DEBIAN-CVE-2025-37823

In the Linux kernel, the following vulnerability has been resolved: netsched: hfsc: Fix a potential UAF in hfscdequeue too Similarly to the previous patch, we need to safe guard hfscdequeue too. But for this one, we don't have a reliable reproducer...

DEBIAN-CVE-2022-49762

In the Linux kernel, the following vulnerability has been resolved: ntfs: check overflow when iterating ATTRRECORDs Kernel iterates over ATTRRECORDs in mft record in ntfsattrfind. Because the ATTRRECORDs are next to each other, kernel can get the next ATTRRECORD from end address of current...

DEBIAN-CVE-2025-37776

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in smbbreakalllevIIoplock There is a room in smbbreakalllevIIoplock that can cause racy issues when unlocking in the middle of the loop. This patch use read lock to protect whole loop...

CLSA-2025-1745530034 Fix CVE(s): CVE-2024-7592

SECURITY UPDATE: Quadratic complexity, resulting in excess CPU while parsing - debian/patches/CVE-2024-7592.patch: fix quadratic complexity in parsing "-quoted cookie values with backslashes - CVE-2024-7592...

CLSA-2025-1744874696 Fix CVE(s): CVE-2024-7592

SECURITY UPDATE: Quadratic complexity, resulting in excess CPU while parsing - debian/patches/CVE-2024-7592.patch: fix quadratic complexity in parsing "-quoted cookie values with backslashes - CVE-2024-7592...

DEBIAN-CVE-2025-22118

In the Linux kernel, the following vulnerability has been resolved: ice: validate queue quanta parameters to prevent OOB access Add queue wraparound prevention in quanta configuration. Ensure endqid does not overflow by validating startqid and numqueues...

CLSA-2025-1744719966 Fix CVE(s): CVE-2020-10729

SECURITY UPDATE: insufficiently random password generation vulnerability - debian/patches/CVE-2020-10729.patch: Fix issue with caching Jinja2 expressions, only cache results of single variable names - CVE-2020-10729...

DEBIAN-CVE-2025-21997

In the Linux kernel, the following vulnerability has been resolved: xsk: fix an integer overflow in xpcreateandassignumem Since the i and pool-chunksize variables are of type 'u32', their product can wrap around and then be cast to 'u64'. This can lead to two different XDP buffers pointing to the...

DEBIAN-CVE-2025-21999

In the Linux kernel, the following vulnerability has been resolved: proc: fix UAF in procgetinode Fix race between rmmod and /proc/XXX's inode instantiation. The bug is that pde-procops don't belong to /proc, it belongs to a module, therefore dereferencing it after /proc entry has been registered...

DEBIAN-CVE-2025-22001

In the Linux kernel, the following vulnerability has been resolved: accel/qaic: Fix integer overflow in qaicvalidatereq These are u64 variables that come from the user via qaicattachsliceboioctl. Use checkaddoverflow to ensure that the math doesn't have an integer wrapping bug...

DEBIAN-CVE-2023-53024

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix pointer-leak due to insufficient speculative store bypass mitigation To mitigate Spectre v4, 2039f26f3aca "bpf: Fix leakage due to insufficient speculative store bypass mitigation" inserts lfence instructions after 1...

DEBIAN-CVE-2023-53005

In the Linux kernel, the following vulnerability has been resolved: traceeventshist: add check for return value of 'createhistfield' Function 'createhistfield' is called recursively at traceeventshist.c:1954 and can return NULL-value that's why we have to check it to avoid null pointer dereferenc...

DEBIAN-CVE-2022-49741

In the Linux kernel, the following vulnerability has been resolved: fbdev: smscufx: fix error handling code in ufxusbprobe The current error handling code in ufxusbprobe have many unmatching issues, e.g., missing ufxfreeusblist, destroymodedb label should only include framebufferrelease,...

CLSA-2025-1742471100 Fix CVE(s): CVE-2025-1094

SECURITY UPDATE: PostgreSQL libpq incorrect neutralization of quoting syntax allows SQL injection - debian/patches/CVE-2025-1094.patch: Add full encoding validation in libpq data-quoting functions. - CVE-2025-1094...

CLSA-2025-1742317463 Fix CVE(s): CVE-2025-0840

SECURITY UPDATE: address stack-based buffer overflow in disassemblebytes function - debian/patches/CVE-2025-0840.patch: Fix stack-buffer-overflow in disassemblebytes caused by oversized buffer - CVE-2025-0840...

DEBIAN-CVE-2025-21765

In the Linux kernel, the following vulnerability has been resolved: ipv6: use RCU protection in ip6defaultadvmss ip6defaultadvmss needs rcu protection to make sure the net structure it reads does not disappear...

DEBIAN-CVE-2022-49704

In the Linux kernel, the following vulnerability has been resolved: 9p: fix fid refcount leak in v9fsvfsgetlink we check for protocol version later than required, after a fid has been obtained. Just move the version check earlier...

DEBIAN-CVE-2022-49677

In the Linux kernel, the following vulnerability has been resolved: ARM: cns3xxx: Fix refcount leak in cns3xxxinit offindcompatiblenode returns a node pointer with refcount incremented, we should use ofnodeput on it when done. Add missing ofnodeput to avoid refcount leak...

DEBIAN-CVE-2022-49680

In the Linux kernel, the following vulnerability has been resolved: ARM: exynos: Fix refcount leak in exynosmappmu offindmatchingnode returns a node pointer with refcount incremented, we should use ofnodeput on it when not need anymore. Add missing ofnodeput to avoid refcount leak. ofnodeput chec...

DEBIAN-CVE-2022-49635

In the Linux kernel, the following vulnerability has been resolved: drm/i915/selftests: fix subtraction overflow bug On some machines holeend can be small enough to cause subtraction overflow. On the other side addr + 2 minalignment can overflow in case of mock tests. This patch should handle bot...