGE NAME: xen PACKAGE VERSION: 4.20.0+stable-xilinx+git CVE: CVE-2021-28694 CVE STATUS: Unpatched CVE SUMMARY: IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Both AMD and Intel allow ACPI tables to specify regions of memory which should be left untranslated, which typically means these addresses should pass the translation phase unaltered. While these are typically device specific ACPI properties, they can also be specified to apply to a range of devices, or even all devices. On all systems with such regions Xen failed to prevent guests from undoing/replacing such mappings (CVE-2021-28694). On AMD systems, where a discontinuous range is specified by firmware, the supposedly-excluded middle range will also be identity-mapped (CVE-2021-28695). Further, on AMD systems, upon de-assigment of a physical device from a guest, the identity mappings would be left in place, allowing a guest continued access to ranges of memory which it shouldn't have access to anymore (CVE-2021-28696). LAYER: meta-xilinx-virtualization PACKAGE NAME: xen PACKAGE VERSION: 4.20.0+stable-xilinx+git CVE: CVE-2021-28695 CVE STATUS: Unpatched CVE SUMMARY: IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Both AMD and Intel allow ACPI tables to specify regions of memory which should be left untranslated, which typically means these addresses should pass the translation phase unaltered. While these are typically device specific ACPI properties, they can also be specified to apply to a range of devices, or even all devices. On all systems with such regions Xen failed to prevent guests from undoing/replacing such mappings (CVE-2021-28694). On AMD systems, where a discontinuous range is specified by firmware, the supposedly-excluded middle range will also be identity-mapped (CVE-2021-28695). Further, on AMD systems, upon de-assigment of a physical device from a guest, the identity mappings would be left in place, allowing a guest continued access to ranges of memory which it shouldn't have access to anymore (CVE-2021-28696). LAYER: meta-xilinx-virtualization PACKAGE NAME: xen PACKAGE VERSION: 4.20.0+stable-xilinx+git CVE: CVE-2021-28696 CVE STATUS: Unpatched CVE SUMMARY: IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Both AMD and Intel allow ACPI tables to specify regions of memory which should be left untranslated, which typically means these addresses should pass the translation phase unaltered. While these are typically device specific ACPI properties, they can also be specified to apply to a range of devices, or even all devices. On all systems with such regions Xen failed to prevent guests from undoing/replacing such mappings (CVE-2021-28694). On AMD systems, where a discontinuous range is specified by firmware, the supposedly-excluded middle range will also be identity-mapped (CVE-2021-28695). Further, on AMD systems, upon de-assigment of a physical device from a guest, the identity mappings would be left in place, allowing a guest continued access to ranges of memory which it shouldn't have access to anymore (CVE-2021-28696). LAYER: meta-xilinx-virtualization PACKAGE NAME: xen PACKAGE VERSION: 4.20.0+stable-xilinx+git CVE: CVE-2021-28698 CVE STATUS: Unpatched CVE SUMMARY: long running loops in grant table handling In order to properly monitor resource use, Xen maintains information on the grant mappings a domain may create to map grants offered by other domains. In the process of carrying out certain actions, Xen would iterate over all such entries, including ones which aren't in use anymore and some which may have been created but never used. If the number of entries for a given domain is large enough, this iterating of the entire table may tie up a CPU for too long, starving other domains or causing issues in the hypervisor itself. Note that a domain may map its own grants, i.e. there is no need for multiple domains to be involved here. A pair of "cooperating" guests may, however, cause the effects to be more severe. LAYER: meta-xilinx-virtualization PACKAGE NAME: xen PACKAGE VERSION: 4.20.0+stable-xilinx+git CVE: CVE-2021-28699 CVE STATUS: Unpatched CVE SUMMARY: inadequate grant-v2 status frames array bounds check The v2 grant table interface separates grant attributes from grant status. That is, when operating in this mode, a guest has two tables. As a result, guests also need to be able to retrieve the addresses that the new status tracking table can be accessed through. For 32-bit guests on x86, translation of requests has to occur because the interface structure layouts commonly differ between 32- and 64-bit. The translation of the request to obtain the frame numbers of the grant status table involves translating the resulting array of frame numbers. Since the space used to carry out the translation is limited, the translation layer tells the core function the capacity of the array within translation space. Unfortunately the core function then only enforces array bounds to be below 8 times the specified value, and would write past the available space if enough frame numbers needed storing. LAYER: meta-xilinx-virtualization PACKAGE NAME: xen PACKAGE VERSION: 4.20.0+stable-xilinx+git CVE: CVE-2021-28700 CVE STATUS: Unpatched CVE SUMMARY: xen/arm: No memory limit for dom0less domUs The dom0less feature allows an administrator to create multiple unprivileged domains directly from Xen. Unfortunately, the memory limit from them is not set. This allow a domain to allocate memory beyond what an administrator originally configured. LAYER: meta-xilinx-virtualization PACKAGE NAME: xen PACKAGE VERSION: 4.20.0+stable-xilinx+git CVE: CVE-2021-28701 CVE STATUS: Unpatched CVE SUMMARY: Another race in XENMAPSPACE_grant_table handling Guests are permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire lifetime. Grant table v2 status pages, however, are de-allocated when a guest switches (back) from v2 to v1. Freeing such pages requires that the hypervisor enforce that no parallel request can result in the addition of a mapping of such a page to a guest. That enforcement was missing, allowing guests to retain access to pages that were freed and perhaps re-used for other purposes. Unfortunately, when XSA-379 was being prepared, this similar issue was not noticed. LAYER: meta-xilinx-virtualization PACKAGE NAME: xen PACKAGE VERSION: 4.20.0+stable-xilinx+git CVE: CVE-2021-28703 CVE STATUS: Unpatched CVE SUMMARY: grant table v2 status pages may remain accessible after de-allocation (take two) Guest get permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire lifetime. Grant table v2 status pages, however, get de-allocated when a guest switched (back) from v2 to v1. The freeing of such pages requires that the hypervisor know where in the guest these pages were mapped. The hypervisor tracks only one use within guest space, but racing requests from the guest to insert mappings of these pages may result in any of them to become mapped in multiple locations. Upon switching back from v2 to v1, the guest would then retain access to a page that was freed and perhaps re-used for other purposes. This bug was fortuitously fixed by code cleanup in Xen 4.14, and backported to security-supported Xen branches as a prerequisite of the fix for XSA-378. LAYER: meta-xilinx-virtualization PACKAGE NAME: xen PACKAGE VERSION: 4.20.0+stable-xilinx+git CVE: CVE-2021-28711 CVE STATUS: Unpatched CVE SUMMARY: Rogue backends can cause DoS of guests via high frequency events T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen offers the ability to run PV backends in regular unprivileged guests, typically referred to as "driver domains". Running PV backends in driver domains has one primary security advantage: if a driver domain gets compromised, it doesn't have the privileges to take over the system. However, a malicious driver domain could try to attack other guests via sending events at a high frequency leading to a Denial of Service in the guest due to trying to service interrupts for elongated amounts of time. There are three affected backends: * blkfront patch 1, CVE-2021-28711 * netfront patch 2, CVE-2021-28712 * hvc_xen (console) patch 3, CVE-2021-28713 LAYER: meta-xilinx-virtualization PACKAGE NAME: xen PACKAGE VERSION: 4.20.0+stable-xilinx+git CVE: CVE-2021-28712 CVE STATUS: Unpatched CVE SUMMARY: Rogue backends can cause DoS of guests via high frequency events T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen offers the ability to run PV backends in regular unprivileged guests, typically referred to as "driver domains". Running PV backends in driver domains has one primary security advantage: if a driver domain gets compromised, it doesn't have the privileges to take over the system. However, a malicious driver domain could try to attack other guests via sending events at a high frequency leading to a Denial of Service in the guest due to trying to service interrupts for elongated amounts of time. There are three affected backends: * blkfront patch 1, CVE-2021-28711 * netfront patch 2, CVE-2021-28712 * hvc_xen (console) patch 3, CVE-2021-28713 LAYER: meta-xilinx-virtualization PACKAGE NAME: xen PACKAGE VERSION: 4.20.0+stable-xilinx+git CVE: CVE-2021-28713 CVE STATUS: Unpatched CVE SUMMARY: Rogue backends can cause DoS of guests via high frequency events T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen offers the ability to run PV backends in regular unprivileged guests, typically referred to as "driver domains". Running PV backends in driver domains has one primary security advantage: if a driver domain gets compromised, it doesn't have the privileges to take over the system. However, a malicious driver domain could try to attack other guests via sending events at a high frequency leading to a Denial of Service in the guest due to trying to service interrupts for elongated amounts of time. There are three affected backends: * blkfront patch 1, CVE-2021-28711 * netfront patch 2, CVE-2021-28712 * hvc_xen (console) patch 3, CVE-2021-28713 LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2021-3564 CVE STATUS: Unpatched CVE SUMMARY: A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in the way user attach malicious HCI TTY Bluetooth device. A local user could use this flaw to crash the system. This flaw affects all the Linux kernel versions starting from 3.13. LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2021-3669 CVE STATUS: Unpatched CVE SUMMARY: A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large shared memory segment counts which could lead to resource exhaustion and DoS. -- LAYER: meta PACKAGE NAME: sqlite3 PACKAGE VERSION: 3_3.45.3 CVE: CVE-2021-36690 CVE STATUS: Patched CVE SUMMARY: A segmentation fault can occur in the sqlite3.exe command-line component of SQLite 3.36.0 via the idxGetTableInfo function when there is a crafted SQL query. NOTE: the vendor disputes the relevance of this report because a sqlite3.exe user already has full privileges (e.g., is intentionally allowed to execute commands). This report does NOT imply any problem in the SQLite library. LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2021-3714 CVE STATUS: Unpatched CVE SUMMARY: A flaw was found in the Linux kernels memory deduplication mechanism. Previous work has shown that memory deduplication can be attacked via a local exploitation mechanism. The same technique can be used if an attacker can upload page sized files and detect the change in access time from a networked service to determine if the page has been merged. LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2021-3759 CVE STATUS: Unpatched CVE SUMMARY: A memory overflow vulnerability was found in the Linux kernel’s ipc functionality of the memcg subsystem, in the way a user calls the semget function multiple times, creating semaphores. This flaw allows a local user to starve the resources, causing a denial of service. The highest threat from this vulnerability is to system availability. LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2021-3864 CVE STATUS: Unpatched CVE SUMMARY: A flaw was found in the way the dumpable flag setting was handled when certain SUID binaries executed its descendants. The prerequisite is a SUID binary that sets real UID equal to effective UID, and real GID equal to effective GID. The descendant will then have a dumpable value set to 1. As a result, if the descendant process crashes and core_pattern is set to a relative value, its core dump is stored in the current directory with uid:gid permissions. An unprivileged local user with eligible root SUID binary could use this flaw to place core dumps into root-owned directories, potentially resulting in escalation of privileges. LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2021-4218 CVE STATUS: Unpatched CVE SUMMARY: A flaw was found in the Linux kernel’s implementation of reading the SVC RDMA counters. Reading the counter sysctl panics the system. This flaw allows a local attacker with local access to cause a denial of service while the system reboots. The issue is specific to CentOS/RHEL. LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2022-0286 CVE STATUS: Unpatched CVE SUMMARY: A flaw was found in the Linux kernel. A null pointer dereference in bond_ipsec_add_sa() may