CVE-2025-38231 nfsd: Initialize ssc before laundromat_work to prevent NULL dereference

In the Linux kernel, the following vulnerability has been resolved: nfsd: Initialize ssc before laundromatwork to prevent NULL dereference In nfs4statestartnet, laundromatwork may access nfsdssc through nfs4laundromat - nfsd4sscexpireumount. If nfsdssc isn't initialized, this can cause NULL point...

CVE-2025-38231

CVE-2025-38231 affects the Linux kernel nfsd component. The vulnerability arises when laundromat_work starts before nfsd_ssc is initialized, risking a NULL pointer dereference in nfs4_state_start_net() via nfs4_laundromat -> nfsd4_ssc_expire_umount. The documented fix moves nfsd_ssc initializa...

CVE-2025-38231 nfsd: Initialize ssc before laundromat_work to prevent NULL dereference

In the Linux kernel, the following vulnerability has been resolved: nfsd: Initialize ssc before laundromatwork to prevent NULL dereference In nfs4statestartnet, laundromatwork may access nfsdssc through nfs4laundromat - nfsd4sscexpireumount. If nfsdssc isn't initialized, this can cause NULL point...

CVE-2025-38227 media: vidtv: Terminating the subsequent process of initialization failure

In the Linux kernel, the following vulnerability has been resolved: media: vidtv: Terminating the subsequent process of initialization failure syzbot reported a slab-use-after-free Read in vidtvmuxinit. 1 After PSI initialization fails, the si member is accessed again, resulting in this uaf. Afte...

CVE-2025-38227

In the Linux kernel, the following vulnerability has been resolved: media: vidtv: Terminating the subsequent process of initialization failure syzbot reported a slab-use-after-free Read in vidtvmuxinit. 1 After PSI initialization fails, the si member is accessed again, resulting in this uaf. Afte...

CVE-2025-38227 media: vidtv: Terminating the subsequent process of initialization failure

In the Linux kernel, the following vulnerability has been resolved: media: vidtv: Terminating the subsequent process of initialization failure syzbot reported a slab-use-after-free Read in vidtvmuxinit. 1 After PSI initialization fails, the si member is accessed again, resulting in this uaf. Afte...

CVE-2025-38205 drm/amd/display: Avoid divide by zero by initializing dummy pitch to 1

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Avoid divide by zero by initializing dummy pitch to 1 Why If the dummy values in populatedummydmlsurfacecfg aren't updated then they can lead to a divide by zero in downstream callers like CalculateVMAndRowBytes...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from nfsd not properly initializing ssc resulting in laundromatwork null pointer dereference...

PT-2025-28002

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.14.0-rc5 Description: A slab-use-after-free read vulnerability has been identified in the Linux kernel, specifically in the vidtv module. This issue occurs when the PSI initialization fails, and the si member ...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a failure to terminate subsequent processes after a vidtv driver initialization failure, which could lead to...

PT-2025-28006

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A NULL pointer dereference issue has been identified in the Linux kernel. The problem occurs when laundromat work accesses nfsd ssc through nfs4 laundromat before nfsd ssc is...

The vulnerability of the xe_pat.c component in the Linux operating system’s kernel allows a hacker to cause a service failure.

The vulnerability of the xepat.c component in the Linux operating system’s kernel is related to errors during initialization of variables. Exploiting this vulnerability can allow an attacker to cause a service failure...

SUSE CVE-2025-38126

In the Linux kernel, the following vulnerability has been resolved: net: stmmac: make sure that ptprate is not 0 before configuring timestamping The stmmac platform drivers that do not open-code the clkptprate value after having retrieved the default one from the device-tree can end up with 0 in...

AZL-64544 CVE-2025-38153 affecting package kernel for versions less than 6.6.96.1-1

In the Linux kernel, the following vulnerability has been resolved: net: usb: aqc111: fix error handling of usbnet read calls Syzkaller, courtesy of syzbot, identified an error see report 1 in aqc111 driver, caused by incomplete sanitation of usb read calls' results. This problem is quite similar...

DEBIAN-CVE-2025-38155

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7915: Fix null-ptr-deref in mt7915mmiowedinit devmioremap returns NULL on error. Currently, mt7915mmiowedinit does not check for this case, which results in a NULL pointer dereference. Prevent null pointer dereferen...

UBUNTU-CVE-2025-38136

In the Linux kernel, the following vulnerability has been resolved: usb: renesasusbhs: Reorder clock handling and power management in probe Reorder the initialization sequence in usbhsprobe to enable runtime PM before accessing registers, preventing potential crashes due to uninitialized clocks...

CVE-2025-38136 usb: renesas_usbhs: Reorder clock handling and power management in probe

In the Linux kernel, the following vulnerability has been resolved: usb: renesasusbhs: Reorder clock handling and power management in probe Reorder the initialization sequence in usbhsprobe to enable runtime PM before accessing registers, preventing potential crashes due to uninitialized clocks...

CVE-2025-38126 net: stmmac: make sure that ptp_rate is not 0 before configuring timestamping

In the Linux kernel, the following vulnerability has been resolved: net: stmmac: make sure that ptprate is not 0 before configuring timestamping The stmmac platform drivers that do not open-code the clkptprate value after having retrieved the default one from the device-tree can end up with 0 in...

CVE-2025-38121

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mld: avoid panic on init failure In case of an error during init, inhwrestart will be set, but it will never get cleared. Instead, we will retry to init again, and then we will act like we are in a restart when we...

CVE-2025-38121

The CVE-2025-38121 entry describes a Linux kernel issue in the wifi: iwlwifi: mld path. When an error occurs during init, in_hw_restart is set but never cleared, causing the code to retry init as if in a restart while not actually in one. This can lead to a NULL pointer dereference during cancell...