CVE Daily – Yocto Project

CVE Daily – Yocto Project https://cvedaily.com/pages/tags/yocto.html CVE Daily – Yocto Project en Wed, 03 Jun 2026 21:26:50 +0000 [Medium] CVE-2026-43410 – In the Linux kernel, the following vulnerability has been resolved: firmware: s... https://nvd.nist.gov/vuln/detail/CVE-2026-43410 https://nvd.nist.gov/vuln/detail/CVE-2026-43410 Fri, 08 May 2026 15:16:52 +0000 Medium CVE-2026-43410

In the Linux kernel, the following vulnerability has been resolved: firmware: stratix10-rsu: Fix NULL pointer dereference when RSU is disabled When the Remote System Update (RSU) isn't enabled in the First Stage Boot Loader (FSBL), the driver encounters a NULL pointer dereference when excute svc_normal_to_secure_thread() thread, resulting in a kernel panic: Unable to handle kernel NULL pointer…

CVSS: 5.5 · CWE: CWE-476

]]> [Medium] CVE-2026-43302 – In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Se... https://nvd.nist.gov/vuln/detail/CVE-2026-43302 https://nvd.nist.gov/vuln/detail/CVE-2026-43302 Fri, 08 May 2026 14:16:37 +0000 Medium CVE-2026-43302

In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Set DMA segment size to avoid debug warnings When using V3D rendering with CONFIG_DMA_API_DEBUG enabled, the kernel occasionally reports a segment size mismatch. This is because 'max_seg_size' is not set. The kernel defaults to 64K. setting 'max_seg_size' to the maximum will prevent 'debug_dma_map_sg()' from complainin…

CVSS: 5.5 · CWE: CWE-131

]]> [High] CVE-2026-31563 – In the Linux kernel, the following vulnerability has been resolved: net: macb: ... https://nvd.nist.gov/vuln/detail/CVE-2026-31563 https://nvd.nist.gov/vuln/detail/CVE-2026-31563 Fri, 24 Apr 2026 15:16:30 +0000 High CVE-2026-31563

In the Linux kernel, the following vulnerability has been resolved: net: macb: Use dev_consume_skb_any() to free TX SKBs The napi_consume_skb() function is not intended to be called in an IRQ disabled context. However, after commit 6bc8a5098bf4 ("net: macb: Fix tx_ptr_lock locking"), the freeing of TX SKBs is performed with IRQs disabled. To resolve the following call trace, use dev_consume_skb…

CVSS: 7.5 · CWE: N/A

]]> [Medium] CVE-2026-23203 – In the Linux kernel, the following vulnerability has been resolved: net: cpsw_n... https://nvd.nist.gov/vuln/detail/CVE-2026-23203 https://nvd.nist.gov/vuln/detail/CVE-2026-23203 Sat, 14 Feb 2026 17:15:58 +0000 Medium CVE-2026-23203

In the Linux kernel, the following vulnerability has been resolved: net: cpsw_new: Execute ndo_set_rx_mode callback in a work queue Commit 1767bb2d47b7 ("ipv6: mcast: Don't hold RTNL for IPV6_ADD_MEMBERSHIP and MCAST_JOIN_GROUP.") removed the RTNL lock for IPV6_ADD_MEMBERSHIP and MCAST_JOIN_GROUP operations. However, this change triggered the following call trace on my BeagleBone Black board:…

CVSS: 5.5 · CWE: N/A

]]> [High] CVE-2026-23175 – In the Linux kernel, the following vulnerability has been resolved: net: cpsw: ... https://nvd.nist.gov/vuln/detail/CVE-2026-23175 https://nvd.nist.gov/vuln/detail/CVE-2026-23175 Sat, 14 Feb 2026 17:15:55 +0000 High CVE-2026-23175

