CVE-2025-38465 netlink: Fix wraparounds of sk->sk_rmem_alloc.

In the Linux kernel, the following vulnerability has been resolved: netlink: Fix wraparounds of sk-skrmemalloc. Netlink has this pattern in some places if atomicread&sk-skrmemalloc sk-skrcvbuf atomicaddskb-truesize, &sk-skrmemalloc; , which has the same problem fixed by commit 5a465a0da13e "udp:...

CVE-2025-38460

In the Linux kernel, the following vulnerability has been resolved: atm: clip: Fix potential null-ptr-deref in toatmarpd. atmarpd is protected by RTNL since commit f3a0592b37b8 "ATM: clip causes unregister hang". However, it is not enough because toatmarpd is called without RTNL, especially...

CVE-2025-38454 ALSA: ad1816a: Fix potential NULL pointer deref in snd_card_ad1816a_pnp()

In the Linux kernel, the following vulnerability has been resolved: ALSA: ad1816a: Fix potential NULL pointer deref in sndcardad1816apnp Use prwarn instead of devwarn when 'pdev' is NULL to avoid a potential NULL pointer dereference...

CVE-2025-38452 net: ethernet: rtsn: Fix a null pointer dereference in rtsn_probe()

In the Linux kernel, the following vulnerability has been resolved: net: ethernet: rtsn: Fix a null pointer dereference in rtsnprobe Add check for the return value of rcargen4ptpalloc to prevent potential null pointer dereference...

CVE-2025-38437

CVE-2025-38437 : In the Linux kernel, a use-after-free in ksmbd during oplock/lease break ack was fixed. If ksmbd_iov_pin_rsp returns an error, use-after-free can occur by accessing opinfo->state and opinfo_put, and ksmbd_fd_put could be called twice. The vulnerability affects the ksmbd compon...

CVE-2025-38416

In the Linux kernel, the following vulnerability has been resolved: NFC: nci: uart: Set tty-discdata only in success path Setting tty-discdata before opening the NCI device means we need to clean it up on error paths. This also opens some short window if device starts sending data, even before...

CVE-2025-38409

In the Linux kernel, the following vulnerability has been resolved: drm/msm: Fix another leak in the submit error path putunusedfd doesn't free the installed file, if we've already done fdinstall. So we need to also free the syncfile. Patchwork: https://patchwork.freedesktop.org/patch/653583/...

CVE-2025-38416

Mode C: CVE-2025-38416 affects the Linux kernel NFC: nci: uart path. The vulnerability arises from setting tty->disc_data before the NCI device open/driver request succeeds, creating a small window where the device may start sending data and leaving state inconsistent on error paths. The fix e...

CVE-2025-38396

In the Linux kernel, the following vulnerability has been resolved: fs: export anoninodemakesecureinode and fix secretmem LSM bypass Export anoninodemakesecureinode to allow KVM guestmemfd to create anonymous inodes with proper security context. This replaces the current pattern of calling...

CVE-2025-38393

In the Linux kernel, the following vulnerability has been resolved: NFSv4/pNFS: Fix a race to wake on NFSLAYOUTDRAIN We found a few different systems hung up in writeback waiting on the same page lock, and one task waiting on the NFSLAYOUTDRAIN bit in pnfsupdatelayout, however the pnfslayouthdr's...

CVE-2025-38404

CVE-2025-38404 affects the Linux kernel USB Type-C/displayport subsystem. The issue is a potential deadlock caused by recursive locking of cros_typec_altmode_data::mutex when a mutex-protected path calls typec_altmode_exit() from within the same context. The documented fix defers the typec_altmod...

CVE-2025-38397

CVE-2025-38397 is a Linux kernel vulnerability related to a suspicious RCU usage warning in nvme_mpath_add_sysfs_link() during NVMe over TCP tests. The connected SUSE/OpenSUSE advisories confirm a kernel fix addressing this RCU warning (nvme-multipath) in the Linux kernel, and indicate an updated...

CVE-2025-38396 fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass

In the Linux kernel, the following vulnerability has been resolved: fs: export anoninodemakesecureinode and fix secretmem LSM bypass Export anoninodemakesecureinode to allow KVM guestmemfd to create anonymous inodes with proper security context. This replaces the current pattern of calling...

CVE-2025-38391

CVE-2025-38391 in the Linux kernel addresses a vulnerability in USB Type-C Alt Mode handling for DisplayPort. A misbehaving port partner could claim pin assignment capabilities beyond the valid range, causing an out-of-bounds access in pin_assignment_show. The fix adds a DP_PIN_ASSIGN_MAX constan...

CVE-2025-38389 drm/i915/gt: Fix timeline left held on VMA alloc error

In the Linux kernel, the following vulnerability has been resolved: drm/i915/gt: Fix timeline left held on VMA alloc error The following error has been reported sporadically by CI when a test unbinds the i915 driver on a ring submission platform: 239.330153 ------------ cut here ------------...

CVE-2025-38375

CVE-2025-38375: In the Linux kernel, virtio-net could trigger an out-of-bounds read due to not validating the received length against the allocated size when reading buffers from the ring in xdp_linearize_page. The fix adds the missing length check. Affected entries in Debian/Amazon/RH advisories...

CVE-2025-38363

CVE-2025-38363 : In the Linux kernel, a null pointer dereference could occur in the Tegra DRM driver. Specifically, in tegra_crtc_reset(), memory allocated with kzalloc() is not checked for failure; before calling __drm_atomic_helper_crtc_reset, the CRTC state should be validated to prevent deref...

CVE-2025-38355 drm/xe: Process deferred GGTT node removals on device unwind

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Process deferred GGTT node removals on device unwind While we are indirectly draining our dedicated workqueue ggtt-wq that we use to complete asynchronous removal of some GGTT nodes, this happends as part of the managed-d...

SUSE-SU-2025:02469-1 Security update for the Linux Kernel (Live Patch 39 for SLE 15 SP4)

This update for the Linux Kernel 5.14.21-15040024161 fixes one issue. The following security issue was fixed: - CVE-2024-56558: nfsd: make sure exp active before svcexportshow bsc1243648...

Ubuntu 25.04 : Linux kernel (Oracle) vulnerabilities (USN-7665-1)

The remote Ubuntu 25.04 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7665-1 advisory. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the...