Debian Linux vulnerabilities

CVE-2025-38565 [HIGH] CVE-2025-38565: In the Linux kernel, the following vulnerability has been resolved: perf/core: Exit early on perf_m In the Linux kernel, the following vulnerability has been resolved: perf/core: Exit early on perf_mmap() fail When perf_mmap() fails to allocate a buffer, it still invokes the event_mapped() callback of the related event. On X86 this might increase the perf_rdpmc_allowed reference counter. But nothing undoes this as perf_mmap_close() is never called in this

CVE-2025-38579 [HIGH] CWE-908 CVE-2025-38579: In the Linux kernel, the following vulnerability has been resolved: f2fs: fix KMSAN uninit-value in In the Linux kernel, the following vulnerability has been resolved: f2fs: fix KMSAN uninit-value in extent_info usage KMSAN reported a use of uninitialized value in `__is_extent_mergeable()` and `__is_back_mergeable()` via the read extent tree path. The root cause is that `get_read_extent_info()` only initializes three fields (`fofs`, `blk`, `len`)

CVE-2025-38574 [HIGH] CWE-908 CVE-2025-38574: In the Linux kernel, the following vulnerability has been resolved: pptp: ensure minimal skb length In the Linux kernel, the following vulnerability has been resolved: pptp: ensure minimal skb length in pptp_xmit() Commit aabc6596ffb3 ("net: ppp: Add bound checking for skb data on ppp_sync_txmung") fixed ppp_sync_txmunge() We need a similar fix in pptp_xmit(), otherwise we might read uninit data as reported by syzbot. BUG: KMSAN: uninit-value in

CVE-2025-38572 [HIGH] CVE-2025-38572: In the Linux kernel, the following vulnerability has been resolved: ipv6: reject malicious packets In the Linux kernel, the following vulnerability has been resolved: ipv6: reject malicious packets in ipv6_gso_segment() syzbot was able to craft a packet with very long IPv6 extension headers leading to an overflow of skb->transport_header. This 16bit field has a limited range. Add skb_reset_transport_header_careful() helper and use it from ipv6_gso_segme

CVE-2025-38555 [HIGH] CWE-416 CVE-2025-38555: In the Linux kernel, the following vulnerability has been resolved: usb: gadget : fix use-after-fre In the Linux kernel, the following vulnerability has been resolved: usb: gadget : fix use-after-free in composite_dev_cleanup() 1. In func configfs_composite_bind() -> composite_os_desc_req_prepare(): if kmalloc fails, the pointer cdev->os_desc_req will be freed but not set to NULL. Then it will return a failure to the upper-level function. 2. in fu

CVE-2025-38577 [MEDIUM] CWE-416 CVE-2025-38577: In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid panic in f2f In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid panic in f2fs_evict_inode As syzbot [1] reported as below: R10: 0000000000000100 R11: 0000000000000206 R12: 00007ffe17473450 R13: 00007f28b1c10854 R14: 000000000000dae5 R15: 00007ffe17474520 ---[ end trace 0000000000000000 ]--- BUG: KASAN: use-after-free in __

CVE-2025-38581 [MEDIUM] CWE-476 CVE-2025-38581: In the Linux kernel, the following vulnerability has been resolved: crypto: ccp - Fix crash when re In the Linux kernel, the following vulnerability has been resolved: crypto: ccp - Fix crash when rebind ccp device for ccp.ko When CONFIG_CRYPTO_DEV_CCP_DEBUGFS is enabled, rebinding the ccp device causes the following crash: $ echo '0000:0a:00.2' > /sys/bus/pci/drivers/ccp/unbind $ echo '0000:0a:00.2' > /sys/bus/pci/drivers/ccp/bind [ 204.97693

CVE-2025-38576 [MEDIUM] CVE-2025-38576: In the Linux kernel, the following vulnerability has been resolved: powerpc/eeh: Make EEH driver de In the Linux kernel, the following vulnerability has been resolved: powerpc/eeh: Make EEH driver device hotplug safe Multiple race conditions existed between the PCIe hotplug driver and the EEH driver, leading to a variety of kernel oopses of the same general nature: A second class of oops is also seen when the underlying bus disappears during device re

CVE-2025-38601 [MEDIUM] CWE-909 CVE-2025-38601: In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: clear initialized In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: clear initialized flag for deinit-ed srng lists In a number of cases we see kernel panics on resume due to ath11k kernel page fault, which happens under the following circumstances: 1) First ath11k_hal_dump_srng_stats() call Last interrupt received for each group:

CVE-2025-38578 [MEDIUM] CWE-416 CVE-2025-38578: In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid UAF in f2fs_ In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid UAF in f2fs_sync_inode_meta() syzbot reported an UAF issue as below: [1] [2] [1] https://syzkaller.appspot.com/text?tag=CrashReport&x=16594c60580000 BUG: KASAN: use-after-free in __list_del_entry_valid+0xa6/0x130 lib/list_debug.c:62 Read of size 8 at addr ffff

