68528 matches found
CVE-2025-38696
In the Linux kernel, the following vulnerability has been resolved: MIPS: Don't crash in stacktop for tasks without ABI or vDSO Not all tasks have an ABI associated or vDSO mapped, for example kthreads never do. If such a task ever ends up calling stacktop, it will derefence the NULL ABI pointer...
CVE-2025-38705
In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: fix null pointer access Writing a string without delimiters ' ', '\n', '\0' to the under gpuod/fanctrl sysfs or pppowerprofilemode for the CUSTOM profile will result in a null pointer dereference...
CVE-2025-38712
In the Linux kernel, the following vulnerability has been resolved: hfsplus: don't use BUGON in hfspluscreateattributesfile When the volume header contains erroneous values that do not reflect the actual state of the filesystem, hfsplusfillsuper assumes that the attributes file is not yet created...
CVE-2025-38706
In the Linux kernel, the following vulnerability has been resolved: ASoC: core: Check for rtd == NULL in sndsocremovepcmruntime sndsocremovepcmruntime might be called with rtd == NULL which will leads to null pointer dereference. This was reproduced with topology loading and marking a link as...
CVE-2025-38689
In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Fix NULL dereference in avx512status Problem ------- With CONFIGX86DEBUGFPU enabled, reading /proc/kthread/archstatus causes a warning and a NULL pointer dereference. This is because the AVX-512 timestamp code uses...
CVE-2025-38701
In the Linux kernel, the following vulnerability has been resolved: ext4: do not BUG when INLINEDATAFL lacks system.data xattr A syzbot fuzzed image triggered a BUGON in ext4updateinlinedata when an inode had the INLINEDATAFL flag set but was missing the system.data extended attribute. Since this...
CVE-2025-38692
In the Linux kernel, the following vulnerability has been resolved: exfat: add cluster chain loop check for dir An infinite loop may occur if the following conditions occur due to file system corruption. 1 Condition for exfatcountdirentries to loop infinitely. - The cluster chain includes a loop....
CVE-2025-38688
In the Linux kernel, the following vulnerability has been resolved: iommufd: Prevent ALIGN overflow When allocating IOVA the candidate range gets aligned to the target alignment. If the range is close to ULONGMAX then the ALIGN can wrap resulting in a corrupted iova. Open code the ALIGN using...
CVE-2025-38711
In the Linux kernel, the following vulnerability has been resolved: smb/server: avoid deadlock when linking with ReplaceIfExists If smb2createlink is called with ReplaceIfExists set and the name does exist then a deadlock will happen. ksmbdvfskernpathlocked will return with success and the parent...
CVE-2025-38709
In the Linux kernel, the following vulnerability has been resolved: loop: Avoid updating block size under exclusive owner Syzbot came up with a reproducer where a loop device block size is changed underneath a mounted filesystem. This causes a mismatch between the block device block size and the...
CVE-2025-38727
In the Linux kernel, the following vulnerability has been resolved: netlink: avoid infinite retry looping in netlinkunicast netlinkattachskb checks for the socket's read memory allocation constraints. Firstly, it has: rmem skrcvbuf to check if the just increased rmem value fits into the socket's...
CVE-2025-38684
In the Linux kernel, the following vulnerability has been resolved: net/sched: ets: use old 'nbands' while purging unused classes Shuang reported schets test-case 1 crashing in etsclassqlennotify after recent changes from Lion 2. The problem is: in etsqdiscchange we purge unused DWRR queues; the...
CVE-2025-38695
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Check for hdwq null ptr when cleaning up lpfcvport structure If a call to lpfcsli4readrev from lpfcsli4hbasetup fails, the resultant cleanup routine lpfcsli4vportdeletefcpxriaborted may occur before sli4hba.hdwqs are...
CVE-2025-38693
In the Linux kernel, the following vulnerability has been resolved: media: dvb-frontends: w7090p: fix null-ptr-deref in w7090ptunerwriteserpar and w7090ptunerreadserpar In w7090ptunerwriteserpar, msg is controlled by user. When msg0.buf is null and msg0.len is zero, former checks on msg0.buf woul...
CVE-2025-38721
In the Linux kernel, the following vulnerability has been resolved: netfilter: ctnetlink: fix refcount leak on table dump There is a reference count leak in ctnetlinkdumptable: if res ctgeneral; // HERE cb-args1 = unsigned longct; ... While its very unlikely, its possible that ct == last. If this...