lead to local denial of service. LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2022-0400 CVE STATUS: Unpatched CVE SUMMARY: An out-of-bounds read vulnerability was discovered in linux kernel in the smc protocol stack, causing remote dos. LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2022-1247 CVE STATUS: Unpatched CVE SUMMARY: An issue found in linux-kernel that leads to a race condition in rose_connect(). The rose driver uses rose_neigh->use to represent how many objects are using the rose_neigh. When a user wants to delete a rose_route via rose_ioctl(), the rose driver calls rose_del_node() and removes neighbours only if their “count” and “use” are zero. LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2022-1462 CVE STATUS: Unpatched CVE SUMMARY: An out-of-bounds read flaw was found in the Linux kernel’s TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read unauthorized random data from memory. LAYER: meta-xilinx-virtualization PACKAGE NAME: xen PACKAGE VERSION: 4.20.0+stable-xilinx+git CVE: CVE-2022-21123 CVE STATUS: Unpatched CVE SUMMARY: Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. LAYER: meta-xilinx-virtualization PACKAGE NAME: xen PACKAGE VERSION: 4.20.0+stable-xilinx+git CVE: CVE-2022-21125 CVE STATUS: Unpatched CVE SUMMARY: Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. LAYER: meta-xilinx-virtualization PACKAGE NAME: xen PACKAGE VERSION: 4.20.0+stable-xilinx+git CVE: CVE-2022-21127 CVE STATUS: Unpatched CVE SUMMARY: Incomplete cleanup in specific special register read operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. LAYER: meta-xilinx-virtualization PACKAGE NAME: xen PACKAGE VERSION: 4.20.0+stable-xilinx+git CVE: CVE-2022-21166 CVE STATUS: Unpatched CVE SUMMARY: Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. LAYER: meta-xilinx-virtualization PACKAGE NAME: xen PACKAGE VERSION: 4.20.0+stable-xilinx+git CVE: CVE-2022-23033 CVE STATUS: Unpatched CVE SUMMARY: arm: guest_physmap_remove_page not removing the p2m mappings The functions to remove one or more entries from a guest p2m pagetable on Arm (p2m_remove_mapping, guest_physmap_remove_page, and p2m_set_entry with mfn set to INVALID_MFN) do not actually clear the pagetable entry if the entry doesn't have the valid bit set. It is possible to have a valid pagetable entry without the valid bit set when a guest operating system uses set/way cache maintenance instructions. For instance, a guest issuing a set/way cache maintenance instruction, then calling the XENMEM_decrease_reservation hypercall to give back memory pages to Xen, might be able to retain access to those pages even after Xen started reusing them for other purposes. LAYER: meta-xilinx-virtualization PACKAGE NAME: xen PACKAGE VERSION: 4.20.0+stable-xilinx+git CVE: CVE-2022-23035 CVE STATUS: Unpatched CVE SUMMARY: Insufficient cleanup of passed-through device IRQs The management of IRQs associated with physical devices exposed to x86 HVM guests involves an iterative operation in particular when cleaning up after the guest's use of the device. In the case where an interrupt is not quiescent yet at the time this cleanup gets invoked, the cleanup attempt may be scheduled to be retried. When multiple interrupts are involved, this scheduling of a retry may get erroneously skipped. At the same time pointers may get cleared (resulting in a de-reference of NULL) and freed (resulting in a use-after-free), while other code would continue to assume them to be valid. LAYER: meta-xilinx-virtualization PACKAGE NAME: xen PACKAGE VERSION: 4.20.0+stable-xilinx+git CVE: CVE-2022-23036 CVE STATUS: Unpatched CVE SUMMARY: Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn't check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042 LAYER: meta-xilinx-virtualization PACKAGE NAME: xen PACKAGE VERSION: 4.20.0+stable-xilinx+git CVE: CVE-2022-23037 CVE STATUS: Unpatched CVE SUMMARY: Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn't check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042 LAYER: meta-xilinx-virtualization PACKAGE NAME: xen PACKAGE VERSION: 4.20.0+stable-xilinx+git CVE: CVE-2022-23038 CVE STATUS: Unpatched CVE SUMMARY: Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn't check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042 LAYER: meta-xilinx-virtualization PACKAGE NAME: xen PACKAGE VERSION: 4.20.0+stable-xilinx+git CVE: CVE-2022-23039 CVE STATUS: Unpatched CVE SUMMARY: Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn't check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042 LAYER: meta-xilinx-virtualization PACKAGE NAME: xen PACKAGE VERSION: 4.20.0+stable-xilinx+git CVE: CVE-2022-23040 CVE STATUS: Unpatched CVE SUMMARY: Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn't check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042 LAYER: meta-xilinx-virtualization PACKAGE NAME: xen PACKAGE VERSION: 4.20.0+stable-xilinx+git CVE: CVE-2022-23041 CVE STATUS: Unpatched CVE SUMMARY: Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn't check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042 LAYER: meta-xilinx-virtualization PACKAGE NAME: xen PACKAGE VERSION: 4.20.0+stable-xilinx+git CVE: CVE-2022-23042 CVE STATUS: Unpatched CVE SUMMARY: Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn't check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042 LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2022-2308 CVE STATUS: Unpatched CVE SUMMARY: A flaw was found in vDPA with VDUSE backend. There are currently no checks in VDUSE kernel driver to ensure the size of the device config space is in line with the features advertised by the VDUSE userspace application. In case of a mismatch, Virtio drivers config read helpers do not initialize the memory indirectly passed to vduse_vdpa_get_config() returning uninitialized memory from the stack. This could cause undefined behavior or data leaks in Virtio drivers. LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2022-2327 CVE STATUS: Unpatched CVE SUMMARY: io_uring use work_flags to determine which identity need to grab from the calling process to make sure it is consistent with the calling process when executing IORING_OP. Some operations are missing some types, which can lead to incorrect reference counts which can then lead to a double free. We recommend upgrading the kernel past commit df3f3bb5059d20ef094d6b2f0256c4bf4127a859 LAYER: meta-xilinx-virtualization PACKAGE NAME: xen PACKAGE VERSION: 4.20.0+stable-xilinx+git CVE: CVE-2022-23824 CVE STATUS: Unpatched CVE SUMMARY: IBPB may not prevent return branch predictions from being specified by pre-IBPB branch targets leading to a potential information disclosure. LAYER: meta-xilinx-virtualization PACKAGE NAME: xen PACKAGE VERSION: 4.20.0+stable-xilinx+git CVE: CVE-2022-23960 CVE STATUS: Unpatched CVE SUMMARY: Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer (BHB) to influence mispredicted branches. Then, cache allocation can allow the attacker to obtain sensitive information. LAYER: meta-xilinx-virtualization PACKAGE NAME: xen PACKAGE VERSION: 4.20.0+stable-xilinx+git CVE: CVE-2022-26358 CVE STATUS: Unpatched CVE SUMMARY: IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR") for Intel VT-d or Unity Mapping ranges for AMD-Vi. These are typically used for platform tasks such as legacy USB emulation. Since the precise purpose of these regions is unknown, once a device associated with such a region is active, the mappings of these regions need to remain continuouly accessible by the device. This requirement has been violated. Subsequent DMA or interrupts from the device may have unpredictable behaviour, ranging from IOMMU faults to memory corruption. LAYER: meta-xilinx-virtualization PACKAGE NAME: xen PACKAGE VERSION: 4.20.0+stable-xilinx+git CVE: CVE-2022-26359 CVE STATUS: Unpatched CVE SUMMARY: IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR") for Intel VT-d or Unity Mapping ranges for AMD-Vi. These are typically used for platform tasks such as legacy USB emulation. Since the precise purpose of these regions is unknown, once a device associated with such a region is active, the mappings of these regions need to remain continuouly accessible by the device. This requirement has been violated. Subsequent DMA or interrupts from the device may have unpredictable behaviour, ranging from IOMMU faults to memory corruption. LAYER: meta-xilinx-virtualization PACKAGE NAME: xen PACKAGE VERSION: 4.20.0+stable-xilinx+git CVE: CVE-2022-26360 CVE STATUS: Unpatched CVE SUMMARY: IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR") for Intel VT-d or Unity Mapping ranges for AMD-Vi. These are typically used for platform tasks such as legacy USB emulation. Since the precise purpose of these regions is unknown, once a device associated with such a region is active, the mappings of these regions need to remain continuouly accessible by the device. This requirement has been violated. Subsequent DMA or interrupts from the device may have unpredictable behaviour, ranging from IOMMU faults to memory corruption. LAYER: meta-xilinx-virtualization PACKAGE NAME: xen PACKAGE VERSION: 4.20.0+stable-xilinx+git CVE: CVE-2022-26361 CVE STATUS: Unpatched CVE SUMMARY: IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR") for Intel VT-d or Unity Mapping ranges for AMD-Vi. These are typically used for platform tasks such as legacy USB emulation. Since the precise purpose of these regions is unknown, once a device associated with such a region is active, the mappings of these regions need to remain continuouly accessible by the device. This requirement has been violated. Subsequent DMA or interrupts from the device may have unpredictable behaviour, ranging from IOMMU faults to memory corruption. LAYER: meta-xilinx-virtualization PACKAGE NAME: xen PACKAGE VERSION: 4.20.0+stable-xilinx+git CVE: CVE-2022-26362 CVE STATUS: Unpatched CVE SUMMARY: x86 pv: Race condition in typeref acquisition Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to maintain invariants required for Xen's safety, e.g. PV guests may not have direct writeable access to pagetables; updates need auditing by Xen. Unfortunately, the logic for acquiring a type reference has a race condition, whereby a safely TLB flush is issued too early and creates a window where the guest can re-establish the read/write mapping before writeability is prohibited. LAYER: meta-xilinx-virtualization PACKAGE NAME: xen PACKAGE VERSION: 4.20.0+stable-xilinx+git CVE: CVE-2022-26363 CVE STATUS: Unpatched CVE SUMMARY: x86 pv: Insufficient care with non-coherent mappings T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to maintain invariants required for Xen's safety, e.g. PV guests may not have direct writeable access to pagetables; updates need auditing by Xen. Unfortunately, Xen's safety logic doesn't account for CPU-induced cache non-coherency; cases where the CPU can cause the content of the cache to be different to the content in main memory. In such cases, Xen's safety logic can incorrectly conclude that the contents of a page is safe. LAYER: meta-xilinx-virtualization PACKAGE NAME: xen PACKAGE VERSION: 4.20.0+stable-xilinx+git CVE: CVE-2022-26364 CVE STATUS: Unpatched CVE SUMMARY: x86 pv: Insufficient care with non-coherent mappings T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to maintain invariants required for Xen's safety, e.g. PV guests may not have direct writeable access to pagetables; updates need auditing by Xen. Unfortunately, Xen's safety logic doesn't account for CPU-induced cache non-coherency; cases where the CPU can cause the content of the cache to be different to the content in main memory. In such cases, Xen's safety logic can incorrectly conclude that the contents of a page is safe. LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2022-26365 CVE STATUS: Patched CVE SUMMARY: Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). -- LAYER: meta-xilinx-virtualization PACKAGE NAME: xen PACKAGE VERSION: 4.20.0+stable-xilinx+git CVE: CVE-2022-26365 CVE STATUS: Unpatched CVE SUMMARY: Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2022-2663 CVE STATUS: Unpatched CVE SUMMARY: An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and incorrectly matches the message. A firewall may be able to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured. LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2022-2785 CVE STATUS: Unpatched CVE SUMMARY: There exists an arbitrary memory read within the Linux Kernel BPF - Constants provided to fill pointers in structs passed in to bpf_sys_bpf are not verified and can point anywhere, including memory not owned by BPF. An attacker with CAP_BPF can arbitrarily read memory from anywhere on the system. We recommend upgrading past commit 86f44fcec22c LAYER: meta-xilinx-virtualization PACKAGE NAME: xen PACKAGE VERSION: 4.20.0+stable-xilinx+git CVE: CVE-2022-29900 CVE STATUS: Unpatched CVE SUMMARY: Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. LAYER: meta-xilinx-virtualization PACKAGE NAME: xen PACKAGE VERSION: 4.20.0+stable-xilinx+git CVE: CVE-2022-29901 CVE STATUS: Unpatched CVE SUMMARY: Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions. LAYER: meta-multimedia PACKAGE NAME: sox