246 matches found
CVE-2025-38221
In the Linux kernel, the following vulnerability has been resolved: ext4: fix out of bounds punch offset Punching a hole with a start offset that exceeds maxend is not permitted and will result in a negative length in the truncateinodepartialfolio function while truncating the page cache,...
CVE-2025-38214 fbdev: Fix fb_set_var to prevent null-ptr-deref in fb_videomode_to_var
In the Linux kernel, the following vulnerability has been resolved: fbdev: Fix fbsetvar to prevent null-ptr-deref in fbvideomodetovar If fbaddvideomode in fbsetvar fails to allocate memory for fbvideomode, later it may lead to a null-ptr dereference in fbvideomodetovar, as the fbinfo is registere...
CVE-2025-38213
Removed by vendor...
CVE-2025-38212
In the Linux kernel, the following vulnerability has been resolved: ipc: fix to protect IPCS lookups using RCU syzbot reported that it discovered a use-after-free vulnerability, 0 0: https://lore.kernel.org/all/[email protected]/ idrforeach is protected by rwsem, but thi...
CVE-2025-38208
In the Linux kernel, the following vulnerability has been resolved: smb: client: add NULL check in automountfullpath page is checked for null in buildpathfromdentryoptionalprefix when tcon-originfullpath is not set. However, the check is missing when it is set. Add a check to prevent a potential...
CVE-2025-38209
In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: remove tag set when second admin queue config fails Commit 104d0e2f6222 "nvme-fabrics: reset admin connection for secure concatenation" modified nvmetcpsetupctrl to call nvmetcpconfigureadminqueue twice. The first call...
CVE-2025-38207
In the Linux kernel, the following vulnerability has been resolved: mm: fix uprobe pte be overwritten when expanding vma Patch series "Fix uprobe pte be overwritten when expanding vma". This patch of 4: We encountered a BUG alert triggered by Syzkaller as follows: BUG: Bad rss-counter state...
CVE-2025-38206
In the Linux kernel, the following vulnerability has been resolved: exfat: fix double free in delayedfree The double free could happen in the following path. exfatcreateupcasetable exfatcreateupcasetable : return error exfatfreeupcasetable : free -volutbl exfatloaddefaultupcasetable : return erro...
CVE-2025-38197
In the Linux kernel, the following vulnerability has been resolved: platform/x86: dellrbu: Fix list usage Pass the correct list head to listforeachentry when looping through the packet list. Without this patch, reading the packet data via sysfs will show the data incorrectly because it starts at...
CVE-2025-38193 net_sched: sch_sfq: reject invalid perturb period
In the Linux kernel, the following vulnerability has been resolved: netsched: schsfq: reject invalid perturb period Gerrard Tai reported that SFQ perturbperiod has no range check yet, and this can be used to trigger a race condition fixed in a separate patch. We want to make sure ctl-perturbperio...
CVE-2025-38190
In the Linux kernel, the following vulnerability has been resolved: atm: Revert atmaccounttx if copyfromiterfull fails. In vccsendmsg, we account skb-truesize to sk-skwmemalloc by atmaccounttx. It is expected to be reverted by atmpopraw later called by vcc-dev-ops-sendvcc, skb. However, vccsendms...
CVE-2025-38187
In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: fix a use-after-free in r535gsprpcpush The RPC container is released after being passed to r535gsprpcsend. When sending the initial fragment of a large RPC and passing the caller's RPC container, the container will b...
CVE-2025-38185
In the Linux kernel, the following vulnerability has been resolved: atm: atmtcp: Free invalid length skb in atmtcpcsend. syzbot reported the splat below. 0 vccsendmsg copies data passed from userspace to skb and passes it to vcc-dev-ops-send. atmtcpcsend accesses skb-data as struct atmtcphdr afte...
CVE-2025-38143
In the Linux kernel, the following vulnerability has been resolved: backlight: pm8941: Add NULL check in wledconfigure devmkasprintf returns NULL when memory allocation fails. Currently, wledconfigure does not check for this case, which results in a NULL pointer dereference. Add NULL check after...
CVE-2025-38172 erofs: avoid using multiple devices with different type
In the Linux kernel, the following vulnerability has been resolved: erofs: avoid using multiple devices with different type For multiple devices, both primary and extra devices should be the same type. erofsinitdevice has already guaranteed that if the primary is a file-backed device, extra devic...
CVE-2025-38123
CVE-2025-38123 affects the Linux kernel in Azure Linux 3.0 environments, where the t7xx NAPI RX polling path could use an invalid netdev after dellink-triggered disconnects, causing a NULL pointer dereference and kernel panic during skb processing. The issue arises when the driver processes napi_...
CVE-2025-38095
In the Linux kernel, the following vulnerability has been resolved: dma-buf: insert memory barrier before updating numfences smpstoremb inserts memory barrier after storing operation. It is different with what the comment is originally aiming so Null pointer dereference can be happened if memory...
CVE-2025-38094
In the Linux kernel, the following vulnerability has been resolved: net: cadence: macb: Fix a possible deadlock in macbhalttx. There is a situation where after THALT is set high, TGO stays high as well. Because jiffies are never updated, as we are in a context with interrupts disabled, we never...
CVE-2025-38089
In the Linux kernel, the following vulnerability has been resolved: sunrpc: handle SVCGARBAGE during svc auth processing as auth error tianshuo han reported a remotely-triggerable crash if the client sends a kernel RPC server a specially crafted packet. If decoding the RPC reply fails in such a w...
CVE-2025-38029
In the Linux kernel, the following vulnerability has been resolved: kasan: avoid sleepable page allocation from atomic context applytopterange enters the lazy MMU mode and then invokes kasanpopulatevmallocpte callback on each page table walk iteration. However, the callback can go into sleep when...