950 matches found
CVE-2025-37862 HID: pidff: Fix null pointer dereference in pidff_find_fields
In the Linux kernel, the following vulnerability has been resolved: HID: pidff: Fix null pointer dereference in pidfffindfields This function triggered a null pointer dereference if used to search for a report that isn't implemented on the device. This happened both for optional and required...
CVE-2025-37834
In the Linux kernel, the following vulnerability has been resolved: mm/vmscan: don't try to reclaim hwpoison folio Syzkaller reports a bug as follows: Injecting memory failure for pfn 0x18b00e at process virtual address 0x20ffd000 Memory failure: 0x18b00e: dirty swapcache page still referenced by...
CVE-2025-37827
CVE-2025-37827 affects the Linux kernel’s Btrfs zoned mechanism when a RAID1 block-group has a write-pointer mismatch between disks. Root cause: a NULL pointer dereference in __btrfs_add_free_space_zoned() triggered by converting the metadata profile from DUP to RAID1 on two disks, leading to an ...
OSV-2025-324 Index-out-of-bounds in dwg_decode_eed
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=415083665 Crash type: Index-out-of-bounds Crash state: dwgdecodeeed dwgdecodeentity dwgdecodeATTDEFprivate...
CVE-2023-53138 net: caif: Fix use-after-free in cfusbl_device_notify()
In the Linux kernel, the following vulnerability has been resolved: net: caif: Fix use-after-free in cfusbldevicenotify syzbot reported use-after-free in cfusbldevicenotify 1. This causes a stack trace like below: BUG: KASAN: use-after-free in cfusbldevicenotify+0x7c9/0x870 net/caif/caifusb.c:138...
CVE-2022-49832 pinctrl: devicetree: fix null pointer dereferencing in pinctrl_dt_to_map
In the Linux kernel, the following vulnerability has been resolved: pinctrl: devicetree: fix null pointer dereferencing in pinctrldttomap Here is the BUG report by KASAN about null pointer dereference: BUG: KASAN: null-ptr-deref in strcmp+0x2e/0x50 Read of size 1 at addr 0000000000000000 by task...
CVE-2022-49832 pinctrl: devicetree: fix null pointer dereferencing in pinctrl_dt_to_map
In the Linux kernel, the following vulnerability has been resolved: pinctrl: devicetree: fix null pointer dereferencing in pinctrldttomap Here is the BUG report by KASAN about null pointer dereference: BUG: KASAN: null-ptr-deref in strcmp+0x2e/0x50 Read of size 1 at addr 0000000000000000 by task...
CVE-2022-49783 x86/fpu: Drop fpregs lock before inheriting FPU permissions
In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Drop fpregs lock before inheriting FPU permissions Mike Galbraith reported the following against an old fork of preempt-rt but the same issue also applies to the current preempt-rt tree. BUG: sleeping function called fro...
CVE-2025-37742 jfs: Fix uninit-value access of imap allocated in the diMount() function
In the Linux kernel, the following vulnerability has been resolved: jfs: Fix uninit-value access of imap allocated in the diMount function syzbot reports that hexdumptobuffer is using uninit-value: ===================================================== BUG: KMSAN: uninit-value in...
Fedora: Security Advisory (FEDORA-2025-d5fdbedb7f)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2025-37925
In the Linux kernel, the following vulnerability has been resolved: jfs: reject on-disk inodes of an unsupported type Syzbot has reported the following BUG: kernel BUG at fs/inode.c:668! Oops: invalid opcode: 0000 1 PREEMPT SMP KASAN PTI CPU: 3 UID: 0 PID: 139 Comm: jfsCommit Not tainted...
CVE-2025-37925 jfs: reject on-disk inodes of an unsupported type
In the Linux kernel, the following vulnerability has been resolved: jfs: reject on-disk inodes of an unsupported type Syzbot has reported the following BUG: kernel BUG at fs/inode.c:668! Oops: invalid opcode: 0000 1 PREEMPT SMP KASAN PTI CPU: 3 UID: 0 PID: 139 Comm: jfsCommit Not tainted...
CVE-2025-37925
The CVE-2025-37925 entry concerns a Linux kernel vulnerability in the JFS filesystem. When finalizing an on-disk inode, clear_inode() could encounter an unknown type and trigger a kernel BUG; the root cause is an invalid handling path for on-disk inode types, where types 5–15 are reserved. The fi...
CVE-2025-22020 memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove
In the Linux kernel, the following vulnerability has been resolved: memstick: rtsxusbms: Fix slab-use-after-free in rtsxusbmsdrvremove This fixes the following crash: ================================================================== BUG: KASAN: slab-use-after-free in rtsxusbmspollcard+0x159/0x20...
Stable Channel Update for Desktop
The Stable channel has been updated to 135.0.7049.84/.85 for Windows, Mac and 135.0.7049.84 for Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log. Security Fixes and Rewards Note: Access to bug details and links may be kept restrict...
The Bug Report - March 2025 Edition
The Bug Report - March 2025 Edition By Jonathan Omakun · April 3, 2025 Why am I here? Welcome to the March 2025 edition of The Bug Report—where the bracket-breaking isn’t just happening on the court. While US college basketball fans are busy filling out brackets and chasing Cinderella stories,...
CVE-2023-53031
In the Linux kernel, the following vulnerability has been resolved: powerpc/imc-pmu: Fix use of mutex in IRQs disabled section Current imc-pmu code triggers a WARNING with CONFIGDEBUGATOMICSLEEP and CONFIGPROVELOCKING enabled, while running a threadimc event. Command to trigger the warning: perf...
CVE-2023-52973 vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF
In the Linux kernel, the following vulnerability has been resolved: vcscreen: move load of struct vcdata pointer in vcsread to avoid UAF After a call to consoleunlock in vcsread the vcdata struct can be freed by vcdeallocate. Because of that, the struct vcdata pointer load must be done at the top...
CVE-2022-49744
The CVE-2022-49744 entry concerns a Linux kernel mm/uffd issue: when forking, the dst_vma may not inherit VM_UFFD_WP even if the src has it, leading to a stale pte marker and potential access to a corrupted page. The fix is a two‑patch series under “mm: Fixes on pte markers” that hardens pte mark...
CVE-2025-21887
In the Linux kernel, the following vulnerability has been resolved: ovl: fix UAF in ovldentryupdatereval by moving dput in ovllinkup The issue was caused by dputupper being called before ovldentryupdatereval, while upper-dflags was still accessed in ovldentryremote. Move dputupper after its last...