CVE-2025-38226

In the Linux kernel, the following vulnerability has been resolved: media: vivid: Change the siize of the composing syzkaller found a bug: BUG: KASAN: vmalloc-out-of-bounds in tpgfillplanepattern drivers/media/common/v4l2-tpg/v4l2-tpg-core.c:2608 inline BUG: KASAN: vmalloc-out-of-bounds in...

CVE-2025-38220

In the Linux kernel, the following vulnerability has been resolved: ext4: only dirty folios when data journaling regular files fstest generic/388 occasionally reproduces a crash that looks as follows: BUG: kernel NULL pointer dereference, address: 0000000000000000 ... Call Trace:...

CVE-2025-38215

In the Linux kernel, the following vulnerability has been resolved: fbdev: Fix doregisterframebuffer to prevent null-ptr-deref in fbvideomodetovar If fbaddvideomode in doregisterframebuffer fails to allocate memory for fbvideomode, it will later lead to a null-ptr dereference in fbvideomodetovar,...

CVE-2025-38194

In the Linux kernel, the following vulnerability has been resolved: jffs2: check that raw node were preallocated before writing summary Syzkaller detected a kernel bug in jffs2linknoderef, caused by fault injection in jffs2preallocrawnoderefs. jffs2sumwritesumnode doesn't check return value of...

CVE-2025-38181

In the Linux kernel, the following vulnerability has been resolved: calipso: Fix null-ptr-deref in calipsoreqset,delattr. syzkaller reported a null-ptr-deref in sockomalloc while allocating a CALIPSO option. 0 The NULL is of struct sock, which was fetched by sktofullsk in calipsoreqsetattr. Since...

CVE-2025-53367

DjVuLibre is a GPL implementation of DjVu, a web-centric format for distributing documents and images. Prior to version 3.5.29, the MMRDecoder::scanruns method is affected by an OOB-write vulnerability, because it does not check that the xr pointer stays within the bounds of the allocated buffer...

CVE-2025-38139

In the Linux kernel, the following vulnerability has been resolved: netfs: Fix oops in write-retry from mis-resetting the subreq iterator Fix the resetting of the subrequest iterator in netfsretrywritestream to use the iterator-reset function as the iterator may have been shortened by a previous...

CVE-2025-38128

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: reject malformed HCICMDSYNC commands In 'mgmthcicmdsync', check whether the size of parameters passed in 'struct mgmtcphcicmdsync' matches the total size of the data i.e. 'sizeofstruct mgmtcphcicmdsync' plus...

CVE-2025-38121

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mld: avoid panic on init failure In case of an error during init, inhwrestart will be set, but it will never get cleared. Instead, we will retry to init again, and then we will act like we are in a restart when we...

CVE-2025-38166

In the Linux kernel, the following vulnerability has been resolved: bpf: fix ktls panic with sockmap 2172.936997 ------------ cut here ------------ 2172.936999 kernel BUG at lib/ioviter.c:629! ...... 2172.944996 PKRU: 55555554 2172.945155 Call Trace: 2172.945299 2172.945428 ? die+0x36/0x90...

CVE-2025-38144

In the Linux kernel, the following vulnerability has been resolved: watchdog: lenovose30wdt: Fix possible devmioremap NULL pointer dereference in lenovose30wdtprobe devmioremap returns NULL on error. Currently, lenovose30wdtprobe does not check for this case, which results in a NULL pointer...

CVE-2025-38141

In the Linux kernel, the following vulnerability has been resolved: dm: fix dmblkreportzones If dmgetlivetable returned NULL, dmputlivetable was never called. Also, it is possible that md-zonerevalidatemap will change while calling this function. Only read it once, so that we are always using the...

CVE-2025-38132

In the Linux kernel, the following vulnerability has been resolved: coresight: holding cscfgcsdevlock while removing cscfg from csdev There'll be possible race scenario for coresight config: CPU0 CPU1 perf enable load module cscfgloadconfigsets activate config. // sysfs sysactivecnt == 1...

CVE-2025-38124

In the Linux kernel, the following vulnerability has been resolved: net: fix udp gso skbsegment after pull from fraglist Commit a1e40ac5b5e9 "net: gso: fix udp gso fraglist segmentation after pull from fraglist" detected invalid geometry in fraglist skbs and redirects them from skbsegmentlist to...

CVE-2025-38107

In the Linux kernel, the following vulnerability has been resolved: netsched: ets: fix a race in etsqdiscchange Gerrard Tai reported a race condition in ETS, whenever SFQ perturb timer fires at the wrong time. The race is as follows: CPU 0 CPU 1 1: lock root 2: qdisctreeflushbacklog 3: unlock roo...

GHSA-695J-C63M-MVXC vulnerabilities

Vulnerabilities for packages: sudo...

firefox security update

128.12.0-1.0.1 - Fix firefox-oracle-default-prefs.js for new nss Orabug: 37079773 - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file 128.12.0 - Add debranding patches Mustafa Gezen - Add OpenELA default preferences Louis Abel 128.12.0-1 - Update to 128.12.0 build1...

CVE-2025-32462

Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute commands on unintended machines...

CVE-2025-4878

A vulnerability was found in libssh, where an uninitialized variable exists under certain conditions in the privatekeyfromfile function. This flaw can be triggered if the file specified by the filename doesn't exist and may lead to possible signing failures or heap corruption...

gimp: GIMP ICO File Parsing Integer Overflow

An integer overflow vulnerability was found in Gimp's handling of ICO files. This vulnerability can lead to code execution if a user is convinced to open a maliciously crafted file...