CVE-2025-38276 fs/dax: Fix "don't skip locked entries when scanning entries"

In the Linux kernel, the following vulnerability has been resolved: fs/dax: Fix "don't skip locked entries when scanning entries" Commit 6be3e21d25ca "fs/dax: don't skip locked entries when scanning entries" introduced a new function, waitentryunlockedexclusive, which waits for the current entry ...

CVE-2025-38272 net: dsa: b53: do not enable EEE on bcm63xx

In the Linux kernel, the following vulnerability has been resolved: net: dsa: b53: do not enable EEE on bcm63xx BCM63xx internal switches do not support EEE, but provide multiple RGMII ports where external PHYs may be connected. If one of these PHYs are EEE capable, we may try to enable EEE for t...

Important: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: Bluetooth: Fix use after free in hcisendacl CVE-2022-49111 kernel: Bluetooth: hcisync: Fix queuing commands when HCIUNREGISTER is set CVE-2022-49136 kernel: udf: Fix a slab-out-of-bounds...

USN-7594-3: Linux kernel vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM32 architecture; - ARM64 architecture; - PowerPC architecture; - RISC-V architecture; - User-Mode Linux UML; - x...

CVE-2025-38236

In the Linux kernel, the following vulnerability has been resolved: afunix: Don't leave consecutive consumed OOB skbs. Jann Horn reported a use-after-free in unixstreamreadgeneric. The following sequences reproduce the issue: $ python3 from socket import s1, s2 = socketpairAFUNIX, SOCKSTREAM...

Ubuntu: Security Advisory (USN-7609-3)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2025-38235

CVE-2025-38235: Linux kernel fix for appletb_kbd backlight reference counting leak. backlight_device_get_by_name increments ref count for android backlight named "appletb_backlight" and it is not released, causing a reference leak. The fix decrements the reference count on removal via put_device ...

PT-2025-28071 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A reference leak issue has been identified in the Linux kernel, specifically in the HID appletb-kbd module. The problem occurs when the appletb kbd probe function attempts to get the...

CVE-2025-38211

In the Linux kernel, the following vulnerability has been resolved: RDMA/iwcm: Fix use-after-free of work objects after cmid destruction The commit 59c68ac31e15 "iwcm: free cmid resources on the last deref" simplified cmid resource management by freeing cmid once all references to the cmid were...

CVE-2025-38187

In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: fix a use-after-free in r535gsprpcpush The RPC container is released after being passed to r535gsprpcsend. When sending the initial fragment of a large RPC and passing the caller's RPC container, the container will b...

CVE-2025-38233 powerpc64/ftrace: fix clobbered r15 during livepatching

In the Linux kernel, the following vulnerability has been resolved: powerpc64/ftrace: fix clobbered r15 during livepatching While r15 is clobbered always with PPCFTRACEOUTOFLINE, it is not restored in livepatch sequence leading to not so obvious fails like below: BUG: Unable to handle kernel data...

CVE-2025-38234

CVE-2025-38234 affects the Linux kernel sched/rt code. The issue is a race in push_rt_task that can race with task migration and wakeups, potentially leaving a task in a pushable list even after it has migrated or run, leading to scheduler crashes such as NULL dereferences or BUG_ON failures. A f...

CVE-2025-38231

CVE-2025-38231 affects the Linux kernel nfsd component. The vulnerability arises when laundromat_work starts before nfsd_ssc is initialized, risking a NULL pointer dereference in nfs4_state_start_net() via nfs4_laundromat -> nfsd4_ssc_expire_umount. The documented fix moves nfsd_ssc initializa...

CVE-2025-38228

In the Linux kernel, the following vulnerability has been resolved: media: imagination: fix a potential memory leak in e5010probe Add videodevicerelease to release the memory allocated by videodevicealloc if something goes wrong...

CVE-2025-38228 media: imagination: fix a potential memory leak in e5010_probe()

In the Linux kernel, the following vulnerability has been resolved: media: imagination: fix a potential memory leak in e5010probe Add videodevicerelease to release the memory allocated by videodevicealloc if something goes wrong...

CVE-2025-38216

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Restore context entry setup order for aliased devices Commit 2031c469f816 "iommu/vt-d: Add support for static identity domain" changed the context entry setup during domain attachment from a set-and-check policy to a...

CVE-2025-38216 iommu/vt-d: Restore context entry setup order for aliased devices

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Restore context entry setup order for aliased devices Commit 2031c469f816 "iommu/vt-d: Add support for static identity domain" changed the context entry setup during domain attachment from a set-and-check policy to a...

CVE-2025-38215 fbdev: Fix do_register_framebuffer to prevent null-ptr-deref in fb_videomode_to_var

In the Linux kernel, the following vulnerability has been resolved: fbdev: Fix doregisterframebuffer to prevent null-ptr-deref in fbvideomodetovar If fbaddvideomode in doregisterframebuffer fails to allocate memory for fbvideomode, it will later lead to a null-ptr dereference in fbvideomodetovar,...

CVE-2025-38203 jfs: Fix null-ptr-deref in jfs_ioc_trim

In the Linux kernel, the following vulnerability has been resolved: jfs: Fix null-ptr-deref in jfsioctrim Syzkaller Report Oops: general protection fault, probably for non-canonical address 0xdffffc0000000087: 0000 1 KASAN: null-ptr-deref in range 0x0000000000000438-0x000000000000043f CPU: 2 UID:...

CVE-2025-38201 netfilter: nft_set_pipapo: clamp maximum map bucket size to INT_MAX

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetpipapo: clamp maximum map bucket size to INTMAX Otherwise, it is possible to hit WARNONONCE in kvmallocnodenoprof when resizing hashtable because GFPNOWARN is unset. Similar to: b541ba7d1f5a "netfilter: conntrack...