kernel: Bluetooth: HCI: Fix potential null-ptr-deref

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: HCI: Fix potential null-ptr-deref Fix potential null-ptr-deref in hcilebigsyncestablishedevt...

kernel: Bluetooth: hci_conn: Fix UAF in hci_enhanced_setup_sync

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hciconn: Fix UAF in hcienhancedsetupsync This checks if the ACL connection remains valid as it could be destroyed while hcienhancedsetupsync is pending on cmdsync leading to the following trace: BUG: KASAN:...

SUSE CVE-2025-37882

In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Fix isochronous Ring Underrun/Overrun event handling The TRB pointer of these events points at enqueue at the time of error occurrence on xHCI 1.1+ HCs or it's NULL on older ones. By the time we are handling the event,...

AZL-70159 CVE-2025-37882 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Fix isochronous Ring Underrun/Overrun event handling The TRB pointer of these events points at enqueue at the time of error occurrence on xHCI 1.1+ HCs or it's NULL on older ones. By the time we are handling the event,...

DEBIAN-CVE-2025-37882

In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Fix isochronous Ring Underrun/Overrun event handling The TRB pointer of these events points at enqueue at the time of error occurrence on xHCI 1.1+ HCs or it's NULL on older ones. By the time we are handling the event,...

DEBIAN-CVE-2025-37813

In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Fix invalid pointer dereference in Etron workaround This check is performed before preparetransfer and preparering, so enqueue can already point at the final link TRB of a segment. And indeed it will, some 0.4% of time...

PT-2025-20342

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A vulnerability in the Linux kernel has been resolved, specifically in the xhci Extensible Host Controller Interface component related to the Etron workaround. The issue involves an...

UBUNTU-CVE-2023-53057

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: HCI: Fix global-out-of-bounds To loop a variable-length array, hciinitstagesyncstage considers that stagei is valid as long as stagei-1.func is valid. Thus, the last element of stage.func should be intentionally invali...

DEBIAN-CVE-2022-49908

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix memory leak in vhciwrite Syzkaller reports a memory leak as follows: ==================================== BUG: memory leak unreferenced object 0xffff88810d81ac00 size 240: ... hex dump first 32 bytes: 00 00 ...

UBUNTU-CVE-2025-22022

In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Apply the link chain quirk on NEC isoc endpoints Two clearly different specimens of NEC uPD720200 one with start/stop bug, one without were seen to cause IOMMU faults after some Missed Service Errors. Faulting address ...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the xhci driver improperly handling the Stopped - Length Invalid event...

Vulnerability of the ufshcd_exec_dev_cmd() function in the drivers/scsi/ufs/ufshcd.c module – This driver provides support for SCSI devices in the Linux operating system. It can be exploited by attackers to cause service failures.

Vulnerability of the ufshcdexecdevcmd function in the drivers/scsi/ufs/ufshcd.c module – The Linux kernel’s SCSI device support driver is vulnerable to synchronization errors when using shared resources. Exploiting this vulnerability can allow an attacker to cause service failures...

PT-2025-20357

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition can occur between the MCQ completion path and the abort handler in the Linux kernel. Once a request completes, blk mq free request sets rq-mq hctx to NULL, meaning the...

DEBIAN-CVE-2025-22011

In the Linux kernel, the following vulnerability has been resolved: ARM: dts: bcm2711: Fix xHCI power-domain During s2idle tests on the Raspberry CM4 the VPU firmware always crashes on xHCI power-domain resume: root@raspberrypi:/sys/power echo freeze state 70.724347 xhcisuspend finished 70.727730...

CVE-2025-22011 ARM: dts: bcm2711: Fix xHCI power-domain

In the Linux kernel, the following vulnerability has been resolved: ARM: dts: bcm2711: Fix xHCI power-domain During s2idle tests on the Raspberry CM4 the VPU firmware always crashes on xHCI power-domain resume: root@raspberrypi:/sys/power echo freeze state 70.724347 xhcisuspend finished 70.727730...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a misconfiguration of the xHCI power domain, which could cause the VPU firmware to crash on recovery...

DEBIAN-CVE-2025-21969

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix slab-use-after-free Read in l2capsendcmd After the hci sync command releases l2capconn, the hci receive data work queue references the released l2capconn when sending to the upper layer. Add hci dev lock to...

UBUNTU-CVE-2025-21969

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix slab-use-after-free Read in l2capsendcmd After the hci sync command releases l2capconn, the hci receive data work queue references the released l2capconn when sending to the upper layer. Add hci dev lock to...

UBUNTU-CVE-2025-21917

In the Linux kernel, the following vulnerability has been resolved: usb: renesasusbhs: Flush the notifyhotplugwork When performing continuous unbind/bind operations on the USB drivers available on the Renesas RZ/G2L SoC, a kernel crash with the message "Unable to handle kernel NULL pointer...

CVE-2025-21969 Bluetooth: L2CAP: Fix slab-use-after-free Read in l2cap_send_cmd

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix slab-use-after-free Read in l2capsendcmd After the hci sync command releases l2capconn, the hci receive data work queue references the released l2capconn when sending to the upper layer. Add hci dev lock to...