68528 matches found
CVE-2025-39706
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Destroy KFD debugfs after destroy KFD wq Since KFD proc content was moved to kernel debugfs, we can't destroy KFD debugfs before kfdprocessdestroywq. Move kfdprocessdestroywq prior to kfddebugfsfini to fix a kernel NU...
CVE-2025-39679
In the Linux kernel, the following vulnerability has been resolved: drm/nouveau/nvif: Fix potential memory leak in nvifvmmctor. When the nvifvmmtype is invalid, we will return error directly without freeing the args in nvifvmmctor, which leading a memory leak. Fix it by setting the ret -EINVAL an...
CVE-2025-39703
In the Linux kernel, the following vulnerability has been resolved: net, hsr: reject HSR frame if skb can't hold tag Receiving HSR frame with insufficient space to hold HSR tag in the skb can result in a crash kernel BUG: 45.390915 skbuff: skbunderpanic: text:ffffffff86f32cac len:26 put:14...
CVE-2025-39705
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix a Null pointer dereference vulnerability Why A null pointer dereference vulnerability exists in the AMD display driver's DC module cleanup function dcdestruct. When display control context dc-ctx construction...
CVE-2025-39721
In the Linux kernel, the following vulnerability has been resolved: crypto: qat - flush misc workqueue during device shutdown Repeated loading and unloading of a device specific QAT driver, for example qat4xxx, in a tight loop can lead to a crash due to a use-after-free scenario. This occurs when...
CVE-2025-39725
In the Linux kernel, the following vulnerability has been resolved: mm/vmscan: fix hwpoisoned large folio handling in shrinkfoliolist In shrinkfoliolist, the hwpoisoned folio may be large folio, which can't be handled by unmappoisonedfolio. For THP, trytounmapone must be passed with TTUSPLITHUGEP...
CVE-2025-39722
In the Linux kernel, the following vulnerability has been resolved: crypto: caam - Prevent crash on suspend with iMX8QM / iMX8ULP Since the CAAM on these SoCs is managed by another ARM core, called the SECO Security Controller on iMX8QM and Secure Enclave on iMX8ULP, which also reserves access to...
CVE-2025-39674
In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: ufs-qcom: Fix ESI null pointer dereference ESI/MSI is a performance optimization feature that provides dedicated interrupts per MCQ hardware queue. This is optional feature and UFS MCQ should work with and without ESI...
CVE-2025-39677
In the Linux kernel, the following vulnerability has been resolved: net/sched: Fix backlog accounting in qdiscdequeueinternal This issue applies for the following qdiscs: hhf, fq, fqcodel, and fqpie, and occurs in their change handlers when adjusting to the new limit. The problem is the following...
CVE-2025-38735
In the Linux kernel, the following vulnerability has been resolved: gve: prevent ethtool ops after shutdown A crash can occur if an ethtool operation is invoked after shutdown is called. shutdown is invoked during system shutdown to stop DMA operations without performing expensive deallocations. ...
CVE-2025-39690
In the Linux kernel, the following vulnerability has been resolved: iio: accel: sca3300: fix uninitialized iio scan data Fix potential leak of uninitialized stack data to userspace by ensuring that the channels array is zeroed before use...
CVE-2025-39693
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Avoid a NULL pointer dereference WHY Although unlikely drmatomicgetnewconnectorstate or drmatomicgetoldconnectorstate can return NULL. HOW Check returns before dereference. cherry picked from commit...
CVE-2025-39699
In the Linux kernel, the following vulnerability has been resolved: iommu/riscv: prevent NULL deref in iovatophys The riscviommuptefetch function returns either NULL for unmapped/never-mapped iova, or a valid leaf pte pointer that requires no further validation. riscviommuiovatophys failed to...
CVE-2025-39717
In the Linux kernel, the following vulnerability has been resolved: opentreeattr: do not allow id-mapping changes without OPENTREECLONE As described in commit 7a54947e727b 'Merge patch series "fs: allow changing idmappings"', opentreeattr2 was necessary in order to allow for a detached mount to b...
CVE-2025-39716
In the Linux kernel, the following vulnerability has been resolved: parisc: Revise getuser to probe user read access Because of the way read access support is implemented, read access interruptions are only triggered at privilege levels 2 and 3. The kernel executes at privilege level 0, so getuse...
CVE-2025-39675
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add null pointer check in modhdcphdcp1createsession The function modhdcphdcp1createsession calls the function getfirstactivedisplay, but does not check its return value. The return value is a null pointer if the...
