11047 matches found
CVE-2025-38492
In the Linux kernel, the following vulnerability has been resolved: netfs: Fix race between cache write completion and ALL_QUEUED being set When netfslib is issuing subrequests, the subrequests start processingimmediately and may complete before we reach the end of the issuingfunction. At the end o...
CVE-2025-38617
In the Linux kernel, the following vulnerability has been resolved: net/packet: fix a race in packet_set_ring() and packet_notifier() When packet_set_ring() releases po->bind_lock, another thread canrun packet_notifier() and process an NETDEV_UP event. This race and the fix are both similar to t...
CVE-2025-38618
In the Linux kernel, the following vulnerability has been resolved: vsock: Do not allow binding to VMADDR_PORT_ANY It is possible for a vsock to autobind to VMADDR_PORT_ANY. This cancause a use-after-free when a connection is made to the bound socket.The socket returned by accept() also has port VM...
CVE-2025-38622
In the Linux kernel, the following vulnerability has been resolved: net: drop UFO packets in udp_rcv_segment() When sending a packet with virtio_net_hdr to tun device, if the gso_typein virtio_net_hdr is SKB_GSO_UDP and the gso_size is less than udphdrsize, below crash may happen. ------------[ cut...
CVE-2025-38623
In the Linux kernel, the following vulnerability has been resolved: PCI: pnv_php: Fix surprise plug detection and recovery The existing PowerNV hotplug code did not handle surprise plug eventscorrectly, leading to a complete failure of the hotplug system after deviceremoval and a required reboot to...
CVE-2025-38625
In the Linux kernel, the following vulnerability has been resolved: vfio/pds: Fix missing detach_ioas op When CONFIG_IOMMUFD is enabled and a device is bound to the pds_vfio_pcidriver, the following WARN_ON() trace is seen and probe fails: WARNING: CPU: 0 PID: 5040 at drivers/vfio/vfio_main.c:317 _...
CVE-2025-38630
In the Linux kernel, the following vulnerability has been resolved: fbdev: imxfb: Check fb_add_videomode to prevent null-ptr-deref fb_add_videomode() can fail with -ENOMEM when its internal kmalloc() cannotallocate a struct fb_modelist. If that happens, the modelist stays empty butthe driver contin...
CVE-2025-38634
In the Linux kernel, the following vulnerability has been resolved: power: supply: cpcap-charger: Fix null check for power_supply_get_by_name In the cpcap_usb_detect() function, the power_supply_get_by_name()function may return NULL instead of an error pointer.To prevent potential null pointer dere...
CVE-2025-38639
In the Linux kernel, the following vulnerability has been resolved: netfilter: xt_nfacct: don't assume acct name is null-terminated BUG: KASAN: slab-out-of-bounds in .. lib/vsprintf.c:721Read of size 1 at addr ffff88801eac95c8 by task syz-executor183/5851[..]string+0x231/0x2b0 lib/vsprintf.c:721vsn...
CVE-2025-38645
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Check device memory pointer before usage Add a NULL check before accessing device memory to prevent a crash ifdev->dm allocation in mlx5_init_once() fails.
CVE-2025-38653
In the Linux kernel, the following vulnerability has been resolved: proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al Check pde->proc_ops->proc_lseek directly may cause UAF in rmmod scenario.It's a gap in proc_reg_open() after commit 654b33ada4ab("proc: fix UAF...
CVE-2025-38665
In the Linux kernel, the following vulnerability has been resolved: can: netlink: can_changelink(): fix NULL pointer deref of struct can_priv::do_set_mode Andrei Lalaev reported a NULL pointer deref when a CAN device isrestarted from Bus Off and the driver does not implement the structcan_priv::do_...
CVE-2025-38666
In the Linux kernel, the following vulnerability has been resolved: net: appletalk: Fix use-after-free in AARP proxy probe The AARP proxy‐probe routine (aarp_proxy_probe_network) sends a probe,releases the aarp_lock, sleeps, then re-acquires the lock. During thatwindow an expire timer thread (__aar...
CVE-2022-50057
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix NULL deref in ntfs_update_mftmirr If ntfs_fill_super() wasn't called then sbi->sb will be equal to NULL.Code should check this ptr before dereferencing. Syzbot hit this issuevia passing wrong mount param as can be ...
CVE-2022-50147
In the Linux kernel, the following vulnerability has been resolved: mm/mempolicy: fix get_nodes out of bound access When user specified more nodes than supported, get_nodes will access nmaskarray out of bounds.
CVE-2025-38144
In the Linux kernel, the following vulnerability has been resolved: watchdog: lenovo_se30_wdt: Fix possible devm_ioremap() NULL pointer dereference in lenovo_se30_wdt_probe() devm_ioremap() returns NULL on error. Currently, lenovo_se30_wdt_probe()does not check for this case, which results in a NUL...
CVE-2025-38171
In the Linux kernel, the following vulnerability has been resolved: power: supply: max77705: Fix workqueue error handling in probe The create_singlethread_workqueue() doesn't return error pointers, itreturns NULL. Also cleanup the workqueue on the error paths.