PACKAGE VERSION: 14.4.2 CVE: CVE-2022-31650 CVE STATUS: Unpatched CVE SUMMARY: In SoX 14.4.2, there is a floating-point exception in lsx_aiffstartwrite in aiff.c in libsox.a. LAYER: meta-multimedia PACKAGE NAME: sox PACKAGE VERSION: 14.4.2 CVE: CVE-2022-31651 CVE STATUS: Unpatched CVE SUMMARY: In SoX 14.4.2, there is an assertion failure in rate_init in rate.c in libsox.a. LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2022-33740 CVE STATUS: Patched CVE SUMMARY: Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). -- LAYER: meta-xilinx-virtualization PACKAGE NAME: xen PACKAGE VERSION: 4.20.0+stable-xilinx+git CVE: CVE-2022-33740 CVE STATUS: Unpatched CVE SUMMARY: Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2022-33741 CVE STATUS: Patched CVE SUMMARY: Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). -- LAYER: meta-xilinx-virtualization PACKAGE NAME: xen PACKAGE VERSION: 4.20.0+stable-xilinx+git CVE: CVE-2022-33741 CVE STATUS: Unpatched CVE SUMMARY: Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2022-33742 CVE STATUS: Patched CVE SUMMARY: Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). -- LAYER: meta-xilinx-virtualization PACKAGE NAME: xen PACKAGE VERSION: 4.20.0+stable-xilinx+git CVE: CVE-2022-33742 CVE STATUS: Unpatched CVE SUMMARY: Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2022-33743 CVE STATUS: Patched CVE SUMMARY: network backend may cause Linux netfront to use freed SKBs While adding logic to support XDP (eXpress Data Path), a code label was moved in a way allowing for SKBs having references (pointers) retained for further processing to nevertheless be freed. -- LAYER: meta-xilinx-virtualization PACKAGE NAME: xen PACKAGE VERSION: 4.20.0+stable-xilinx+git CVE: CVE-2022-33743 CVE STATUS: Unpatched CVE SUMMARY: network backend may cause Linux netfront to use freed SKBs While adding logic to support XDP (eXpress Data Path), a code label was moved in a way allowing for SKBs having references (pointers) retained for further processing to nevertheless be freed. LAYER: meta-xilinx-virtualization PACKAGE NAME: xen PACKAGE VERSION: 4.20.0+stable-xilinx+git CVE: CVE-2022-33745 CVE STATUS: Unpatched CVE SUMMARY: insufficient TLB flush for x86 PV guests in shadow mode For migration as well as to work around kernels unaware of L1TF (see XSA-273), PV guests may be run in shadow paging mode. To address XSA-401, code was moved inside a function in Xen. This code movement missed a variable changing meaning / value between old and new code positions. The now wrong use of the variable did lead to a wrong TLB flush condition, omitting flushes where such are necessary. LAYER: meta-xilinx-virtualization PACKAGE NAME: xen PACKAGE VERSION: 4.20.0+stable-xilinx+git CVE: CVE-2022-33747 CVE STATUS: Unpatched CVE SUMMARY: Arm: unbounded memory consumption for 2nd-level page tables Certain actions require e.g. removing pages from a guest's P2M (Physical-to-Machine) mapping. When large pages are in use to map guest pages in the 2nd-stage page tables, such a removal operation may incur a memory allocation (to replace a large mapping with individual smaller ones). These memory allocations are taken from the global memory pool. A malicious guest might be able to cause the global memory pool to be exhausted by manipulating its own P2M mappings. LAYER: meta-xilinx-virtualization PACKAGE NAME: xen PACKAGE VERSION: 4.20.0+stable-xilinx+git CVE: CVE-2022-33748 CVE STATUS: Unpatched CVE SUMMARY: lock order inversion in transitive grant copy handling As part of XSA-226 a missing cleanup call was inserted on an error handling path. While doing so, locking requirements were not paid attention to. As a result two cooperating guests granting each other transitive grants can cause locks to be acquired nested within one another, but in respectively opposite order. With suitable timing between the involved grant copy operations this may result in the locking up of a CPU. LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2022-3435 CVE STATUS: Unpatched CVE SUMMARY: A vulnerability classified as problematic has been found in Linux Kernel. This affects the function fib_nh_match of the file net/ipv4/fib_semantics.c of the component IPv4 Handler. The manipulation leads to out-of-bounds read. It is possible to initiate the attack remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-210357 was assigned to this vulnerability. LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2022-3523 CVE STATUS: Unpatched CVE SUMMARY: A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is an unknown function of the file mm/memory.c of the component Driver Handler. The manipulation leads to use after free. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211020. LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2022-3534 CVE STATUS: Unpatched CVE SUMMARY: A vulnerability classified as critical has been found in Linux Kernel. Affected is the function btf_dump_name_dups of the file tools/lib/bpf/btf_dump.c of the component libbpf. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211032. LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2022-3566 CVE STATUS: Unpatched CVE SUMMARY: A vulnerability, which was classified as problematic, was found in Linux Kernel. This affects the function tcp_getsockopt/tcp_setsockopt of the component TCP Handler. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. The identifier VDB-211089 was assigned to this vulnerability. LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2022-3567 CVE STATUS: Unpatched CVE SUMMARY: A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function inet6_stream_ops/inet6_dgram_ops of the component IPv6 Handler. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. VDB-211090 is the identifier assigned to this vulnerability. LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2022-3619 CVE STATUS: Unpatched CVE SUMMARY: A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function l2cap_recv_acldata of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. VDB-211918 is the identifier assigned to this vulnerability. LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2022-3621 CVE STATUS: Unpatched CVE SUMMARY: A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_bmap_lookup_at_level of the file fs/nilfs2/inode.c of the component nilfs2. The manipulation leads to null pointer dereference. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211920. LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2022-3624 CVE STATUS: Unpatched CVE SUMMARY: A vulnerability was found in Linux Kernel and classified as problematic. Affected by this issue is the function rlb_arp_xmit of the file drivers/net/bonding/bond_alb.c of the component IPsec. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211928. LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2022-3629 CVE STATUS: Unpatched CVE SUMMARY: A vulnerability was found in Linux Kernel. It has been declared as problematic. This vulnerability affects the function vsock_connect of the file net/vmw_vsock/af_vsock.c. The manipulation leads to memory leak. The complexity of an attack is rather high. The exploitation appears to be difficult. It is recommended to apply a patch to fix this issue. VDB-211930 is the identifier assigned to this vulnerability. LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2022-3630 CVE STATUS: Unpatched CVE SUMMARY: A vulnerability was found in Linux Kernel. It has been rated as problematic. This issue affects some unknown processing of the file fs/fscache/cookie.c of the component IPsec. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211931. LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2022-3633 CVE STATUS: Unpatched CVE SUMMARY: A vulnerability classified as problematic has been found in Linux Kernel. Affected is the function j1939_session_destroy of the file net/can/j1939/transport.c. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211932. LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2022-3636 CVE STATUS: Unpatched CVE SUMMARY: A vulnerability, which was classified as critical, was found in Linux Kernel. This affects the function __mtk_ppe_check_skb of the file drivers/net/ethernet/mediatek/mtk_ppe.c of the component Ethernet Handler. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211935. LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2022-36402 CVE STATUS: Unpatched CVE SUMMARY: An integer overflow vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in GPU component of Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS). LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2022-3646 CVE STATUS: Unpatched CVE SUMMARY: A vulnerability, which was classified as problematic, has been found in Linux Kernel. This issue affects the function nilfs_attach_log_writer of the file fs/nilfs2/segment.c of the component BPF. The manipulation leads to memory leak. The attack may be initiated remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211961 was assigned to this vulnerability. LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2022-38096 CVE STATUS: Unpatched CVE SUMMARY: A NULL pointer dereference vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in GPU component of Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS). LAYER: meta-xilinx-virtualization PACKAGE NAME: xen PACKAGE VERSION: 4.20.0+stable-xilinx+git CVE: CVE-2022-40982 CVE STATUS: Unpatched CVE SUMMARY: Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. LAYER: meta-xilinx-virtualization PACKAGE NAME: xen PACKAGE VERSION: 4.20.0+stable-xilinx+git CVE: CVE-2022-42309 CVE STATUS: Unpatched CVE SUMMARY: Xenstore: Guests can crash xenstored Due to a bug in the fix of XSA-115 a malicious guest can cause xenstored to use a wrong pointer during node creation in an error path, resulting in a crash of xenstored or a memory corruption in xenstored causing further damage. Entering the error path can be controlled by the guest e.g. by exceeding the quota value of maximum nodes per domain. LAYER: meta-xilinx-virtualization PACKAGE NAME: xen PACKAGE VERSION: 4.20.0+stable-xilinx+git CVE: CVE-2022-42311 CVE STATUS: Unpatched CVE SUMMARY: Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a Denial of Service (DoS) of xenstored. There are multiple ways how guests can cause large memory allocations in xenstored: - - by issuing new requests to xenstored without reading the responses, causing the responses to be buffered in memory - - by causing large number of watch events to be generated via setting up multiple xenstore watches and then e.g. deleting many xenstore nodes below the watched path - - by creating as many nodes as allowed with the maximum allowed size and path length in as many transactions as possible - - by accessing many nodes inside a transaction LAYER: meta-xilinx-virtualization PACKAGE NAME: xen PACKAGE VERSION: 4.20.0+stable-xilinx+git CVE: CVE-2022-42312 CVE STATUS: Unpatched CVE SUMMARY: Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a Denial of Service (DoS) of xenstored. There are multiple ways how guests can cause large memory allocations in xenstored: - - by issuing new requests to xenstored without reading the responses, causing the responses to be buffered in memory - - by causing large number of watch events to be generated via setting up multiple xenstore watches and then e.g. deleting many xenstore nodes below the watched path - - by creating as many nodes as allowed with the maximum allowed size and path length in as many transactions as possible - - by accessing many nodes inside a transaction LAYER: meta-xilinx-virtualization PACKAGE NAME: xen PACKAGE VERSION: 4.20.0+stable-xilinx+git CVE: CVE-2022-42313 CVE STATUS: Unpatched CVE SUMMARY: Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a Denial of Service (DoS) of xenstored. There are multiple ways how guests can cause large memory allocations in xenstored: - - by issuing new requests to xenstored without reading the responses, causing the responses to be buffered in memory - - by causing large number of watch events to be generated via setting up multiple xenstore watches and then e.g. deleting many xenstore nodes below the watched path - - by creating as many nodes as allowed with the maximum allowed size and path length in as many transactions as possible - - by accessing many nodes inside a transaction LAYER: meta-xilinx-virtualization PACKAGE NAME: xen PACKAGE VERSION: 4.20.0+stable-xilinx+git CVE: CVE-2022-42314 CVE STATUS: Unpatched CVE SUMMARY: Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a Denial of Service (DoS) of xenstored. There are multiple ways how guests can cause large memory allocations in xenstored: - - by issuing new requests to xenstored without reading the responses, causing the responses to be buffered in memory - - by causing large number of watch events to be generated via setting up multiple xenstore watches and then e.g. deleting many xenstore nodes below the watched path - - by creating as many nodes as allowed with the maximum allowed size and path length in as many transactions as possible - - by accessing many nodes inside a transaction LAYER: meta-xilinx-virtualization PACKAGE NAME: xen PACKAGE VERSION: 4.20.0+stable-xilinx+git