Debian Linux vulnerabilities

CVE-2025-38312 [MEDIUM] CWE-369 CVE-2025-38312: In the Linux kernel, the following vulnerability has been resolved: fbdev: core: fbcvt: avoid divis In the Linux kernel, the following vulnerability has been resolved: fbdev: core: fbcvt: avoid division by 0 in fb_cvt_hperiod() In fb_find_mode_cvt(), iff mode->refresh somehow happens to be 0x80000000, cvt.f_refresh will become 0 when multiplying it by 2 due to overflow. It's then passed to fb_cvt_hperiod(), where it's used as a divider -- divisi

CVE-2025-38259 [HIGH] CWE-416 CVE-2025-38259: In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: wcd9335: Fix miss In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: wcd9335: Fix missing free of regulator supplies Driver gets and enables all regulator supplies in probe path (wcd9335_parse_dt() and wcd9335_power_on_reset()), but does not cleanup in final error paths and in unbind (missing remove() callback). This leads to leaked mem

CVE-2025-38249 [HIGH] CWE-125 CVE-2025-38249: In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix out-of-bou In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix out-of-bounds read in snd_usb_get_audioformat_uac3() In snd_usb_get_audioformat_uac3(), the length value returned from snd_usb_ctl_msg() is used directly for memory allocation without validation. This length is controlled by the USB device. The allocated buffer

CVE-2025-38257 [HIGH] CVE-2025-38257: In the Linux kernel, the following vulnerability has been resolved: s390/pkey: Prevent overflow in In the Linux kernel, the following vulnerability has been resolved: s390/pkey: Prevent overflow in size calculation for memdup_user() Number of apqn target list entries contained in 'nr_apqns' variable is determined by userspace via an ioctl call so the result of the product in calculation of size passed to memdup_user() may overflow. In this case the actua

CVE-2025-38245 [HIGH] CVE-2025-38245: In the Linux kernel, the following vulnerability has been resolved: atm: Release atm_dev_mutex afte In the Linux kernel, the following vulnerability has been resolved: atm: Release atm_dev_mutex after removing procfs in atm_dev_deregister(). syzbot reported a warning below during atm_dev_register(). [0] Before creating a new device and procfs/sysfs for it, atm_dev_register() looks up a duplicated device by __atm_dev_lookup(). These operations are done un

CVE-2025-38239 [HIGH] CWE-129 CVE-2025-38239: In the Linux kernel, the following vulnerability has been resolved: scsi: megaraid_sas: Fix invalid In the Linux kernel, the following vulnerability has been resolved: scsi: megaraid_sas: Fix invalid node index On a system with DRAM interleave enabled, out-of-bound access is detected: megaraid_sas 0000:3f:00.0: requested/available msix 128/128 poll_queue 0 ------------[ cut here ]------------ UBSAN: array-index-out-of-bounds in ./arch/x86/include

CVE-2025-38263 [MEDIUM] CWE-476 CVE-2025-38263: In the Linux kernel, the following vulnerability has been resolved: bcache: fix NULL pointer in cac In the Linux kernel, the following vulnerability has been resolved: bcache: fix NULL pointer in cache_set_flush() 1. LINE#1794 - LINE#1887 is some codes about function of bch_cache_set_alloc(). 2. LINE#2078 - LINE#2142 is some codes about function of register_cache_set(). 3. register_cache_set() will call bch_cache_set_alloc() in LINE#2098. 1794

CVE-2025-38251 [MEDIUM] CWE-476 CVE-2025-38251: In the Linux kernel, the following vulnerability has been resolved: atm: clip: prevent NULL deref i In the Linux kernel, the following vulnerability has been resolved: atm: clip: prevent NULL deref in clip_push() Blamed commit missed that vcc_destroy_socket() calls clip_push() with a NULL skb. If clip_devs is NULL, clip_push() then crashes when reading skb->truesize.

CVE-2025-38260 [MEDIUM] CWE-476 CVE-2025-38260: In the Linux kernel, the following vulnerability has been resolved: btrfs: handle csum tree error w In the Linux kernel, the following vulnerability has been resolved: btrfs: handle csum tree error with rescue=ibadroots correctly [BUG] There is syzbot based reproducer that can crash the kernel, with the following call trace: (With some debug output added) DEBUG: rescue=ibadroots parsed BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 dev

CVE-2025-38262 [MEDIUM] CWE-476 CVE-2025-38262: In the Linux kernel, the following vulnerability has been resolved: tty: serial: uartlite: register In the Linux kernel, the following vulnerability has been resolved: tty: serial: uartlite: register uart driver in init When two instances of uart devices are probing, a concurrency race can occur. If one thread calls uart_register_driver function, which first allocates and assigns memory to 'uart_state' member of uart_driver structure, the other

