CVE-2025-38380

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

CVE-2025-38355

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Process deferred GGTT node removals on device unwind While we are indirectly draining our dedicated workqueue ggtt-wq that we use to complete asynchronous removal of some GGTT nodes, this happends as part of the managed-d...

DEBIAN-CVE-2025-38353

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix taking invalid lock on wedge If device wedges on e.g. GuC upload, the submission is not yet enabled and the state is not even initialized. Protect the wedge call so it does nothing in this case. It fixes the following...

CVE-2025-38403 vsock/vmci: Clear the vmci transport packet properly when initializing it

In the Linux kernel, the following vulnerability has been resolved: vsock/vmci: Clear the vmci transport packet properly when initializing it In vmcitransportpacketinit memset the vmcitransportpacket before populating the fields to avoid any uninitialised data being left in the structure...

CVE-2025-38403

Summary (CVE-2025-38403) : In the Linux kernel, the vmci transport path (vsock/vmci) had a fix to clear the vmci_transport_packet before populating fields in vmci_transport_packet_init to avoid leaving uninitialised data. This change addresses an information leakage/contamination risk related to ...

CVE-2025-38403 vsock/vmci: Clear the vmci transport packet properly when initializing it

In the Linux kernel, the following vulnerability has been resolved: vsock/vmci: Clear the vmci transport packet properly when initializing it In vmcitransportpacketinit memset the vmcitransportpacket before populating the fields to avoid any uninitialised data being left in the structure...

CVE-2025-38403 vsock/vmci: Clear the vmci transport packet properly when initializing it

In the Linux kernel, the following vulnerability has been resolved: vsock/vmci: Clear the vmci transport packet properly when initializing it In vmcitransportpacketinit memset the vmcitransportpacket before populating the fields to avoid any uninitialised data being left in the structure...

CVE-2025-38387 RDMA/mlx5: Initialize obj_event->obj_sub_list before xa_insert

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Initialize objevent-objsublist before xainsert The objevent may be loaded immediately after inserted, then if the listhead is not initialized then we may get a poisonous pointer. This fixes the crash below: mlx5core...

CVE-2025-38387 RDMA/mlx5: Initialize obj_event->obj_sub_list before xa_insert

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Initialize objevent-objsublist before xainsert The objevent may be loaded immediately after inserted, then if the listhead is not initialized then we may get a poisonous pointer. This fixes the crash below: mlx5core...

CVE-2025-38387

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Initialize objevent-objsublist before xainsert The objevent may be loaded immediately after inserted, then if the listhead is not initialized then we may get a poisonous pointer. This fixes the crash below: mlx5core...

CVE-2025-38387

CVE-2025-38387 affects the Linux kernel’s RDMA/mlx5 subsystem. The issue arises when an obj_event is inserted into a list before its obj_sub_list is initialized, risking a poisonous pointer if the event is loaded immediately after insertion. The referenced fix initializes obj_event->obj_sub_li...

CVE-2025-38380

Removed by vendor...

CVE-2025-38380

...

CVE-2025-38380

CVE-2025-38380 is not rejected. The connected documents identify it as a Linux kernel issue in the i2c/designware subsystem, described as an initialization issue that can affect affected systems. The advisories (e.g., AlmaLinux ALSA-2025:14009 and related SUSE advisories) reference a fix in the k...

CVE-2025-38356

In the Linux kernel, the following vulnerability has been resolved: drm/xe/guc: Explicitly exit CT safe mode on unwind During driver probe we might be briefly using CT safe mode, which is based on a delayed work, but usually we are able to stop this once we have IRQ fully operational. However, if...

CVE-2025-38355

CVE-2025-38355 involves the Linux kernel DRM/xe path where deferred GGTT node removals could be drained later than device unwinding, potentially unmapping MMIO/GSM mappings during unwinding and causing a page fault. The fixes add a managed-device action to explicitly drain the ggtt node removals ...

CVE-2025-38355 drm/xe: Process deferred GGTT node removals on device unwind

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Process deferred GGTT node removals on device unwind While we are indirectly draining our dedicated workqueue ggtt-wq that we use to complete asynchronous removal of some GGTT nodes, this happends as part of the managed-d...

CVE-2025-38355

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Process deferred GGTT node removals on device unwind While we are indirectly draining our dedicated workqueue ggtt-wq that we use to complete asynchronous removal of some GGTT nodes, this happends as part of the managed-d...

CVE-2025-38354

CVE-2025-38354 (Linux kernel, DRM/MSM GPU): A crash can occur when throttling GPU immediately during boot if the GPU is already hot, because of an early call to of_devfreq_cooling_register() that may access GMU registers before initialization. The root cause is that msm_devfreq_init may suspend d...

CVE-2025-38353

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix taking invalid lock on wedge If device wedges on e.g. GuC upload, the submission is not yet enabled and the state is not even initialized. Protect the wedge call so it does nothing in this case. It fixes the following...