kernel: Linux kernel: Integer overflow in iwlwifi debugfs function

A flaw was identified in the Linux kernel’s iwlwifi PCIe driver. In the function iwlwritetouserbuf—which is invoked by iwldbgfsmonitordataread—an attacker could supply a specially crafted count value e.g., SIZEMAX. This leads to an integer overflow when calculating the remaining buffer space,...

kernel: drivers: base: component: fix memory leak with using debugfs_lookup()

In the Linux kernel, the following vulnerability has been resolved: drivers: base: component: fix memory leak with using debugfslookup When calling debugfslookup the result must have dput called on it, otherwise the memory will leak over time. To make things simpler, just call...

kernel: trace/blktrace: fix memory leak with using debugfs_lookup()

In the Linux kernel, the following vulnerability has been resolved: trace/blktrace: fix memory leak with using debugfslookup When calling debugfslookup the result must have dput called on it, otherwise the memory will leak over time. To make things simpler, just call debugfslookupandremove instea...

kernel: drivers: base: dd: fix memory leak with using debugfs_lookup()

In the Linux kernel, the following vulnerability has been resolved: drivers: base: dd: fix memory leak with using debugfslookup When calling debugfslookup the result must have dput called on it, otherwise the memory will leak over time. To make things simpler, just call debugfslookupandremove...

kernel: wifi: iwlwifi: fw: fix memory leak in debugfs

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: fw: fix memory leak in debugfs Fix a memory leak that occurs when reading the fwinfo file all the way, since we return NULL indicating no more data, but don't free the status tracking object...

kernel: scsi: lpfc: Prevent lpfc_debugfs_lockstat_write() buffer overflow

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Prevent lpfcdebugfslockstatwrite buffer overflow A static code analysis tool flagged the possibility of buffer overflow when using copyfromuser for a debugfs entry. Currently, it is possible that copyfromuser copies...

kernel: USB: uhci: fix memory leak with using debugfs_lookup()

In the Linux kernel, the following vulnerability has been resolved: USB: uhci: fix memory leak with using debugfslookup When calling debugfslookup the result must have dput called on it, otherwise the memory will leak over time. To make things simpler, just call debugfslookupandremove instead whi...

kernel: Kernel: NULL pointer dereference in Intel GVT-g debugfs during device removal

A flaw was found in the Linux kernel's Intel GVT-g Graphics Virtualization Technology debugfs component. When a device is removed through unbinding, the intelgvtdebugfsclean function may attempt to access a debugfs root that has already been deallocated, leading to a NULL pointer dereference. A...

kernel: drm/i915: Fix request ref counting during error capture & debugfs dump

In the Linux kernel, the following vulnerability has been resolved: drm/i915: Fix request ref counting during error capture & debugfs dump When GuC support was added to error capture, the reference counting around the request object was broken. Fix it up. The context based search manages the...

kernel: Linux kernel: Integer overflow in iwlwifi debugfs function

A flaw was identified in the Linux kernel’s iwlwifi PCIe driver. In the function iwlwritetouserbuf—which is invoked by iwldbgfsmonitordataread—an attacker could supply a specially crafted count value e.g., SIZEMAX. This leads to an integer overflow when calculating the remaining buffer space,...

kernel: USB: ULPI: fix memory leak with using debugfs_lookup()

In the Linux kernel, the following vulnerability has been resolved: USB: ULPI: fix memory leak with using debugfslookup When calling debugfslookup the result must have dput called on it, otherwise the memory will leak over time. To make things simpler, just call debugfslookupandremove instead whi...

kernel: drivers: base: component: fix memory leak with using debugfs_lookup()

In the Linux kernel, the following vulnerability has been resolved: drivers: base: component: fix memory leak with using debugfslookup When calling debugfslookup the result must have dput called on it, otherwise the memory will leak over time. To make things simpler, just call...

kernel: USB: fix memory leak with using debugfs_lookup()

In the Linux kernel, the following vulnerability has been resolved: USB: fix memory leak with using debugfslookup When calling debugfslookup the result must have dput called on it, otherwise the memory will leak over time. To make things simpler, just call debugfslookupandremove instead which...

kernel: platform/x86/amd: pmc: Fix memory leak in amd_pmc_stb_debugfs_open_v2()

A memory leak was found in the AMD PMC driver's STB debugfs interface. When amdpmcsendcmd fails, the allocated buffer is not freed, causing memory to leak on each failed operation...

kernel: USB: chipidea: fix memory leak with using debugfs_lookup()

In the Linux kernel, the following vulnerability has been resolved: USB: chipidea: fix memory leak with using debugfslookup When calling debugfslookup the result must have dput called on it, otherwise the memory will leak over time. To make things simpler, just call debugfslookupandremove instead...

PT-2025-38392

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak exists when using the debugfs lookup function in the USB ULPI subsystem. The result of calling debugfs lookup requires dput to be called on it to prevent memory leaks over...

PT-2025-38390

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak exists in the trace/blktrace module when using the debugfs lookup function. Failing to call dput on the result of debugfs lookup leads to a memory leak over time. The issue...

PT-2024-14688

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A null pointer error in the debugfs of the Linux kernel's drm/amd/display component has been resolved. The issue was caused by not checking if the get subvp en callback exists before...

Unbreakable Enterprise kernel security update

5.15.0-102.110.5 - RISC-V: Fix up a cherry-pick warning in setupvmfinal Alexandre Ghiti - Revert 'Bluetooth: btsdio: fix use after free bug in btsdioremove due to unfinished work' Liu Jian - riscv: mm: remove redundant parameter of createfdtearlypagetable Song Shuai - kernfs: change...

kernel: Linux kernel: Hard lockup in lpfc driver leads to Denial of Service

A flaw was found in the Linux kernel. A local user could trigger a hard lockup by concurrently reading the rxmonitor from debugfs during I/O operations in the lpfc driver. This concurrency issue, caused by insufficient spin lock protection, leads to a system crash and results in a Denial of Servi...