CVE-2025-38236 [HIGH] CWE-416 CVE-2025-38236: In the Linux kernel, the following vulnerability has been resolved: af_unix: Don't leave consecutiv In the Linux kernel, the following vulnerability has been resolved: af_unix: Don't leave consecutive consumed OOB skbs. Jann Horn reported a use-after-free in unix_stream_read_generic(). The following sequences reproduce the issue: $ python3 from socket import * s1, s2 = socketpair(AF_UNIX, SOCK_STREAM) s1.send(b'x', MSG_OOB) s2.recv(1, MSG_OOB) #

CVE-2025-48384 [HIGH] CWE-59 CVE-2025-48384: Git is a fast, scalable, distributed revision control system with an unusually rich command set that Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When reading a config value, Git strips any trailing carriage return and line feed (CRLF). When writing a config entry, values with a trailing CR are not quoted, causing the CR to be lost

CVE-2025-38237 [MEDIUM] CVE-2025-38237: In the Linux kernel, the following vulnerability has been resolved: media: platform: exynos4-is: Ad In the Linux kernel, the following vulnerability has been resolved: media: platform: exynos4-is: Add hardware sync wait to fimc_is_hw_change_mode() In fimc_is_hw_change_mode(), the function changes camera modes without waiting for hardware completion, risking corrupted data or system hangs if subsequent operations proceed before the hardware is ready. Ad

CVE-2025-38204 [HIGH] CWE-125 CVE-2025-38204: In the Linux kernel, the following vulnerability has been resolved: jfs: fix array-index-out-of-bou In the Linux kernel, the following vulnerability has been resolved: jfs: fix array-index-out-of-bounds read in add_missing_indices stbl is s8 but it must contain offsets into slot which can go from 0 to 127. Added a bound check for that error and return -EIO if the check fails. Also make jfs_readdir return with error if add_missing_indices returns

CVE-2025-38227 [HIGH] CWE-416 CVE-2025-38227: In the Linux kernel, the following vulnerability has been resolved: media: vidtv: Terminating the s In the Linux kernel, the following vulnerability has been resolved: media: vidtv: Terminating the subsequent process of initialization failure syzbot reported a slab-use-after-free Read in vidtv_mux_init. [1] After PSI initialization fails, the si member is accessed again, resulting in this uaf. After si initialization fails, the subsequent proces

CVE-2025-38226 [HIGH] CWE-787 CVE-2025-38226: In the Linux kernel, the following vulnerability has been resolved: media: vivid: Change the siize In the Linux kernel, the following vulnerability has been resolved: media: vivid: Change the siize of the composing syzkaller found a bug: BUG: KASAN: vmalloc-out-of-bounds in tpg_fill_plane_pattern drivers/media/common/v4l2-tpg/v4l2-tpg-core.c:2608 [inline] BUG: KASAN: vmalloc-out-of-bounds in tpg_fill_plane_buffer+0x1a9c/0x5af0 drivers/media/commo

CVE-2025-38212 [HIGH] CWE-416 CVE-2025-38212: In the Linux kernel, the following vulnerability has been resolved: ipc: fix to protect IPCS lookup In the Linux kernel, the following vulnerability has been resolved: ipc: fix to protect IPCS lookups using RCU syzbot reported that it discovered a use-after-free vulnerability, [0] [0]: https://lore.kernel.org/all/[email protected]/ idr_for_each() is protected by rwsem, but this is not enough. If it is not protected by R

CVE-2025-38180 [HIGH] CWE-416 CVE-2025-38180: In the Linux kernel, the following vulnerability has been resolved: net: atm: fix /proc/net/atm/lec In the Linux kernel, the following vulnerability has been resolved: net: atm: fix /proc/net/atm/lec handling /proc/net/atm/lec must ensure safety against dev_lec[] changes. It appears it had dev_put() calls without prior dev_hold(), leading to imbalance and UAF.

CVE-2025-38211 [HIGH] CWE-416 CVE-2025-38211: In the Linux kernel, the following vulnerability has been resolved: RDMA/iwcm: Fix use-after-free o In the Linux kernel, the following vulnerability has been resolved: RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction The commit 59c68ac31e15 ("iw_cm: free cm_id resources on the last deref") simplified cm_id resource management by freeing cm_id once all references to the cm_id were removed. The references are removed either upon

CVE-2025-38183 [HIGH] CWE-787 CVE-2025-38183: In the Linux kernel, the following vulnerability has been resolved: net: lan743x: fix potential out In the Linux kernel, the following vulnerability has been resolved: net: lan743x: fix potential out-of-bounds write in lan743x_ptp_io_event_clock_get() Before calling lan743x_ptp_io_event_clock_get(), the 'channel' value is checked against the maximum value of PCI11X1X_PTP_IO_MAX_CHANNELS(8). This seems correct and aligns with the PTP interrupt stat