9727 matches found
CVE-2025-38306
In the Linux kernel, the following vulnerability has been resolved: fs/fhandle.c: fix a race in call of has_locked_children() may_decode_fh() is calling has_locked_children() while holding no locks.That's an oopsable race... The rest of the callers are safe since they are holding namespace_sem anda...
CVE-2025-38316
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7996: avoid NULL pointer dereference in mt7996_set_monitor() The function mt7996_set_monitor() dereferences phy beforethe NULL sanity check. Fix this to avoid NULL pointer dereference by moving thedereference after th...
CVE-2025-38318
In the Linux kernel, the following vulnerability has been resolved: perf: arm-ni: Fix missing platform_set_drvdata() Add missing platform_set_drvdata in arm_ni_probe(), otherwisecalling platform_get_drvdata() in remove returns NULL.
CVE-2025-38327
In the Linux kernel, the following vulnerability has been resolved: fgraph: Do not enable function_graph tracer when setting funcgraph-args When setting the funcgraph-args option when function graph tracer is netenabled, it incorrectly enables it. Worse, it unregisters itself when itwas never regis...
CVE-2025-38328
In the Linux kernel, the following vulnerability has been resolved: jffs2: check jffs2_prealloc_raw_node_refs() result in few other places Fuzzing hit another invalid pointer dereference due to the lack ofchecking whether jffs2_prealloc_raw_node_refs() completed successfully.Subsequent logic implie...
CVE-2025-38330
In the Linux kernel, the following vulnerability has been resolved: firmware: cs_dsp: Fix OOB memory read access in KUnit test (ctl cache) KASAN reported out of bounds access - cs_dsp_ctl_cache_init_multiple_offsets().The code uses mock_coeff_template.length_bytes (4 bytes) for register valuealloca...
CVE-2025-38340
In the Linux kernel, the following vulnerability has been resolved: firmware: cs_dsp: Fix OOB memory read access in KUnit test KASAN reported out of bounds access - cs_dsp_mock_bin_add_name_or_info(),because the source string length was rounded up to the allocation size.
CVE-2025-38341
In the Linux kernel, the following vulnerability has been resolved: eth: fbnic: avoid double free when failing to DMA-map FW msg The semantics are that caller of fbnic_mbx_map_msg() retainsthe ownership of the message on error. All existing callersdutifully free the page.
CVE-2025-38349
In the Linux kernel, the following vulnerability has been resolved: eventpoll: don't decrement ep refcount while still holding the ep mutex Jann Horn points out that epoll is decrementing the ep refcount and thendoing a mutex_unlock(&ep->mtx); afterwards. That's very wrong, because it can lead t...
CVE-2025-38351
In the Linux kernel, the following vulnerability has been resolved: KVM: x86/hyper-v: Skip non-canonical addresses during PV TLB flush In KVM guests with Hyper-V hypercalls enabled, the hypercallsHVCALL_FLUSH_VIRTUAL_ADDRESS_LIST and HVCALL_FLUSH_VIRTUAL_ADDRESS_LIST_EXallow a guest to request inva...
CVE-2025-38008
In the Linux kernel, the following vulnerability has been resolved: mm/page_alloc: fix race condition in unaccepted memory handling The page allocator tracks the number of zones that have unaccepted memoryusing static_branch_enc/dec() and uses that static branch in hot paths todetermine if it needs...
CVE-2025-38012
In the Linux kernel, the following vulnerability has been resolved: sched_ext: bpf_iter_scx_dsq_new() should always initialize iterator BPF programs may call next() and destroy() on BPF iterators even after new()returns an error value (e.g. bpf_for_each() macro ignores error returns fromnew()). bpf...
CVE-2025-38016
In the Linux kernel, the following vulnerability has been resolved: HID: bpf: abort dispatch if device destroyed The current HID bpf implementation assumes no output report/request willgo through it after hid_bpf_destroy_device() has been called. This leadsto a bug that unplugging certain types of ...