In the Linux kernel, the following vulnerability has been resolved: net: cpsw: Execute ndo_set_rx_mode callback in a work queue Commit 1767bb2d47b7 ("ipv6: mcast: Don't hold RTNL for IPV6_ADD_MEMBERSHIP and MCAST_JOIN_GROUP.") removed the RTNL lock for IPV6_ADD_MEMBERSHIP and MCAST_JOIN_GROUP operations. However, this change triggered the following call trace on my BeagleBone Black board: WAR…

CVSS: 7.0 · CWE: N/A

]]> [Medium] CVE-2026-23115 – In the Linux kernel, the following vulnerability has been resolved: serial: Fix... https://nvd.nist.gov/vuln/detail/CVE-2026-23115 https://nvd.nist.gov/vuln/detail/CVE-2026-23115 Sat, 14 Feb 2026 15:16:06 +0000 Medium CVE-2026-23115

In the Linux kernel, the following vulnerability has been resolved: serial: Fix not set tty->port race condition Revert commit bfc467db60b7 ("serial: remove redundant tty_port_link_device()") because the tty_port_link_device() is not redundant: the tty->port has to be confured before we call uart_configure_port(), otherwise user-space can open console without TTY linked to the driver. This tty…

CVSS: 4.7 · CWE: CWE-362

]]> [Unknown] CVE-2023-54113 – In the Linux kernel, the following vulnerability has been resolved: rcu: dump v... https://nvd.nist.gov/vuln/detail/CVE-2023-54113 https://nvd.nist.gov/vuln/detail/CVE-2023-54113 Wed, 24 Dec 2025 13:16:13 +0000 Unknown CVE-2023-54113

In the Linux kernel, the following vulnerability has been resolved: rcu: dump vmalloc memory info safely Currently, for double invoke call_rcu(), will dump rcu_head objects memory info, if the objects is not allocated from the slab allocator, the vmalloc_dump_obj() will be invoke and the vmap_area_lock spinlock need to be held, since the call_rcu() can be invoked in interrupt context, therefore…

CVSS: N/A · CWE: N/A

]]> [Medium] CVE-2022-50045 – In the Linux kernel, the following vulnerability has been resolved: powerpc/pci... https://nvd.nist.gov/vuln/detail/CVE-2022-50045 https://nvd.nist.gov/vuln/detail/CVE-2022-50045 Wed, 18 Jun 2025 11:15:33 +0000 Medium CVE-2022-50045

In the Linux kernel, the following vulnerability has been resolved: powerpc/pci: Fix get_phb_number() locking The recent change to get_phb_number() causes a DEBUG_ATOMIC_SLEEP warning on some systems: BUG: sleeping function called from invalid context at kernel/locking/mutex.c:580 in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 1, name: swapper preempt_count: 1, expected: 0 RCU…

CVSS: 5.5 · CWE: CWE-667

]]> [Medium] CVE-2023-53029 – In the Linux kernel, the following vulnerability has been resolved: octeontx2-p... https://nvd.nist.gov/vuln/detail/CVE-2023-53029 https://nvd.nist.gov/vuln/detail/CVE-2023-53029 Thu, 27 Mar 2025 17:15:52 +0000 Medium CVE-2023-53029

In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: Fix the use of GFP_KERNEL in atomic context on rt The commit 4af1b64f80fb ("octeontx2-pf: Fix lmtst ID used in aura free") uses the get/put_cpu() to protect the usage of percpu pointer in ->aura_freeptr() callback, but it also unnecessarily disable the preemption for the blockable memory allocation. The commit 87b…

CVSS: 5.5 · CWE: CWE-667

]]> [Medium] CVE-2025-21878 – In the Linux kernel, the following vulnerability has been resolved: i2c: npcm: ... https://nvd.nist.gov/vuln/detail/CVE-2025-21878 https://nvd.nist.gov/vuln/detail/CVE-2025-21878 Thu, 27 Mar 2025 15:15:55 +0000 Medium CVE-2025-21878

In the Linux kernel, the following vulnerability has been resolved: i2c: npcm: disable interrupt enable bit before devm_request_irq The customer reports that there is a soft lockup issue related to the i2c driver. After checking, the i2c module was doing a tx transfer and the bmc machine reboots in the middle of the i2c transaction, the i2c module keeps the status without being reset. Due to s…