CVE: CVE-2022-42315 CVE STATUS: Unpatched CVE SUMMARY: Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a Denial of Service (DoS) of xenstored. There are multiple ways how guests can cause large memory allocations in xenstored: - - by issuing new requests to xenstored without reading the responses, causing the responses to be buffered in memory - - by causing large number of watch events to be generated via setting up multiple xenstore watches and then e.g. deleting many xenstore nodes below the watched path - - by creating as many nodes as allowed with the maximum allowed size and path length in as many transactions as possible - - by accessing many nodes inside a transaction LAYER: meta-xilinx-virtualization PACKAGE NAME: xen PACKAGE VERSION: 4.20.0+stable-xilinx+git CVE: CVE-2022-42316 CVE STATUS: Unpatched CVE SUMMARY: Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a Denial of Service (DoS) of xenstored. There are multiple ways how guests can cause large memory allocations in xenstored: - - by issuing new requests to xenstored without reading the responses, causing the responses to be buffered in memory - - by causing large number of watch events to be generated via setting up multiple xenstore watches and then e.g. deleting many xenstore nodes below the watched path - - by creating as many nodes as allowed with the maximum allowed size and path length in as many transactions as possible - - by accessing many nodes inside a transaction LAYER: meta-xilinx-virtualization PACKAGE NAME: xen PACKAGE VERSION: 4.20.0+stable-xilinx+git CVE: CVE-2022-42317 CVE STATUS: Unpatched CVE SUMMARY: Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a Denial of Service (DoS) of xenstored. There are multiple ways how guests can cause large memory allocations in xenstored: - - by issuing new requests to xenstored without reading the responses, causing the responses to be buffered in memory - - by causing large number of watch events to be generated via setting up multiple xenstore watches and then e.g. deleting many xenstore nodes below the watched path - - by creating as many nodes as allowed with the maximum allowed size and path length in as many transactions as possible - - by accessing many nodes inside a transaction LAYER: meta-xilinx-virtualization PACKAGE NAME: xen PACKAGE VERSION: 4.20.0+stable-xilinx+git CVE: CVE-2022-42318 CVE STATUS: Unpatched CVE SUMMARY: Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a Denial of Service (DoS) of xenstored. There are multiple ways how guests can cause large memory allocations in xenstored: - - by issuing new requests to xenstored without reading the responses, causing the responses to be buffered in memory - - by causing large number of watch events to be generated via setting up multiple xenstore watches and then e.g. deleting many xenstore nodes below the watched path - - by creating as many nodes as allowed with the maximum allowed size and path length in as many transactions as possible - - by accessing many nodes inside a transaction LAYER: meta-xilinx-virtualization PACKAGE NAME: xen PACKAGE VERSION: 4.20.0+stable-xilinx+git CVE: CVE-2022-42319 CVE STATUS: Unpatched CVE SUMMARY: Xenstore: Guests can cause Xenstore to not free temporary memory When working on a request of a guest, xenstored might need to allocate quite large amounts of memory temporarily. This memory is freed only after the request has been finished completely. A request is regarded to be finished only after the guest has read the response message of the request from the ring page. Thus a guest not reading the response can cause xenstored to not free the temporary memory. This can result in memory shortages causing Denial of Service (DoS) of xenstored. LAYER: meta-xilinx-virtualization PACKAGE NAME: xen PACKAGE VERSION: 4.20.0+stable-xilinx+git CVE: CVE-2022-42320 CVE STATUS: Unpatched CVE SUMMARY: Xenstore: Guests can get access to Xenstore nodes of deleted domains Access rights of Xenstore nodes are per domid. When a domain is gone, there might be Xenstore nodes left with access rights containing the domid of the removed domain. This is normally no problem, as those access right entries will be corrected when such a node is written later. There is a small time window when a new domain is created, where the access rights of a past domain with the same domid as the new one will be regarded to be still valid, leading to the new domain being able to get access to a node which was meant to be accessible by the removed domain. For this to happen another domain needs to write the node before the newly created domain is being introduced to Xenstore by dom0. LAYER: meta-xilinx-virtualization PACKAGE NAME: xen PACKAGE VERSION: 4.20.0+stable-xilinx+git CVE: CVE-2022-42321 CVE STATUS: Unpatched CVE SUMMARY: Xenstore: Guests can crash xenstored via exhausting the stack Xenstored is using recursion for some Xenstore operations (e.g. for deleting a sub-tree of Xenstore nodes). With sufficiently deep nesting levels this can result in stack exhaustion on xenstored, leading to a crash of xenstored. LAYER: meta-xilinx-virtualization PACKAGE NAME: xen PACKAGE VERSION: 4.20.0+stable-xilinx+git CVE: CVE-2022-42322 CVE STATUS: Unpatched CVE SUMMARY: Xenstore: Cooperating guests can create arbitrary numbers of nodes T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Since the fix of XSA-322 any Xenstore node owned by a removed domain will be modified to be owned by Dom0. This will allow two malicious guests working together to create an arbitrary number of Xenstore nodes. This is possible by domain A letting domain B write into domain A's local Xenstore tree. Domain B can then create many nodes and reboot. The nodes created by domain B will now be owned by Dom0. By repeating this process over and over again an arbitrary number of nodes can be created, as Dom0's number of nodes isn't limited by Xenstore quota. LAYER: meta-xilinx-virtualization PACKAGE NAME: xen PACKAGE VERSION: 4.20.0+stable-xilinx+git CVE: CVE-2022-42323 CVE STATUS: Unpatched CVE SUMMARY: Xenstore: Cooperating guests can create arbitrary numbers of nodes T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Since the fix of XSA-322 any Xenstore node owned by a removed domain will be modified to be owned by Dom0. This will allow two malicious guests working together to create an arbitrary number of Xenstore nodes. This is possible by domain A letting domain B write into domain A's local Xenstore tree. Domain B can then create many nodes and reboot. The nodes created by domain B will now be owned by Dom0. By repeating this process over and over again an arbitrary number of nodes can be created, as Dom0's number of nodes isn't limited by Xenstore quota. LAYER: meta-xilinx-virtualization PACKAGE NAME: xen PACKAGE VERSION: 4.20.0+stable-xilinx+git CVE: CVE-2022-42324 CVE STATUS: Unpatched CVE SUMMARY: Oxenstored 32->31 bit integer truncation issues Integers in Ocaml are 63 or 31 bits of signed precision. The Ocaml Xenbus library takes a C uint32_t out of the ring and casts it directly to an Ocaml integer. In 64-bit Ocaml builds this is fine, but in 32-bit builds, it truncates off the most significant bit, and then creates unsigned/signed confusion in the remainder. This in turn can feed a negative value into logic not expecting a negative value, resulting in unexpected exceptions being thrown. The unexpected exception is not handled suitably, creating a busy-loop trying (and failing) to take the bad packet out of the xenstore ring. LAYER: meta-xilinx-virtualization PACKAGE NAME: xen PACKAGE VERSION: 4.20.0+stable-xilinx+git CVE: CVE-2022-42325 CVE STATUS: Unpatched CVE SUMMARY: Xenstore: Guests can create arbitrary number of nodes via transactions T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] In case a node has been created in a transaction and it is later deleted in the same transaction, the transaction will be terminated with an error. As this error is encountered only when handling the deleted node at transaction finalization, the transaction will have been performed partially and without updating the accounting information. This will enable a malicious guest to create arbitrary number of nodes. LAYER: meta-xilinx-virtualization PACKAGE NAME: xen PACKAGE VERSION: 4.20.0+stable-xilinx+git CVE: CVE-2022-42326 CVE STATUS: Unpatched CVE SUMMARY: Xenstore: Guests can create arbitrary number of nodes via transactions T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] In case a node has been created in a transaction and it is later deleted in the same transaction, the transaction will be terminated with an error. As this error is encountered only when handling the deleted node at transaction finalization, the transaction will have been performed partially and without updating the accounting information. This will enable a malicious guest to create arbitrary number of nodes. LAYER: meta-xilinx-virtualization PACKAGE NAME: xen PACKAGE VERSION: 4.20.0+stable-xilinx+git CVE: CVE-2022-42332 CVE STATUS: Unpatched CVE SUMMARY: x86 shadow plus log-dirty mode use-after-free In environments where host assisted address translation is necessary but Hardware Assisted Paging (HAP) is unavailable, Xen will run guests in so called shadow mode. Shadow mode maintains a pool of memory used for both shadow page tables as well as auxiliary data structures. To migrate or snapshot guests, Xen additionally runs them in so called log-dirty mode. The data structures needed by the log-dirty tracking are part of aformentioned auxiliary data. In order to keep error handling efforts within reasonable bounds, for operations which may require memory allocations shadow mode logic ensures up front that enough memory is available for the worst case requirements. Unfortunately, while page table memory is properly accounted for on the code path requiring the potential establishing of new shadows, demands by the log-dirty infrastructure were not taken into consideration. As a result, just established shadow page tables could be freed again immediately, while other code is still accessing them on the assumption that they would remain allocated. LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2022-42895 CVE STATUS: Unpatched CVE SUMMARY: There is an infoleak vulnerability in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_parse_conf_req function which can be used to leak kernel pointers remotely. LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2022-4382 CVE STATUS: Unpatched CVE SUMMARY: A use-after-free flaw caused by a race among the superblock operations in the gadgetfs Linux driver was found. It could be triggered by yanking out a device that is running the gadgetfs side. LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2022-4543 CVE STATUS: Unpatched CVE SUMMARY: A flaw named "EntryBleed" was found in the Linux Kernel Page Table Isolation (KPTI). This issue could allow a local attacker to leak KASLR base via prefetch side-channels based on TLB timing for Intel systems. LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2022-49491 CVE STATUS: Patched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: -- LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2022-49492 CVE STATUS: Patched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: -- LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2022-49493 CVE STATUS: Patched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: -- LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2022-49494 CVE STATUS: Patched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: -- LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2022-49495 CVE STATUS: Patched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: -- LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2022-49496 CVE STATUS: Patched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: -- LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2022-49497 CVE STATUS: Patched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: -- LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2022-49498 CVE STATUS: Patched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: -- LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2022-49499 CVE STATUS: Patched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: -- LAYER: meta-xilinx-virtualization PACKAGE NAME: xen PACKAGE VERSION: 4.20.0+stable-xilinx+git CVE: CVE-2022-4949 CVE STATUS: Unpatched CVE SUMMARY: The AdSanity plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'ajax_upload' function in versions up to, and including, 1.8.1. This makes it possible for authenticated attackers with Contributor+ level privileges to upload arbitrary files on the affected sites server which makes remote code execution possible. LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2023-1073 CVE STATUS: Unpatched CVE SUMMARY: A memory corruption flaw was found in the Linux kernel’s human interface device (HID) subsystem in how a user inserts a malicious USB device. This flaw allows a local user to crash or potentially escalate their privileges on the system. LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2023-1074 CVE STATUS: Unpatched CVE SUMMARY: A memory leak flaw was found in the Linux