DEBIAN-CVE-2023-54104

In the Linux kernel, the following vulnerability has been resolved: mtd: rawnand: fslupm: Fix an off-by one test in funexecop 'op-cs' is copied in 'fun-mchipnumber' which is used to access the 'mchipoffsets' and the 'rnbgpio' arrays. These arrays have NANDMAXCHIPS elements, so the index must be...

DEBIAN-CVE-2023-54094

In the Linux kernel, the following vulnerability has been resolved: net: prevent skb corruption on frag list segmentation Ian reported several skb corruptions triggered by rx-gro-list, collecting different oops alike: 62.624003 BUG: kernel NULL pointer dereference, address: 00000000000000c0...

DEBIAN-CVE-2023-54098

In the Linux kernel, the following vulnerability has been resolved: drm/i915/gvt: fix gvt debugfs destroy When gvt debug fs is destroyed, need to have a sane check if drm minor's debugfs root is still available or not, otherwise in case like device remove through unbinding, drm minor's debugfs...

DEBIAN-CVE-2023-54083

In the Linux kernel, the following vulnerability has been resolved: phy: tegra: xusb: Clear the driver reference in usb-phy dev For the dual-role port, it will assign the phy dev to usb-phy dev and use the port dev driver as the dev driver of usb-phy. When we try to destroy the port dev, it will...

DEBIAN-CVE-2023-54084

In the Linux kernel, the following vulnerability has been resolved: ALSA: firewire-digi00x: prevent potential use after free This code was supposed to return an error code if initstream failed, but it instead freed dg00x-rxstream and returned success. This potentially leads to a use after free...

DEBIAN-CVE-2023-54076

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix missed ses refcounting Use new cifssmbsesincrefcount helper to get an active reference of @ses and @ses-dfsrootses if set. This will prevent @ses-dfsrootses of being put in the next call to cifsputsmbses and thus...

DEBIAN-CVE-2023-54067

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix race when deleting free space root from the dirty cow roots list When deleting the free space tree we are deleting the free space root from the list fsinfo-dirtycowonlyroots without taking the lock that protects it,...

DEBIAN-CVE-2023-54065

In the Linux kernel, the following vulnerability has been resolved: net: dsa: realtek: fix out-of-bounds access The probe function sets priv-chipdata to void priv + sizeofpriv with the expectation that priv has enough trailing space. However, only realtek-smi actually allocated this chipdata spac...

DEBIAN-CVE-2023-54062

In the Linux kernel, the following vulnerability has been resolved: ext4: fix invalid free tracking in ext4xattrmovetoblock In ext4xattrmovetoblock, the value of the extended attribute which we need to move to an external block may be allocated by kvmalloc if the value is stored in an external...

DEBIAN-CVE-2023-54047

In the Linux kernel, the following vulnerability has been resolved: drm/rockchip: dwhdmi: cleanup drm encoder during unbind This fixes a use-after-free crash during rmmod. The DRM encoder is embedded inside the larger rockchiphdmi, which is allocated with the component. The component memory gets...

DEBIAN-CVE-2022-50736

In the Linux kernel, the following vulnerability has been resolved: RDMA/siw: Fix immediate work request flush to completion queue Correctly set send queue element opcode during immediate work request flushing in post sendqueue operation, if the QP is in ERROR state. An undefined ocode value...

DEBIAN-CVE-2022-50733

In the Linux kernel, the following vulnerability has been resolved: usb: idmouse: fix an uninit-value in idmouseopen In idmousecreateimage, if any ftipcommand fails, it will go to the reset label. However, this leads to the data in bulkinbufferHEADER..IMGSIZE uninitialized. And the check for vali...

DEBIAN-CVE-2022-50721

In the Linux kernel, the following vulnerability has been resolved: dmaengine: qcom-adm: fix wrong calling convention for prepslavesg The calling convention for preslavesg is to return NULL on error and provide an error log to the system. Qcom-adm instead provide error pointer when an error occur...

DEBIAN-CVE-2022-50720

In the Linux kernel, the following vulnerability has been resolved: x86/apic: Don't disable x2APIC if locked The APIC supports two modes, legacy APIC or xAPIC, and Extended APIC or x2APIC. X2APIC mode is mostly compatible with legacy APIC, but it disables the memory-mapped APIC interface in favor...

DEBIAN-CVE-2022-50719

In the Linux kernel, the following vulnerability has been resolved: ALSA: line6: fix stack overflow in line6miditransmit Correctly calculate available space including the size of the chunk buffer. This fixes a buffer overflow when multiple MIDI sysex messages are sent to a PODxt device...

BELL-CVE-2025-68343

Bulletin has no description...

DEBIAN-CVE-2025-68733

In the Linux kernel, the following vulnerability has been resolved: smack: fix bug: unprivileged task can create labels If an unprivileged task is allowed to relabel itself /smack/relabel-self is not empty, it can freely create new labels by writing their names into own /proc/PID/attr/smack/curre...

DEBIAN-CVE-2025-68732

In the Linux kernel, the following vulnerability has been resolved: gpu: host1x: Fix race in syncpt alloc/free Fix race condition between host1xsyncptalloc and host1xsyncptput by using krefputmutex instead of krefput + manual mutex locking. This ensures no thread can acquire the syncptmutex after...

DEBIAN-CVE-2025-68357

In the Linux kernel, the following vulnerability has been resolved: iomap: allocate sdiodonewq for async reads as well Since commit 222f2c7c6d14 "iomap: always run error completions in user context", read error completions are deferred to sdiodonewq. This means the workqueue also needs to be...

DEBIAN-CVE-2025-68358

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix racy bitfield write in btrfsclearspaceinfofull From the memory-barriers.txt document regarding memory barrier ordering guarantees: These guarantees do not apply to bitfields, because compilers often generate code to...