CVSS: 5.5 · CWE: CWE-667

]]> [Medium] CVE-2022-49513 – In the Linux kernel, the following vulnerability has been resolved: cpufreq: go... https://nvd.nist.gov/vuln/detail/CVE-2022-49513 https://nvd.nist.gov/vuln/detail/CVE-2022-49513 Wed, 26 Feb 2025 07:01:27 +0000 Medium CVE-2022-49513

In the Linux kernel, the following vulnerability has been resolved: cpufreq: governor: Use kobject release() method to free dbs_data The struct dbs_data embeds a struct gov_attr_set and the struct gov_attr_set embeds a kobject. Since every kobject must have a release() method and we can't use kfree() to free it directly, so introduce cpufreq_dbs_data_release() to release the dbs_data via the ko…

CVSS: 5.5 · CWE: N/A

]]> [Medium] CVE-2021-47387 – In the Linux kernel, the following vulnerability has been resolved: cpufreq: sc... https://nvd.nist.gov/vuln/detail/CVE-2021-47387 https://nvd.nist.gov/vuln/detail/CVE-2021-47387 Tue, 21 May 2024 15:15:24 +0000 Medium CVE-2021-47387

In the Linux kernel, the following vulnerability has been resolved: cpufreq: schedutil: Use kobject release() method to free sugov_tunables The struct sugov_tunables is protected by the kobject, so we can't free it directly. Otherwise we would get a call trace like this: ODEBUG: free active (active state 0) object type: timer_list hint: delayed_work_timer_fn+0x0/0x30 WARNING: CPU: 3 PID: 72…

CVSS: 5.5 · CWE: CWE-763

]]> [Medium] CVE-2024-26877 – In the Linux kernel, the following vulnerability has been resolved: crypto: xil... https://nvd.nist.gov/vuln/detail/CVE-2024-26877 https://nvd.nist.gov/vuln/detail/CVE-2024-26877 Wed, 17 Apr 2024 11:15:09 +0000 Medium CVE-2024-26877

In the Linux kernel, the following vulnerability has been resolved: crypto: xilinx - call finalize with bh disabled When calling crypto_finalize_request, BH should be disabled to avoid triggering the following calltrace: ------------[ cut here ]------------ WARNING: CPU: 2 PID: 74 at crypto/crypto_engine.c:58 crypto_finalize_request+0xa0/0x118 Modules linked in: cryptodev(O) CP…

CVSS: 5.5 · CWE: N/A

]]> [High] CVE-2024-25626 – Yocto Project is an open source collaboration project that helps developers crea... https://nvd.nist.gov/vuln/detail/CVE-2024-25626 https://nvd.nist.gov/vuln/detail/CVE-2024-25626 Mon, 19 Feb 2024 20:15:45 +0000 High CVE-2024-25626

Yocto Project is an open source collaboration project that helps developers create custom Linux-based systems regardless of the hardware architecture. In Yocto Projects Bitbake before 2.6.2 (before and included Yocto Project 4.3.1), with the Toaster server (included in bitbake) running, missing input validation allows an attacker to perform a remote code execution in the server's shell via a craf…

CVSS: 8.8 · CWE: CWE-78

]]> [High] CVE-2017-9731 – In meta/classes/package_ipk.bbclass in Poky in poky-pyro 17.0.0 for Yocto Projec... https://nvd.nist.gov/vuln/detail/CVE-2017-9731 https://nvd.nist.gov/vuln/detail/CVE-2017-9731 Fri, 16 Jun 2017 15:29:00 +0000 High CVE-2017-9731

In meta/classes/package_ipk.bbclass in Poky in poky-pyro 17.0.0 for Yocto Project through YP Core - Pyro 2.3, attackers can obtain sensitive information by reading a URL in a Source entry in an ipk package.

CVSS: 7.5 · CWE: CWE-200

]]>