4624 matches found
CVE-2025-21776 USB: hub: Ignore non-compliant devices with too many configs or interfaces
In the Linux kernel, the following vulnerability has been resolved: USB: hub: Ignore non-compliant devices with too many configs or interfaces Robert Morris created a test program which can cause usbhubtostructhub to dereference a NULL or inappropriate pointer: Oops: general protection fault,...
CVE-2025-21755
...
CVE-2024-58020
In the Linux kernel, the following vulnerability has been resolved: HID: multitouch: Add NULL check in mtinputconfigured devmkasprintf can return a NULL pointer on failure,but this returned value in mtinputconfigured is not checked. Add NULL check in mtinputconfigured, to handle kernel NULL point...
CVE-2024-49570
In the Linux kernel, the following vulnerability has been resolved: drm/xe/tracing: Fix a potential TPprintk UAF The commit afd2627f727b "tracing: Check "%s" dereference via the field and not the TPprintk format" exposes potential UAFs in the xebomove trace event. Fix those by avoiding...
CVE-2025-21753 btrfs: fix use-after-free when attempting to join an aborted transaction
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix use-after-free when attempting to join an aborted transaction When we are trying to join the current transaction and if it's aborted, we read its 'aborted' field after unlocking fsinfo-translock and without holding any...
CVE-2025-21753 btrfs: fix use-after-free when attempting to join an aborted transaction
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix use-after-free when attempting to join an aborted transaction When we are trying to join the current transaction and if it's aborted, we read its 'aborted' field after unlocking fsinfo-translock and without holding any...
CVE-2025-21754 btrfs: fix assertion failure when splitting ordered extent after transaction abort
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix assertion failure when splitting ordered extent after transaction abort If while we are doing a direct IO write a transaction abort happens, we mark all existing ordered extents with the BTRFSORDEREDIOERR flag done at...
CVE-2025-21749 net: rose: lock the socket in rose_bind()
In the Linux kernel, the following vulnerability has been resolved: net: rose: lock the socket in rosebind syzbot reported a soft lockup in roseloopbacktimer, with a repro calling bind from multiple threads. rosebind must lock the socket to avoid this issue...
CVE-2025-21748
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix integer overflows on 32 bit systems On 32bit systems the addition operations in ipcmsgalloc can potentially overflow leading to memory corruption. Add bounds checking using KSMBDIPCMAXPAYLOAD to avoid overflow...
CVE-2025-21744
In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: fix NULL pointer dereference in brcmftxfinalize On removal of the device or unloading of the kernel module a potential NULL pointer dereference occurs. The following sequence deletes the interface: brcmfdetach...
CVE-2025-21743 usbnet: ipheth: fix possible overflow in DPE length check
In the Linux kernel, the following vulnerability has been resolved: usbnet: ipheth: fix possible overflow in DPE length check Originally, it was possible for the DPE length check to overflow if wDatagramIndex + wDatagramLength U16MAX. This could lead to an OoB read. Move the wDatagramIndex term t...
CVE-2025-21735
CVE-2025-21735 affects the Linux kernel NFC (nci) component, specifically nci_hci_create_pipe(). The pipe value is a net-sourced u8; if it exceeds 127, it can cause memory corruption in the caller, nci_hci_connect_gate(), per the advisory. The description confirms the issue has been resolved in t...
CVE-2025-21728
CVE-2025-21728: Linux kernel vulnerability where BPF programs in non-preemptible contexts calling bpf_send_signal() can sleep, causing issues. The fix changes irqs_disabled() to !preemptible(). Affects kernels with BPF support; CVSSv3.1 base 5.5 (LOCAL, LOW privileges, NONE user interaction, HIGH...
CVE-2025-21707
In the Linux kernel, the following vulnerability has been resolved: mptcp: consolidate suboption status MPTCP maintains the received sub-options status is the bitmask carrying the received suboptions and in several bitfields carrying per suboption additional info. Zeroing the bitmask before parsi...
CVE-2024-57989 wifi: mt76: mt7925: fix NULL deref check in mt7925_change_vif_links
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7925: fix NULL deref check in mt7925changeviflinks In mt7925changeviflinks devmkzalloc may return NULL but this returned value is not checked...
CVE-2024-57988 Bluetooth: btbcm: Fix NULL deref in btbcm_get_board_name()
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btbcm: Fix NULL deref in btbcmgetboardname devmkstrdup can return a NULL pointer on failure,but this returned value in btbcmgetboardname is not checked. Add NULL check in btbcmgetboardname, to handle kernel NULL pointe...
CVE-2024-57985 firmware: qcom: scm: Cleanup global '__scm' on probe failures
In the Linux kernel, the following vulnerability has been resolved: firmware: qcom: scm: Cleanup global 'scm' on probe failures If SCM driver fails the probe, it should not leave global 'scm' variable assigned, because external users of this driver will assume the probe finished successfully. For...
CVE-2024-57974 udp: Deal with race between UDP socket address change and rehash
In the Linux kernel, the following vulnerability has been resolved: udp: Deal with race between UDP socket address change and rehash If a UDP socket changes its local address while it's receiving datagrams, as a result of connect, there is a period during which a lookup operation might fail to fi...
RLSA-2025:1266 Important: kernel security update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: media: uvcvideo: Skip parsing frames of type UVCVSUNDEFINED in uvcparseformat CVE-2024-53104 For more details about the security issues, including the impact, a CVSS score, acknowledgment...
CVE-2022-49629
In the Linux kernel, the following vulnerability has been resolved: nexthop: Fix data-races around nexthopcompatmode. While reading nexthopcompatmode, it can be changed concurrently. Thus, we need to add READONCE to its readers...