68528 matches found
CVE-2025-38312
In the Linux kernel, the following vulnerability has been resolved: fbdev: core: fbcvt: avoid division by 0 in fbcvthperiod In fbfindmodecvt, iff mode-refresh somehow happens to be 0x80000000, cvt.frefresh will become 0 when multiplying it by 2 due to overflow. It's then passed to fbcvthperiod,...
CVE-2025-38297
In the Linux kernel, the following vulnerability has been resolved: PM: EM: Fix potential division-by-zero error in emcomputecosts When the device is of a non-CPU type, tablei.performance won't be initialized in the previous eminitperformance, resulting in division by zero when calculating costs ...
CVE-2025-38270
In the Linux kernel, the following vulnerability has been resolved: net: drv: netdevsim: don't napicomplete from netpoll netdevsim supports netpoll. Make sure we don't call napicomplete from it, since it may not be scheduled. Breno reports hitting a warning in napicompletedone: WARNING: CPU: 14...
CVE-2025-38314
In the Linux kernel, the following vulnerability has been resolved: virtio-pci: Fix result size returned for the admin command completion The result size returned by virtiopciadmindevpartsget is 8 bytes larger than the actual result data size. This occurs because the resultsgsize field of the...
CVE-2025-38267
In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Do not trigger WARNON due to a commitoverrun When reading a memory mapped buffer the reader page is just swapped out with the last page written in the write buffer. If the reader page is the same as the commit buffer...
CVE-2025-38307
In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: avs: Verify content returned by parseintarray The first element of the returned array stores its length. If it is 0, any manipulation beyond the element at index 0 ends with null-ptr-deref...
CVE-2025-38304
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix NULL pointer deference on eirgetservicedata The len parameter is considered optional so it can be NULL so it cannot be used for skipping to next entry of EIRSERVICEDATA...
CVE-2025-38305
In the Linux kernel, the following vulnerability has been resolved: ptp: remove ptp-nvclocks check logic in ptpvclockinuse There is no disagreement that we should check both ptp-isvirtualclock and ptp-nvclocks to check if the ptp virtual clock is in use. However, when we acquire ptp-nvclocksmux t...
CVE-2025-38296
In the Linux kernel, the following vulnerability has been resolved: ACPI: platformprofile: Avoid initializing on non-ACPI platforms The platform profile driver is loaded even on platforms that do not have ACPI enabled. The initialization of the sysfs entries was recently moved from...
CVE-2025-38318
In the Linux kernel, the following vulnerability has been resolved: perf: arm-ni: Fix missing platformsetdrvdata Add missing platformsetdrvdata in armniprobe, otherwise calling platformgetdrvdata in remove returns NULL...
CVE-2025-38315
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btintel: Check dsbr size from EFI variable Since the size of struct btinteldsbr is already known, we can just start there instead of querying the EFI variable size. If the final result doesn't match what we expect also...
CVE-2025-38316
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7996: avoid NULL pointer dereference in mt7996setmonitor The function mt7996setmonitor dereferences phy before the NULL sanity check. Fix this to avoid NULL pointer dereference by moving the dereference after the...
CVE-2025-38294
In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix NULL access in assign channel context handler Currently, when ath12kmacassignviftovdev fails, the radio handle ar gets accessed from the link VIF handle arvif for debug logging, This is incorrect. In the fail...
CVE-2025-38293
In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fix node corruption in ar-arvifs list In current WLAN recovery code flow, ath11kcorehalt only reinitializes the "arvifs" list head. This will cause the list node immediately following the list head to become an...
CVE-2025-38290
In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix node corruption in ar-arvifs list In current WLAN recovery code flow, ath12kcorehalt only reinitializes the "arvifs" list head. This will cause the list node immediately following the list head to become an...
CVE-2025-38319
In the Linux kernel, the following vulnerability has been resolved: drm/amd/pp: Fix potential NULL pointer dereference in atomctrlinitializemcregtable The function atomctrlinitializemcregtable and atomctrlinitializemcregtablev22 does not check the return value of smuatomgetdatatable. If...
CVE-2025-38276
In the Linux kernel, the following vulnerability has been resolved: fs/dax: Fix "don't skip locked entries when scanning entries" Commit 6be3e21d25ca "fs/dax: don't skip locked entries when scanning entries" introduced a new function, waitentryunlockedexclusive, which waits for the current entry ...
CVE-2025-38278
In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: QOS: Refactor TCHTBLEAFDELLAST callback This patch addresses below issues, 1. Active traffic on the leaf node must be stopped before its send queue is reassigned to the parent. This patch resolves the issue by marki...