kernel's Stream Control Transmission Protocol. This issue may occur when a user starts a malicious networking service and someone connects to this service. This could allow a local user to starve resources, causing a denial of service. LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2023-1075 CVE STATUS: Unpatched CVE SUMMARY: A flaw was found in the Linux Kernel. The tls_is_tx_ready() incorrectly checks for list emptiness, potentially accessing a type confused entry to the list_head, leaking the last byte of the confused field that overlaps with rec->tx_ready. LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2023-1076 CVE STATUS: Unpatched CVE SUMMARY: A flaw was found in the Linux Kernel. The tun/tap sockets have their socket UID hardcoded to 0 due to a type confusion in their initialization function. While it will be often correct, as tuntap devices require CAP_NET_ADMIN, it may not always be the case, e.g., a non-root user only having that capability. This would make tun/tap sockets being incorrectly treated in filtering/routing decisions, possibly bypassing network filters. LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2023-1386 CVE STATUS: Unpatched CVE SUMMARY: A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU. When a local user in the guest writes an executable file with SUID or SGID, none of these privileged bits are correctly dropped. As a result, in rare circumstances, this flaw could be used by malicious users in the guest to elevate their privileges within the guest and help a host local user to elevate privileges on the host. LAYER: meta-xilinx-virtualization PACKAGE NAME: xen PACKAGE VERSION: 4.20.0+stable-xilinx+git CVE: CVE-2023-20588 CVE STATUS: Unpatched CVE SUMMARY: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2023-2898 CVE STATUS: Unpatched CVE SUMMARY: There is a null-pointer-dereference flaw found in f2fs_write_end_io in fs/f2fs/data.c in the Linux kernel. This flaw allows a local privileged user to cause a denial of service problem. LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2023-3079 CVE STATUS: Unpatched CVE SUMMARY: Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-32573 CVE STATUS: Unpatched CVE SUMMARY: In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled. -- LAYER: meta-qt5 PACKAGE NAME: qtwayland PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-32573 CVE STATUS: Unpatched CVE SUMMARY: In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled. -- LAYER: meta-qt5 PACKAGE NAME: qtdeclarative PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-32573 CVE STATUS: Unpatched CVE SUMMARY: In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled. -- LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-32573 CVE STATUS: Unpatched CVE SUMMARY: In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled. -- LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-32573 CVE STATUS: Unpatched CVE SUMMARY: In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled. -- LAYER: meta-qt5 PACKAGE NAME: qtcharts PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-32573 CVE STATUS: Unpatched CVE SUMMARY: In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled. LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-32762 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security (HSTS) header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This happens if the case used for this header does not exactly match. -- LAYER: meta-qt5 PACKAGE NAME: qtwayland PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-32762 CVE STATUS: Unpatched CVE SUMMARY: An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security (HSTS) header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This happens if the case used for this header does not exactly match. -- LAYER: meta-qt5 PACKAGE NAME: qtdeclarative PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-32762 CVE STATUS: Unpatched CVE SUMMARY: An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security (HSTS) header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This happens if the case used for this header does not exactly match. -- LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-32762 CVE STATUS: Unpatched CVE SUMMARY: An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security (HSTS) header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This happens if the case used for this header does not exactly match. -- LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-32762 CVE STATUS: Unpatched CVE SUMMARY: An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security (HSTS) header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This happens if the case used for this header does not exactly match. -- LAYER: meta-qt5 PACKAGE NAME: qtcharts PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-32762 CVE STATUS: Unpatched CVE SUMMARY: An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security (HSTS) header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This happens if the case used for this header does not exactly match. LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-32763 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. When a SVG file with an image inside it is rendered, a QTextLayout buffer overflow can be triggered. -- LAYER: meta-qt5 PACKAGE NAME: qtwayland PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-32763 CVE STATUS: Unpatched CVE SUMMARY: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. When a SVG file with an image inside it is rendered, a QTextLayout buffer overflow can be triggered. -- LAYER: meta-qt5 PACKAGE NAME: qtdeclarative PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-32763 CVE STATUS: Unpatched CVE SUMMARY: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. When a SVG file with an image inside it is rendered, a QTextLayout buffer overflow can be triggered. -- LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-32763 CVE STATUS: Unpatched CVE SUMMARY: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. When a SVG file with an image inside it is rendered, a QTextLayout buffer overflow can be triggered. -- LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-32763 CVE STATUS: Unpatched CVE SUMMARY: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. When a SVG file with an image inside it is rendered, a QTextLayout buffer overflow can be triggered. -- LAYER: meta-qt5 PACKAGE NAME: qtcharts PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-32763 CVE STATUS: Unpatched CVE SUMMARY: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. When a SVG file with an image inside it is rendered, a QTextLayout buffer overflow can be triggered. LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2023-3397 CVE STATUS: Unpatched CVE SUMMARY: A race condition occurred between the functions lmLogClose and txEnd in JFS, in the Linux Kernel, executed in different threads. This flaw allows a local attacker with normal user privileges to crash the system or leak internal kernel information. LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2023-34319 CVE STATUS: Patched CVE SUMMARY: The fix for XSA-423 added logic to Linux'es netback driver to deal with -- LAYER: meta-xilinx-virtualization PACKAGE NAME: xen PACKAGE VERSION: 4.20.0+stable-xilinx+git CVE: CVE-2023-34319 CVE STATUS: Unpatched CVE SUMMARY: The fix for XSA-423 added logic to Linux'es netback driver to deal with LAYER: meta-xilinx-virtualization PACKAGE NAME: xen PACKAGE VERSION: 4.20.0+stable-xilinx+git CVE: CVE-2023-34320 CVE STATUS: Unpatched CVE SUMMARY: Cortex-A77 cores (r0p0 and r1p0) are affected by erratum 1508412 LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2023-34324 CVE STATUS: Patched CVE SUMMARY: Closing of an event channel in the Linux kernel can result in a deadlock. -- LAYER: meta-xilinx-virtualization PACKAGE NAME: xen PACKAGE VERSION: 4.20.0+stable-xilinx+git CVE: CVE-2023-34324 CVE STATUS: Unpatched CVE SUMMARY: Closing of an event channel in the Linux kernel can result in a deadlock. LAYER: meta-xilinx-virtualization PACKAGE NAME: xen PACKAGE VERSION: 4.20.0+stable-xilinx+git CVE: CVE-2023-34325 CVE STATUS: Unpatched CVE SUMMARY: LAYER: meta-xilinx-virtualization PACKAGE NAME: xen PACKAGE VERSION: 4.20.0+stable-xilinx+git CVE: CVE-2023-34326 CVE STATUS: Unpatched CVE SUMMARY: The caching invalidation guidelines from the AMD-Vi specification (48882—Rev LAYER: meta-xilinx-virtualization PACKAGE NAME: xen PACKAGE VERSION: 4.20.0+stable-xilinx+git CVE: CVE-2023-34327 CVE STATUS: Unpatched CVE SUMMARY: LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-34410 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate. -- LAYER: meta-qt5 PACKAGE NAME: qtwayland PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-34410 CVE STATUS: Unpatched CVE SUMMARY: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate. -- LAYER: meta-qt5 PACKAGE NAME: qtdeclarative PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-34410 CVE STATUS: Unpatched CVE SUMMARY: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate. -- LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-34410 CVE STATUS: Unpatched CVE SUMMARY: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate. -- LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-34410 CVE STATUS: Unpatched CVE SUMMARY: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate. -- LAYER: meta-qt5 PACKAGE NAME: qtcharts PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-34410 CVE STATUS: Unpatched CVE SUMMARY: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate. LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2023-3640 CVE STATUS: Unpatched CVE SUMMARY: A possible unauthorized memory access flaw was found in the Linux kernel's cpu_entry_area mapping of X86 CPU data to memory, where a user may guess the location of exception stacks or other important data. Based on the previous CVE-2023-0597, the 'Randomize per-cpu entry area' feature was implemented in /arch/x86/mm/cpu_entry_area.c, which works through the init_cea_offsets() function when KASLR is enabled. However, despite this feature, there is still a risk of per-cpu entry area leaks. This issue could allow a local user to gain access to some important data with memory in an expected location and potentially escalate their privileges on the system. LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-37369 CVE STATUS: Patched CVE SUMMARY: In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length. -- LAYER: meta-qt5 PACKAGE NAME: qtwayland PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-37369 CVE STATUS: Unpatched CVE SUMMARY: In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length. -- LAYER: meta-qt5 PACKAGE NAME: qtdeclarative PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-37369 CVE STATUS: Unpatched CVE SUMMARY: In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length. -- LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-37369 CVE STATUS: Unpatched CVE SUMMARY: In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length. -- LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-37369 CVE STATUS: Unpatched CVE SUMMARY: In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length. -- LAYER: meta-qt5 PACKAGE NAME: qtcharts PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-37369 CVE STATUS: Unpatched CVE SUMMARY: In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length. LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2023-3772 CVE STATUS: Unpatched CVE SUMMARY: A flaw was found in the Linux kernel’s IP framework for transforming packets (XFRM subsystem). This issue may allow a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer in xfrm_update_ae_params(), leading to a possible kernel crash and denial of service. LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2023-3773 CVE STATUS: Unpatched CVE SUMMARY: A flaw was found in the Linux kernel’s IP framework for transforming packets (XFRM subsystem). This issue may allow a malicious user with CAP_NET_ADMIN privileges to cause a 4 byte out-of-bounds read of XFRMA_MTIMER_THRESH when parsing netlink attributes, leading to potential leakage of sensitive heap data to userspace. LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-38197 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion. -- LAYER: meta-qt5 PACKAGE NAME: qtwayland PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-38197 CVE STATUS: Unpatched CVE SUMMARY: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion. -- LAYER: meta-qt5 PACKAGE NAME: qtdeclarative PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-38197 CVE STATUS: Unpatched CVE SUMMARY: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion. -- LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-38197 CVE STATUS: Unpatched CVE SUMMARY: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion. -- LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-38197 CVE STATUS: Unpatched CVE SUMMARY: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion. -- LAYER: meta-qt5 PACKAGE NAME: qtcharts PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-38197 CVE STATUS: Unpatched CVE SUMMARY: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion. LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2023-4010 