CVE-2025-39685
In the Linux kernel, the following vulnerability has been resolved: comedi: pcl726: Prevent invalid irq number The reproducer passed in an irq number0x80008000 that was too large, which triggered the oob. Added an interrupt number check to prevent users from passing in an irq number that was too...
CVE-2025-39683
In the Linux kernel, the following vulnerability has been resolved: tracing: Limit access to parser-buffer when tracegetuser failed When the length of the string written to setftracefilter exceeds FTRACEBUFFMAX, the following KASAN alarm will be triggered: BUG: KASAN: slab-out-of-bounds in...
CVE-2025-39702
In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this...
CVE-2025-39710
In the Linux kernel, the following vulnerability has been resolved: media: venus: Add a check for packet size after reading from shared memory Add a check to ensure that the packet size does not exceed the number of available words after reading the packet header from shared memory. This ensures...
CVE-2025-39689
In the Linux kernel, the following vulnerability has been resolved: ftrace: Also allocate and copy hash for reading of filter files Currently the reader of setftracefilter and setftracenotrace just adds the pointer to the global tracer hash to its iterator. Unlike the writer that allocates a copy...
CVE-2025-39681
In the Linux kernel, the following vulnerability has been resolved: x86/cpu/hygon: Add missing resctrlcpudetect in bspinit helper Since 923f3a2b48bd "x86/resctrl: Query LLC monitoring properties once during boot" resctrlcpudetect has been moved from common CPU initialization code to the...
CVE-2025-39691
In the Linux kernel, the following vulnerability has been resolved: fs/buffer: fix use-after-free when call bhread helper There's issue as follows: BUG: KASAN: stack-out-of-bounds in endbufferreadsync+0xe3/0x110 Read of size 8 at addr ffffc9000168f7f8 by task swapper/3/0 CPU: 3 UID: 0 PID: 0 Comm...
CVE-2025-39697
In the Linux kernel, the following vulnerability has been resolved: NFS: Fix a race when updating an existing write After nfslockandjoinrequests tests for whether the request is still attached to the mapping, nothing prevents a call to nfsinoderemoverequest from succeeding until we actually lock...
CVE-2025-39719
In the Linux kernel, the following vulnerability has been resolved: iio: imu: bno055: fix OOB access of hwxlate array Fix a potential out-of-bounds array access of the hwxlate array in bno055.c. In bno055getregmask, hwxlate was iterated over the length of the vals array instead of the length of t...
CVE-2025-39680
In the Linux kernel, the following vulnerability has been resolved: i2c: rtl9300: Fix out-of-bounds bug in rtl9300i2csmbusxfer The data-block0 variable comes from user. Without proper check, the variable may be very large to cause an out-of-bounds bug. Fix this bug by checking the value of...
CVE-2025-39692
In the Linux kernel, the following vulnerability has been resolved: smb: server: split ksmbdrdmastoplistening out of ksmbdrdmadestroy We can't call destroyworkqueuesmbdirectwq; before stopsessions! Otherwise already existing connections try to use smbdirectwq as a NULL pointer...
CVE-2025-39709
In the Linux kernel, the following vulnerability has been resolved: media: venus: protect against spurious interrupts during probe Make sure the interrupt handler is initialized before the interrupt is registered. If the IRQ is registered before hficreate, it's possible that an interrupt fires...
CVE-2025-38734
In the Linux kernel, the following vulnerability has been resolved: net/smc: fix UAF on smcsk after smclistenout BPF CI testing report a UAF issue: 16.446633 BUG: kernel NULL pointer dereference, address: 000000000000003 0 16.447134 PF: supervisor read access in kernel mod e 16.447516 PF:...
CVE-2025-39701
In the Linux kernel, the following vulnerability has been resolved: ACPI: pfrupdate: Fix the driver update version check The security-version-number check should be used rather than the runtime version check for driver updates. Otherwise, the firmware update would fail when the update binary had ...
CVE-2025-39673
In the Linux kernel, the following vulnerability has been resolved: ppp: fix race conditions in pppfillforwardpath pppfillforwardpath has two race conditions: 1. The ppp-channels list can change between listempty and listfirstentry, as ppplock is not held. If the only channel is deleted in...
CVE-2025-38733
In the Linux kernel, the following vulnerability has been resolved: s390/mm: Do not map lowcore with identity mapping Since the identity mapping is pinned to address zero the lowcore is always also mapped to address zero, this happens regardless of the relocatelowcore command line option. If the...
CVE-2025-39711
In the Linux kernel, the following vulnerability has been resolved: media: ivsc: Fix crash at shutdown due to missing meicldevdisable calls Both the ACE and CSI driver are missing a meicldevdisable call in their remove function. This causes the meicl client to stay part of the meidevice-filelist...
