Lucene search
K
UbuntucveRecent

68528 matches found

UbuntuCve
UbuntuCve
added 2025/08/22 4:15 p.m.2 views

CVE-2025-38632

In the Linux kernel, the following vulnerability has been resolved: pinmux: fix race causing muxowner NULL with active muxusecount commit 5a3e85c3c397 "pinmux: Use sequential access to access desc-pinmux data" tried to address the issue when two client of the same gpio calls pinctrlselectstate fo...

4.7CVSS5.6AI score0.00104EPSS
Exploits0References29
UbuntuCve
UbuntuCve
added 2025/08/22 4:15 p.m.1 views

CVE-2025-38654

In the Linux kernel, the following vulnerability has been resolved: pinctrl: canaan: k230: Fix order of DT parse and pinctrl register Move DT parse before pinctrl register. This ensures that device tree parsing is done before calling devmpinctrlregister to prevent using uninitialized pin resource...

5.5CVSS5.9AI score0.00143EPSS
Exploits0References11
UbuntuCve
UbuntuCve
added 2025/08/22 4:15 p.m.2 views

CVE-2025-38655

In the Linux kernel, the following vulnerability has been resolved: pinctrl: canaan: k230: add NULL check in DT parse Add a NULL check for the return value of ofgetproperty when retrieving the "pinmux" property in the group parser. This avoids a potential NULL pointer dereference if the property ...

5.5CVSS5.9AI score0.00143EPSS
Exploits0References11
UbuntuCve
UbuntuCve
added 2025/08/22 4:15 p.m.3 views

CVE-2025-38673

In the Linux kernel, the following vulnerability has been resolved: Revert "drm/gem-framebuffer: Use dmabuf from GEM object instance" This reverts commit cce16fcd7446dcff7480cd9d2b6417075ed81065. The dmabuf field in struct drmgemobject is not stable over the object instance's lifetime. The field...

5.5CVSS6AI score0.00119EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2025/08/22 4:15 p.m.3 views

CVE-2025-38674

In the Linux kernel, the following vulnerability has been resolved: Revert "drm/prime: Use dmabuf from GEM object instance" This reverts commit f83a9b8c7fd0557b0c50784bfdc1bbe9140c9bf8. The dmabuf field in struct drmgemobject is not stable over the object instance's lifetime. The field becomes NU...

5.5CVSS6AI score0.00121EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2025/08/22 4:15 p.m.1 views

CVE-2025-38628

In the Linux kernel, the following vulnerability has been resolved: vdpa/mlx5: Fix release of uninitialized resources on error path The commit in the fixes tag made sure that mlx5vdpafree is the single entrypoint for removing the vdpa device resources added in mlx5vdpadevadd, even in the cleanup...

5.5CVSS5.8AI score0.00145EPSS
Exploits0References12
UbuntuCve
UbuntuCve
added 2025/08/22 4:15 p.m.1 views

CVE-2025-38649

In the Linux kernel, the following vulnerability has been resolved: arm64: dts: qcom: qcs615: fix a crash issue caused by infinite loop for Coresight An infinite loop has been created by the Coresight devices. When only a source device is enabled, the coresightfindactivatedsysfssink function is...

5.5CVSS6AI score0.00158EPSS
Exploits0References11
UbuntuCve
UbuntuCve
added 2025/08/22 4:15 p.m.2 views

CVE-2025-38669

In the Linux kernel, the following vulnerability has been resolved: Revert "drm/gem-shmem: Use dmabuf from GEM object instance" This reverts commit 1a148af06000e545e714fe3210af3d77ff903c11. The dmabuf field in struct drmgemobject is not stable over the object instance's lifetime. The field become...

5.5CVSS6AI score0.00121EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2025/08/22 4:15 p.m.0 views

CVE-2025-38657

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: mcc: prevent shift wrapping in rtw89coremlsrswitch The "linkid" value comes from the user via debugfs. If it's larger than BITSPERLONG then that would result in shift wrapping and potentially an out of bounds access...

7.1CVSS6.6AI score0.00139EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2025/08/22 4:15 p.m.3 views

CVE-2025-38636

In the Linux kernel, the following vulnerability has been resolved: rv: Use strings in da monitors tracepoints Using DA monitors tracepoints with KASAN enabled triggers the following warning: BUG: KASAN: global-out-of-bounds in dotraceeventraweventeventdamonitor+0xd6/0x1a0 Read of size 32 at addr...