CVE-2025-23259
NVIDIA Mellanox DPDK contains a vulnerability in Poll Mode Driver PMD, where an attacker on a VM in the system might be able to cause information disclosure and denial of service on the network interface...
CVE-2025-38728
In the Linux kernel, the following vulnerability has been resolved: smb3: fix for slab out of bounds on mount to ksmbd With KASAN enabled, it is possible to get a slab out of bounds during mount to ksmbd due to missing check in parseserverinterfaces see below: BUG: KASAN: slab-out-of-bounds in...
CVE-2025-38697
In the Linux kernel, the following vulnerability has been resolved: jfs: upper bound check of tree index in dbAllocAG When computing the tree index in dbAllocAG, we never check if we are out of bounds realative to the size of the stree. This could happen in a scenario where the filesystem metadat...
CVE-2025-38704
In the Linux kernel, the following vulnerability has been resolved: rcu/nocb: Fix possible invalid rdp's-nocbcbkthread pointer access In the preparation stage of CPU online, if the corresponding the rdp's-nocbcbkthread does not exist, will be created, there is a situation where the rdp's rcuop...
CVE-2025-38729
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Validate UAC3 power domain descriptors, too UAC3 power domain descriptors need to be verified with its variable bLength for avoiding the unexpected OOB accesses by malicious firmware, too...
CVE-2025-38707
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Add sanity check for file name The length of the file name should be smaller than the directory entry size...
CVE-2025-38685
In the Linux kernel, the following vulnerability has been resolved: fbdev: Fix vmalloc out-of-bounds write in fastimageblit This issue triggers when a userspace program does an ioctl FBIOPUTCON2FBMAP by passing console number and frame buffer number. Ideally this maps console to frame buffer and...
CVE-2025-38699
In the Linux kernel, the following vulnerability has been resolved: scsi: bfa: Double-free fix When the bfadimprobe function fails during initialization, the memory pointed to by bfad-im is freed without setting bfad-im to NULL. Subsequently, during driver uninstallation, when the state machine...
CVE-2025-38724
In the Linux kernel, the following vulnerability has been resolved: nfsd: handle getclientlocked failure in nfsd4setclientidconfirm Lei Lu recently reported that nfsd4setclientidconfirm did not check the return value from getclientlocked. a SETCLIENTIDCONFIRM could race with a confirmed client...
CVE-2025-38713
In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix slab-out-of-bounds read in hfsplusuni2asc The hfsplusreaddir method is capable to crash by calling hfsplusuni2asc: 667.121659 T9805 ================================================================== 667.122651 T9805...
CVE-2025-38708
In the Linux kernel, the following vulnerability has been resolved: drbd: add missing krefget in handlewriteconflicts With two-primaries enabled, DRBD tries to detect "concurrent" writes and handle write conflicts, so that even if you write to the same sector simultaneously on both nodes, they en...
CVE-2025-38687
In the Linux kernel, the following vulnerability has been resolved: comedi: fix race between polling and detaching syzbot reports a use-after-free in comedi in the below link, which is due to comedi gladly removing the allocated async area even though poll requests are still active on the...
CVE-2025-38679
In the Linux kernel, the following vulnerability has been resolved: media: venus: Fix OOB read due to missing payload bound check Currently, The eventseqchanged handler processes a variable number of properties sent by the firmware. The number of properties is indicated by the firmware and used t...
CVE-2025-38686
In the Linux kernel, the following vulnerability has been resolved: userfaultfd: fix a crash in UFFDIOMOVE when PMD is a migration entry When UFFDIOMOVE encounters a migration PMD entry, it proceeds with obtaining a folio and accessing it even though the entry is swpentryt. Add the missing check...
CVE-2025-38715
In the Linux kernel, the following vulnerability has been resolved: hfs: fix slab-out-of-bounds in hfsbnoderead This patch introduces isbnodeoffsetvalid method that checks the requested offset value. Also, it introduces checkandcorrectrequestedlength method that checks and correct the requested...
CVE-2025-38703
In the Linux kernel, the following vulnerability has been resolved: drm/xe: Make dma-fences compliant with the safe access rules Xe can free some of the data pointed to by the dma-fences it exports. Most notably the timeline name can get freed if userspace closes the associated submit queue. At t...
CVE-2025-38722
In the Linux kernel, the following vulnerability has been resolved: habanalabs: fix UAF in exportdmabuf As soon as we'd inserted a file reference into descriptor table, another thread could close it. That's fine for the case when all we are doing is returning that descriptor to userland it's a...