CVE-2025-38209
In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: remove tag set when second admin queue config fails Commit 104d0e2f6222 ("nvme-fabrics: reset admin connection for secureconcatenation") modified nvme_tcp_setup_ctrl() to callnvme_tcp_configure_admin_queue() twice. The fi...
CVE-2025-38247
In the Linux kernel, the following vulnerability has been resolved: userns and mnt_idmap leak in open_tree_attr(2) Once want_mount_setattr() has returned a positive, it does requirefinish_mount_kattr() to release ->mnt_userns. Failing do_mount_setattr()does not change that. As the result, we can...
CVE-2025-38252
In the Linux kernel, the following vulnerability has been resolved: cxl/ras: Fix CPER handler device confusion By inspection, cxl_cper_handle_prot_err() is making a series of fragileassumptions that can lead to crashes: 1/ It assumes that endpoints identified in the record are a CXL-type-3device, n...
CVE-2025-38266
In the Linux kernel, the following vulnerability has been resolved: pinctrl: mediatek: eint: Fix invalid pointer dereference for v1 platforms Commit 3ef9f710efcb ("pinctrl: mediatek: Add EINT support for multipleaddresses") introduced an access to the 'soc' field of structmtk_pinctrl in mtk_eint_do...
CVE-2025-38276
In the Linux kernel, the following vulnerability has been resolved: fs/dax: Fix "don't skip locked entries when scanning entries" Commit 6be3e21d25ca ("fs/dax: don't skip locked entries when scanningentries") introduced a new function, wait_entry_unlocked_exclusive(),which waits for the current ent...
CVE-2025-38367
In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Avoid overflow with array index The variable index is modified and reused as array index when modifyregister EIOINTC_ENABLE. There will be array index overflow problem.
CVE-2025-38619
In the Linux kernel, the following vulnerability has been resolved: media: ti: j721e-csi2rx: fix list_del corruption If ti_csi2rx_start_dma() fails in ti_csi2rx_dma_callback(), the buffer ismarked done with VB2_BUF_STATE_ERROR but is not removed from the DMA queue.This causes the same buffer to be ...
CVE-2025-38624
In the Linux kernel, the following vulnerability has been resolved: PCI: pnv_php: Clean up allocated IRQs on unplug When the root of a nested PCIe bridge configuration is unplugged, thepnv_php driver leaked the allocated IRQ resources for the child bridges'hotplug event notifications, resulting in ...
CVE-2025-38636
In the Linux kernel, the following vulnerability has been resolved: rv: Use strings in da monitors tracepoints Using DA monitors tracepoints with KASAN enabled triggers the followingwarning: BUG: KASAN: global-out-of-bounds in do_trace_event_raw_event_event_da_monitor+0xd6/0x1a0Read of size 32 at a...
CVE-2025-38640
In the Linux kernel, the following vulnerability has been resolved: bpf: Disable migration in nf_hook_run_bpf(). syzbot reported that the netfilter bpf prog can be called withoutmigration disabled in xmit path. Then the assertion in __bpf_prog_run() fails, triggering the splatbelow. [0] Let's use b...
CVE-2025-38643
In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: Add missing lock in cfg80211_check_and_end_cac() Callers of wdev_chandef() must hold the wiphy mutex. But the worker cfg80211_propagate_cac_done_wk() never takes the lock.Which triggers the warning below with the me...
CVE-2025-38646
In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: avoid NULL dereference when RX problematic packet on unsupported 6 GHz band With a quite rare chance, RX report might be problematic to make SW thinka packet is received on 6 GHz band even if the chip does not support ...
CVE-2025-38648
In the Linux kernel, the following vulnerability has been resolved: spi: stm32: Check for cfg availability in stm32_spi_probe The stm32_spi_probe function now includes a check to ensure that thepointer returned by of_device_get_match_data is not NULL beforeaccessing its members. This resolves a war...
CVE-2025-38652
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid out-of-boundary access in devs.path touch /mnt/f2fs/012345678901234567890123456789012345678901234567890123 truncate -s $((10241024 1024)) /mnt/f2fs/012345678901234567890123456789012345678901234567890123 touch /mn...
CVE-2025-38663
In the Linux kernel, the following vulnerability has been resolved: nilfs2: reject invalid file types when reading inodes To prevent inodes with invalid file types from tripping through the vfsand causing malfunctions or assertion failures, add a missing sanity checkwhen reading an inode from a blo...
CVE-2025-38664
In the Linux kernel, the following vulnerability has been resolved: ice: Fix a null pointer dereference in ice_copy_and_init_pkg() Add check for the return value of devm_kmemdup()to prevent potential null pointer dereference.
CVE-2025-38668
In the Linux kernel, the following vulnerability has been resolved: regulator: core: fix NULL dereference on unbind due to stale coupling data Failing to reset coupling_desc.n_coupled after freeing coupled_rdevs canlead to NULL pointer dereference when regulators are accessed post-unbind. This can ...