CVE STATUS: Unpatched CVE SUMMARY: A flaw was found in the USB Host Controller Driver framework in the Linux kernel. The usb_giveback_urb function has a logic loophole in its implementation. Due to the inappropriate judgment condition of the goto statement, the function cannot return under the input of a specific malformed descriptor file, so it falls into an endless loop, resulting in a denial of service. LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2023-4155 CVE STATUS: Unpatched CVE SUMMARY: A flaw was found in KVM AMD Secure Encrypted Virtualization (SEV) in the Linux kernel. A KVM guest using SEV-ES or SEV-SNP with multiple vCPUs can trigger a double fetch race condition vulnerability and invoke the `VMGEXIT` handler recursively. If an attacker manages to call the handler multiple times, they can trigger a stack overflow and cause a denial of service or potentially guest-to-host escape in kernel configurations without stack guard pages (`CONFIG_VMAP_STACK`). LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-43114 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Qt before 5.15.16, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3 on Windows. When using the GDI font engine, if a corrupted font is loaded via QFontDatabase::addApplicationFont{FromData], then it can cause the application to crash because of missing length checks. -- LAYER: meta-qt5 PACKAGE NAME: qtwayland PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-43114 CVE STATUS: Unpatched CVE SUMMARY: An issue was discovered in Qt before 5.15.16, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3 on Windows. When using the GDI font engine, if a corrupted font is loaded via QFontDatabase::addApplicationFont{FromData], then it can cause the application to crash because of missing length checks. -- LAYER: meta-qt5 PACKAGE NAME: qtdeclarative PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-43114 CVE STATUS: Unpatched CVE SUMMARY: An issue was discovered in Qt before 5.15.16, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3 on Windows. When using the GDI font engine, if a corrupted font is loaded via QFontDatabase::addApplicationFont{FromData], then it can cause the application to crash because of missing length checks. -- LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-43114 CVE STATUS: Unpatched CVE SUMMARY: An issue was discovered in Qt before 5.15.16, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3 on Windows. When using the GDI font engine, if a corrupted font is loaded via QFontDatabase::addApplicationFont{FromData], then it can cause the application to crash because of missing length checks. -- LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-43114 CVE STATUS: Unpatched CVE SUMMARY: An issue was discovered in Qt before 5.15.16, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3 on Windows. When using the GDI font engine, if a corrupted font is loaded via QFontDatabase::addApplicationFont{FromData], then it can cause the application to crash because of missing length checks. -- LAYER: meta-qt5 PACKAGE NAME: qtcharts PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-43114 CVE STATUS: Unpatched CVE SUMMARY: An issue was discovered in Qt before 5.15.16, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3 on Windows. When using the GDI font engine, if a corrupted font is loaded via QFontDatabase::addApplicationFont{FromData], then it can cause the application to crash because of missing length checks. LAYER: meta-xilinx-virtualization PACKAGE NAME: xen PACKAGE VERSION: 4.20.0+stable-xilinx+git CVE: CVE-2023-46835 CVE STATUS: Unpatched CVE SUMMARY: The current setup of the quarantine page tables assumes that the LAYER: meta-xilinx-virtualization PACKAGE NAME: xen PACKAGE VERSION: 4.20.0+stable-xilinx+git CVE: CVE-2023-46836 CVE STATUS: Unpatched CVE SUMMARY: The fixes for XSA-422 (Branch Type Confusion) and XSA-434 (Speculative LAYER: meta-xilinx-virtualization PACKAGE NAME: xen PACKAGE VERSION: 4.20.0+stable-xilinx+git CVE: CVE-2023-46841 CVE STATUS: Unpatched CVE SUMMARY: Recent x86 CPUs offer functionality named Control-flow Enforcement LAYER: meta-xilinx-virtualization PACKAGE NAME: xen PACKAGE VERSION: 4.20.0+stable-xilinx+git CVE: CVE-2023-4949 CVE STATUS: Unpatched CVE SUMMARY: An attacker with local access to a system (either through a disk or external drive) can present a modified XFS partition to grub-legacy in such a way to exploit a memory corruption in grub’s XFS file system implementation. LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-51714 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in the HTTP2 implementation in Qt before 5.15.17, 6.x before 6.2.11, 6.3.x through 6.5.x before 6.5.4, and 6.6.x before 6.6.2. network/access/http2/hpacktable.cpp has an incorrect HPack integer overflow check. -- LAYER: meta-qt5 PACKAGE NAME: qtwayland PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-51714 CVE STATUS: Unpatched CVE SUMMARY: An issue was discovered in the HTTP2 implementation in Qt before 5.15.17, 6.x before 6.2.11, 6.3.x through 6.5.x before 6.5.4, and 6.6.x before 6.6.2. network/access/http2/hpacktable.cpp has an incorrect HPack integer overflow check. -- LAYER: meta-qt5 PACKAGE NAME: qtdeclarative PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-51714 CVE STATUS: Unpatched CVE SUMMARY: An issue was discovered in the HTTP2 implementation in Qt before 5.15.17, 6.x before 6.2.11, 6.3.x through 6.5.x before 6.5.4, and 6.6.x before 6.6.2. network/access/http2/hpacktable.cpp has an incorrect HPack integer overflow check. -- LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-51714 CVE STATUS: Unpatched CVE SUMMARY: An issue was discovered in the HTTP2 implementation in Qt before 5.15.17, 6.x before 6.2.11, 6.3.x through 6.5.x before 6.5.4, and 6.6.x before 6.6.2. network/access/http2/hpacktable.cpp has an incorrect HPack integer overflow check. -- LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-51714 CVE STATUS: Unpatched CVE SUMMARY: An issue was discovered in the HTTP2 implementation in Qt before 5.15.17, 6.x before 6.2.11, 6.3.x through 6.5.x before 6.5.4, and 6.6.x before 6.6.2. network/access/http2/hpacktable.cpp has an incorrect HPack integer overflow check. -- LAYER: meta-qt5 PACKAGE NAME: qtcharts PACKAGE VERSION: 5.15.13+git CVE: CVE-2023-51714 CVE STATUS: Unpatched CVE SUMMARY: An issue was discovered in the HTTP2 implementation in Qt before 5.15.17, 6.x before 6.2.11, 6.3.x through 6.5.x before 6.5.4, and 6.6.x before 6.6.2. network/access/http2/hpacktable.cpp has an incorrect HPack integer overflow check. LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2023-52904 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2023-6176 CVE STATUS: Unpatched CVE SUMMARY: A null pointer dereference flaw was found in the Linux kernel API for the cryptographic algorithm scatterwalk functionality. This issue occurs when a user constructs a malicious packet with specific socket configuration, which could allow a local user to crash the system or escalate their privileges on the system. LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2023-6238 CVE STATUS: Unpatched CVE SUMMARY: A buffer overflow vulnerability was found in the NVM Express (NVMe) driver in the Linux kernel. Only privileged user could specify a small meta buffer and let the device perform larger Direct Memory Access (DMA) into the same buffer, overwriting unrelated kernel memory, causing random kernel crashes and memory corruption. LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2023-6240 CVE STATUS: Unpatched CVE SUMMARY: A Marvin vulnerability side-channel leakage was found in the RSA decryption operation in the Linux Kernel. This issue may allow a network attacker to decrypt ciphertexts or forge signatures, limiting the services that use that private key. LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2023-6270 CVE STATUS: Unpatched CVE SUMMARY: A flaw was found in the ATA over Ethernet (AoE) driver in the Linux kernel. The aoecmd_cfg_pkts() function improperly updates the refcnt on `struct net_device`, and a use-after-free can be triggered by racing between the free on the struct and the access through the `skbtxq` global queue. This could lead to a denial of service condition or potential code execution. LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2023-6535 CVE STATUS: Unpatched CVE SUMMARY: A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service. LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2023-6610 CVE STATUS: Unpatched CVE SUMMARY: An out-of-bounds read vulnerability was found in smb2_dump_detail in fs/smb/client/smb2ops.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information. LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2023-6679 CVE STATUS: Unpatched CVE SUMMARY: A null pointer dereference vulnerability was found in dpll_pin_parent_pin_set() in drivers/dpll/dpll_netlink.c in the Digital Phase Locked Loop (DPLL) subsystem in the Linux kernel. This issue could be exploited to trigger a denial of service. LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2023-7042 CVE STATUS: Unpatched CVE SUMMARY: A null pointer dereference vulnerability was found in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() in drivers/net/wireless/ath/ath10k/wmi-tlv.c in the Linux kernel. This issue could be exploited to trigger a denial of service. LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2024-0193 CVE STATUS: Unpatched CVE SUMMARY: A use-after-free flaw was found in the netfilter subsystem of the Linux kernel. If the catchall element is garbage-collected when the pipapo set is removed, the element can be deactivated twice. This can cause a use-after-free issue on an NFT_CHAIN object or NFT_OBJECT object, allowing a local unprivileged user with CAP_NET_ADMIN capability to escalate their privileges on the system. LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2024-11595 CVE STATUS: Unpatched CVE SUMMARY: FiveCo RAP dissector infinite loop in Wireshark 4.4.0 to 4.4.1 and 4.2.0 to 4.2.8 allows denial of service via packet injection or crafted capture file LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2024-11596 CVE STATUS: Unpatched CVE SUMMARY: ECMP dissector crash in Wireshark 4.4.0 to 4.4.1 and 4.2.0 to 4.2.8 allows denial of service via packet injection or crafted capture file LAYER: meta-virtualization PACKAGE NAME: docker-moby PACKAGE VERSION: 25.0.3+gitf417435e5f6216828dec57958c490c4f8bae4f98 CVE: CVE-2024-29018 CVE STATUS: Unpatched CVE SUMMARY: Moby is an open source container framework that is a key component of Docker Engine, Docker Desktop, and other distributions of container tooling or runtimes. Moby's networking implementation allows for many networks, each with their own IP address range and gateway, to be defined. This feature is frequently referred to as custom networks, as each network can have a different driver, set of parameters and thus behaviors. When creating a network, the `--internal` flag is used to designate a network as _internal_. The `internal` attribute in a docker-compose.yml file may also be used to mark a network _internal_, and other API clients may specify the `internal` parameter as well. LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2024-39936 CVE STATUS: Unpatched CVE SUMMARY: An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted() signal has not yet been emitted and processed.. -- LAYER: meta-qt5 PACKAGE NAME: qtwayland PACKAGE VERSION: 5.15.13+git CVE: CVE-2024-39936 CVE STATUS: Unpatched CVE SUMMARY: An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted() signal has not yet been emitted and processed.. -- LAYER: meta-qt5 PACKAGE NAME: qtdeclarative PACKAGE VERSION: 5.15.13+git CVE: CVE-2024-39936 CVE STATUS: Unpatched CVE SUMMARY: An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted() signal has not yet been emitted and processed.. -- LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2024-39936 CVE STATUS: Unpatched CVE SUMMARY: An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted() signal has not yet been emitted and processed.. -- LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2024-39936 CVE STATUS: Unpatched CVE SUMMARY: An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted() signal has not yet been emitted and processed.. -- LAYER: meta-qt5 PACKAGE NAME: qtcharts PACKAGE VERSION: 5.15.13+git CVE: CVE-2024-39936 CVE STATUS: Unpatched CVE SUMMARY: An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted() signal has not yet been emitted and processed.. LAYER: meta-oe PACKAGE NAME: linuxptp PACKAGE VERSION: 4.1 CVE: CVE-2024-42861 CVE STATUS: Unpatched CVE SUMMARY: An issue in IEEE 802.1AS linuxptp v.4.2 and before allowing a remote attacker to cause a denial of service via a crafted Pdelay_Req message to the time synchronization function LAYER: meta PACKAGE NAME: gstreamer1.0 PACKAGE VERSION: 1_1.22.12+git CVE: CVE-2024-47606 CVE STATUS: Unpatched CVE SUMMARY: GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in the function qtdemux_parse_theora_extension within qtdemux.c. The vulnerability occurs due to an underflow of the gint size variable, which causes size