7.1CVSS6.5AI score0.00139EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2025/08/22 4:15 p.m.4 views

CVE-2025-38638

In the Linux kernel, the following vulnerability has been resolved: ipv6: add a retry logic in net6rtnotify inet6rtnotify can be called under RCU protection only. This means the route could be changed concurrently and rt6fillnode could return -EMSGSIZE. Re-size the skb when this happens and retry...

5.5CVSS5.9AI score0.00128EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2025/08/22 4:15 p.m.1 views

CVE-2025-38631

In the Linux kernel, the following vulnerability has been resolved: clk: imx95-blk-ctl: Fix synchronous abort When enabling runtime PM for clock suppliers that also belong to a power domain, the following crash is thrown: error: synchronous external abort: 0000000096000010 1 PREEMPT SMP Workqueue...

5.5CVSS5.9AI score0.00145EPSS
Exploits0References12
UbuntuCve
UbuntuCve
added 2025/08/22 4:15 p.m.3 views

CVE-2025-29365

spimsimulator spim v9.1.24 and before is vulnerable to Buffer Overflow in READSTRINGSYSCALL...

9.8CVSS5.9AI score0.00464EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2025/08/22 4:15 p.m.2 views

CVE-2025-38646

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: avoid NULL dereference when RX problematic packet on unsupported 6 GHz band With a quite rare chance, RX report might be problematic to make SW think a packet is received on 6 GHz band even if the chip does not suppo...

5.5CVSS5.8AI score0.00145EPSS
Exploits0References29
UbuntuCve
UbuntuCve
added 2025/08/22 4:15 p.m.3 views

CVE-2025-38647

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: sar: drop lockdep assertion in rtw89setsarfromacpi The following assertion is triggered on the rtw89 driver startup. It looks meaningless to hold wiphy lock on the early init stage so drop the assertion. WARNING: CPU...

5.5CVSS5.9AI score0.00128EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2025/08/22 4:15 p.m.2 views

CVE-2025-38633

In the Linux kernel, the following vulnerability has been resolved: clk: spacemit: mark K1 pll1d8 as critical The pll1d8 clock is enabled by the boot loader, and is ultimately a parent for numerous clocks, including those used by APB and AXI buses. Guodong Xu discovered that this clock got disabl...

5.5CVSS5.9AI score0.00128EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2025/08/22 4:15 p.m.1 views

CVE-2025-38652

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid out-of-boundary access in devs.path - touch /mnt/f2fs/012345678901234567890123456789012345678901234567890123 - truncate -s $102410241024 \ /mnt/f2fs/012345678901234567890123456789012345678901234567890123 - touc...

7.1CVSS6.5AI score0.00164EPSS
Exploits0References39
UbuntuCve
UbuntuCve
added 2025/08/22 4:15 p.m.3 views

CVE-2025-38629

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb: scarlett2: Fix missing NULL check scarlett2inputselectctlinfo sets up the string arrays allocated via kasprintf, but it misses NULL checks, which may lead to NULL dereference Oops. Let's add the proper NULL check...

5.5CVSS5.9AI score0.00143EPSS
Exploits0References11
UbuntuCve
UbuntuCve
added 2025/08/22 4:15 p.m.2 views

CVE-2025-38641

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btusb: Fix potential NULL dereference on kmalloc failure Avoid potential NULL pointer dereference by checking the return value of kmalloc and handling allocation failure properly...

5.5CVSS5.9AI score0.00128EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2025/08/22 4:15 p.m.2 views

CVE-2025-38630

In the Linux kernel, the following vulnerability has been resolved: fbdev: imxfb: Check fbaddvideomode to prevent null-ptr-deref fbaddvideomode can fail with -ENOMEM when its internal kmalloc cannot allocate a struct fbmodelist. If that happens, the modelist stays empty but the driver continues t...

5.5CVSS5.9AI score0.00153EPSS
Exploits0References39
UbuntuCve
UbuntuCve
added 2025/08/22 4:15 p.m.2 views

CVE-2025-38650

In the Linux kernel, the following vulnerability has been resolved: hfsplus: remove mutexlock check in hfsplusfreeextents Syzbot reported an issue in hfsplus filesystem: ------------ cut here ------------ WARNING: CPU: 0 PID: 4400 at fs/hfsplus/extents.c:346 hfsplusfreeextents+0x700/0xad0 Call...

