Debian Linux vulnerabilities

CVE-2025-38670 [HIGH] CWE-668 CVE-2025-38670: In the Linux kernel, the following vulnerability has been resolved: arm64/entry: Mask DAIF in cpu_s In the Linux kernel, the following vulnerability has been resolved: arm64/entry: Mask DAIF in cpu_switch_to(), call_on_irq_stack() `cpu_switch_to()` and `call_on_irq_stack()` manipulate SP to change to different stacks along with the Shadow Call Stack if it is enabled. Those two stack changes cannot be done atomically and both functions can be inter

CVE-2025-38666 [HIGH] CWE-416 CVE-2025-38666: In the Linux kernel, the following vulnerability has been resolved: net: appletalk: Fix use-after-f In the Linux kernel, the following vulnerability has been resolved: net: appletalk: Fix use-after-free in AARP proxy probe The AARP proxy‐probe routine (aarp_proxy_probe_network) sends a probe, releases the aarp_lock, sleeps, then re-acquires the lock. During that window an expire timer thread (__aarp_expire_timer) can remove and kfree() the same en

CVE-2025-38653 [HIGH] CWE-416 CVE-2025-38653: In the Linux kernel, the following vulnerability has been resolved: proc: use the same treatment to In the Linux kernel, the following vulnerability has been resolved: proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al Check pde->proc_ops->proc_lseek directly may cause UAF in rmmod scenario. It's a gap in proc_reg_open() after commit 654b33ada4ab("proc: fix UAF in proc_get_inode()"). Followed by AI Viro's suggestion,

CVE-2025-38624 [MEDIUM] CVE-2025-38624: In the Linux kernel, the following vulnerability has been resolved: PCI: pnv_php: Clean up allocate In the Linux kernel, the following vulnerability has been resolved: PCI: pnv_php: Clean up allocated IRQs on unplug When the root of a nested PCIe bridge configuration is unplugged, the pnv_php driver leaked the allocated IRQ resources for the child bridges' hotplug event notifications, resulting in a panic. Fix this by walking all child buses and deallo

CVE-2025-38617 [MEDIUM] CWE-362 CVE-2025-38617: In the Linux kernel, the following vulnerability has been resolved: net/packet: fix a race in packe In the Linux kernel, the following vulnerability has been resolved: net/packet: fix a race in packet_set_ring() and packet_notifier() When packet_set_ring() releases po->bind_lock, another thread can run packet_notifier() and process an NETDEV_UP event. This race and the fix are both similar to that of commit 15fe076edea7 ("net/packet: fix a race

CVE-2025-38639 [MEDIUM] CVE-2025-38639: In the Linux kernel, the following vulnerability has been resolved: netfilter: xt_nfacct: don't ass In the Linux kernel, the following vulnerability has been resolved: netfilter: xt_nfacct: don't assume acct name is null-terminated BUG: KASAN: slab-out-of-bounds in .. lib/vsprintf.c:721 Read of size 1 at addr ffff88801eac95c8 by task syz-executor183/5851 [..] string+0x231/0x2b0 lib/vsprintf.c:721 vsnprintf+0x739/0xf00 lib/vsprintf.c:2874 [..] nfacct_mt_

CVE-2025-38664 [MEDIUM] CWE-476 CVE-2025-38664: In the Linux kernel, the following vulnerability has been resolved: ice: Fix a null pointer derefer In the Linux kernel, the following vulnerability has been resolved: ice: Fix a null pointer dereference in ice_copy_and_init_pkg() Add check for the return value of devm_kmemdup() to prevent potential null pointer dereference.

CVE-2025-38635 [MEDIUM] CWE-476 CVE-2025-38635: In the Linux kernel, the following vulnerability has been resolved: clk: davinci: Add NULL check in In the Linux kernel, the following vulnerability has been resolved: clk: davinci: Add NULL check in davinci_lpsc_clk_register() devm_kasprintf() returns NULL when memory allocation fails. Currently, davinci_lpsc_clk_register() does not check for this case, which results in a NULL pointer dereference. Add NULL check after devm_kasprintf() to preve

CVE-2025-38650 [MEDIUM] CWE-667 CVE-2025-38650: In the Linux kernel, the following vulnerability has been resolved: hfsplus: remove mutex_lock chec In the Linux kernel, the following vulnerability has been resolved: hfsplus: remove mutex_lock check in hfsplus_free_extents Syzbot reported an issue in hfsplus filesystem: ------------[ cut here ]------------ WARNING: CPU: 0 PID: 4400 at fs/hfsplus/extents.c:346 hfsplus_free_extents+0x700/0xad0 Call Trace: hfsplus_file_truncate+0x768/0xbb0 fs/h

CVE-2025-38634 [MEDIUM] CWE-476 CVE-2025-38634: In the Linux kernel, the following vulnerability has been resolved: power: supply: cpcap-charger: F In the Linux kernel, the following vulnerability has been resolved: power: supply: cpcap-charger: Fix null check for power_supply_get_by_name In the cpcap_usb_detect() function, the power_supply_get_by_name() function may return `NULL` instead of an error pointer. To prevent potential null pointer dereferences, Added a null check.