to hold a large unintended value when cast to an unsigned integer. This 32-bit negative value is then cast to a 64-bit unsigned integer (0xfffffffffffffffa) in a subsequent call to gst_buffer_new_and_alloc. The function gst_buffer_new_allocate then attempts to allocate memory, eventually calling _sysmem_new_block. The function _sysmem_new_block adds alignment and header size to the (unsigned) size, causing the overflow of the 'slice_size' variable. As a result, only 0x89 bytes are allocated, despite the large input size. When the following memcpy call occurs in gst_buffer_fill, the data from the input file will overwrite the content of the GstMapInfo info structure. Finally, during the call to gst_memory_unmap, the overwritten memory may cause a function pointer hijack, as the mem->allocator->mem_unmap_full function is called with a corrupted pointer. This function pointer overwrite could allow an attacker to alter the execution flow of the program, leading to arbitrary code execution. This vulnerability is fixed in 1.24.10. LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.7.4 CVE: CVE-2024-48615 CVE STATUS: Unpatched CVE SUMMARY: Null Pointer Dereference vulnerability in libarchive 3.7.6 and earlier when running program bsdtar in function header_pax_extension at rchive_read_support_format_tar.c:1844:8. LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2024-49570 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta PACKAGE NAME: libsndfile1 PACKAGE VERSION: 1.2.2 CVE: CVE-2024-50613 CVE STATUS: Unpatched CVE SUMMARY: libsndfile through 1.2.2 has a reachable assertion, that may lead to application exit, in mpeg_l3_encode.c mpeg_l3_encoder_close. LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2024-52559 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-networking PACKAGE NAME: wolfssl PACKAGE VERSION: 5.7.0 CVE: CVE-2024-5288 CVE STATUS: Unpatched CVE SUMMARY: An issue was discovered in wolfSSL before 5.7.0. A safe-error attack via Rowhammer, namely FAULT+PROBE, leads to ECDSA key disclosure. When WOLFSSL_CHECK_SIG_FAULTS is used in signing operations with private ECC keys, LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2024-54458 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta PACKAGE NAME: perl PACKAGE VERSION: 5.38.2 CVE: CVE-2024-56406 CVE STATUS: Unpatched CVE SUMMARY: A heap buffer overflow vulnerability was discovered in Perl. LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2024-57834 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2024-57939 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2024-57949 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2024-57950 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2024-57951 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2024-57952 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2024-57953 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2024-57973 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2024-57977 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2024-57978 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2024-57979 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2024-57980 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2024-57981 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2024-57982 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2024-57984 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2024-57987 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2024-57988 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2024-57989 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2024-57990 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2024-57995 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2024-57996 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2024-57997 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2024-58002 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2024-58005 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2024-58007 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2024-58010 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2024-58011 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2024-58012 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2024-58013 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2024-58017 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2024-58020 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2024-58021 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2024-58034 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2024-58042 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2024-58052 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2024-58055 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2024-58058 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2024-58060 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2024-58062 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2024-58063 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2024-58064 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2024-58068 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2024-58069 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2024-58070 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2024-58071 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2024-58076 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2024-58080 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2024-58081 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2024-58083 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2024-58084 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2024-58088 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2024-58089 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2024-58097 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-networking PACKAGE NAME: wolfssl PACKAGE VERSION: 5.7.0 CVE: CVE-2024-5991 CVE STATUS: Unpatched CVE SUMMARY: In function MatchDomainName(), input param str is treated as a NULL terminated string despite being user provided and unchecked. Specifically, the function X509_check_host() takes in a pointer and length to check against, with no requirements that it be NULL terminated. If a caller was attempting to do a name check on a non-NULL terminated buffer, the code would read beyond the bounds of the input array until it found a NULL terminator.This issue affects wolfSSL: through 5.7.0. LAYER: meta-xilinx-core PACKAGE NAME: qemu-xilinx PACKAGE VERSION: 8.2.7+git CVE: CVE-2024-8354 CVE STATUS: Unpatched CVE SUMMARY: A flaw was found in QEMU. An assertion failure was present in the usb_ep_get() function in hw/net/core.c when trying to get the USB endpoint from a USB device. This flaw may allow a malicious unprivileged guest user to crash the QEMU process on the host and cause a denial of service condition. LAYER: meta-networking PACKAGE NAME: wireshark PACKAGE VERSION: 1_4.2.7 CVE: CVE-2025-1492 CVE STATUS: Unpatched CVE SUMMARY: Bundle Protocol and CBOR dissector crashes in Wireshark 4.4.0 to 4.4.3 and 4.2.0 to 4.2.10 allows denial of service via packet injection or crafted capture file LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21665 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21666 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21667 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21669 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21670 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21671 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21672 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21673 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21674 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21675 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21676 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21680 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21681 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21682 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21683 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21684 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21685 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21687 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21689 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21690 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21692 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21693 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21694 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21695 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21696 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21697 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21699 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21700 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21703 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21707 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21711 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21713 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21714 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21715 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21716 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21718 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21722 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21723 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21726 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21727 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21729 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21731 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21735 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21736 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21737 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21739 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21741 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21742 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21743 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21744 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21745 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21748 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21749 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21751 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21753 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21756 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21759 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21760 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21761 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21762 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21763 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21764 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21770 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21773 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21774 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21775 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21776 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21779 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21780 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21782 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21783 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21785 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21786 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21787 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21788 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21789 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21790 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21791 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21792 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21793 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21796 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21798 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21809 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21811 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21812 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21814 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21820 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21824 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21833 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21844 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21845 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21846 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21847 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21848 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21849 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21851 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21852 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21853 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21854 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21855 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21856 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21857 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21858 