CVE-2025-38280
In the Linux kernel, the following vulnerability has been resolved: bpf: Avoid bpfprogret0warn when jit fails syzkaller reported an issue: WARNING: CPU: 3 PID: 217 at kernel/bpf/core.c:2357 bpfprogret0warn+0xa/0x20 kernel/bpf/core.c:2357 Modules linked in: CPU: 3 UID: 0 PID: 217 Comm: kworker/u32...
CVE-2025-38281
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7996: Add NULL check in mt7996thermalinit devmkasprintf can return a NULL pointer on failure,but this returned value in mt7996thermalinit is not checked. Add NULL check in mt7996thermalinit, to handle kernel NULL...
CVE-2025-38284
In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: pci: configure manual DAC mode via PCI config API only To support 36-bit DMA, configure chip proprietary bit via PCI config API or chip DBI interface. However, the PCI device mmap isn't set yet and the DBI is also...
CVE-2025-38306
In the Linux kernel, the following vulnerability has been resolved: fs/fhandle.c: fix a race in call of haslockedchildren maydecodefh is calling haslockedchildren while holding no locks. That's an oopsable race... The rest of the callers are safe since they are holding namespacesem and are...
CVE-2025-38302
In the Linux kernel, the following vulnerability has been resolved: block: don't use submitbionoacctnocheck in blkzonewplugbiowork Bios queued up in the zone write plug have already gone through all all preparation in the submitbio path, including the freeze protection. Submitting them through...
CVE-2025-38272
In the Linux kernel, the following vulnerability has been resolved: net: dsa: b53: do not enable EEE on bcm63xx BCM63xx internal switches do not support EEE, but provide multiple RGMII ports where external PHYs may be connected. If one of these PHYs are EEE capable, we may try to enable EEE for t...
CVE-2025-38274
In the Linux kernel, the following vulnerability has been resolved: fpga: fix potential null pointer deref in fpgamgrtestimgloadsgt fpgamgrtestimgloadsgt allocates memory for sgt using kunitkzalloc however it does not check if the allocation failed. It then passes sgt to sgalloctable, which passe...
CVE-2025-38268
In the Linux kernel, the following vulnerability has been resolved: usb: typec: tcpm: move tcpmqueuevdmunlocked to asynchronous work A state check was previously added to tcpmqueuevdmunlocked to prevent a deadlock where the DisplayPort Alt Mode driver would be executing work and attempting to gra...
CVE-2025-38265
In the Linux kernel, the following vulnerability has been resolved: serial: jsm: fix NPE during jsmuartportinit No device was set which caused serialbasectrladd to crash. BUG: kernel NULL pointer dereference, address: 0000000000000050 Oops: Oops: 0000 1 PREEMPT SMP NOPTI CPU: 16 UID: 0 PID: 368...
CVE-2025-38266
In the Linux kernel, the following vulnerability has been resolved: pinctrl: mediatek: eint: Fix invalid pointer dereference for v1 platforms Commit 3ef9f710efcb "pinctrl: mediatek: Add EINT support for multiple addresses" introduced an access to the 'soc' field of struct mtkpinctrl in...
CVE-2025-38282
In the Linux kernel, the following vulnerability has been resolved: kernfs: Relax constraint in draining guard The active reference lifecycle provides the break/unbreak mechanism but the active reference is not truly active after unbreak -- callers don't use it afterwards but it's important for...
CVE-2025-38300
In the Linux kernel, the following vulnerability has been resolved: crypto: sun8i-ce-cipher - fix error handling in sun8icecipherprepare Fix two DMA cleanup issues on the error path in sun8icecipherprepare: 1 If dmamapsg fails for areq-dst, the device driver would try to free DMA memory it has no...
CVE-2025-38301
In the Linux kernel, the following vulnerability has been resolved: nvmem: zynqmpnvmem: unbreak driver after cleanup Commit 29be47fcd6a0 "nvmem: zynqmpnvmem: zynqmpnvmemprobe cleanup" changed the driver to expect the device pointer to be passed as the "context", but in nvmem the context parameter...
CVE-2025-38271
In the Linux kernel, the following vulnerability has been resolved: net: prevent a NULL deref in rtnlcreatelink At the time rtnlcreatelink is running, dev-netdevops is NULL, we must not use netdevlockops or risk a NULL deref if CONFIGNETSHAPER is defined. Use netifsetgroup instead of devsetgroup...
CVE-2025-38279
In the Linux kernel, the following vulnerability has been resolved: bpf: Do not include stack ptr register in precision backtracking bookkeeping Yi Lai reported an issue 1 where the following warning appears in kernel dmesg: 60.643604 verifier backtracking bug 60.643635 WARNING: CPU: 10 PID: 2315...
