68528 matches found
CVE-2025-38632
In the Linux kernel, the following vulnerability has been resolved: pinmux: fix race causing muxowner NULL with active muxusecount commit 5a3e85c3c397 "pinmux: Use sequential access to access desc-pinmux data" tried to address the issue when two client of the same gpio calls pinctrlselectstate fo...
CVE-2025-38654
In the Linux kernel, the following vulnerability has been resolved: pinctrl: canaan: k230: Fix order of DT parse and pinctrl register Move DT parse before pinctrl register. This ensures that device tree parsing is done before calling devmpinctrlregister to prevent using uninitialized pin resource...
CVE-2025-38655
In the Linux kernel, the following vulnerability has been resolved: pinctrl: canaan: k230: add NULL check in DT parse Add a NULL check for the return value of ofgetproperty when retrieving the "pinmux" property in the group parser. This avoids a potential NULL pointer dereference if the property ...
CVE-2025-38673
In the Linux kernel, the following vulnerability has been resolved: Revert "drm/gem-framebuffer: Use dmabuf from GEM object instance" This reverts commit cce16fcd7446dcff7480cd9d2b6417075ed81065. The dmabuf field in struct drmgemobject is not stable over the object instance's lifetime. The field...
CVE-2025-38674
In the Linux kernel, the following vulnerability has been resolved: Revert "drm/prime: Use dmabuf from GEM object instance" This reverts commit f83a9b8c7fd0557b0c50784bfdc1bbe9140c9bf8. The dmabuf field in struct drmgemobject is not stable over the object instance's lifetime. The field becomes NU...
CVE-2025-38628
In the Linux kernel, the following vulnerability has been resolved: vdpa/mlx5: Fix release of uninitialized resources on error path The commit in the fixes tag made sure that mlx5vdpafree is the single entrypoint for removing the vdpa device resources added in mlx5vdpadevadd, even in the cleanup...
CVE-2025-38649
In the Linux kernel, the following vulnerability has been resolved: arm64: dts: qcom: qcs615: fix a crash issue caused by infinite loop for Coresight An infinite loop has been created by the Coresight devices. When only a source device is enabled, the coresightfindactivatedsysfssink function is...
CVE-2025-38669
In the Linux kernel, the following vulnerability has been resolved: Revert "drm/gem-shmem: Use dmabuf from GEM object instance" This reverts commit 1a148af06000e545e714fe3210af3d77ff903c11. The dmabuf field in struct drmgemobject is not stable over the object instance's lifetime. The field become...
CVE-2025-38657
In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: mcc: prevent shift wrapping in rtw89coremlsrswitch The "linkid" value comes from the user via debugfs. If it's larger than BITSPERLONG then that would result in shift wrapping and potentially an out of bounds access...
CVE-2025-38636
In the Linux kernel, the following vulnerability has been resolved: rv: Use strings in da monitors tracepoints Using DA monitors tracepoints with KASAN enabled triggers the following warning: BUG: KASAN: global-out-of-bounds in dotraceeventraweventeventdamonitor+0xd6/0x1a0 Read of size 32 at addr...
CVE-2025-38638
In the Linux kernel, the following vulnerability has been resolved: ipv6: add a retry logic in net6rtnotify inet6rtnotify can be called under RCU protection only. This means the route could be changed concurrently and rt6fillnode could return -EMSGSIZE. Re-size the skb when this happens and retry...
CVE-2025-38631
In the Linux kernel, the following vulnerability has been resolved: clk: imx95-blk-ctl: Fix synchronous abort When enabling runtime PM for clock suppliers that also belong to a power domain, the following crash is thrown: error: synchronous external abort: 0000000096000010 1 PREEMPT SMP Workqueue...
CVE-2025-29365
spimsimulator spim v9.1.24 and before is vulnerable to Buffer Overflow in READSTRINGSYSCALL...
CVE-2025-38646
In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: avoid NULL dereference when RX problematic packet on unsupported 6 GHz band With a quite rare chance, RX report might be problematic to make SW think a packet is received on 6 GHz band even if the chip does not suppo...
CVE-2025-38647
In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: sar: drop lockdep assertion in rtw89setsarfromacpi The following assertion is triggered on the rtw89 driver startup. It looks meaningless to hold wiphy lock on the early init stage so drop the assertion. WARNING: CPU...
CVE-2025-38633
In the Linux kernel, the following vulnerability has been resolved: clk: spacemit: mark K1 pll1d8 as critical The pll1d8 clock is enabled by the boot loader, and is ultimately a parent for numerous clocks, including those used by APB and AXI buses. Guodong Xu discovered that this clock got disabl...
