CVE-2025-38461

In the Linux kernel, the following vulnerability has been resolved: vsock: Fix transport TOCTOU Transport assignment may race with module unload. Protect newtransport from becoming a stale pointer. This also takes care of an insecure call in vsockuselocaltransport; add a lockdep assert. BUG: unab...

CVE-2025-38460

In the Linux kernel, the following vulnerability has been resolved: atm: clip: Fix potential null-ptr-deref in toatmarpd. atmarpd is protected by RTNL since commit f3a0592b37b8 "ATM: clip causes unregister hang". However, it is not enough because toatmarpd is called without RTNL, especially...

CVE-2025-38454 ALSA: ad1816a: Fix potential NULL pointer deref in snd_card_ad1816a_pnp()

In the Linux kernel, the following vulnerability has been resolved: ALSA: ad1816a: Fix potential NULL pointer deref in sndcardad1816apnp Use prwarn instead of devwarn when 'pdev' is NULL to avoid a potential NULL pointer dereference...

CVE-2025-38452 net: ethernet: rtsn: Fix a null pointer dereference in rtsn_probe()

In the Linux kernel, the following vulnerability has been resolved: net: ethernet: rtsn: Fix a null pointer dereference in rtsnprobe Add check for the return value of rcargen4ptpalloc to prevent potential null pointer dereference...

CVE-2025-38437

CVE-2025-38437 : In the Linux kernel, a use-after-free in ksmbd during oplock/lease break ack was fixed. If ksmbd_iov_pin_rsp returns an error, use-after-free can occur by accessing opinfo->state and opinfo_put, and ksmbd_fd_put could be called twice. The vulnerability affects the ksmbd compon...

CVE-2025-38416

In the Linux kernel, the following vulnerability has been resolved: NFC: nci: uart: Set tty-discdata only in success path Setting tty-discdata before opening the NCI device means we need to clean it up on error paths. This also opens some short window if device starts sending data, even before...

CVE-2025-38409

In the Linux kernel, the following vulnerability has been resolved: drm/msm: Fix another leak in the submit error path putunusedfd doesn't free the installed file, if we've already done fdinstall. So we need to also free the syncfile. Patchwork: https://patchwork.freedesktop.org/patch/653583/...

CVE-2025-38416

Mode C: CVE-2025-38416 affects the Linux kernel NFC: nci: uart path. The vulnerability arises from setting tty->disc_data before the NCI device open/driver request succeeds, creating a small window where the device may start sending data and leaving state inconsistent on error paths. The fix e...

CVE-2025-38396

In the Linux kernel, the following vulnerability has been resolved: fs: export anoninodemakesecureinode and fix secretmem LSM bypass Export anoninodemakesecureinode to allow KVM guestmemfd to create anonymous inodes with proper security context. This replaces the current pattern of calling...

CVE-2025-38393

In the Linux kernel, the following vulnerability has been resolved: NFSv4/pNFS: Fix a race to wake on NFSLAYOUTDRAIN We found a few different systems hung up in writeback waiting on the same page lock, and one task waiting on the NFSLAYOUTDRAIN bit in pnfsupdatelayout, however the pnfslayouthdr's...

OESA-2025-1877 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: bpf: Do markchainprecision for ARGCONSTALLOCSIZEORZERO Precision markers need to be propagated whenever we have an ARGCONST style argument, as the verifier canno...

CVE-2025-38404

CVE-2025-38404 affects the Linux kernel USB Type-C/displayport subsystem. The issue is a potential deadlock caused by recursive locking of cros_typec_altmode_data::mutex when a mutex-protected path calls typec_altmode_exit() from within the same context. The documented fix defers the typec_altmod...

CVE-2025-38397

CVE-2025-38397 is a Linux kernel vulnerability related to a suspicious RCU usage warning in nvme_mpath_add_sysfs_link() during NVMe over TCP tests. The connected SUSE/OpenSUSE advisories confirm a kernel fix addressing this RCU warning (nvme-multipath) in the Linux kernel, and indicate an updated...

CVE-2025-38396 fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass

In the Linux kernel, the following vulnerability has been resolved: fs: export anoninodemakesecureinode and fix secretmem LSM bypass Export anoninodemakesecureinode to allow KVM guestmemfd to create anonymous inodes with proper security context. This replaces the current pattern of calling...

CVE-2025-38391

CVE-2025-38391 in the Linux kernel addresses a vulnerability in USB Type-C Alt Mode handling for DisplayPort. A misbehaving port partner could claim pin assignment capabilities beyond the valid range, causing an out-of-bounds access in pin_assignment_show. The fix adds a DP_PIN_ASSIGN_MAX constan...

CVE-2025-38389 drm/i915/gt: Fix timeline left held on VMA alloc error

In the Linux kernel, the following vulnerability has been resolved: drm/i915/gt: Fix timeline left held on VMA alloc error The following error has been reported sporadically by CI when a test unbinds the i915 driver on a ring submission platform: 239.330153 ------------ cut here ------------...

CVE-2025-38375

CVE-2025-38375: In the Linux kernel, virtio-net could trigger an out-of-bounds read due to not validating the received length against the allocated size when reading buffers from the ring in xdp_linearize_page. The fix adds the missing length check. Affected entries in Debian/Amazon/RH advisories...

CVE-2025-38363

CVE-2025-38363 : In the Linux kernel, a null pointer dereference could occur in the Tegra DRM driver. Specifically, in tegra_crtc_reset(), memory allocated with kzalloc() is not checked for failure; before calling __drm_atomic_helper_crtc_reset, the CRTC state should be validated to prevent deref...

CVE-2025-38355 drm/xe: Process deferred GGTT node removals on device unwind

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Process deferred GGTT node removals on device unwind While we are indirectly draining our dedicated workqueue ggtt-wq that we use to complete asynchronous removal of some GGTT nodes, this happends as part of the managed-d...

CVE-2025-38353

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix taking invalid lock on wedge If device wedges on e.g. GuC upload, the submission is not yet enabled and the state is not even initialized. Protect the wedge call so it does nothing in this case. It fixes the following...