CVE-2025-38201 netfilter: nft_set_pipapo: clamp maximum map bucket size to INT_MAX

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetpipapo: clamp maximum map bucket size to INTMAX Otherwise, it is possible to hit WARNONONCE in kvmallocnodenoprof when resizing hashtable because GFPNOWARN is unset. Similar to: b541ba7d1f5a "netfilter: conntrack...

CVE-2025-38186

In the Linux kernel, the following vulnerability has been resolved: bnxten: Fix double invocation of bnxtulpstop/bnxtulpstart Before the commit under the Fixes tag below, bnxtulpstop and bnxtulpstart were always invoked in pairs. After that commit, the new bnxtulprestart can be invoked after...

CVE-2025-38180 net: atm: fix /proc/net/atm/lec handling

In the Linux kernel, the following vulnerability has been resolved: net: atm: fix /proc/net/atm/lec handling /proc/net/atm/lec must ensure safety against devlec changes. It appears it had devput calls without prior devhold, leading to imbalance and UAF...

CVE-2025-38164

In the Linux kernel, the following vulnerability has been resolved: f2fs: zone: fix to avoid inconsistence in between SIT and SSA w/ below testcase, it will cause inconsistence in between SIT and SSA. createnullblk 512 2 1024 1024 mkfs.f2fs -m /dev/nullb0 mount /dev/nullb0 /mnt/f2fs/ touch...

CVE-2025-38173 crypto: marvell/cesa - Handle zero-length skcipher requests

In the Linux kernel, the following vulnerability has been resolved: crypto: marvell/cesa - Handle zero-length skcipher requests Do not access random memory for zero-length skcipher requests. Just return 0...

CVE-2025-38173

CVE-2025-38173 affects the Linux kernel’s crypto path for marvell/cesa. The vulnerability arises from handling zero-length skcipher requests, where code could access invalid memory. The fix makes zero-length requests return 0 instead of reading memory. This is a local vulnerability with the kerne...

CVE-2025-38163 f2fs: fix to do sanity check on sbi->total_valid_block_count

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on sbi-totalvalidblockcount syzbot reported a f2fs bug as below: ------------ cut here ------------ kernel BUG at fs/f2fs/f2fs.h:2521! RIP: 0010:decvalidblockcount+0x3b2/0x3c0 fs/f2fs/f2fs.h:2521 Call...

CVE-2025-38146 net: openvswitch: Fix the dead loop of MPLS parse

In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: Fix the dead loop of MPLS parse The unexpected MPLS packet may not end with the bottom label stack. When there are many stacks, The label count value has wrapped around. A dead loop occurs, soft lockup/CPU stuck...

CVE-2025-38142

The CVE-2025-38142 issue affects the Linux kernel hwmon path (asus-ec-sensors) where read_string() could read a non-existent sensor because find_ec_sensor_index() returned a negative value (for example -ENOENT) and was used without validation. The fix introduces a check to ensure sensor_index is ...

CVE-2025-38141 dm: fix dm_blk_report_zones

In the Linux kernel, the following vulnerability has been resolved: dm: fix dmblkreportzones If dmgetlivetable returned NULL, dmputlivetable was never called. Also, it is possible that md-zonerevalidatemap will change while calling this function. Only read it once, so that we are always using the...

CVE-2025-38131 coresight: prevent deactivate active config while enabling the config

In the Linux kernel, the following vulnerability has been resolved: coresight: prevent deactivate active config while enabling the config While enable active config via cscfgcsdevenableactiveconfig, active config could be deactivated via configfs' sysfs interface. This could make UAF issue in bel...

CVE-2025-38129 page_pool: Fix use-after-free in page_pool_recycle_in_ring

In the Linux kernel, the following vulnerability has been resolved: pagepool: Fix use-after-free in pagepoolrecycleinring syzbot reported a uaf in pagepoolrecycleinring: BUG: KASAN: slab-use-after-free in lockrelease+0x151/0xa30 kernel/locking/lockdep.c:5862 Read of size 8 at addr ffff8880286045a...

CVE-2025-38126 net: stmmac: make sure that ptp_rate is not 0 before configuring timestamping

In the Linux kernel, the following vulnerability has been resolved: net: stmmac: make sure that ptprate is not 0 before configuring timestamping The stmmac platform drivers that do not open-code the clkptprate value after having retrieved the default one from the device-tree can end up with 0 in...

CVE-2025-38115

CVE-2025-38115 — Linux kernel net_sched SFQ crash fix A vulnerability in the SFQ qdisc of net_sched allowed a crash when handling gso_skb due to an inflated sch->q.len after a blamed commit. This could enable an enqueue on an already-empty SFQ queue followed by an immediate drop. The issue was...

CVE-2025-38101 ring-buffer: Fix buffer locking in ring_buffer_subbuf_order_set()

In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Fix buffer locking in ringbuffersubbuforderset Enlarge the critical section in ringbuffersubbuforderset to ensure that error handling takes place with per-buffer mutex held, thus preventing list corruption and other...

CVE-2025-38099 Bluetooth: Disable SCO support if READ_VOICE_SETTING is unsupported/broken

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Disable SCO support if READVOICESETTING is unsupported/broken A SCO connection without the proper voicesetting can cause the controller to lock up...

CVE-2025-38098

CVE-2025-38098 affects the Linux kernel’s DRM/AMD display path. The vulnerability stems from improper handling of a wb (writeback) connector and an amdgpu_dmConnector, where dereferencing aconnector->base could lead to unintended behavior. The issue is localized (requires local access) and the...

Ubuntu: Security Advisory (USN-7608-3)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-7608-3: Linux kernel (Real-time) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - GPU drivers; - SMB network file system; - Memory management; - Netfilter; - Network traffic control; CVE-2025-37890...

CVE-2025-38084

In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: unshare page tables during VMA split, not before Currently, splitvma triggers hugetlb page table unsharing through vmops-maysplit. This happens before the VMA lock and rmap locks are taken - which is too early, it...