5.5CVSS5.9AI score0.00121EPSS
Exploits0References39
UbuntuCve
UbuntuCve
added 2025/08/22 4:15 p.m.2 views

CVE-2025-38670

In the Linux kernel, the following vulnerability has been resolved: arm64/entry: Mask DAIF in cpuswitchto, callonirqstack cpuswitchto and callonirqstack manipulate SP to change to different stacks along with the Shadow Call Stack if it is enabled. Those two stack changes cannot be done atomically...

7.1CVSS6.5AI score0.00142EPSS
Exploits0References37
UbuntuCve
UbuntuCve
added 2025/08/22 4:15 p.m.2 views

CVE-2025-38622

In the Linux kernel, the following vulnerability has been resolved: net: drop UFO packets in udprcvsegment When sending a packet with virtionethdr to tun device, if the gsotype in virtionethdr is SKBGSOUDP and the gsosize is less than udphdr size, below crash may happen. ------------ cut here...

5.5CVSS5.9AI score0.0016EPSS
Exploits0References39
UbuntuCve
UbuntuCve
added 2025/08/22 4:15 p.m.1 views

CVE-2025-38623

In the Linux kernel, the following vulnerability has been resolved: PCI: pnvphp: Fix surprise plug detection and recovery The existing PowerNV hotplug code did not handle surprise plug events correctly, leading to a complete failure of the hotplug system after device removal and a required reboot...

5.5CVSS6AI score0.00149EPSS
Exploits0References39
UbuntuCve
UbuntuCve
added 2025/08/22 4:15 p.m.2 views

CVE-2025-38639

In the Linux kernel, the following vulnerability has been resolved: netfilter: xtnfacct: don't assume acct name is null-terminated BUG: KASAN: slab-out-of-bounds in .. lib/vsprintf.c:721 Read of size 1 at addr ffff88801eac95c8 by task syz-executor183/5851 .. string+0x231/0x2b0 lib/vsprintf.c:721...

5.5CVSS5.9AI score0.00159EPSS
Exploits0References39
UbuntuCve
UbuntuCve
added 2025/08/22 4:15 p.m.7 views

CVE-2025-38635

In the Linux kernel, the following vulnerability has been resolved: clk: davinci: Add NULL check in davincilpscclkregister devmkasprintf returns NULL when memory allocation fails. Currently, davincilpscclkregister does not check for this case, which results in a NULL pointer dereference. Add NULL...

5.5CVSS5.9AI score0.00159EPSS
Exploits0References39
UbuntuCve
UbuntuCve
added 2025/08/22 4:15 p.m.2 views

CVE-2025-38634

In the Linux kernel, the following vulnerability has been resolved: power: supply: cpcap-charger: Fix null check for powersupplygetbyname In the cpcapusbdetect function, the powersupplygetbyname function may return NULL instead of an error pointer. To prevent potential null pointer dereferences,...

5.5CVSS5.9AI score0.00146EPSS
Exploits0References39
UbuntuCve
UbuntuCve
added 2025/08/22 4:15 p.m.2 views

CVE-2025-38624

In the Linux kernel, the following vulnerability has been resolved: PCI: pnvphp: Clean up allocated IRQs on unplug When the root of a nested PCIe bridge configuration is unplugged, the pnvphp driver leaked the allocated IRQ resources for the child bridges' hotplug event notifications, resulting i...

5.5CVSS5.9AI score0.00149EPSS
Exploits0References39
UbuntuCve
UbuntuCve
added 2025/08/22 4:15 p.m.3 views

CVE-2025-38644

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: reject TDLS operations when station is not associated syzbot triggered a WARN in ieee80211tdlsoper by sending NL80211TDLSENABLELINK immediately after NL80211CMDCONNECT, before association completed and without pri...

5.5CVSS6.4AI score0.00147EPSS
Exploits0References30
UbuntuCve
UbuntuCve
added 2025/08/22 4:15 p.m.2 views

CVE-2025-38664

In the Linux kernel, the following vulnerability has been resolved: ice: Fix a null pointer dereference in icecopyandinitpkg Add check for the return value of devmkmemdup to prevent potential null pointer dereference...