CVE-2025-38652
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid out-of-boundary access in devs.path - touch /mnt/f2fs/012345678901234567890123456789012345678901234567890123 - truncate -s $102410241024 \ /mnt/f2fs/012345678901234567890123456789012345678901234567890123 - touc...
CVE-2025-38629
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb: scarlett2: Fix missing NULL check scarlett2inputselectctlinfo sets up the string arrays allocated via kasprintf, but it misses NULL checks, which may lead to NULL dereference Oops. Let's add the proper NULL check...
CVE-2025-38641
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btusb: Fix potential NULL dereference on kmalloc failure Avoid potential NULL pointer dereference by checking the return value of kmalloc and handling allocation failure properly...
CVE-2025-38630
In the Linux kernel, the following vulnerability has been resolved: fbdev: imxfb: Check fbaddvideomode to prevent null-ptr-deref fbaddvideomode can fail with -ENOMEM when its internal kmalloc cannot allocate a struct fbmodelist. If that happens, the modelist stays empty but the driver continues t...
CVE-2025-38650
In the Linux kernel, the following vulnerability has been resolved: hfsplus: remove mutexlock check in hfsplusfreeextents Syzbot reported an issue in hfsplus filesystem: ------------ cut here ------------ WARNING: CPU: 0 PID: 4400 at fs/hfsplus/extents.c:346 hfsplusfreeextents+0x700/0xad0 Call...
CVE-2025-38670
In the Linux kernel, the following vulnerability has been resolved: arm64/entry: Mask DAIF in cpuswitchto, callonirqstack cpuswitchto and callonirqstack manipulate SP to change to different stacks along with the Shadow Call Stack if it is enabled. Those two stack changes cannot be done atomically...
CVE-2025-38622
In the Linux kernel, the following vulnerability has been resolved: net: drop UFO packets in udprcvsegment When sending a packet with virtionethdr to tun device, if the gsotype in virtionethdr is SKBGSOUDP and the gsosize is less than udphdr size, below crash may happen. ------------ cut here...
CVE-2025-38623
In the Linux kernel, the following vulnerability has been resolved: PCI: pnvphp: Fix surprise plug detection and recovery The existing PowerNV hotplug code did not handle surprise plug events correctly, leading to a complete failure of the hotplug system after device removal and a required reboot...
CVE-2025-38639
In the Linux kernel, the following vulnerability has been resolved: netfilter: xtnfacct: don't assume acct name is null-terminated BUG: KASAN: slab-out-of-bounds in .. lib/vsprintf.c:721 Read of size 1 at addr ffff88801eac95c8 by task syz-executor183/5851 .. string+0x231/0x2b0 lib/vsprintf.c:721...
CVE-2025-38635
In the Linux kernel, the following vulnerability has been resolved: clk: davinci: Add NULL check in davincilpscclkregister devmkasprintf returns NULL when memory allocation fails. Currently, davincilpscclkregister does not check for this case, which results in a NULL pointer dereference. Add NULL...
CVE-2025-38634
In the Linux kernel, the following vulnerability has been resolved: power: supply: cpcap-charger: Fix null check for powersupplygetbyname In the cpcapusbdetect function, the powersupplygetbyname function may return NULL instead of an error pointer. To prevent potential null pointer dereferences,...
CVE-2025-38624
In the Linux kernel, the following vulnerability has been resolved: PCI: pnvphp: Clean up allocated IRQs on unplug When the root of a nested PCIe bridge configuration is unplugged, the pnvphp driver leaked the allocated IRQ resources for the child bridges' hotplug event notifications, resulting i...
CVE-2025-38644
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: reject TDLS operations when station is not associated syzbot triggered a WARN in ieee80211tdlsoper by sending NL80211TDLSENABLELINK immediately after NL80211CMDCONNECT, before association completed and without pri...
CVE-2025-38664
In the Linux kernel, the following vulnerability has been resolved: ice: Fix a null pointer dereference in icecopyandinitpkg Add check for the return value of devmkmemdup to prevent potential null pointer dereference...
CVE-2025-38642
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix WARNON for monitor mode on some devices On devices without WANTMONITORVIF and probably without channel context support we get a WARNON for changing the per-link setting of a monitor interface. Since we already...
CVE-2025-38675
In the Linux kernel, the following vulnerability has been resolved: xfrm: state: initialize stateptrs earlier in xfrmstatefind In case of preemption, xfrmstatelookat will find a different pcpuid and look up states for that other CPU. If we matched a state for CPU2 in the statecache while the look...
CVE-2025-38645
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Check device memory pointer before usage Add a NULL check before accessing device memory to prevent a crash if dev-dm allocation in mlx5initonce fails...
