238 matches found
CVE-2025-38310
In the Linux kernel, the following vulnerability has been resolved: seg6: Fix validation of nexthop addresses The kernel currently validates that the length of the provided nexthop address does not exceed the specified length. This can lead to the kernel reading uninitialized memory if user space...
CVE-2025-38308
In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: avs: Fix possible null-ptr-deref when initing hw Search result of avsdaifindpathtemplate shall be verified before being used. As 'template' is already known when avshwconstraintsinit is fired, drop the search entirel...
CVE-2025-38305
In the Linux kernel, the following vulnerability has been resolved: ptp: remove ptp-nvclocks check logic in ptpvclockinuse There is no disagreement that we should check both ptp-isvirtualclock and ptp-nvclocks to check if the ptp virtual clock is in use. However, when we acquire ptp-nvclocksmux t...
CVE-2025-38304
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix NULL pointer deference on eirgetservicedata The len parameter is considered optional so it can be NULL so it cannot be used for skipping to next entry of EIRSERVICEDATA...
CVE-2025-38301
In the Linux kernel, the following vulnerability has been resolved: nvmem: zynqmpnvmem: unbreak driver after cleanup Commit 29be47fcd6a0 "nvmem: zynqmpnvmem: zynqmpnvmemprobe cleanup" changed the driver to expect the device pointer to be passed as the "context", but in nvmem the context parameter...
CVE-2025-38295
In the Linux kernel, the following vulnerability has been resolved: perf/amlogic: Replace smpprocessorid with rawsmpprocessorid in mesonddrpmucreate The Amlogic DDR PMU driver mesonddrpmucreate function incorrectly uses smpprocessorid, which assumes disabled preemption. This leads to kernel...
CVE-2025-38293
In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fix node corruption in ar-arvifs list In current WLAN recovery code flow, ath11kcorehalt only reinitializes the "arvifs" list head. This will cause the list node immediately following the list head to become an...
CVE-2025-38294
In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix NULL access in assign channel context handler Currently, when ath12kmacassignviftovdev fails, the radio handle ar gets accessed from the link VIF handle arvif for debug logging, This is incorrect. In the fail...
CVE-2025-38292
In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix invalid access to memory In ath12kdprxmsducoalesce, rxcb is fetched from skb and boolean iscontinuation is part of rxcb. Currently, after freeing the skb, the rxcb-iscontinuation accessed again which is wrong...
CVE-2025-38290
In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix node corruption in ar-arvifs list In current WLAN recovery code flow, ath12kcorehalt only reinitializes the "arvifs" list head. This will cause the list node immediately following the list head to become an...
CVE-2025-38284
In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: pci: configure manual DAC mode via PCI config API only To support 36-bit DMA, configure chip proprietary bit via PCI config API or chip DBI interface. However, the PCI device mmap isn't set yet and the DBI is also...
CVE-2025-38282
In the Linux kernel, the following vulnerability has been resolved: kernfs: Relax constraint in draining guard The active reference lifecycle provides the break/unbreak mechanism but the active reference is not truly active after unbreak -- callers don't use it afterwards but it's important for...
CVE-2025-38279
In the Linux kernel, the following vulnerability has been resolved: bpf: Do not include stack ptr register in precision backtracking bookkeeping Yi Lai reported an issue 1 where the following warning appears in kernel dmesg: 60.643604 verifier backtracking bug 60.643635 WARNING: CPU: 10 PID: 2315...
CVE-2025-38271
In the Linux kernel, the following vulnerability has been resolved: net: prevent a NULL deref in rtnlcreatelink At the time rtnlcreatelink is running, dev-netdevops is NULL, we must not use netdevlockops or risk a NULL deref if CONFIGNETSHAPER is defined. Use netifsetgroup instead of devsetgroup...
CVE-2025-38270
In the Linux kernel, the following vulnerability has been resolved: net: drv: netdevsim: don't napicomplete from netpoll netdevsim supports netpoll. Make sure we don't call napicomplete from it, since it may not be scheduled. Breno reports hitting a warning in napicompletedone: WARNING: CPU: 14...
CVE-2025-38265
In the Linux kernel, the following vulnerability has been resolved: serial: jsm: fix NPE during jsmuartportinit No device was set which caused serialbasectrladd to crash. BUG: kernel NULL pointer dereference, address: 0000000000000050 Oops: Oops: 0000 1 PREEMPT SMP NOPTI CPU: 16 UID: 0 PID: 368...
CVE-2025-38249
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix out-of-bounds read in sndusbgetaudioformatuac3 In sndusbgetaudioformatuac3, the length value returned from sndusbctlmsg is used directly for memory allocation without validation. This length is controlled by...
CVE-2025-38229
CVE-2025-38229 – Linux kernel (cxusb/dvb-usb I2C path) – concrete details : The issue arises in the I2C transfer path for cxusb-based DVB devices. When a usb_bulk_msg() write succeeds but rlen > 0, the subsequent read may still occur; however, if the write fails and rlen is 1, the read path is...
CVE-2025-38221
In the Linux kernel, the following vulnerability has been resolved: ext4: fix out of bounds punch offset Punching a hole with a start offset that exceeds maxend is not permitted and will result in a negative length in the truncateinodepartialfolio function while truncating the page cache,...
CVE-2025-38214 fbdev: Fix fb_set_var to prevent null-ptr-deref in fb_videomode_to_var
In the Linux kernel, the following vulnerability has been resolved: fbdev: Fix fbsetvar to prevent null-ptr-deref in fbvideomodetovar If fbaddvideomode in fbsetvar fails to allocate memory for fbvideomode, later it may lead to a null-ptr dereference in fbvideomodetovar, as the fbinfo is registere...