CVE-2025-38379

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix warning when reconnecting channel When reconnecting a channel in smb2_reconnect_server(), a dummy tconis passed down to smb2_reconnect() with ->query_interfaceuninitialized, so we can't call queue_delayed_work()...

CVE-2025-38398

In the Linux kernel, the following vulnerability has been resolved: spi: spi-qpic-snand: reallocate BAM transactions Using the mtd_nandbiterrs module for testing the driver occasionallyresults in weird things like below. swiotlb mapping fails with the following message: [ 85.926216] qcom_snand 79b0...

CVE-2025-38404

In the Linux kernel, the following vulnerability has been resolved: usb: typec: displayport: Fix potential deadlock The deadlock can occur due to a recursive lock acquisition ofcros_typec_altmode_data::mutex.The call chain is as follows: cros_typec_altmode_work() acquires the mutex typec_altmode_vd...

CVE-2025-38492

In the Linux kernel, the following vulnerability has been resolved: netfs: Fix race between cache write completion and ALL_QUEUED being set When netfslib is issuing subrequests, the subrequests start processingimmediately and may complete before we reach the end of the issuingfunction. At the end o...

CVE-2022-50025

In the Linux kernel, the following vulnerability has been resolved: cxl: Fix a memory leak in an error handling path A bitmap_zalloc() must be balanced by a corresponding bitmap_free() in theerror handling path of afu_allocate_irqs().

CVE-2022-50043

In the Linux kernel, the following vulnerability has been resolved: net: fix potential refcount leak in ndisc_router_discovery() The issue happens on specific paths in the function. After both theobject rt and neigh are grabbed successfully, when lifetime isnonzero but the metric needs change, the ...

CVE-2022-50056

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix missing i_op in ntfs_read_mft There is null pointer dereference because i_op == NULL.The bug happens because we don't initialize i_op for records in $Extend.

CVE-2022-50070

In the Linux kernel, the following vulnerability has been resolved: mptcp: do not queue data on closed subflows Dipanjan reported a syzbot splat at close time: WARNING: CPU: 1 PID: 10818 at net/ipv4/af_inet.c:153inet_sock_destruct+0x6d0/0x8e0 net/ipv4/af_inet.c:153Modules linked in: uio_ivshmem(OE)...

CVE-2022-50205

In the Linux kernel, the following vulnerability has been resolved: ext2: Add more validity checks for inode counts Add checks verifying number of inodes stored in the superblock matchesthe number computed from number of inodes per group. Also verify we haveat least one block worth of inodes per gr...

CVE-2025-38366

In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Check validity of "num_cpu" from user space The maximum supported cpu number is EIOINTC_ROUTE_MAX_VCPUS aboutirqchip EIOINTC, here add validation about cpu number to avoid arraypointer overflow.

CVE-2025-38367

In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Avoid overflow with array index The variable index is modified and reused as array index when modifyregister EIOINTC_ENABLE. There will be array index overflow problem.

CVE-2025-38370

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix failure to rebuild free space tree using multiple transactions If we are rebuilding a free space tree, while modifying the free spacetree we may need to allocate a new metadata block group.If we end up using multiple tra...

CVE-2025-38447

In the Linux kernel, the following vulnerability has been resolved: mm/rmap: fix potential out-of-bounds page table access during batched unmap As pointed out by David[1], the batched unmap logic intry_to_unmap_one() may read past the end of a PTE table when a largefolio's PTE mappings are not full...

CVE-2025-38017

In the Linux kernel, the following vulnerability has been resolved: fs/eventpoll: fix endless busy loop after timeout has expired After commit 0a65bc27bd64 ("eventpoll: Set epoll timeout if it's inthe future"), the following program would immediately enter a busyloop in the kernel: int main() { int...

CVE-2025-38357

In the Linux kernel, the following vulnerability has been resolved: fuse: fix runtime warning on truncate_folio_batch_exceptionals() The WARN_ON_ONCE is introduced on truncate_folio_batch_exceptionals() tocapture whether the filesystem has removed all DAX entries or not. And the fix has been applie...

CVE-2025-38397

In the Linux kernel, the following vulnerability has been resolved: nvme-multipath: fix suspicious RCU usage warning When I run the NVME over TCP test in virtme-ng, I get the following"suspicious RCU usage" warning in nvme_mpath_add_sysfs_link(): '''[ 5.024557][ T44] nvmet: Created nvm controller 1...

CVE-2025-38433

In the Linux kernel, the following vulnerability has been resolved: riscv: fix runtime constant support for nommu kernels the __runtime_fixup_32 function does not handle the case where val iszero correctly (as might occur when patching a nommu kernel and referringto a physical address below the 4Gi...

CVE-2025-38442

In the Linux kernel, the following vulnerability has been resolved: block: reject bs > ps block devices when THP is disabled If THP is disabled and when a block device with logical block size >page size is present, the following null ptr deref panic happens duringboot: [ [13.2 mK AOSAN: null-...

CVE-2025-38358

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix race between async reclaim worker and close_ctree() Syzbot reported an assertion failure due to an attempt to add a delayediput after we have set BTRFS_FS_STATE_NO_DELAYED_IPUT in the fs_infostate: WARNING: CPU: 0 PID: 6...

CVE-2025-38378

In the Linux kernel, the following vulnerability has been resolved: HID: appletb-kbd: fix slab use-after-free bug in appletb_kbd_probe In probe appletb_kbd_probe() a "struct appletb_kbd *kbd" is allocatedvia devm_kzalloc() to store touch bar keyboard related data.Later on if backlight_device_get_by...

CVE-2025-38394

In the Linux kernel, the following vulnerability has been resolved: HID: appletb-kbd: fix memory corruption of input_handler_list In appletb_kbd_probe an input handler is initialised and then registeredwith input core through input_register_handler(). When this happens inputcore will add the input ...

CVE-2025-38411

In the Linux kernel, the following vulnerability has been resolved: netfs: Fix double put of request If a netfs request finishes during the pause loop, it will have the refthat belongs to the IN_PROGRESS flag removed at that point - however, if itthen goes to the final wait loop, that will also put...

CVE-2025-38432

In the Linux kernel, the following vulnerability has been resolved: net: netpoll: Initialize UDP checksum field before checksumming commit f1fce08e63fe ("netpoll: Eliminate redundant assignment") removedthe initialization of the UDP checksum, which was wrong and brokenetpoll IPv6 transmission due t...

CVE-2025-38500

In the Linux kernel, the following vulnerability has been resolved: xfrm: interface: fix use-after-free after changing collect_md xfrm interface collect_md property on xfrm interfaces can only be set on device creation,thus xfrmi_changelink() should fail when called on such interfaces. The check to...