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21859 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21861 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21862 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21863 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21864 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21866 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21867 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21887 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21891 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21893 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21898 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21900 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21901 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21904 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21905 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21908 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21911 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21912 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21915 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21917 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21918 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21919 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21920 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21922 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21927 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21928 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21929 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21930 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21934 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21936 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21937 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21940 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21941 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21943 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21945 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21947 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21948 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21949 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21951 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21957 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21959 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21961 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21962 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21963 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21964 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21966 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21967 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21968 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21969 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21979 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21980 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21981 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21982 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21984 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21989 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21990 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21991 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21993 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21995 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21996 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21997 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21998 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-21999 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-22000 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-22001 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-22002 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-22003 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-22004 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-22005 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-22007 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-22009 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-22010 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-22011 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-22014 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-22018 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-22020 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-22024 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-22027 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-22033 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-22035 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-22036 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-22037 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-22038 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-22040 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-22041 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-22054 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-22056 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-22059 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-22062 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-22063 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-22065 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-22066 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-22067 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-22068 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-22070 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-22080 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-22081 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-22085 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-22088 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-22097 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-23134 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-23136 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-23137 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2025-27830 CVE STATUS: Unpatched CVE SUMMARY: An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs during serialization of DollarBlend in a font, for base/write_t1.c and psi/zfapi.c. LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2025-27831 CVE STATUS: Unpatched CVE SUMMARY: An issue was discovered in Artifex Ghostscript before 10.05.0. The DOCXWRITE TXTWRITE device has a text buffer overflow via long characters to devices/vector/doc_common.c. LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2025-27832 CVE STATUS: Unpatched CVE SUMMARY: An issue was discovered in Artifex Ghostscript before 10.05.0. The NPDL device has a Compression buffer overflow for contrib/japanese/gdevnpdl.c. LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2025-27833 CVE STATUS: Unpatched CVE SUMMARY: An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs for a long TTF font name to pdf/pdf_fmap.c. LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2025-27834 CVE STATUS: Unpatched CVE SUMMARY: An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs via an oversized Type 4 function in a PDF document to pdf/pdf_func.c. LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2025-27835 CVE STATUS: Unpatched CVE SUMMARY: An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs when converting glyphs to Unicode in psi/zbfont.c. LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2025-27836 CVE STATUS: Unpatched CVE SUMMARY: An issue was discovered in Artifex Ghostscript before 10.05.0. The BJ10V device has a Print buffer overflow in contrib/japanese/gdev10v.c. LAYER: meta PACKAGE NAME: ghostscript PACKAGE VERSION: 10.04.0 CVE: CVE-2025-27837 CVE STATUS: Unpatched CVE SUMMARY: An issue was discovered in Artifex Ghostscript before 10.05.0. Access to arbitrary files can occur through a truncated path with invalid UTF-8 characters, for base/gp_mswin.c and base/winrtsup.cpp. LAYER: meta PACKAGE NAME: sqlite3 PACKAGE VERSION: 3_3.45.3 CVE: CVE-2025-29087 CVE STATUS: Unpatched CVE SUMMARY: In SQLite 3.44.0 through 3.49.0 before 3.49.1, the concat_ws() SQL function can cause memory to be written beyond the end of a malloc-allocated buffer. If the separator argument is attacker-controlled and has a large string (e.g., 2MB or more), an integer overflow occurs in calculating the size of the result buffer, and thus malloc may not allocate enough memory. LAYER: meta-oe PACKAGE NAME: hdf5 PACKAGE VERSION: 1.14.4-3 CVE: CVE-2025-2915 CVE STATUS: Unpatched CVE SUMMARY: A vulnerability classified as problematic was found in HDF5 up to 1.14.6. This vulnerability affects the function H5F__accum_free of the file src/H5Faccum.c. The manipulation of the argument overlap_size leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. LAYER: meta-oe PACKAGE NAME: hdf5 PACKAGE VERSION: 1.14.4-3 CVE: CVE-2025-2924 CVE STATUS: Unpatched CVE SUMMARY: A vulnerability, which was classified as problematic, was found in HDF5 up to 1.14.6. This affects the function H5HL__fl_deserialize of the file src/H5HLcache.c. The manipulation of the argument free_block leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. LAYER: meta-oe PACKAGE NAME: hdf5 PACKAGE VERSION: 1.14.4-3 CVE: CVE-2025-2925 CVE STATUS: Unpatched CVE SUMMARY: A vulnerability has been found in HDF5 up to 1.14.6 and classified as problematic. This vulnerability affects the function H5MM_realloc of the file src/H5MM.c. The manipulation of the argument mem leads to double free. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. LAYER: meta-oe PACKAGE NAME: hdf5 PACKAGE VERSION: 1.14.4-3 CVE: CVE-2025-2926 CVE STATUS: Unpatched CVE SUMMARY: A vulnerability was found in HDF5 up to 1.14.6 and classified as problematic. This issue affects the function H5O__cache_chk_serialize of the file src/H5Ocache.c. The manipulation leads to null pointer dereference. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. LAYER: meta-qt5 PACKAGE NAME: qtbase PACKAGE VERSION: 5.15.13+git CVE: CVE-2025-30348 CVE STATUS: Unpatched CVE SUMMARY: encodeText in QDom in Qt before 6.8.0 has a complex algorithm involving XML string copy and inline replacement of parts of a string (with relocation of later data). -- LAYER: meta-qt5 PACKAGE NAME: qtwayland PACKAGE VERSION: 5.15.13+git CVE: CVE-2025-30348 CVE STATUS: Unpatched CVE SUMMARY: encodeText in QDom in Qt before 6.8.0 has a complex algorithm involving XML string copy and inline replacement of parts of a string (with relocation of later data). -- LAYER: meta-qt5 PACKAGE NAME: qtdeclarative PACKAGE VERSION: 5.15.13+git CVE: CVE-2025-30348 CVE STATUS: Unpatched CVE SUMMARY: encodeText in QDom in Qt before 6.8.0 has a complex algorithm involving XML string copy and inline replacement of parts of a string (with relocation of later data). -- LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols PACKAGE VERSION: 5.15.13+git CVE: CVE-2025-30348 CVE STATUS: Unpatched CVE SUMMARY: encodeText in QDom in Qt before 6.8.0 has a complex algorithm involving XML string copy and inline replacement of parts of a string (with relocation of later data). -- LAYER: meta-qt5 PACKAGE NAME: qtquickcontrols2 PACKAGE VERSION: 5.15.13+git CVE: CVE-2025-30348 CVE STATUS: Unpatched CVE SUMMARY: encodeText in QDom in Qt before 6.8.0 has a complex algorithm involving XML string copy and inline replacement of parts of a string (with relocation of later data). -- LAYER: meta-qt5 PACKAGE NAME: qtcharts PACKAGE VERSION: 5.15.13+git CVE: CVE-2025-30348 CVE STATUS: Unpatched CVE SUMMARY: encodeText in QDom in Qt before 6.8.0 has a complex algorithm involving XML string copy and inline replacement of parts of a string (with relocation of later data). LAYER: meta PACKAGE NAME: libxml2 PACKAGE VERSION: 2.12.10 CVE: CVE-2025-32414 CVE STATUS: Unpatched CVE SUMMARY: In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API (Python bindings) because of an incorrect return value. This occurs in xmlPythonFileRead and xmlPythonFileReadRaw because of a difference between bytes and characters. LAYER: meta PACKAGE NAME: libxml2 PACKAGE VERSION: 2.12.10 CVE: CVE-2025-32415 CVE STATUS: Unpatched CVE SUMMARY: In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used. LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-37785 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-37838 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-37860 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-37893 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-37925 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-38049 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-38152 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-39728 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-39735 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-39778 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-40014 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: LAYER: meta-xilinx-core PACKAGE NAME: linux-xlnx PACKAGE VERSION: 6.12.10+git CVE: CVE-2025-40114 CVE STATUS: Unpatched CVE SUMMARY: In the Linux kernel, the following vulnerability has been resolved: