68528 matches found
CVE-2025-39790
In the Linux kernel, the following vulnerability has been resolved: bus: mhi: host: Detect events pointing to unexpected TREs When a remote device sends a completion event to the host, it contains a pointer to the consumed TRE. The host uses this pointer to process all of the TREs between it and...
CVE-2025-39776
In the Linux kernel, the following vulnerability has been resolved: mm/debugvmpgtable: clear page table entries at destroyargs The mm/debugvmpagetable test allocates manually page table entries for the tests it runs, using also its manually allocated mmstruct. That in itself is ok, but when it...
CVE-2025-39738
In the Linux kernel, the following vulnerability has been resolved: btrfs: do not allow relocation of partially dropped subvolumes BUG There is an internal report that balance triggered transaction abort, with the following call trace: item 85 key 594509824 169 0 itemoff 12599 itemsize 33 extent...
CVE-2025-39782
In the Linux kernel, the following vulnerability has been resolved: jbd2: prevent softlockup in jbd2logdocheckpoint Both jbd2logdocheckpoint and jbd2journalshrinkcheckpointlist periodically release jlistlock after processing a batch of buffers to avoid long hold times on the jlistlock. However,...
CVE-2025-39761
In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Decrement TID on RX peer frag setup error handling Currently, TID is not decremented before peer cleanup, during error handling path of ath12kdprxpeerfragsetup. This could lead to out-of-bounds access in peer-rxtid...
CVE-2025-39736
In the Linux kernel, the following vulnerability has been resolved: mm/kmemleak: avoid deadlock by moving prwarn outside kmemleaklock When netpoll is enabled, calling prwarnonce while holding kmemleaklock in mempoolalloc can cause a deadlock due to lock inversion with the netconsole subsystem. Th...
CVE-2025-39780
In the Linux kernel, the following vulnerability has been resolved: sched/ext: Fix invalid task state transitions on class switch When enabling a schedext scheduler, we may trigger invalid task state transitions, resulting in warnings like the following which can be easily reproduced by running t...
CVE-2025-39781
In the Linux kernel, the following vulnerability has been resolved: parisc: Drop WARNONONCE from flushcachevmap I have observed warning to occassionally trigger...
CVE-2025-39752
In the Linux kernel, the following vulnerability has been resolved: ARM: rockchip: fix kernel hang during smp initialization In order to bring up secondary CPUs main CPU write trampoline code to SRAM. The trampoline code is written while secondary CPUs are powered on at least that true for RK3188...
CVE-2025-39750
In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Correct tid cleanup when tid setup fails Currently, if any error occurs during ath12kdprxpeertidsetup, the tid value is already incremented, even though the corresponding TID is not actually allocated. Proceed to...
CVE-2025-39756
In the Linux kernel, the following vulnerability has been resolved: fs: Prevent file descriptor table allocations exceeding INTMAX When sysctlnropen is set to a very high value for example, 1073741816 as set by systemd, processes attempting to use file descriptors near the limit can trigger massi...
CVE-2025-39773
In the Linux kernel, the following vulnerability has been resolved: net: bridge: fix soft lockup in brmulticastqueryexpired When set multicastqueryinterval to a large value, the local variable 'time' in brmulticastsendquery may overflow. If the time is smaller than jiffies, the timer will expire...
CVE-2025-39746
In the Linux kernel, the following vulnerability has been resolved: wifi: ath10k: shutdown driver when hardware is unreliable In rare cases, ath10k may lose connection with the PCIe bus due to some unknown reasons, which could further lead to system crashes during resuming due to watchdog timeout...
CVE-2025-39745
In the Linux kernel, the following vulnerability has been resolved: rcutorture: Fix rcutortureoneextendcheck splat in RT kernels For built with CONFIGPREEMPTRT=y kernels, running rcutorture tests resulted in the following splat: 68.797425 rcutortureoneextendcheck during change: Current 0x1 To add...
CVE-2025-39744
In the Linux kernel, the following vulnerability has been resolved: rcu: Fix rcureadunlock deadloop due to IRQ work During rcureadunlockspecial, if this happens during irqexit, we can lockup if an IPI is issued. This is because the IPI itself triggers the irqexit path causing a recursive lock up...
CVE-2025-39742
In the Linux kernel, the following vulnerability has been resolved: RDMA: hfi1: fix possible divide-by-zero in findhwthreadmask The function divides number of online CPUs by numcoresiblings, and later checks the divider by zero. This implies a possibility to get and divide-by-zero runtime error...
CVE-2025-39748
In the Linux kernel, the following vulnerability has been resolved: bpf: Forget ranges when refining tnum after JSET Syzbot reported a kernel warning due to a range invariant violation on the following BPF program. 0: call bpfgetnetnscookie 1: if r0 == 0 goto 2: if r0 & Oxffffffff goto The issue ...
CVE-2025-39770
In the Linux kernel, the following vulnerability has been resolved: net: gso: Forbid IPv6 TSO with extensions on devices with only IPV6CSUM When performing Generic Segmentation Offload GSO on an IPv6 packet that contains extension headers, the kernel incorrectly requests checksum offload if the...
CVE-2025-39764
In the Linux kernel, the following vulnerability has been resolved: netfilter: ctnetlink: remove refcounting in expectation dumpers Same pattern as previous patch: do not keep the expectation object alive via refcount, only store a cookie value and then use that as the skip hint for dump...
CVE-2025-39763
In the Linux kernel, the following vulnerability has been resolved: ACPI: APEI: send SIGBUS to current task if synchronous memory error not recovered If a synchronous error is detected as a result of user-space process triggering a 2-bit uncorrected error, the CPU will take a synchronous error...
CVE-2025-39787
In the Linux kernel, the following vulnerability has been resolved: soc: qcom: mdtloader: Ensure we don't read past the ELF header When the MDT loader is used in remoteproc, the ELF header is sanitized beforehand, but that's not necessary the case for other clients. Validate the size of the...
CVE-2025-39784
In the Linux kernel, the following vulnerability has been resolved: PCI: Fix link speed calculation on retrain failure When pciefailedlinkretrain fails to retrain, it tries to revert to the previous link speed. However it calculates that speed from the Link Control 2 register without masking out...
CVE-2025-39791
In the Linux kernel, the following vulnerability has been resolved: dm: dm-crypt: Do not partially accept write BIOs with zoned targets Read and write operations issued to a dm-crypt target may be split according to the dm-crypt internal limits defined by the maxreadsize and maxwritesize module...
CVE-2025-39789
In the Linux kernel, the following vulnerability has been resolved: crypto: x86/aegis - Add missing error checks The skcipherwalk functions can allocate memory and can fail, so checking for errors is necessary...
CVE-2025-39759
In the Linux kernel, the following vulnerability has been resolved: btrfs: qgroup: fix race between quota disable and quota rescan ioctl There's a race between a task disabling quotas and another running the rescan ioctl that can result in a use-after-free of qgroup records from the...
CVE-2025-39757
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Validate UAC3 cluster segment descriptors UAC3 class segment descriptors need to be verified whether their sizes match with the declared lengths and whether they fit with the allocated buffer sizes, too. Otherwis...
CVE-2025-39760
In the Linux kernel, the following vulnerability has been resolved: usb: core: config: Prevent OOB read in SS endpoint companion parsing usbparsessendpointcompanion checks descriptor type before length, enabling a potentially odd read outside of the buffer size. Fix this up by checking the size...
CVE-2025-39751
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
CVE-2025-39743
In the Linux kernel, the following vulnerability has been resolved: jfs: truncate good inode pages when hard link is 0 The fileset value of the inode copy from the disk by the reproducer is AGGRRESERVEDI. When executing evict, its hard link number is 0, so its inode pages are not truncated. This...
CVE-2025-39783
In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: Fix configfs group list head handling Doing a listdel on the epfgroup field of struct pciepfdriver in pciepfremovecfs is not correct as this field is a list head, not a list entry. This listdel call triggers a KASA...
CVE-2025-39788
In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: exynos: Fix programming of HCIUTRLNEXUSTYPE On Google gs101, the number of UTP transfer request slots nutrs is 32, and in this case the driver ends up programming the UTRLNEXUSTYPE incorrectly as 0. This is because the...
CVE-2025-39785
In the Linux kernel, the following vulnerability has been resolved: drm/hisilicon/hibmc: fix irqrequest's irq name variable is local The local variable is passed in requestirq , and there will be use after free problem, which will make requestirq failed. Using the global irq name instead of it to...
CVE-2025-39772
In the Linux kernel, the following vulnerability has been resolved: drm/hisilicon/hibmc: fix the hibmc loaded failed bug When hibmc loaded failed, the driver use hibmcunload to free the resource, but the mutexes in mode.config are not init, which will access an NULL pointer. Just change goto...
