231 matches found
CVE-2025-37973
CVE-2025-37973 affects the Linux kernel Wi-Fi stack, specifically the cfg80211 defragmentation logic for multi-link elements. The issue is a miscalculation during multi-link element defragmentation that adds the MLE length to the total IEs length, which can cause an out-of-bounds access if the ML...
CVE-2025-37969 iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_tagged_fifo
In the Linux kernel, the following vulnerability has been resolved: iio: imu: stlsm6dsx: fix possible lockup in stlsm6dsxreadtaggedfifo Prevent stlsm6dsxreadtaggedfifo from falling in an infinite loop in case patternlen is equal to zero and the device FIFO is not empty...
CVE-2025-37917
In the Linux kernel, the following vulnerability has been resolved: net: ethernet: mtk-star-emac: fix spinlock recursion issues on rx/tx poll Use spinlockirqsave and spinunlockirqrestore instead of spinlock and spinunlock in mtkstaremac driver to avoid spinlock recursion occurrence that can happe...
CVE-2025-37906 ublk: fix race between io_uring_cmd_complete_in_task and ublk_cancel_cmd
In the Linux kernel, the following vulnerability has been resolved: ublk: fix race between iouringcmdcompleteintask and ublkcancelcmd ublkcancelcmd calls iouringcmddone to complete uringcmd, but we may have scheduled task work via iouringcmdcompleteintask for dispatching request, then kernel cras...
CVE-2023-53054
In the Linux kernel, the following vulnerability has been resolved: usb: dwc2: fix a devres leak in hwenable upon suspend resume Each time the platform goes to low power, PM suspend / resume routines call: dwc2lowlevelhwenable - devmaddactionorreset. This adds a new devres each time. This may als...
CVE-2023-53111 loop: Fix use-after-free issues
In the Linux kernel, the following vulnerability has been resolved: loop: Fix use-after-free issues doreqfilebacked calls blkmqcompleterequest synchronously or asynchronously when using asynchronous I/O unless memory allocation fails. Hence, modify loophandlecmd such that it does not dereference...
CVE-2023-53048 usb: typec: tcpm: fix warning when handle discover_identity message
In the Linux kernel, the following vulnerability has been resolved: usb: typec: tcpm: fix warning when handle discoveridentity message Since both source and sink device can send discoveridentity message in PD3, kernel may dump below warning: ------------ cut here ------------ WARNING: CPU: 0 PID:...
CVE-2025-37797 net_sched: hfsc: Fix a UAF vulnerability in class handling
In the Linux kernel, the following vulnerability has been resolved: netsched: hfsc: Fix a UAF vulnerability in class handling This patch fixes a Use-After-Free vulnerability in the HFSC qdisc class handling. The issue occurs due to a time-of-check/time-of-use condition in hfscchangeclass when...
CVE-2022-49921 net: sched: Fix use after free in red_enqueue()
In the Linux kernel, the following vulnerability has been resolved: net: sched: Fix use after free in redenqueue We can't use "skb" again after passing it to qdiscenqueue. This is basically identical to commit 2f09707d0c97 "schsfb: Also store skb len before calling child enqueue"...
CVE-2022-49898 btrfs: fix tree mod log mishandling of reallocated nodes
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix tree mod log mishandling of reallocated nodes We have been seeing the following panic in production kernel BUG at fs/btrfs/tree-mod-log.c:677! invalid opcode: 0000 1 SMP RIP: 0010:treemodlogrewind+0x1b4/0x200 RSP:...
CVE-2022-49869
CVE-2022-49869 (bnxt_en): In the Linux kernel bnxt_hwrm_set_coal() may crash during error recovery because rtnl_lock isn’t held for the entire sequence, allowing freed datastructures. The fix uses BNXT_STATE_OPEN rather than netif_running() to ensure the device is fully operational before reconfi...
CVE-2025-37779
CVE-2025-37779 pertains to the Linux kernel. A folio refcount bug in lib/iov_iter caused a UAF when an EROFS file-backed mount over 9P (v9fs) on QEMU was exercised, due to pages in bvec being coalesced across a folio boundary. The root cause was inadequate refcount handling for non-slab folios, p...
CVE-2025-37776 ksmbd: fix use-after-free in smb_break_all_levII_oplock()
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in smbbreakalllevIIoplock There is a room in smbbreakalllevIIoplock that can cause racy issues when unlocking in the middle of the loop. This patch use read lock to protect whole loop...
CVE-2025-23157 media: venus: hfi_parser: add check to avoid out of bound access
In the Linux kernel, the following vulnerability has been resolved: media: venus: hfiparser: add check to avoid out of bound access There is a possibility that initcodecs is invoked multiple times during manipulated payload from video firmware. In such case, if codecscount can get incremented to...
CVE-2025-23145
CVE-2025-23145 affects the Linux kernel (MPTCP) and describes a NULL-pointer dereference in the mptcp_can_accept_new_subflow path. The root cause is that subflow_req->msk ownership could be transferred to a subflow on the first path, creating a window where a second SYN-ACK could be processed ...
PT-2025-18407 · Linux +2 · Linux Kernel +2
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A bug in the Linux kernel has been resolved, specifically in the arm/crc-t10dif component, where an array was used outside of its scope in the crc t10dif arch function. This issue has...
PT-2025-18482 · Linux +2 · Linux Kernel +2
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A vulnerability has been resolved in the Linux kernel, specifically in the net/9p module. The issue involves inconsistent lock state in the p9 req put function, which can be caused by...
CVE-2025-37785
In the Linux kernel, the following vulnerability has been resolved: ext4: fix OOB read when checking dotdot dir Mounting a corrupted filesystem with directory which contains '.' dir entry with reclen == block size results in out-of-bounds read later on, when the corrupted directory is removed...
CVE-2025-22072
In the Linux kernel, the following vulnerability has been resolved: spufs: fix gang directory lifetimes prior to "POWERPC spufs: Fix gang destroy leaks" we used to have a problem with gang lifetimes - creation of a gang returns opened gang directory, which normally gets removed when that gets...
CVE-2025-22122 block: fix adding folio to bio
In the Linux kernel, the following vulnerability has been resolved: block: fix adding folio to bio 4GB folio is possible on some ARCHs, such as aarch64, 16GB hugepage is supported, then 'offset' of folio can't be held in 'unsigned int', cause warning in bioaddfolionofail and IO failure. Fix it by...