CVE-2025-38666
In the Linux kernel, the following vulnerability has been resolved: net: appletalk: Fix use-after-free in AARP proxy probe The AARP proxy‐probe routine aarpproxyprobenetwork sends a probe, releases the aarplock, sleeps, then re-acquires the lock. During that window an expire timer thread...
CVE-2025-38661
In the Linux kernel, the following vulnerability has been resolved: platform/x86: alienware-wmi-wmax: Fix dmisystemid array Add missing empty member to awccdmitable...
CVE-2025-29366
In mupen64plus v2.6.0 there is an array overflow vulnerability in the writerdramregs and writerdramregs functions, which enables executing arbitrary commands on the host machine...
CVE-2025-38658
In the Linux kernel, the following vulnerability has been resolved: nvmet: pci-epf: Do not complete commands twice if nvmetreqinit fails Have nvmetreqinit and req-execute complete failed commands. Description of the problem: nvmetreqinit calls nvmetreqcomplete internally upon failure, e.g.,...
CVE-2025-38653
In the Linux kernel, the following vulnerability has been resolved: proc: use the same treatment to check proclseek as ones for procreaditer et.al Check pde-procops-proclseek directly may cause UAF in rmmod scenario. It's a gap in procregopen after commit 654b33ada4ab"proc: fix UAF in...
CVE-2025-38663
In the Linux kernel, the following vulnerability has been resolved: nilfs2: reject invalid file types when reading inodes To prevent inodes with invalid file types from tripping through the vfs and causing malfunctions or assertion failures, add a missing sanity check when reading an inode from a...
CVE-2025-38665
In the Linux kernel, the following vulnerability has been resolved: can: netlink: canchangelink: fix NULL pointer deref of struct canpriv::dosetmode Andrei Lalaev reported a NULL pointer deref when a CAN device is restarted from Bus Off and the driver does not implement the struct...
CVE-2025-38643
In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: Add missing lock in cfg80211checkandendcac Callers of wdevchandef must hold the wiphy mutex. But the worker cfg80211propagatecacdonewk never takes the lock. Which triggers the warning below with the...
CVE-2024-58239
In the Linux kernel, the following vulnerability has been resolved: tls: stop recv if initial processrxlist gave us non-DATA If we have a non-DATA record on the rxlist and another record of the same type still on the queue, we will end up merging them: - processrxlist copies the non-DATA record -...
CVE-2025-38616
In the Linux kernel, the following vulnerability has been resolved: tls: handle data disappearing from under the TLS ULP TLS expects that it owns the receive queue of the TCP socket. This cannot be guaranteed in case the reader of the TCP socket entered before the TLS ULP was installed, or uses...
CVE-2025-38618
In the Linux kernel, the following vulnerability has been resolved: vsock: Do not allow binding to VMADDRPORTANY It is possible for a vsock to autobind to VMADDRPORTANY. This can cause a use-after-free when a connection is made to the bound socket. The socket returned by accept also has port...
CVE-2025-38617
In the Linux kernel, the following vulnerability has been resolved: net/packet: fix a race in packetsetring and packetnotifier When packetsetring releases po-bindlock, another thread can run packetnotifier and process an NETDEVUP event. This race and the fix are both similar to that of commit...
CVE-2025-7969
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in markdown-it allows Cross-Site Scripting XSS. This vulnerability is associated with program files lib/renderer.mjs. This issue affects markdown-it: 14.1.0. NOTE: the Supplier does not conside...
CVE-2025-9308
A vulnerability has been found in yarnpkg Yarn up to 1.22.22. This impacts the function setOptions of the file src/util/request-manager.js. Such manipulation leads to inefficient regular expression complexity. Local access is required to approach this attack. This vulnerability only affects...
CVE-2025-9300
A vulnerability was found in saitoha libsixel up to 1.10.3. Affected by this issue is the function sixeldebugprintpalette of the file src/encoder.c of the component img2sixel. The manipulation results in stack-based buffer overflow. The attack must be initiated from a local position. The exploit...
CVE-2025-9301
A vulnerability was determined in cmake 4.1.20250725-gb5cce23. This affects the function cmForEachFunctionBlocker::ReplayItems of the file cmForEachCommand.cxx. This manipulation causes reachable assertion. The attack needs to be launched locally. The exploit has been publicly disclosed and may b...
CVE-2025-52194
A buffer overflow vulnerability exists in libsndfile version 1.2.2 and potentially earlier versions when processing malformed IRCAM audio files. The vulnerability occurs in the ircamreadheader function at src/ircam.c:164 during sample rate processing, leading to memory corruption and potential co...