Debian Linux vulnerabilities

CVE-2025-38467 [MEDIUM] CWE-476 CVE-2025-38467: In the Linux kernel, the following vulnerability has been resolved: drm/exynos: exynos7_drm_decon: In the Linux kernel, the following vulnerability has been resolved: drm/exynos: exynos7_drm_decon: add vblank check in IRQ handling If there's support for another console device (such as a TTY serial), the kernel occasionally panics during boot. The panic message and a relevant snippet of the call stack is as follows: Unable to handle kernel NULL

CVE-2025-38393 [MEDIUM] CWE-362 CVE-2025-38393: In the Linux kernel, the following vulnerability has been resolved: NFSv4/pNFS: Fix a race to wake In the Linux kernel, the following vulnerability has been resolved: NFSv4/pNFS: Fix a race to wake on NFS_LAYOUT_DRAIN We found a few different systems hung up in writeback waiting on the same page lock, and one task waiting on the NFS_LAYOUT_DRAIN bit in pnfs_update_layout(), however the pnfs_layout_hdr's plh_outstanding count was zero. It seems

CVE-2025-38420 [MEDIUM] CWE-476 CVE-2025-38420: In the Linux kernel, the following vulnerability has been resolved: wifi: carl9170: do not ping dev In the Linux kernel, the following vulnerability has been resolved: wifi: carl9170: do not ping device which has failed to load firmware Syzkaller reports [1, 2] crashes caused by an attempts to ping the device which has failed to load firmware. Since such a device doesn't pass 'ieee80211_register_hw()', an internal workqueue managed by 'ieee80211

CVE-2025-38412 [MEDIUM] CVE-2025-38412: In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell-wmi-sysman: In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell-wmi-sysman: Fix WMI data block retrieval in sysfs callbacks After retrieving WMI data blocks in sysfs callbacks, check for the validity of them before dereferencing their content.

CVE-2025-38352 [HIGH] CWE-367 CVE-2025-38352: In the Linux kernel, the following vulnerability has been resolved: posix-cpu-timers: fix race betw In the Linux kernel, the following vulnerability has been resolved: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() If an exiting non-autoreaping task has already passed exit_notify() and calls handle_posix_cpu_timers() from IRQ, it can be reaped by its parent or debugger right after unlock_task_sighand(). If

CVE-2025-38350 [HIGH] CWE-416 CVE-2025-38350: In the Linux kernel, the following vulnerability has been resolved: net/sched: Always pass notifica In the Linux kernel, the following vulnerability has been resolved: net/sched: Always pass notifications when child class becomes empty Certain classful qdiscs may invoke their classes' dequeue handler on an enqueue operation. This may unexpectedly empty the child qdisc and thus make an in-flight class passive via qlen_notify(). Most qdiscs do not e

CVE-2025-6558 [HIGH] CWE-20 CVE-2025-6558: Insufficient validation of untrusted input in ANGLE and GPU in Google Chrome prior to 138.0.7204.157 Insufficient validation of untrusted input in ANGLE and GPU in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

CVE-2025-38286 [HIGH] CWE-125 CVE-2025-38286: In the Linux kernel, the following vulnerability has been resolved: pinctrl: at91: Fix possible out In the Linux kernel, the following vulnerability has been resolved: pinctrl: at91: Fix possible out-of-boundary access at91_gpio_probe() doesn't check that given OF alias is not available or something went wrong when trying to get it. This might have consequences when accessing gpio_chips array with that value as an index. Note, that BUG() can be co

CVE-2025-38342 [HIGH] CWE-125 CVE-2025-38342: In the Linux kernel, the following vulnerability has been resolved: software node: Correct a OOB ch In the Linux kernel, the following vulnerability has been resolved: software node: Correct a OOB check in software_node_get_reference_args() software_node_get_reference_args() wants to get @index-th element, so the property value requires at least '(index + 1) * sizeof(*ref)' bytes but that can not be guaranteed by current OOB check, and may cause O

CVE-2025-38280 [HIGH] CVE-2025-38280: In the Linux kernel, the following vulnerability has been resolved: bpf: Avoid __bpf_prog_ret0_warn In the Linux kernel, the following vulnerability has been resolved: bpf: Avoid __bpf_prog_ret0_warn when jit fails syzkaller reported an issue: WARNING: CPU: 3 PID: 217 at kernel/bpf/core.c:2357 __bpf_prog_ret0_warn+0xa/0x20 kernel/bpf/core.c:2357 Modules linked in: CPU: 3 UID: 0 PID: 217 Comm: kworker/u32:6 Not tainted 6.15.0-rc4-syzkaller-00040-g8bac8898