CVE-2025-38308
In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: avs: Fix possible null-ptr-deref when initing hw Search result of avsdaifindpathtemplate shall be verified before being used. As 'template' is already known when avshwconstraintsinit is fired, drop the search entirel...
CVE-2025-38313
In the Linux kernel, the following vulnerability has been resolved: bus: fsl-mc: fix double-free on mcdev The blamed commit tried to simplify how the deallocations are done but, in the process, introduced a double-free on the mcdev variable. In case the MC device is a DPRC, a new mcbus is allocat...
CVE-2025-32989
A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency CT Signed Certificate Timestamp SCT extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension OID...
CVE-2025-38286
In the Linux kernel, the following vulnerability has been resolved: pinctrl: at91: Fix possible out-of-boundary access at91gpioprobe doesn't check that given OF alias is not available or something went wrong when trying to get it. This might have consequences when accessing gpiochips array with...
CVE-2025-38287
In the Linux kernel, the following vulnerability has been resolved: IB/cm: Drop lockdep assert and WARN when freeing old msg The send completion handler can run after cmid has advanced to another message. The cmid lock is not needed in this case, but a recent change re-used cmfreeprivmsg, which...
CVE-2025-38310
In the Linux kernel, the following vulnerability has been resolved: seg6: Fix validation of nexthop addresses The kernel currently validates that the length of the provided nexthop address does not exceed the specified length. This can lead to the kernel reading uninitialized memory if user space...
CVE-2025-38317
In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Fix buffer overflow in debugfs If the user tries to write more than 32 bytes then it results in memory corruption. Fortunately, this is debugfs so it's limited to root users...
CVE-2025-38311
In the Linux kernel, the following vulnerability has been resolved: iavf: get rid of the crit lock Get rid of the crit lock. That frees us from the error prone logic of trylocks. Thanks to netdevlock by Jakub it is now easy, and in most cases we were protected by it already - replace crit lock by...
CVE-2025-38273
In the Linux kernel, the following vulnerability has been resolved: net: tipc: fix refcount warning in tipcaeadencrypt syzbot reported a refcount warning 1 caused by calling getnet on a network namespace that is being destroyed refcount=0. This happens when a TIPC discovery timer fires during...
CVE-2025-38289
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Avoid potential ndlp use-after-free in devlosstmocallbk Smatch detected a potential use-after-free of an ndlp oject in devlosstmocallbk during driver unload or fatal error handling. Fix by reordering code to avoid...
CVE-2025-38295
In the Linux kernel, the following vulnerability has been resolved: perf/amlogic: Replace smpprocessorid with rawsmpprocessorid in mesonddrpmucreate The Amlogic DDR PMU driver mesonddrpmucreate function incorrectly uses smpprocessorid, which assumes disabled preemption. This leads to kernel...
CVE-2025-38309
In the Linux kernel, the following vulnerability has been resolved: drm/xe/vm: move xesvminit earlier In xevmcloseandput we need to be able to call xesvmfini, however during vm creation we can call this on the error path, before having actually initialised the svm state, leading to various splats...
CVE-2025-38277
In the Linux kernel, the following vulnerability has been resolved: mtd: nand: ecc-mxic: Fix use of uninitialized variable ret If ctx-steps is zero, the loop processing ECC steps is skipped, and the variable ret remains uninitialized. It is later checked and returned, which leads to undefined...
CVE-2025-38291
In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Prevent sending WMI commands to firmware during firmware crash Currently, we encounter the following kernel call trace when a firmware crash occurs. This happens because the host sends WMI commands to the firmware...
CVE-2025-38298
In the Linux kernel, the following vulnerability has been resolved: EDAC/skxcommon: Fix general protection fault After loading i10nmedac which automatically loads skxedaccommon, if unload only i10nmedac, then reload it and perform error injection testing, a general protection fault may occur: mce...
CVE-2025-38288
In the Linux kernel, the following vulnerability has been resolved: scsi: smartpqi: Fix smpprocessorid call trace for preemptible kernels Correct kernel call trace when calling smpprocessorid when called in preemptible kernels by using rawsmpprocessorid. smpprocessorid checks to see if preemption...
CVE-2025-38239
In the Linux kernel, the following vulnerability has been resolved: scsi: megaraidsas: Fix invalid node index On a system with DRAM interleave enabled, out-of-bound access is detected: megaraidsas 0000:3f:00.0: requested/available msix 128/128 pollqueue 0 ------------ cut here ------------ UBSAN:...