CVE-2025-38175 binder: fix yet another UAF in binder_devices

In the Linux kernel, the following vulnerability has been resolved: binder: fix yet another UAF in binderdevices Commit e77aff5528a18 "binderfs: fix use-after-free in binderdevices" addressed a use-after-free where devices could be released without first being removed from the binderdevices list...

SUSE CVE-2025-38144

In the Linux kernel, the following vulnerability has been resolved: watchdog: lenovose30wdt: Fix possible devmioremap NULL pointer dereference in lenovose30wdtprobe devmioremap returns NULL on error. Currently, lenovose30wdtprobe does not check for this case, which results in a NULL pointer...

CVE-2025-38165

In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix panic when calling skblinearize The panic can be reproduced by executing the command: ./bench sockmap -c 2 -p 1 -a --rx-verdict-ingress --rx-strp 100000 Then a kernel panic was captured: ''' 657.460555 kernel BU...

UBUNTU-CVE-2025-38138

In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: Add NULL check in udmaprobe devmkasprintf returns NULL when memory allocation fails. Currently, udmaprobe does not check for this case, which results in a NULL pointer dereference. Add NULL check after devmkasprint...

CVE-2025-38165

CVE-2025-38165 affects the Linux kernel (bpf, sockmap) and can trigger a kernel panic when skb_linearize is called in the backlog path. The root cause, introduced by a prior skb_get usage to fix race conditions, caused panics for large RX payloads (e.g., when using the strparser to accumulate up ...

CVE-2025-38158

CVE-2025-38158 affects the Linux kernel (hisi_acc_vfio_pci) and fixes an XQE/AEQE DMA address error observed after migration. The root cause is an incorrect address construction when reading hardware registers, causing wrong DMA addresses for EQE/AEQE and guest kernel‑mode encryption services to ...

CVE-2025-38139

In Linux kernels with netfs, CVE-2025-38139 is resolved by correcting the write-retry path: netfs_retry_write_stream() now uses the iterator-reset function, ensuring the subrequest length accounts for any shortened data after a retry. The bug could cause a KASAN slab-out-of-bounds read in iov_ite...

CVE-2025-38131 coresight: prevent deactivate active config while enabling the config

In the Linux kernel, the following vulnerability has been resolved: coresight: prevent deactivate active config while enabling the config While enable active config via cscfgcsdevenableactiveconfig, active config could be deactivated via configfs' sysfs interface. This could make UAF issue in bel...

PT-2025-30757

Name of the Vulnerable Software and Affected Versions Linux kernel versions 6.16.0-rc2-WSL2-STABLE and earlier. Description A runtime warning was observed in the truncate folio batch exceptionals function within the Linux kernel's fuse module. This issue was addressed by applying a fix initially...

SUSE CVE-2022-50123

In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: mt8173: Fix refcount leak in mt8173rt5650rt5676devprobe ofparsephandle returns a node pointer with refcount incremented, we should use ofnodeput on it when not need anymore. Fix missing ofnodeput in error paths...

CVE-2022-50087

In the Linux kernel, the following vulnerability has been resolved: firmware: armscpi: Ensure scpiinfo is not assigned if the probe fails When scpi probe fails, at any point, we need to ensure that the scpiinfo is not set and will remain NULL until the probe succeeds. If it is not taken care, the...

UBUNTU-CVE-2022-50228

In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Don't BUG if userspace injects an interrupt with GIF=0 Don't BUG/WARN on interrupt injection due to GIF being cleared, since it's trivial for userspace to force the situation via KVMSETVCPUEVENTS even if having at least...

CVE-2022-50213 netfilter: nf_tables: do not allow SET_ID to refer to another table

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: do not allow SETID to refer to another table When doing lookups for sets on the same batch by using its ID, a set from a different table can be used. Then, when the table is removed, a reference to the set ma...

CVE-2022-50194 soc: qcom: aoss: Fix refcount leak in qmp_cooling_devices_register

In the Linux kernel, the following vulnerability has been resolved: soc: qcom: aoss: Fix refcount leak in qmpcoolingdevicesregister Every iteration of foreachavailablechildofnode decrements the reference count of the previous node. When breaking early from a foreachavailablechildofnode loop, we...

CVE-2022-50167 bpf: fix potential 32-bit overflow when accessing ARRAY map element

In the Linux kernel, the following vulnerability has been resolved: bpf: fix potential 32-bit overflow when accessing ARRAY map element If BPF array map is bigger than 4GB, element pointer calculation can overflow because both index and elemsize are u32. Fix this everywhere by forcing 64-bit...

CVE-2022-50009 f2fs: fix null-ptr-deref in f2fs_get_dnode_of_data

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix null-ptr-deref in f2fsgetdnodeofdata There is issue as follows when test f2fs atomic write: F2FS-fs loop0: Can't find valid F2FS filesystem in 2th superblock F2FS-fs loop0: invalid crcoffset: 0 F2FS-fs loop0:...

CVE-2022-50006 NFSv4.2 fix problems with __nfs42_ssc_open

In the Linux kernel, the following vulnerability has been resolved: NFSv4.2 fix problems with nfs42sscopen A destination server while doing a COPY shouldn't accept using the passed in filehandle if its not a regular filehandle. If allocfilepseudo has failed, we need to decrement a reference on th...

CVE-2022-49978 fbdev: fb_pm2fb: Avoid potential divide by zero error

In the Linux kernel, the following vulnerability has been resolved: fbdev: fbpm2fb: Avoid potential divide by zero error In dofbioctl of fbmem.c, if cmd is FBIOPUTVSCREENINFO, var will be copied from user, then go through fbsetvar and info-fbops-fbcheckvar which could may be pm2fbcheckvar. Along...

CVE-2025-38057 espintcp: fix skb leaks

In the Linux kernel, the following vulnerability has been resolved: espintcp: fix skb leaks A few error paths are missing a kfreeskb...

CVE-2025-38034 btrfs: correct the order of prelim_ref arguments in btrfs__prelim_ref

In the Linux kernel, the following vulnerability has been resolved: btrfs: correct the order of prelimref arguments in btrfsprelimref btrfsprelimref calls the old and new reference variables in the incorrect order. This causes a NULL pointer dereference because oldref is passed as NULL to...