231 matches found
CVE-2025-38277
In the Linux kernel, the following vulnerability has been resolved: mtd: nand: ecc-mxic: Fix use of uninitialized variable ret If ctx-steps is zero, the loop processing ECC steps is skipped, and the variable ret remains uninitialized. It is later checked and returned, which leads to undefined...
CVE-2025-38265 serial: jsm: fix NPE during jsm_uart_port_init
In the Linux kernel, the following vulnerability has been resolved: serial: jsm: fix NPE during jsmuartportinit No device was set which caused serialbasectrladd to crash. BUG: kernel NULL pointer dereference, address: 0000000000000050 Oops: Oops: 0000 1 PREEMPT SMP NOPTI CPU: 16 UID: 0 PID: 368...
CVE-2025-38256
In the Linux kernel, the following vulnerability has been resolved: iouring/rsrc: fix folio unpinning syzbot complains about an unmapping failure: 108.070381 T14 kernel BUG at mm/gup.c:71! 108.070502 T14 Internal error: Oops - BUG: 00000000f2000800 1 SMP 108.123672 T14 Hardware name: QEMU KVM...
CVE-2025-38238
CVE-2025-38238 : In the Linux kernel, the SCSI fnic driver (fnic_wq_cmpl_handler) crashes when both FDMI RHBA and RPA requests time out due to reusing the same frame to send ABTS for both. The root cause is the double-free of a frame on send completion. The fix allocates separate frames for RHBA ...
CVE-2025-38233
In the Linux kernel, the following vulnerability has been resolved: powerpc64/ftrace: fix clobbered r15 during livepatching While r15 is clobbered always with PPCFTRACEOUTOFLINE, it is not restored in livepatch sequence leading to not so obvious fails like below: BUG: Unable to handle kernel data...
CVE-2025-38226
CVE-2025-38226 targets the Linux kernel, specifically the media/v4l2-tpg path used by vivid. The issue is a KASAN-detected vmalloc-out-of-bounds access in tpg_fill_plane_pattern and tpg_fill_plane_buffer (v4l2-tpg-core.c:2608 and 2705), causing a write of size 1440 to a kernel address during vivi...
CVE-2025-38193
CVE-2025-38193 affects the Linux kernel net_sched component sch_sfq. The issue is a missing range check for perturb_period, which could cause perturb_period * HZ to overflow and become invalid, enabling a race condition. The provided examples show invalid values producing errors and a valid value...
CVE-2025-38144
In the Linux kernel, the following vulnerability has been resolved: watchdog: lenovose30wdt: Fix possible devmioremap NULL pointer dereference in lenovose30wdtprobe devmioremap returns NULL on error. Currently, lenovose30wdtprobe does not check for this case, which results in a NULL pointer...
CVE-2025-38142
In the Linux kernel, the following vulnerability has been resolved: hwmon: asus-ec-sensors check sensor index in readstring Prevent a potential invalid memory access when the requested sensor is not found. findecsensorindex may return a negative value e.g. -ENOENT, but its result was used without...
CVE-2025-38121
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mld: avoid panic on init failure In case of an error during init, inhwrestart will be set, but it will never get cleared. Instead, we will retry to init again, and then we will act like we are in a restart when we...
CVE-2025-38159 wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds
In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds Set the size to 6 instead of 2, since 'para' array is passed to 'rtwfwbtwificontrolrtwdev, para0, ¶1', which reads 5 bytes: void rtwfwbtwificontrolstruct...
CVE-2025-38156 wifi: mt76: mt7996: Fix null-ptr-deref in mt7996_mmio_wed_init()
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7996: Fix null-ptr-deref in mt7996mmiowedinit devmioremap returns NULL on error. Currently, mt7996mmiowedinit does not check for this case, which results in a NULL pointer dereference. Prevent null pointer dereferen...
CVE-2025-38129
CVE-2025-38129 details a Linux kernel use-after-free in page_pool_recycle_in_ring, linked to page_pool's per-CPU recycle mechanism. The root cause is that a page may be freed while the page pool’s ring is still being recycled, resulting in a potential use-after-free when the producer_lock is not ...
CVE-2025-38120
CVE-2025-38120 affects the Linux kernel netfilter nf_set_pipapo_avx2. The issue: if the first field does not cover the entire start map, the remainder must be zeroed to prevent leaking bits into the next match round map. The early fix was incomplete and only addressed the generic C implementation...
CVE-2025-38111 net/mdiobus: Fix potential out-of-bounds read/write access
In the Linux kernel, the following vulnerability has been resolved: net/mdiobus: Fix potential out-of-bounds read/write access When using publicly available tools like 'mdio-tools' to read/write data from/to network interface and its PHY via mdiobus, there is no verification of parameters passed ...
CVE-2025-38094 net: cadence: macb: Fix a possible deadlock in macb_halt_tx.
In the Linux kernel, the following vulnerability has been resolved: net: cadence: macb: Fix a possible deadlock in macbhalttx. There is a situation where after THALT is set high, TGO stays high as well. Because jiffies are never updated, as we are in a context with interrupts disabled, we never...
CVE-2025-38086
In the Linux kernel, the following vulnerability has been resolved: net: ch9200: fix uninitialised access during miinwayrestart In miinwayrestart the code attempts to call mii-mdioread which is ch9200mdioread. ch9200mdioread utilises a local buffer called "buff", which is initialised with...
CVE-2022-49978
In the Linux kernel, the following vulnerability has been resolved: fbdev: fbpm2fb: Avoid potential divide by zero error In dofbioctl of fbmem.c, if cmd is FBIOPUTVSCREENINFO, var will be copied from user, then go through fbsetvar and info-fbops-fbcheckvar which could may be pm2fbcheckvar. Along...
CVE-2022-50004
A flaw was found in the XFRM policy support in the Linux kernel. A NULL pointer dereference can be triggered when a socket buffer is transmitted via an XFRM interface due to a missing check, resulting in a denial of service...
CVE-2025-38027
In the Linux kernel, the following vulnerability has been resolved: regulator: max20086: fix invalid memory access max20086parseregulatorsdt calls ofregulatormatch using an array of struct ofregulatormatch allocated on the stack for the matches argument. ofregulatormatch calls...