CVE-2025-38670
In the Linux kernel, the following vulnerability has been resolved: arm64/entry: Mask DAIF in cpu_switch_to(), call_on_irq_stack() cpu_switch_to() and call_on_irq_stack() manipulate SP to changeto different stacks along with the Shadow Call Stack if it is enabled.Those two stack changes cannot be d...
CVE-2025-38673
In the Linux kernel, the following vulnerability has been resolved: Revert "drm/gem-framebuffer: Use dma_buf from GEM object instance" This reverts commit cce16fcd7446dcff7480cd9d2b6417075ed81065. The dma_buf field in struct drm_gem_object is not stable over theobject instance's lifetime. The field...
CVE-2025-38674
In the Linux kernel, the following vulnerability has been resolved: Revert "drm/prime: Use dma_buf from GEM object instance" This reverts commit f83a9b8c7fd0557b0c50784bfdc1bbe9140c9bf8. The dma_buf field in struct drm_gem_object is not stable over theobject instance's lifetime. The field becomes N...
CVE-2022-50075
In the Linux kernel, the following vulnerability has been resolved: tracing/eprobes: Have event probes be consistent with kprobes and uprobes Currently, if a symbol "@" is attempted to be used with an event probe(eprobes), it will cause a NULL pointer dereference crash. Both kprobes and uprobes can...
CVE-2022-50078
In the Linux kernel, the following vulnerability has been resolved: tracing/eprobes: Do not allow eprobes to use $stack, or % for regs While playing with event probes (eprobes), I tried to see what wouldhappen if I attempted to retrieve the instruction pointer (%rip) knowingthat event probes do not...
CVE-2022-50089
In the Linux kernel, the following vulnerability has been resolved: btrfs: ensure pages are unlocked on cow_file_range() failure There is a hung_task report on zoned btrfs like below. https://github.com/naota/linux/issues/59 [726.328648] INFO: task rocksdb:high0:11085 blocked for more than 241 seco...
CVE-2022-50119
In the Linux kernel, the following vulnerability has been resolved: rpmsg: Fix possible refcount leak in rpmsg_register_device_override() rpmsg_register_device_override need to call put_device to free vch whendriver_set_override fails. Fix this by adding a put_device() to the error path.
CVE-2022-50122
In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: mt8173-rt5650: Fix refcount leak in mt8173_rt5650_dev_probe of_parse_phandle() returns a node pointer with refcountincremented, we should use of_node_put() on it when not need anymore.Fix refcount leak in some error...
CVE-2022-50182
In the Linux kernel, the following vulnerability has been resolved: media: imx-jpeg: Align upwards buffer size The hardware can support any image size WxH,with arbitrary W (image width) and H (image height) dimensions. Align upwards buffer size for both encoder and decoder.and leave the picture res...
CVE-2025-38150
In the Linux kernel, the following vulnerability has been resolved: af_packet: move notifier's packet_dev_mc out of rcu critical section Syzkaller reports the following issue: BUG: sleeping function called from invalid context at kernel/locking/mutex.c:578__mutex_lock+0x106/0xe80 kernel/locking/mut...
CVE-2025-38271
In the Linux kernel, the following vulnerability has been resolved: net: prevent a NULL deref in rtnl_create_link() At the time rtnl_create_link() is running, dev->netdev_ops is NULL,we must not use netdev_lock_ops() or risk a NULL deref ifCONFIG_NET_SHAPER is defined. Use netif_set_group() inst...
CVE-2025-38308
In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: avs: Fix possible null-ptr-deref when initing hw Search result of avs_dai_find_path_template() shall be verified beforebeing used. As 'template' is already known whenavs_hw_constraints_init() is fired, drop the search ...
CVE-2025-38309
In the Linux kernel, the following vulnerability has been resolved: drm/xe/vm: move xe_svm_init() earlier In xe_vm_close_and_put() we need to be able to call xe_svm_fini(),however during vm creation we can call this on the error path, beforehaving actually initialised the svm state, leading to vari...
CVE-2025-38327
In the Linux kernel, the following vulnerability has been resolved: fgraph: Do not enable function_graph tracer when setting funcgraph-args When setting the funcgraph-args option when function graph tracer is netenabled, it incorrectly enables it. Worse, it unregisters itself when itwas never regis...
CVE-2025-38621
In the Linux kernel, the following vulnerability has been resolved: md: make rdev_addable usable for rcu mode Our testcase trigger panic: BUG: kernel NULL pointer dereference, address: 00000000000000e0...Oops: Oops: 0000 [#1] SMP NOPTICPU: 2 UID: 0 PID: 85 Comm: kworker/2:1 Not tainted 6.16.0+ #94P...
CVE-2025-38626
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to trigger foreground gc during f2fs_map_blocks() in lfs mode w/ "mode=lfs" mount option, generic/299 will cause system panic as below: ------------[ cut here ]------------kernel BUG at fs/f2fs/segment.c:2835!Call Trace:f...