Debian Linux vulnerabilities

CVE-2025-38460 [MEDIUM] CWE-476 CVE-2025-38460: In the Linux kernel, the following vulnerability has been resolved: atm: clip: Fix potential null-p In the Linux kernel, the following vulnerability has been resolved: atm: clip: Fix potential null-ptr-deref in to_atmarpd(). atmarpd is protected by RTNL since commit f3a0592b37b8 ("[ATM]: clip causes unregister hang"). However, it is not enough because to_atmarpd() is called without RTNL, especially clip_neigh_solicit() / neigh_ops->solicit() is

CVE-2025-38410 [MEDIUM] CWE-401 CVE-2025-38410: In the Linux kernel, the following vulnerability has been resolved: drm/msm: Fix a fence leak in su In the Linux kernel, the following vulnerability has been resolved: drm/msm: Fix a fence leak in submit error path In error paths, we could unref the submit without calling drm_sched_entity_push_job(), so msm_job_free() will never get called. Since drm_sched_job_cleanup() will NULL out the s_fence, we can use that to detect this case. Patchwork:

CVE-2025-38384 [MEDIUM] CWE-401 CVE-2025-38384: In the Linux kernel, the following vulnerability has been resolved: mtd: spinand: fix memory leak o In the Linux kernel, the following vulnerability has been resolved: mtd: spinand: fix memory leak of ECC engine conf Memory allocated for the ECC engine conf is not released during spinand cleanup. Below kmemleak trace is seen for this memory leak: unreferenced object 0xffffff80064f00e0 (size 8): comm "swapper/0", pid 1, jiffies 4294937458 hex du

CVE-2025-38354 [MEDIUM] CVE-2025-38354: In the Linux kernel, the following vulnerability has been resolved: drm/msm/gpu: Fix crash when thr In the Linux kernel, the following vulnerability has been resolved: drm/msm/gpu: Fix crash when throttling GPU immediately during boot There is a small chance that the GPU is already hot during boot. In that case, the call to of_devfreq_cooling_register() will immediately try to apply devfreq cooling, as seen in the following crash: Unable to handle kern

CVE-2025-38404 [MEDIUM] CWE-667 CVE-2025-38404: In the Linux kernel, the following vulnerability has been resolved: usb: typec: displayport: Fix po In the Linux kernel, the following vulnerability has been resolved: usb: typec: displayport: Fix potential deadlock The deadlock can occur due to a recursive lock acquisition of `cros_typec_altmode_data::mutex`. The call chain is as follows: 1. cros_typec_altmode_work() acquires the mutex 2. typec_altmode_vdm() -> dp_altmode_vdm() -> 3. typec_altm

CVE-2025-38363 [MEDIUM] CWE-476 CVE-2025-38363: In the Linux kernel, the following vulnerability has been resolved: drm/tegra: Fix a possible null In the Linux kernel, the following vulnerability has been resolved: drm/tegra: Fix a possible null pointer dereference In tegra_crtc_reset(), new memory is allocated with kzalloc(), but no check is performed. Before calling __drm_atomic_helper_crtc_reset, state should be checked to prevent possible null pointer dereference.

CVE-2025-38406 [MEDIUM] CVE-2025-38406: In the Linux kernel, the following vulnerability has been resolved: wifi: ath6kl: remove WARN on ba In the Linux kernel, the following vulnerability has been resolved: wifi: ath6kl: remove WARN on bad firmware input If the firmware gives bad input, that's nothing to do with the driver's stack at this point etc., so the WARN_ON() doesn't add any value. Additionally, this is one of the top syzbot reports now. Just print a message, and as an added bonus, p

CVE-2025-38457 [MEDIUM] CVE-2025-38457: In the Linux kernel, the following vulnerability has been resolved: net/sched: Abort __tc_modify_qd In the Linux kernel, the following vulnerability has been resolved: net/sched: Abort __tc_modify_qdisc if parent class does not exist Lion's patch [1] revealed an ancient bug in the qdisc API. Whenever a user creates/modifies a qdisc specifying as a parent another qdisc, the qdisc API will, during grafting, detect that the user is not trying to attach to

CVE-2025-38382 [MEDIUM] CWE-908 CVE-2025-38382: In the Linux kernel, the following vulnerability has been resolved: btrfs: fix iteration of extrefs In the Linux kernel, the following vulnerability has been resolved: btrfs: fix iteration of extrefs during log replay At __inode_add_ref() when processing extrefs, if we jump into the next label we have an undefined value of victim_name.len, since we haven't initialized it before we did the goto. This results in an invalid memory access in the nex

CVE-2025-38458 [MEDIUM] CWE-476 CVE-2025-38458: In the Linux kernel, the following vulnerability has been resolved: atm: clip: Fix NULL pointer der In the Linux kernel, the following vulnerability has been resolved: atm: clip: Fix NULL pointer dereference in vcc_sendmsg() atmarpd_dev_ops does not implement the send method, which may cause crash as bellow. BUG: kernel NULL pointer dereference, address: 0000000000000000 PGD 0 P4D 0 Oops: Oops: 0010 [#1] SMP KASAN NOPTI CPU: 0 UID: 0 PID: 5324