CVE-2025-39682
In the Linux kernel, the following vulnerability has been resolved: tls: fix handling of zero-length records on the rxlist Each recvmsg call must process either - only contiguous DATA records any number of them - one non-DATA record If the next record has different type than what has already been...
CVE-2025-39687
In the Linux kernel, the following vulnerability has been resolved: iio: light: as73211: Ensure buffer holes are zeroed Given that the buffer is copied to a kfifo that ultimately user space can read, ensure we zero it...
CVE-2025-39694
In the Linux kernel, the following vulnerability has been resolved: s390/sclp: Fix SCCB present check Tracing code called by the SCLP interrupt handler contains early exits if the SCCB address associated with an interrupt is NULL. This check is performed after physical to virtual address...
CVE-2025-39698
In the Linux kernel, the following vulnerability has been resolved: iouring/futex: ensure iofutexwait cleans up properly on failure The iofutexdata is allocated upfront and assigned to the iokiocb asyncdata field, but the request isn't marked with REQFASYNCDATA at that point. Those two should...
CVE-2025-39678
In the Linux kernel, the following vulnerability has been resolved: platform/x86/amd/hsmp: Ensure sock-metrictbladdr is non-NULL If metric table address is not allocated, accessing metricsbin will result in a NULL pointer dereference, so add a check...
CVE-2025-26434
In libxml2, there is a possible out of bounds read due to a buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2025-7445
Kubernetes secrets-store-sync-controller in versions before 0.0.2 discloses service account tokens in logs...
CVE-2025-38718
In the Linux kernel, the following vulnerability has been resolved: sctp: linearize cloned gso packets in sctprcv A cloned head skb still shares these frag skbs in fraglist with the original head skb. It's not safe to access these frag skbs. syzbot reported two use-of-uninitialized-memory bugs...
CVE-2025-38720
In the Linux kernel, the following vulnerability has been resolved: net: hibmcge: fix rtnl deadlock issue Currently, the hibmcge netdev acquires the rtnllock in pcierrorhandlers.resetprepare and releases it in pcierrorhandlers.resetdone. However, in the PCI framework: pciresetbus - pciresetslot -...
CVE-2025-38702
In the Linux kernel, the following vulnerability has been resolved: fbdev: fix potential buffer overflow in doregisterframebuffer The current implementation may lead to buffer overflow when: 1. Unregistration creates NULL gaps in registeredfb 2. All array slots become occupied despite...
CVE-2025-38698
In the Linux kernel, the following vulnerability has been resolved: jfs: Regular file corruption check The reproducer builds a corrupted file on disk with a negative isize value. Add a check when opening this file to avoid subsequent operation failures...
CVE-2025-38683
In the Linux kernel, the following vulnerability has been resolved: hvnetvsc: Fix panic during namespace deletion with VF The existing code move the VF NIC to new namespace when NETDEVREGISTER is received on netvsc NIC. During deletion of the namespace, defaultdeviceexitbatch defaultdeviceexitnet...
CVE-2025-38710
In the Linux kernel, the following vulnerability has been resolved: gfs2: Validate idepth for exhash directories A fuzzer test introduced corruption that ends up with a depth of 0 in direread, causing an undefined shift by 32 at: index = hash 32 - dip-idepth; As calculated in an open-coded way in...
CVE-2025-38719
In the Linux kernel, the following vulnerability has been resolved: net: hibmcge: fix the division by zero issue When the network port is down, the queue is released, and ring-len is 0. In debugfs, hbggetqueueusednum will be called, which may lead to a division by zero issue. This patch adds a...
CVE-2025-38717
In the Linux kernel, the following vulnerability has been resolved: net: kcm: Fix race condition in kcmunattach syzbot found a race condition when kcmunattachpsock and kcmreleasekcm are executed at the same time. kcmunattach is missing a check of the flag kcm-txstopped before calling queuework. I...
CVE-2025-38725
In the Linux kernel, the following vulnerability has been resolved: net: usb: asixdevices: add phymask for ax88772 mdio bus Without setting phymask for ax88772 mdio bus, current driver may create at most 32 mdio phy devices with phy address range from 0x00 0x1f. DLink DUB-E100 H/W Ver B1 is such ...
CVE-2025-38730
In the Linux kernel, the following vulnerability has been resolved: iouring/net: commit partial buffers on retry Ring provided buffers are potentially only valid within the single execution context in which they were acquired. iouring deals with this and invalidates them on retry. But on the...