CVE-2025-38017
In the Linux kernel, the following vulnerability has been resolved: fs/eventpoll: fix endless busy loop after timeout has expired After commit 0a65bc27bd64 ("eventpoll: Set epoll timeout if it's inthe future"), the following program would immediately enter a busyloop in the kernel: int main() { int...
CVE-2025-38028
In the Linux kernel, the following vulnerability has been resolved: NFS/localio: Fix a race in nfs_local_open_fh() Once the clp->cl_uuid.lock has been dropped, another CPU could come inand free the struct nfsd_file that was just added. To prevent that fromhappening, take the RCU read lock before...
CVE-2025-38032
In the Linux kernel, the following vulnerability has been resolved: mr: consolidate the ipmr_can_free_table() checks. Guoyu Yin reported a splat in the ipmr netns cleanup path: WARNING: CPU: 2 PID: 14564 at net/ipv4/ipmr.c:440 ipmr_free_table net/ipv4/ipmr.c:440 [inline]WARNING: CPU: 2 PID: 14564 a...
CVE-2025-38036
In the Linux kernel, the following vulnerability has been resolved: drm/xe/vf: Perform early GT MMIO initialization to read GMDID VFs need to communicate with the GuC to obtain the GMDID valueand existing GuC functions used for that assume that the GT hasit's MMIO members already setup. However, du...
CVE-2025-38050
In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: fix kernel NULL pointer dereference when replacing free hugetlb folios A kernel crash was observed when replacing free hugetlb folios: BUG: kernel NULL pointer dereference, address: 0000000000000028PGD 0 P4D 0Oops: Oops...
CVE-2025-38155
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7915: Fix null-ptr-deref in mt7915_mmio_wed_init() devm_ioremap() returns NULL on error. Currently, mt7915_mmio_wed_init()does not check for this case, which results in a NULL pointerdereference. Prevent null pointer ...
CVE-2025-38156
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7996: Fix null-ptr-deref in mt7996_mmio_wed_init() devm_ioremap() returns NULL on error. Currently, mt7996_mmio_wed_init()does not check for this case, which results in a NULL pointerdereference. Prevent null pointer ...
CVE-2025-38164
In the Linux kernel, the following vulnerability has been resolved: f2fs: zone: fix to avoid inconsistence in between SIT and SSA w/ below testcase, it will cause inconsistence in between SIT and SSA. create_null_blk 512 2 1024 1024mkfs.f2fs -m /dev/nullb0mount /dev/nullb0 /mnt/f2fs/touch /mnt/f2fs...
CVE-2025-38338
In the Linux kernel, the following vulnerability has been resolved: fs/nfs/read: fix double-unlock bug in nfs_return_empty_folio() Sometimes, when a file was read while it was being truncated byanother NFS client, the kernel could deadlock because folio_unlock()was called twice, and the second call...
CVE-2025-38021
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix null check of pipe_ctx->plane_state for update_dchubp_dpp Similar to commit 6a057072ddd1 ("drm/amd/display: Fix null check forpipe_ctx->plane_state in dcn20_program_pipe") that addresses a nullpointer der...
CVE-2025-38054
In the Linux kernel, the following vulnerability has been resolved: ptp: ocp: Limit signal/freq counts in summary output functions The debugfs summary output could access uninitialized elements inthe freq_in[] and signal_out[] arrays, causing NULL pointerdereferences and triggering a kernel Oops (p...
CVE-2025-38056
In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Intel: hda: Fix UAF when reloading module hda_generic_machine_select() appends -idisp to the tplg filename byallocating a new string with devm_kasprintf(), then stores the stringright back into the global variable snd_so...
CVE-2025-38076
In the Linux kernel, the following vulnerability has been resolved: alloc_tag: allocate percpu counters for module tags dynamically When a module gets unloaded it checks whether any of its tags are still inuse and if so, we keep the memory containing module's allocation tagsalive until all tags are...
CVE-2025-38352
In the Linux kernel, the following vulnerability has been resolved: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() If an exiting non-autoreaping task has already passed exit_notify() andcalls handle_posix_cpu_timers() from IRQ, it can be reaped by its parento...