CVE-2025-38424 [MEDIUM] CVE-2025-38424: In the Linux kernel, the following vulnerability has been resolved: perf: Fix sample vs do_exit() In the Linux kernel, the following vulnerability has been resolved: perf: Fix sample vs do_exit() Baisheng Gao reported an ARM64 crash, which Mark decoded as being a synchronous external abort -- most likely due to trying to access MMIO in bad ways. The crash further shows perf trying to do a user stack sample while in exit_mmap()'s tlb_finish_mmu() -- i.e

CVE-2025-38448 [MEDIUM] CWE-362 CVE-2025-38448: In the Linux kernel, the following vulnerability has been resolved: usb: gadget: u_serial: Fix race In the Linux kernel, the following vulnerability has been resolved: usb: gadget: u_serial: Fix race condition in TTY wakeup A race condition occurs when gs_start_io() calls either gs_start_rx() or gs_start_tx(), as those functions briefly drop the port_lock for usb_ep_queue(). This allows gs_close() and gserial_disconnect() to clear port.tty and p

CVE-2025-38430 [MEDIUM] CVE-2025-38430: In the Linux kernel, the following vulnerability has been resolved: nfsd: nfsd4_spo_must_allow() mu In the Linux kernel, the following vulnerability has been resolved: nfsd: nfsd4_spo_must_allow() must check this is a v4 compound request If the request being processed is not a v4 compound request, then examining the cstate can have undefined results. This patch adds a check that the rpc procedure being executed (rq_procinfo) is the NFSPROC4_COMPOUND pr

CVE-2025-38409 [MEDIUM] CWE-401 CVE-2025-38409: In the Linux kernel, the following vulnerability has been resolved: drm/msm: Fix another leak in th In the Linux kernel, the following vulnerability has been resolved: drm/msm: Fix another leak in the submit error path put_unused_fd() doesn't free the installed file, if we've already done fd_install(). So we need to also free the sync_file. Patchwork: https://patchwork.freedesktop.org/patch/653583/

CVE-2025-38461 [MEDIUM] CWE-367 CVE-2025-38461: In the Linux kernel, the following vulnerability has been resolved: vsock: Fix transport_* TOCTOU In the Linux kernel, the following vulnerability has been resolved: vsock: Fix transport_* TOCTOU Transport assignment may race with module unload. Protect new_transport from becoming a stale pointer. This also takes care of an insecure call in vsock_use_local_transport(); add a lockdep assert. BUG: unable to handle page fault for address: fffffbf

CVE-2025-38451 [MEDIUM] CVE-2025-38451: In the Linux kernel, the following vulnerability has been resolved: md/md-bitmap: fix GPF in bitmap In the Linux kernel, the following vulnerability has been resolved: md/md-bitmap: fix GPF in bitmap_get_stats() The commit message of commit 6ec1f0239485 ("md/md-bitmap: fix stats collection for external bitmaps") states: Remove the external bitmap check as the statistics should be available regardless of bitmap storage location. Return -EINVAL only for

CVE-2025-38364 [MEDIUM] CWE-476 CVE-2025-38364: In the Linux kernel, the following vulnerability has been resolved: maple_tree: fix MA_STATE_PREALL In the Linux kernel, the following vulnerability has been resolved: maple_tree: fix MA_STATE_PREALLOC flag in mas_preallocate() Temporarily clear the preallocation flag when explicitly requesting allocations. Pre-existing allocations are already counted against the request through mas_node_count_gfp(), but the allocations will not happen if the MA

CVE-2025-38399 [MEDIUM] CWE-476 CVE-2025-38399: In the Linux kernel, the following vulnerability has been resolved: scsi: target: Fix NULL pointer In the Linux kernel, the following vulnerability has been resolved: scsi: target: Fix NULL pointer dereference in core_scsi3_decode_spec_i_port() The function core_scsi3_decode_spec_i_port(), in its error code path, unconditionally calls core_scsi3_lunacl_undepend_item() passing the dest_se_deve pointer, which may be NULL. This can lead to a NULL

CVE-2025-38466 [MEDIUM] CVE-2025-38466: In the Linux kernel, the following vulnerability has been resolved: perf: Revert to requiring CAP_S In the Linux kernel, the following vulnerability has been resolved: perf: Revert to requiring CAP_SYS_ADMIN for uprobes Jann reports that uprobes can be used destructively when used in the middle of an instruction. The kernel only verifies there is a valid instruction at the requested offset, but due to variable instruction length cannot determine if this

CVE-2025-38365 [MEDIUM] CWE-362 CVE-2025-38365: In the Linux kernel, the following vulnerability has been resolved: btrfs: fix a race between renam In the Linux kernel, the following vulnerability has been resolved: btrfs: fix a race between renames and directory logging We have a race between a rename and directory inode logging that if it happens and we crash/power fail before the rename completes, the next time the filesystem is mounted, the log replay code will end up deleting the file th