CVE-2025-39771
In the Linux kernel, the following vulnerability has been resolved: regulator: pca9450: Use devmregistersysoffhandler With module test, there is error dump: ------------ cut here ------------ notifier callback pca9450i2crestarthandler already registered WARNING: kernel/notifier.c:23 at...
CVE-2025-39765
In the Linux kernel, the following vulnerability has been resolved: ALSA: timer: fix idafree call while not allocated In the sndutimercreate function, if the kasprintf function return NULL, sndutimerputid will be called, finally use idafree to free the unallocated id 0. the syzkaller reported the...
CVE-2025-39739
In the Linux kernel, the following vulnerability has been resolved: iommu/arm-smmu-qcom: Add SM6115 MDSS compatible Add the SM6115 MDSS compatible to clients compatible list, as it also needs that workaround. Without this workaround, for example, QRB4210 RB2 which is based on SM4250/SM6115...
CVE-2025-39766
In the Linux kernel, the following vulnerability has been resolved: net/sched: Make cakeenqueue return NETXMITCN when past bufferlimit The following setup can trigger a WARNING in htbactivate due to the condition: !cl-leaf.q-q.qlen tc qdisc del dev lo root tc qdisc add dev lo root handle 1: htb...
CVE-2025-39737
In the Linux kernel, the following vulnerability has been resolved: mm/kmemleak: avoid soft lockup in kmemleakdocleanup A soft lockup warning was observed on a relative small system x86-64 system with 16 GB of memory when running a debug kernel with kmemleak enabled. watchdog: BUG: soft lockup -...
CVE-2025-39769
In the Linux kernel, the following vulnerability has been resolved: bnxten: Fix lockdep warning during rmmod The commit under the Fixes tag added a netdevassertlocked in bnxtfreentpfltrs. The lock should be held during normal run-time but the assert will be triggered see below during bnxtremoveon...
CVE-2025-58142
This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. There are multiple issues related to the handling and accessing of guest memory pages in the viridian code: 1. A NULL pointer dereference in the updating of the reference...
CVE-2025-58145
This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. There are two issues related to the mapping of pages belonging to other domains: For one, an assertion is wrong there, where the case actually needs handling. A NULL...
CVE-2025-58144
This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. There are two issues related to the mapping of pages belonging to other domains: For one, an assertion is wrong there, where the case actually needs handling. A NULL...
CVE-2025-27466
This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. There are multiple issues related to the handling and accessing of guest memory pages in the viridian code: 1. A NULL pointer dereference in the updating of the reference...
CVE-2025-58143
This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. There are multiple issues related to the handling and accessing of guest memory pages in the viridian code: 1. A NULL pointer dereference in the updating of the reference...
CVE-2025-58364
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.12 and earlier, an unsafe deserialization and validation of printer attributes causes null dereference in the libcups library. This is a remote DoS vulnerability available in local...
CVE-2025-58060
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.12 and earlier, when the AuthType is set to anything but Basic, if the request contains an Authorization: Basic ... header, the password is not checked. This results in...
CVE-2025-48040
Uncontrolled Resource Consumption vulnerability in Erlang OTP ssh sshsftp modules allows Excessive Allocation, Flooding. This vulnerability is associated with program files lib/ssh/src/sshsftpd.erl. This issue affects OTP form OTP 17.0 until OTP 28.0.3, OTP 27.3.4.3 and 26.2.5.15 corresponding to...
CVE-2025-40300
In the Linux kernel, the following vulnerability has been resolved: x86/vmscape: Add conditional IBPB mitigation VMSCAPE is a vulnerability that exploits insufficient branch predictor isolation between a guest and a userspace hypervisor like QEMU. Existing mitigations already protect kernel/KVM...
CVE-2025-48039
Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh sshsftp modules allows Excessive Allocation, Resource Leak Exposure. This vulnerability is associated with program files lib/ssh/src/sshsftpd.erl. This issue affects OTP form OTP 17.0 until OTP 28.0.3, OTP 27.3.4...
CVE-2025-48041
Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh sshsftp modules allows Excessive Allocation, Flooding. This vulnerability is associated with program files lib/ssh/src/sshsftpd.erl. This issue affects OTP form OTP 17.0 until OTP 28.0.3, OTP 27.3.4.3 and 26.2.5....