1181 matches found
DEBIAN-CVE-2025-39919
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7996: add missing check for rx wcid entries Non-station wcid entries must not be passed to the rx functions. In case of the global wcid entry, it could even lead to corruption in the wcid array due to pointer being...
DEBIAN-CVE-2025-39918
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: fix linked list corruption Never leave scheduled wcid entries on the temporary on-stack list...
DEBIAN-CVE-2025-39925
In the Linux kernel, the following vulnerability has been resolved: can: j1939: implement NETDEVUNREGISTER notification handler syzbot is reporting unregisternetdevice: waiting for vcan0 to become free. Usage count = 2 problem, for j1939 protocol did not have NETDEVUNREGISTER notification handler...
DEBIAN-CVE-2025-39912
In the Linux kernel, the following vulnerability has been resolved: nfs/localio: restore creds before releasing pageio data Otherwise if the nfsd filecache code releases the nfsdfile immediately, it can trigger the BUGONcred == current-cred in putcred when it puts the nfsdfile-nffile-f-cred...
DEBIAN-CVE-2025-39910
In the Linux kernel, the following vulnerability has been resolved: mm/vmalloc, mm/kasan: respect gfp mask in kasanpopulatevmalloc kasanpopulatevmalloc and its helpers ignore the caller's gfpmask and always allocate memory using the hardcoded GFPKERNEL flag. This makes them inconsistent with...
DEBIAN-CVE-2025-39904
In the Linux kernel, the following vulnerability has been resolved: arm64: kexec: initialize kexecbuf struct in loadothersegments Patch series "kexec: Fix invalid field access". The kexecbuf structure was previously declared without initialization. commit bf454ec31add "kexecfile: allow to place...
DEBIAN-CVE-2025-39906
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: remove oem i2c adapter on finish Fixes a bug where unbinding of the GPU would leave the oem i2c adapter registered resulting in a null pointer dereference when applications try to access the invalid device. cherr...
DEBIAN-CVE-2025-39908
In the Linux kernel, the following vulnerability has been resolved: net: devioctl: take ops lock in hwtstamp lower paths ndo hwtstamp callbacks are expected to run under the per-device ops lock. Make the lower get/set paths consistent with the rest of ndo invocations. Kernel log: WARNING: CPU: 13...
DEBIAN-CVE-2025-39905
In the Linux kernel, the following vulnerability has been resolved: net: phylink: add lock for serializing concurrent pl-phydev writes with resolver Currently phylinkresolve protects itself against concurrent phylinkbringupphy or phylinkdisconnectphy calls which modify pl-phydev by relying on...
DEBIAN-CVE-2025-39898
In the Linux kernel, the following vulnerability has been resolved: e1000e: fix heap overflow in e1000seteeprom Fix a possible heap overflow in e1000seteeprom function by adding input validation for the requested length of the change in the EEPROM. In addition, change the variable type from int t...
DEBIAN-CVE-2025-39894
In the Linux kernel, the following vulnerability has been resolved: netfilter: brnetfilter: do not check confirmed bit in brnflocalin after confirm When send a broadcast packet to a tap device, which was added to a bridge, brnflocalin is called to confirm the conntrack. If another conntrack with...
DEBIAN-CVE-2025-39892
In the Linux kernel, the following vulnerability has been resolved: ASoC: soc-core: care NULL dirver name on sndsoclookupcomponentnolocked soc-generic-dmaengine-pcm.c uses same dev for both CPU and Platform. In such case, CPU component driver might not have driver-name, then...
DEBIAN-CVE-2025-39893
In the Linux kernel, the following vulnerability has been resolved: spi: spi-qpic-snand: unregister ECC engine on probe error and device remove The on-host hardware ECC engine remains registered both when the spiregistercontroller function returns with an error and also on device removal. Change...
MINI-6R49-C8H6-8W3F
Bulletin has no description...
BELL-CVE-2025-9232
Bulletin has no description...
MINI-P238-37J2-J3HV
Bulletin has no description...
ECHO-C430-EC5E-6DDE
Bulletin has no description...
DEBIAN-CVE-2025-9231
Issue summary: A timing side-channel which could potentially allow remote recovery of the private key exists in the SM2 algorithm implementation on 64 bit ARM platforms. Impact summary: A timing side-channel in SM2 signature computations on 64 bit ARM platforms could allow recovering the private...
BELL-CVE-2025-2485
Bulletin has no description...
MINI-G275-WV3M-R434
Bulletin has no description...