CVE-2025-38691
In the Linux kernel, the following vulnerability has been resolved: pNFS: Fix uninited ptr deref in block/scsi layout The error occurs on the third attempt to encode extents. When function exttreepreparecommit reallocates a larger buffer to retry encoding extents, the "layoutupdatepages" page arr...
CVE-2025-38680
In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Fix 1-byte out-of-bounds read in uvcparseformat The buffer length check before calling uvcparseformat only ensured that the buffer has at least 3 bytes buflen 2, buf the function accesses buffer3, requiring at...
CVE-2025-38714
In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix slab-out-of-bounds in hfsplusbnoderead The hfsplusbnoderead method can trigger the issue: 174.852007 T9784 ================================================================== 174.852709 T9784 BUG: KASAN:...
CVE-2025-38716
In the Linux kernel, the following vulnerability has been resolved: hfs: fix general protection fault in hfsfindinit The hfsfindinit method can trigger the crash if tree pointer is NULL: 45.746290 T9787 Oops: general protection fault, probably for non-canonical address 0xdffffc0000000008: 0000 1...
CVE-2025-38725
In the Linux kernel, the following vulnerability has been resolved: net: usb: asixdevices: add phymask for ax88772 mdio bus Without setting phymask for ax88772 mdio bus, current driver may create at most 32 mdio phy devices with phy address range from 0x00 0x1f. DLink DUB-E100 H/W Ver B1 is such ...
CVE-2025-38681
In the Linux kernel, the following vulnerability has been resolved: mm/ptdump: take the memory hotplug lock inside ptdumpwalkpgd Memory hot remove unmaps and tears down various kernel page table regions as required. The ptdump code can race with concurrent modifications of the kernel page tables...
CVE-2025-38694
In the Linux kernel, the following vulnerability has been resolved: media: dvb-frontends: dib7090p: fix null-ptr-deref in dib7090prwonapb In dib7090prwonapb, msg is controlled by user. When msg0.buf is null and msg0.len is zero, former checks on msg0.buf would be passed. If accessing msg0.buf2...
CVE-2025-38730
In the Linux kernel, the following vulnerability has been resolved: iouring/net: commit partial buffers on retry Ring provided buffers are potentially only valid within the single execution context in which they were acquired. iouring deals with this and invalidates them on retry. But on the...
CVE-2025-38719
In the Linux kernel, the following vulnerability has been resolved: net: hibmcge: fix the division by zero issue When the network port is down, the queue is released, and ring-len is 0. In debugfs, hbggetqueueusednum will be called, which may lead to a division by zero issue. This patch adds a...
CVE-2025-38718
In the Linux kernel, the following vulnerability has been resolved: sctp: linearize cloned gso packets in sctprcv A cloned head skb still shares these frag skbs in fraglist with the original head skb. It's not safe to access these frag skbs. syzbot reported two use-of-uninitialized-memory bugs...
CVE-2025-38720
In the Linux kernel, the following vulnerability has been resolved: net: hibmcge: fix rtnl deadlock issue Currently, the hibmcge netdev acquires the rtnllock in pcierrorhandlers.resetprepare and releases it in pcierrorhandlers.resetdone. However, in the PCI framework: pciresetbus - pciresetslot -...
CVE-2025-58057
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In netty-codec-compression versions 4.1.124.Final and below, and netty-codec versions 4.2.4.Final and below, when supplied with specially crafted...
CVE-2025-9714
Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions xmlXPathRunEval, xmlXPathCtxtCompile, and xmlXPathEvalExpr were resetting recursion depth to zero before...
CVE-2025-58056
Netty is an asynchronous event-driven network application framework for development of maintainable high performance protocol servers and clients. In versions 4.1.124.Final, and 4.2.0.Alpha3 through 4.2.4.Final, Netty incorrectly accepts standalone newline characters LF as a chunk-size line...
CVE-2025-9866
Inappropriate implementation in Extensions in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to bypass content security policy via a crafted HTML page. Chromium security severity: Medium...
CVE-2025-9865
Inappropriate implementation in Toolbar in Google Chrome on Android prior to 140.0.7339.80 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform domain spoofing via a crafted HTML page. Chromium security severity: Medium...
CVE-2025-9864
Rejected reason: This CVE ID was assigned in error to a vulnerability that was both introduced and fixed before the code landed in the Stable channel of Chrome, and has been withdrawn...
CVE-2025-9867
Inappropriate implementation in Downloads in Google Chrome on Android prior to 140.0.7339.80 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...