CVE-2025-38604 [MEDIUM] CWE-476 CVE-2025-38604: In the Linux kernel, the following vulnerability has been resolved: wifi: rtl818x: Kill URBs before In the Linux kernel, the following vulnerability has been resolved: wifi: rtl818x: Kill URBs before clearing tx status queue In rtl8187_stop() move the call of usb_kill_anchored_urbs() before clearing b_tx_status.queue. This change prevents callbacks from using already freed skb due to anchor was not killed before freeing such skb. BUG: kernel NU

CVE-2025-38602 [MEDIUM] CWE-252 CVE-2025-38602: In the Linux kernel, the following vulnerability has been resolved: iwlwifi: Add missing check for In the Linux kernel, the following vulnerability has been resolved: iwlwifi: Add missing check for alloc_ordered_workqueue Add check for the return value of alloc_ordered_workqueue since it may return NULL pointer.

CVE-2025-38610 [MEDIUM] CWE-476 CVE-2025-38610: In the Linux kernel, the following vulnerability has been resolved: powercap: dtpm_cpu: Fix NULL po In the Linux kernel, the following vulnerability has been resolved: powercap: dtpm_cpu: Fix NULL pointer dereference in get_pd_power_uw() The get_pd_power_uw() function can crash with a NULL pointer dereference when em_cpu_get() returns NULL. This occurs when a CPU becomes impossible during runtime, causing get_cpu_device() to return NULL, which p

CVE-2025-38588 [MEDIUM] CWE-835 CVE-2025-38588: In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent infinite loop in In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent infinite loop in rt6_nlmsg_size() While testing prior patch, I was able to trigger an infinite loop in rt6_nlmsg_size() in the following place: list_for_each_entry_rcu(sibling, &f6i->fib6_siblings, fib6_siblings) { rt6_nh_nlmsg_size(sibling->fib6_nh, &nexthop_len); }

CVE-2025-38614 [MEDIUM] CWE-674 CVE-2025-38614: In the Linux kernel, the following vulnerability has been resolved: eventpoll: Fix semi-unbounded r In the Linux kernel, the following vulnerability has been resolved: eventpoll: Fix semi-unbounded recursion Ensure that epoll instances can never form a graph deeper than EP_MAX_NESTS+1 links. Currently, ep_loop_check_proc() ensures that the graph is loop-free and does some recursion depth checks, but those recursion depth checks don't limit the

CVE-2025-38583 [MEDIUM] CWE-476 CVE-2025-38583: In the Linux kernel, the following vulnerability has been resolved: clk: xilinx: vcu: unregister pl In the Linux kernel, the following vulnerability has been resolved: clk: xilinx: vcu: unregister pll_post only if registered correctly If registration of pll_post is failed, it will be set to NULL or ERR, unregistering same will fail with following call trace: Unable to handle kernel NULL pointer dereference at virtual address 008 pc : clk_hw_unr

CVE-2025-38561 [MEDIUM] CWE-362 CVE-2025-38561: In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix Preauh_HashValue rac In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix Preauh_HashValue race condition If client send multiple session setup requests to ksmbd, Preauh_HashValue race condition could happen. There is no need to free sess->Preauh_HashValue at session setup phase. It can be freed together with session at connection termination

CVE-2025-38562 [MEDIUM] CWE-476 CVE-2025-38562: In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix null pointer derefer In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix null pointer dereference error in generate_encryptionkey If client send two session setups with krb5 authenticate to ksmbd, null pointer dereference error in generate_encryptionkey could happen. sess->Preauth_HashValue is set to NULL if session is valid. So this patch s

CVE-2025-38612 [MEDIUM] CWE-401 CVE-2025-38612: In the Linux kernel, the following vulnerability has been resolved: staging: fbtft: fix potential m In the Linux kernel, the following vulnerability has been resolved: staging: fbtft: fix potential memory leak in fbtft_framebuffer_alloc() In the error paths after fb_info structure is successfully allocated, the memory allocated in fb_deferred_io_init() for info->pagerefs is not freed. Fix that by adding the cleanup function on the error path.

CVE-2025-38553 [MEDIUM] CWE-667 CVE-2025-38553: In the Linux kernel, the following vulnerability has been resolved: net/sched: Restrict conditions In the Linux kernel, the following vulnerability has been resolved: net/sched: Restrict conditions for adding duplicating netems to qdisc tree netem_enqueue's duplication prevention logic breaks when a netem resides in a qdisc tree with other netems - this can lead to a soft lockup and OOM loop in netem_dequeue, as seen in [1]. Ensure that a duplic