CVE-2025-38671 [MEDIUM] CVE-2025-38671: In the Linux kernel, the following vulnerability has been resolved: i2c: qup: jump out of the loop In the Linux kernel, the following vulnerability has been resolved: i2c: qup: jump out of the loop in case of timeout Original logic only sets the return value but doesn't jump out of the loop if the bus is kept active by a client. This is not expected. A malicious or buggy i2c client can hang the kernel in this case and should be avoided. This is observed

CVE-2025-38645 [MEDIUM] CWE-476 CVE-2025-38645: In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Check device memory p In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Check device memory pointer before usage Add a NULL check before accessing device memory to prevent a crash if dev->dm allocation in mlx5_init_once() fails.

CVE-2025-38622 [MEDIUM] CVE-2025-38622: In the Linux kernel, the following vulnerability has been resolved: net: drop UFO packets in udp_rc In the Linux kernel, the following vulnerability has been resolved: net: drop UFO packets in udp_rcv_segment() When sending a packet with virtio_net_hdr to tun device, if the gso_type in virtio_net_hdr is SKB_GSO_UDP and the gso_size is less than udphdr size, below crash may happen. ------------[ cut here ]------------ kernel BUG at net/core/skbuff.c:457

CVE-2025-38663 [MEDIUM] CVE-2025-38663: In the Linux kernel, the following vulnerability has been resolved: nilfs2: reject invalid file typ In the Linux kernel, the following vulnerability has been resolved: nilfs2: reject invalid file types when reading inodes To prevent inodes with invalid file types from tripping through the vfs and causing malfunctions or assertion failures, add a missing sanity check when reading an inode from a block device. If the file type is not valid, treat it as a

CVE-2025-38665 [MEDIUM] CWE-476 CVE-2025-38665: In the Linux kernel, the following vulnerability has been resolved: can: netlink: can_changelink(): In the Linux kernel, the following vulnerability has been resolved: can: netlink: can_changelink(): fix NULL pointer deref of struct can_priv::do_set_mode Andrei Lalaev reported a NULL pointer deref when a CAN device is restarted from Bus Off and the driver does not implement the struct can_priv::do_set_mode callback. There are 2 code path that c

CVE-2025-38644 [MEDIUM] CWE-908 CVE-2025-38644: In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: reject TDLS ope In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: reject TDLS operations when station is not associated syzbot triggered a WARN in ieee80211_tdls_oper() by sending NL80211_TDLS_ENABLE_LINK immediately after NL80211_CMD_CONNECT, before association completed and without prior TDLS setup. This left internal state li

CVE-2025-38623 [MEDIUM] CVE-2025-38623: In the Linux kernel, the following vulnerability has been resolved: PCI: pnv_php: Fix surprise plug In the Linux kernel, the following vulnerability has been resolved: PCI: pnv_php: Fix surprise plug detection and recovery The existing PowerNV hotplug code did not handle surprise plug events correctly, leading to a complete failure of the hotplug system after device removal and a required reboot to detect new devices. This comes down to two issues: 1)

CVE-2025-38630 [MEDIUM] CWE-476 CVE-2025-38630: In the Linux kernel, the following vulnerability has been resolved: fbdev: imxfb: Check fb_add_vide In the Linux kernel, the following vulnerability has been resolved: fbdev: imxfb: Check fb_add_videomode to prevent null-ptr-deref fb_add_videomode() can fail with -ENOMEM when its internal kmalloc() cannot allocate a struct fb_modelist. If that happens, the modelist stays empty but the driver continues to register. Add a check for its return valu

CVE-2025-38668 [MEDIUM] CWE-476 CVE-2025-38668: In the Linux kernel, the following vulnerability has been resolved: regulator: core: fix NULL deref In the Linux kernel, the following vulnerability has been resolved: regulator: core: fix NULL dereference on unbind due to stale coupling data Failing to reset coupling_desc.n_coupled after freeing coupled_rdevs can lead to NULL pointer dereference when regulators are accessed post-unbind. This can happen during runtime PM or other regulator oper

CVE-2025-38563 [HIGH] CVE-2025-38563: In the Linux kernel, the following vulnerability has been resolved: perf/core: Prevent VMA split of In the Linux kernel, the following vulnerability has been resolved: perf/core: Prevent VMA split of buffer mappings The perf mmap code is careful about mmap()'ing the user page with the ringbuffer and additionally the auxiliary buffer, when the event supports it. Once the first mapping is established, subsequent mapping have to use the same offset and the s