CVE-2025-38323 [HIGH] CWE-416 CVE-2025-38323: In the Linux kernel, the following vulnerability has been resolved: net: atm: add lec_mutex syzbot In the Linux kernel, the following vulnerability has been resolved: net: atm: add lec_mutex syzbot found its way in net/atm/lec.c, and found an error path in lecd_attach() could leave a dangling pointer in dev_lec[]. Add a mutex to protect dev_lecp[] uses from lecd_attach(), lec_vcc_attach() and lec_mcast_attach(). Following patch will use this mu

CVE-2025-38298 [HIGH] CWE-787 CVE-2025-38298: In the Linux kernel, the following vulnerability has been resolved: EDAC/skx_common: Fix general pr In the Linux kernel, the following vulnerability has been resolved: EDAC/skx_common: Fix general protection fault After loading i10nm_edac (which automatically loads skx_edac_common), if unload only i10nm_edac, then reload it and perform error injection testing, a general protection fault may occur: mce: [Hardware Error]: Machine check events logge

CVE-2025-38348 [HIGH] CWE-787 CVE-2025-38348: In the Linux kernel, the following vulnerability has been resolved: wifi: p54: prevent buffer-overf In the Linux kernel, the following vulnerability has been resolved: wifi: p54: prevent buffer-overflow in p54_rx_eeprom_readback() Robert Morris reported: |If a malicious USB device pretends to be an Intersil p54 wifi |interface and generates an eeprom_readback message with a large |eeprom->v1.len, p54_rx_eeprom_readback() will copy data from the |

CVE-2025-38346 [HIGH] CWE-416 CVE-2025-38346: In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix UAF when lookup kal In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix UAF when lookup kallsym after ftrace disabled The following issue happens with a buggy module: BUG: unable to handle page fault for address: ffffffffc05d0218 PGD 1bd66f067 P4D 1bd66f067 PUD 1bd671067 PMD 101808067 PTE 0 Oops: Oops: 0000 [#1] SMP KASAN PTI Tainted: [O]=O

CVE-2025-38320 [HIGH] CWE-125 CVE-2025-38320: In the Linux kernel, the following vulnerability has been resolved: arm64/ptrace: Fix stack-out-of- In the Linux kernel, the following vulnerability has been resolved: arm64/ptrace: Fix stack-out-of-bounds read in regs_get_kernel_stack_nth() KASAN reports a stack-out-of-bounds read in regs_get_kernel_stack_nth(). Call Trace: [ 97.283505] BUG: KASAN: stack-out-of-bounds in regs_get_kernel_stack_nth+0xa8/0xc8 [ 97.284677] Read of size 8 at addr fff

CVE-2025-38313 [HIGH] CWE-415 CVE-2025-38313: In the Linux kernel, the following vulnerability has been resolved: bus: fsl-mc: fix double-free on In the Linux kernel, the following vulnerability has been resolved: bus: fsl-mc: fix double-free on mc_dev The blamed commit tried to simplify how the deallocations are done but, in the process, introduced a double-free on the mc_dev variable. In case the MC device is a DPRC, a new mc_bus is allocated and the mc_dev variable is just a reference to

CVE-2025-38336 [MEDIUM] CVE-2025-38336: In the Linux kernel, the following vulnerability has been resolved: ata: pata_via: Force PIO for AT In the Linux kernel, the following vulnerability has been resolved: ata: pata_via: Force PIO for ATAPI devices on VT6415/VT6330 The controller has a hardware bug that can hard hang the system when doing ATAPI DMAs without any trace of what happened. Depending on the device attached, it can also prevent the system from booting. In this case, the system ha

CVE-2025-38328 [MEDIUM] CWE-476 CVE-2025-38328: In the Linux kernel, the following vulnerability has been resolved: jffs2: check jffs2_prealloc_raw In the Linux kernel, the following vulnerability has been resolved: jffs2: check jffs2_prealloc_raw_node_refs() result in few other places Fuzzing hit another invalid pointer dereference due to the lack of checking whether jffs2_prealloc_raw_node_refs() completed successfully. Subsequent logic implies that the node refs have been allocated. Handl

CVE-2025-38273 [MEDIUM] CVE-2025-38273: In the Linux kernel, the following vulnerability has been resolved: net: tipc: fix refcount warning In the Linux kernel, the following vulnerability has been resolved: net: tipc: fix refcount warning in tipc_aead_encrypt syzbot reported a refcount warning [1] caused by calling get_net() on a network namespace that is being destroyed (refcount=0). This happens when a TIPC discovery timer fires during network namespace cleanup. The recently added get_net

CVE-2025-38319 [MEDIUM] CWE-476 CVE-2025-38319: In the Linux kernel, the following vulnerability has been resolved: drm/amd/pp: Fix potential NULL In the Linux kernel, the following vulnerability has been resolved: drm/amd/pp: Fix potential NULL pointer dereference in atomctrl_initialize_mc_reg_table The function atomctrl_initialize_mc_reg_table() and atomctrl_initialize_mc_reg_table_v2_2() does not check the return value of smu_atom_get_data_table(). If smu_atom_get_data_table() fails to ret