5.5CVSS5.9AI score0.00159EPSS
Exploits0References38
UbuntuCve
UbuntuCve
added 2025/08/22 4:15 p.m.1 views

CVE-2025-38642

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix WARNON for monitor mode on some devices On devices without WANTMONITORVIF and probably without channel context support we get a WARNON for changing the per-link setting of a monitor interface. Since we already...

5.5CVSS5.9AI score0.00143EPSS
Exploits0References11
UbuntuCve
UbuntuCve
added 2025/08/22 4:15 p.m.1 views

CVE-2025-38675

In the Linux kernel, the following vulnerability has been resolved: xfrm: state: initialize stateptrs earlier in xfrmstatefind In case of preemption, xfrmstatelookat will find a different pcpuid and look up states for that other CPU. If we matched a state for CPU2 in the statecache while the look...

4.7CVSS5.7AI score0.00101EPSS
Exploits0References27
UbuntuCve
UbuntuCve
added 2025/08/22 4:15 p.m.4 views

CVE-2025-38645

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Check device memory pointer before usage Add a NULL check before accessing device memory to prevent a crash if dev-dm allocation in mlx5initonce fails...

5.5CVSS5.9AI score0.00147EPSS
Exploits0References39
UbuntuCve
UbuntuCve
added 2025/08/22 4:15 p.m.2 views

CVE-2025-38666

In the Linux kernel, the following vulnerability has been resolved: net: appletalk: Fix use-after-free in AARP proxy probe The AARP proxy‐probe routine aarpproxyprobenetwork sends a probe, releases the aarplock, sleeps, then re-acquires the lock. During that window an expire timer thread...

7.8CVSS6.6AI score0.00151EPSS
Exploits0References45
UbuntuCve
UbuntuCve
added 2025/08/22 4:15 p.m.2 views

CVE-2025-38661

In the Linux kernel, the following vulnerability has been resolved: platform/x86: alienware-wmi-wmax: Fix dmisystemid array Add missing empty member to awccdmitable...

5.5CVSS5.9AI score0.00128EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2025/08/22 4:15 p.m.2 views

CVE-2025-29366

In mupen64plus v2.6.0 there is an array overflow vulnerability in the writerdramregs and writerdramregs functions, which enables executing arbitrary commands on the host machine...

9.8CVSS6AI score0.00543EPSS
Exploits0References10
UbuntuCve
UbuntuCve
added 2025/08/22 4:15 p.m.2 views

CVE-2025-38658

In the Linux kernel, the following vulnerability has been resolved: nvmet: pci-epf: Do not complete commands twice if nvmetreqinit fails Have nvmetreqinit and req-execute complete failed commands. Description of the problem: nvmetreqinit calls nvmetreqcomplete internally upon failure, e.g.,...

5.5CVSS5.9AI score0.00128EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2025/08/22 4:15 p.m.8 views

CVE-2025-38653

In the Linux kernel, the following vulnerability has been resolved: proc: use the same treatment to check proclseek as ones for procreaditer et.al Check pde-procops-proclseek directly may cause UAF in rmmod scenario. It's a gap in procregopen after commit 654b33ada4ab"proc: fix UAF in...

7.8CVSS6.6AI score0.00153EPSS
Exploits0References30
UbuntuCve
UbuntuCve
added 2025/08/22 4:15 p.m.1 views

CVE-2025-38663

In the Linux kernel, the following vulnerability has been resolved: nilfs2: reject invalid file types when reading inodes To prevent inodes with invalid file types from tripping through the vfs and causing malfunctions or assertion failures, add a missing sanity check when reading an inode from a...

5.5CVSS5.9AI score0.00159EPSS
Exploits0References38
UbuntuCve
UbuntuCve
added 2025/08/22 4:15 p.m.1 views

CVE-2025-38665

In the Linux kernel, the following vulnerability has been resolved: can: netlink: canchangelink: fix NULL pointer deref of struct canpriv::dosetmode Andrei Lalaev reported a NULL pointer deref when a CAN device is restarted from Bus Off and the driver does not implement the struct...

