CVE-2025-38451

In the Linux kernel, the following vulnerability has been resolved: md/md-bitmap: fix GPF in bitmapgetstats The commit message of commit 6ec1f0239485 "md/md-bitmap: fix stats collection for external bitmaps" states: Remove the external bitmap check as the statistics should be available regardless...

CVE-2025-38385

Summary: CVE-2025-38385 affects the Linux kernel in the LAN78xx USB Ethernet driver, where a WARN can be triggered during USB disconnect when NAPI is still enabled. Root cause (per provided data): In the disconnect path, netif_napi_del() was redundantly called even though unregister_netdev() hand...

UBUNTU-CVE-2025-38345

In the Linux kernel, the following vulnerability has been resolved: ACPICA: fix acpi operand cache leak in dswstate.c ACPICA commit 987a3b5cf7175916e2a4b6ea5b8e70f830dfe732 I found an ACPI cache leak in ACPI early termination and boot continuing case. When early termination occurs due to maliciou...

DEBIAN-CVE-2025-38290

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix node corruption in ar-arvifs list In current WLAN recovery code flow, ath12kcorehalt only reinitializes the "arvifs" list head. This will cause the list node immediately following the list head to become an...

CVE-2025-38272

In the Linux kernel, the following vulnerability has been resolved: net: dsa: b53: do not enable EEE on bcm63xx BCM63xx internal switches do not support EEE, but provide multiple RGMII ports where external PHYs may be connected. If one of these PHYs are EEE capable, we may try to enable EEE for t...

CVE-2025-38327 fgraph: Do not enable function_graph tracer when setting funcgraph-args

In the Linux kernel, the following vulnerability has been resolved: fgraph: Do not enable functiongraph tracer when setting funcgraph-args When setting the funcgraph-args option when function graph tracer is net enabled, it incorrectly enables it. Worse, it unregisters itself when it was never...

CVE-2025-38184

In the Linux kernel, the following vulnerability has been resolved: tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer The reproduction steps: 1. create a tun interface 2. enable l2 bearer 3. TIPCNLUDPGETREMOTEIP with media name set to tun tipc: Started in network mode tipc: Nod...

CVE-2025-38175 binder: fix yet another UAF in binder_devices

In the Linux kernel, the following vulnerability has been resolved: binder: fix yet another UAF in binderdevices Commit e77aff5528a18 "binderfs: fix use-after-free in binderdevices" addressed a use-after-free where devices could be released without first being removed from the binderdevices list...

SUSE CVE-2025-38144

In the Linux kernel, the following vulnerability has been resolved: watchdog: lenovose30wdt: Fix possible devmioremap NULL pointer dereference in lenovose30wdtprobe devmioremap returns NULL on error. Currently, lenovose30wdtprobe does not check for this case, which results in a NULL pointer...

CVE-2025-38165

In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix panic when calling skblinearize The panic can be reproduced by executing the command: ./bench sockmap -c 2 -p 1 -a --rx-verdict-ingress --rx-strp 100000 Then a kernel panic was captured: ''' 657.460555 kernel BU...

UBUNTU-CVE-2025-38138

In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: Add NULL check in udmaprobe devmkasprintf returns NULL when memory allocation fails. Currently, udmaprobe does not check for this case, which results in a NULL pointer dereference. Add NULL check after devmkasprint...

CVE-2025-38165

CVE-2025-38165 affects the Linux kernel (bpf, sockmap) and can trigger a kernel panic when skb_linearize is called in the backlog path. The root cause, introduced by a prior skb_get usage to fix race conditions, caused panics for large RX payloads (e.g., when using the strparser to accumulate up ...

CVE-2025-38158

CVE-2025-38158 affects the Linux kernel (hisi_acc_vfio_pci) and fixes an XQE/AEQE DMA address error observed after migration. The root cause is an incorrect address construction when reading hardware registers, causing wrong DMA addresses for EQE/AEQE and guest kernel‑mode encryption services to ...

CVE-2025-38139

In Linux kernels with netfs, CVE-2025-38139 is resolved by correcting the write-retry path: netfs_retry_write_stream() now uses the iterator-reset function, ensuring the subrequest length accounts for any shortened data after a retry. The bug could cause a KASAN slab-out-of-bounds read in iov_ite...

CVE-2025-38131 coresight: prevent deactivate active config while enabling the config

In the Linux kernel, the following vulnerability has been resolved: coresight: prevent deactivate active config while enabling the config While enable active config via cscfgcsdevenableactiveconfig, active config could be deactivated via configfs' sysfs interface. This could make UAF issue in bel...

PT-2025-30757

Name of the Vulnerable Software and Affected Versions Linux kernel versions 6.16.0-rc2-WSL2-STABLE and earlier. Description A runtime warning was observed in the truncate folio batch exceptionals function within the Linux kernel's fuse module. This issue was addressed by applying a fix initially...

SUSE CVE-2022-50123

In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: mt8173: Fix refcount leak in mt8173rt5650rt5676devprobe ofparsephandle returns a node pointer with refcount incremented, we should use ofnodeput on it when not need anymore. Fix missing ofnodeput in error paths...

CVE-2022-50087

In the Linux kernel, the following vulnerability has been resolved: firmware: armscpi: Ensure scpiinfo is not assigned if the probe fails When scpi probe fails, at any point, we need to ensure that the scpiinfo is not set and will remain NULL until the probe succeeds. If it is not taken care, the...

UBUNTU-CVE-2022-50228

In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Don't BUG if userspace injects an interrupt with GIF=0 Don't BUG/WARN on interrupt injection due to GIF being cleared, since it's trivial for userspace to force the situation via KVMSETVCPUEVENTS even if having at least...

CVE-2022-50213 netfilter: nf_tables: do not allow SET_ID to refer to another table

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: do not allow SETID to refer to another table When doing lookups for sets on the same batch by using its ID, a set from a different table can be used. Then, when the table is removed, a reference to the set ma...