CVE-2025-22074 ksmbd: fix r_count dec/increment mismatch

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix rcount dec/increment mismatch rcount is only increased when there is an oplock break wait, so rcount inc/decrement are not paired. This can cause rcount to become negative, which can lead to a problem where the ksmbd...

CVE-2025-22074

CVE-2025-22074 : In the Linux kernel, ksmbd had a r_count increment/decrement mismatch that could cause r_count to become negative, leading to ksmbd thread termination issues. The issue is fixed by a patch fixing the r_count dec/increment pairing when oplock breaks occur. Affected component is ks...

CVE-2025-22050 usbnet:fix NPE during rx_complete

In the Linux kernel, the following vulnerability has been resolved: usbnet:fix NPE during rxcomplete Missing usbnetgoingaway Check in Critical Path. The usbsubmiturb function lacks a usbnetgoingaway validation, whereas usbnetqueueskb includes this check. This inconsistency creates a race conditio...

CVE-2025-22049 LoongArch: Increase ARCH_DMA_MINALIGN up to 16

In the Linux kernel, the following vulnerability has been resolved: LoongArch: Increase ARCHDMAMINALIGN up to 16 ARCHDMAMINALIGN is 1 by default, but some LoongArch-specific devices such as APBDMA require 16 bytes alignment. When the data buffer length is too small, the hardware may make an error...

CVE-2025-22033

CVE-2025-22033: Linux kernel arm64 fix for a NULL pointer dereference in alignment handling. The issue occurs when do_alignment_t32_to_handler() fixes only specific instructions and returns NULL for others (e.g., LDREX); callers would proceed with regular alignment fault handling (SIGBUS). Withou...

CVE-2025-22013 KVM: arm64: Unconditionally save+flush host FPSIMD/SVE/SME state

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Unconditionally save+flush host FPSIMD/SVE/SME state There are several problems with the way hyp code lazily saves the host's FPSIMD/SVE state, including: Host SVE being discarded unexpectedly due to inconsistent...

CVE-2025-21976

In the Linux kernel, the following vulnerability has been resolved: fbdev: hypervfb: Allow graceful removal of framebuffer When a Hyper-V framebuffer device is unbind, hypervfb driver tries to release the framebuffer forcefully. If this framebuffer is in use it produce the following WARN and henc...

AZL-69506 CVE-2025-21976 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: fbdev: hypervfb: Allow graceful removal of framebuffer When a Hyper-V framebuffer device is unbind, hypervfb driver tries to release the framebuffer forcefully. If this framebuffer is in use it produce the following WARN and henc...

DEBIAN-CVE-2025-21962

In the Linux kernel, the following vulnerability has been resolved: cifs: Fix integer overflow while processing closetimeo mount option User-provided mount parameter closetimeo of type u32 is intended to have an upper limit, but before it is validated, the value is converted from seconds to jiffi...

UBUNTU-CVE-2025-21946

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix out-of-bounds in parsesecdesc If osidoffset, gsidoffset and dacloffset could be greater than smbntsd struct size. If it is smaller, It could cause slab-out-of-bounds. And when validating sid, It need to check it includ...

CVE-2025-21969 Bluetooth: L2CAP: Fix slab-use-after-free Read in l2cap_send_cmd

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix slab-use-after-free Read in l2capsendcmd After the hci sync command releases l2capconn, the hci receive data work queue references the released l2capconn when sending to the upper layer. Add hci dev lock to...

CVE-2025-21930 wifi: iwlwifi: mvm: don't try to talk to a dead firmware

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: don't try to talk to a dead firmware This fixes: bad state = 0 WARNING: CPU: 10 PID: 702 at drivers/net/wireless/inel/iwlwifi/iwl-trans.c:178 iwltranssendcmd+0xba/0xe0 iwlwifi Call Trace: ? warn+0xca/0x1c0 ?...

CVE-2025-21923 HID: hid-steam: Fix use-after-free when detaching device

In the Linux kernel, the following vulnerability has been resolved: HID: hid-steam: Fix use-after-free when detaching device When a hid-steam device is removed it must clean up the clienthdev used for intercepting hidraw access. This can lead to scheduling deferred work to reattach the input...

SUSE CVE-2023-52994

In the Linux kernel, the following vulnerability has been resolved: acpi: Fix suspend with Xen PV Commit f1e525009493 "x86/boot: Skip realmode init code when running as Xen PV guest" missed one code path accessing realmodeheader, leading to dereferencing NULL when suspending the system under Xen:...

CVE-2023-53033 netfilter: nft_payload: incorrect arithmetics when fetching VLAN header bits

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftpayload: incorrect arithmetics when fetching VLAN header bits If the offset + length goes over the ethernet + vlan header, then the length is adjusted to copy the bytes that are within the boundaries of the vlanethh...

CVE-2023-53017 Bluetooth: hci_sync: fix memory leak in hci_update_adv_data()

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: fix memory leak in hciupdateadvdata When hcicmdsyncqueue failed in hciupdateadvdata, instptr is not freed, which will cause memory leak, convert to use ERRPTR/PTRERR to pass the instance to callback so no memo...

CVE-2025-21879 btrfs: fix use-after-free on inode when scanning root during em shrinking

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix use-after-free on inode when scanning root during em shrinking At btrfsscanroot we are accessing the inode's root and fsinfo in a call to btrfsfsclosing after we have scheduled the inode for a delayed iput, and that ca...

CVE-2025-21875 mptcp: always handle address removal under msk socket lock

In the Linux kernel, the following vulnerability has been resolved: mptcp: always handle address removal under msk socket lock Syzkaller reported a lockdep splat in the PM control path: WARNING: CPU: 0 PID: 6693 at ./include/net/sock.h:1711 sockownedbyme include/net/sock.h:1711 inline WARNING: CP...

CVE-2025-21866

CVE-2025-21866 : In the Linux kernel, PowerPC text patching infrastructure allocated a virtual area and marked it VM_ALLOC, which is inappropriate since that memory is not vmalloc’d and isn’t initialized until __vmalloc_node_range() is called. This caused KASAN: vmalloc-out-of-bounds when booting...

CBL Mariner 2.0 Security Update: kernel (CVE-2024-56715)

The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-56715 advisory. - In the Linux kernel, the following vulnerability has been resolved: ionic: Fix netdev notifier unregister on...