5.5CVSS6AI score0.00136EPSS
Exploits0References29
UbuntuCve
UbuntuCve
added 2025/08/22 4:15 p.m.1 views

CVE-2025-38643

In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: Add missing lock in cfg80211checkandendcac Callers of wdevchandef must hold the wiphy mutex. But the worker cfg80211propagatecacdonewk never takes the lock. Which triggers the warning below with the...

5.5CVSS5.9AI score0.00111EPSS
Exploits0References21
UbuntuCve
UbuntuCve
added 2025/08/22 12:0 a.m.1 views

CVE-2024-58239

In the Linux kernel, the following vulnerability has been resolved: tls: stop recv if initial processrxlist gave us non-DATA If we have a non-DATA record on the rxlist and another record of the same type still on the queue, we will end up merging them: - processrxlist copies the non-DATA record -...

5.5CVSS6.1AI score0.00175EPSS
Exploits2References9
UbuntuCve
UbuntuCve
added 2025/08/22 12:0 a.m.2 views

CVE-2025-38616

In the Linux kernel, the following vulnerability has been resolved: tls: handle data disappearing from under the TLS ULP TLS expects that it owns the receive queue of the TCP socket. This cannot be guaranteed in case the reader of the TCP socket entered before the TLS ULP was installed, or uses...

7.1CVSS6.5AI score0.00178EPSS
Exploits0References22
UbuntuCve
UbuntuCve
added 2025/08/22 12:0 a.m.1 views

CVE-2025-38618

In the Linux kernel, the following vulnerability has been resolved: vsock: Do not allow binding to VMADDRPORTANY It is possible for a vsock to autobind to VMADDRPORTANY. This can cause a use-after-free when a connection is made to the bound socket. The socket returned by accept also has port...

7.8CVSS6.5AI score0.00152EPSS
Exploits0References52
UbuntuCve
UbuntuCve
added 2025/08/22 12:0 a.m.2 views

CVE-2025-38617

In the Linux kernel, the following vulnerability has been resolved: net/packet: fix a race in packetsetring and packetnotifier When packetsetring releases po-bindlock, another thread can run packetnotifier and process an NETDEVUP event. This race and the fix are both similar to that of commit...

4.7CVSS6.4AI score0.00288EPSS
Exploits0References52
UbuntuCve
UbuntuCve
added 2025/08/21 5:15 p.m.2 views

CVE-2025-7969

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in markdown-it allows Cross-Site Scripting XSS. This vulnerability is associated with program files lib/renderer.mjs. This issue affects markdown-it: 14.1.0. NOTE: the Supplier does not conside...

6.9CVSS6.3AI score0.00229EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2025/08/21 4:15 p.m.1 views

CVE-2025-9308

A vulnerability has been found in yarnpkg Yarn up to 1.22.22. This impacts the function setOptions of the file src/util/request-manager.js. Such manipulation leads to inefficient regular expression complexity. Local access is required to approach this attack. This vulnerability only affects...

5.5CVSS5.6AI score0.00188EPSS
Exploits1References5
UbuntuCve
UbuntuCve
added 2025/08/21 1:15 p.m.2 views

CVE-2025-9300

A vulnerability was found in saitoha libsixel up to 1.10.3. Affected by this issue is the function sixeldebugprintpalette of the file src/encoder.c of the component img2sixel. The manipulation results in stack-based buffer overflow. The attack must be initiated from a local position. The exploit...

7.8CVSS5.9AI score0.00225EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2025/08/21 12:0 a.m.6 views

CVE-2025-9301

A vulnerability was determined in cmake 4.1.20250725-gb5cce23. This affects the function cmForEachFunctionBlocker::ReplayItems of the file cmForEachCommand.cxx. This manipulation causes reachable assertion. The attack needs to be launched locally. The exploit has been publicly disclosed and may b...

4.8CVSS5.4AI score0.00135EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2025/08/21 12:0 a.m.3 views

CVE-2025-52194

A buffer overflow vulnerability exists in libsndfile version 1.2.2 and potentially earlier versions when processing malformed IRCAM audio files. The vulnerability occurs in the ircamreadheader function at src/ircam.c:164 during sample rate processing, leading to memory corruption and potential co...

7.5CVSS6.1AI score0.00585EPSS
Exploits1References2
Total number of security vulnerabilities68528