CVE-2025-37756

In the Linux kernel, the following vulnerability has been resolved: net: tls: explicitly disallow disconnect syzbot discovered that it can disconnect a TLS socket and then run into all sort of unexpected corner cases. I have a vague recollection of Eric pointing this out to us a long time ago...

CVE-2025-23149

In the Linux kernel, the following vulnerability has been resolved: tpm: do not start chip while suspended Checking TPMCHIPFLAGSUSPENDED after the call to tpmfindgetops can lead to a spurious tpmchipstart call: 35985.503771 i2c i2c-1: Transfer while suspended 35985.503796 WARNING: CPU: 0 PID: 74 ...

CVE-2025-23139

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

CVE-2025-23139

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

CVE-2025-37795

CVE-2025-37795 is rejected/not used per the CVE entry; not an active vulnerability.

CVE-2025-37793

CVE-2025-37793 affects the Linux kernel ASoC: Intel avs driver. The vulnerability arises when avs_component_probe() dereferences a NULL from devm_kasprintf() if memory allocation fails, leading to a NULL pointer dereference. A fix was implemented in the kernel to check for NULL from devm_kasprint...

CVE-2025-37790 net: mctp: Set SOCK_RCU_FREE

In the Linux kernel, the following vulnerability has been resolved: net: mctp: Set SOCKRCUFREE Bind lookup runs under RCU, so ensure that a socket doesn't go away in the middle of a lookup...

CVE-2025-37789 net: openvswitch: fix nested key length validation in the set() action

In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix nested key length validation in the set action It's not safe to access nlalenovskey if the data is smaller than the netlink header. Check that the attribute is OK first...

CVE-2025-37778

CVE-2025-37778 affects the Linux kernel’s ksmbd/kerberos path. The issue is a dangling pointer in krb_authenticate: it frees sess->user and may not null it; ksmbd_krb5_authenticate reinitialises sess->user, but may return without doing so, causing smb2_sess_setup to access freed memory. The...

CVE-2025-37772 RDMA/cma: Fix workqueue crash in cma_netevent_work_handler

In the Linux kernel, the following vulnerability has been resolved: RDMA/cma: Fix workqueue crash in cmaneteventworkhandler struct rdmacmid has member "struct workstruct network" that is reused for enqueuing cmaneteventworkhandlers onto cmawq. Below crash1 can occur if more than one call to...

CVE-2025-37770

CVE-2025-37770 affects the Linux kernel (drm/amd/pm): if a user sets a speed value greater than UINT_MAX/8, a division by zero is possible. The issue is exploitable locally with low privileges and no user interaction required. The vulnerability was identified by the Linux Verification Center (SVA...

CVE-2025-37769 drm/amd/pm/smu11: Prevent division by zero

In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm/smu11: Prevent division by zero The user can set any speed value. If speed is greater than UINTMAX/8, division by zero is possible. Found by Linux Verification Center linuxtesting.org with SVACE. cherry picked from...

CVE-2025-37746 perf/dwc_pcie: fix duplicate pci_dev devices

In the Linux kernel, the following vulnerability has been resolved: perf/dwcpcie: fix duplicate pcidev devices During platformdeviceregister, wrongly using struct device pcidev as platformdata caused a kmemdup copy of pcidev. Worse still, accessing the duplicated device leads to list corruption a...

CVE-2025-37743 wifi: ath12k: Avoid memory leak while enabling statistics

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Avoid memory leak while enabling statistics Driver uses monitor destination rings for extended statistics mode and standalone monitor mode. In extended statistics mode, TLVs are parsed from the buffer received from...

PT-2025-18569

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A security issue has been identified in the Linux kernel, specifically related to the riscv process, where the s12 array in thread struct may contain random kernel memory content. This...

Security Bulletin: IBM Technical Suppport Appliance - possible security flaws or denial of service

Summary Several fixes to the Linux kernel for reported issues related to various security vulnerabilities such as denial of service, unauthorized access, or leakage of sensitive data. Vulnerability Details CVEID:CVE-2024-53088 DESCRIPTION: In the Linux kernel, the following vulnerability has been...

Ubuntu 24.04 LTS : Linux kernel (Azure, N-Series) vulnerabilities (USN-7468-1)

"The remote Ubuntu 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7468-1 advisory. Michael Randrianantenaina discovered that the Bluetooth driver in the Linux Kernel contained an improper access control vulnerability. A nearby attacker...

CVE-2025-39735

In the Linux kernel, the following vulnerability has been resolved: jfs: fix slab-out-of-bounds read in eaget During the "sizecheck" label in eaget, the code checks if the extended attribute list xattr size matches easize. If not, it logs "eaget: invalid extended attribute" and calls printhexdump...

CVE-2025-38104 drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to avoid Priority Inversion in SRIOV

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to avoid Priority Inversion in SRIOV RLCG Register Access is a way for virtual functions to safely access GPU registers in a virtualized environment., including TLB...

CVE-2021-47671

In the Linux kernel, the following vulnerability has been resolved: can: etases58x: es58xrxerrmsg: fix memory leak in error path In es58xrxerrmsg, if can-dosetmode fails, the function directly returns without calling netifrxskb. This means that the skb previously allocated by alloccanerrskb is no...