Debian Linux vulnerabilities

CVE-2025-38170 [MEDIUM] CVE-2025-38170: In the Linux kernel, the following vulnerability has been resolved: arm64/fpsimd: Discard stale CPU In the Linux kernel, the following vulnerability has been resolved: arm64/fpsimd: Discard stale CPU state when handling SME traps The logic for handling SME traps manipulates saved FPSIMD/SVE/SME state incorrectly, and a race with preemption can result in a task having TIF_SME set and TIF_FOREIGN_FPSTATE clear even though the live CPU state is stale (e.g.

CVE-2025-38143 [MEDIUM] CWE-476 CVE-2025-38143: In the Linux kernel, the following vulnerability has been resolved: backlight: pm8941: Add NULL che In the Linux kernel, the following vulnerability has been resolved: backlight: pm8941: Add NULL check in wled_configure() devm_kasprintf() returns NULL when memory allocation fails. Currently, wled_configure() does not check for this case, which results in a NULL pointer dereference. Add NULL check after devm_kasprintf() to prevent this issue.

CVE-2025-38136 [MEDIUM] CWE-908 CVE-2025-38136: In the Linux kernel, the following vulnerability has been resolved: usb: renesas_usbhs: Reorder clo In the Linux kernel, the following vulnerability has been resolved: usb: renesas_usbhs: Reorder clock handling and power management in probe Reorder the initialization sequence in `usbhs_probe()` to enable runtime PM before accessing registers, preventing potential crashes due to uninitialized clocks. Currently, in the probe path, registers are a

CVE-2025-38115 [MEDIUM] CWE-401 CVE-2025-38115: In the Linux kernel, the following vulnerability has been resolved: net_sched: sch_sfq: fix a poten In the Linux kernel, the following vulnerability has been resolved: net_sched: sch_sfq: fix a potential crash on gso_skb handling SFQ has an assumption of always being able to queue at least one packet. However, after the blamed commit, sch->q.len can be inflated by packets in sch->gso_skb, and an enqueue() on an empty SFQ qdisc can be followed b

CVE-2025-38138 [MEDIUM] CWE-476 CVE-2025-38138: In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: Add NULL check i In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: Add NULL check in udma_probe() devm_kasprintf() returns NULL when memory allocation fails. Currently, udma_probe() does not check for this case, which results in a NULL pointer dereference. Add NULL check after devm_kasprintf() to prevent this issue.

CVE-2025-38161 [MEDIUM] CWE-191 CVE-2025-38161: In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix error flow upon In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix error flow upon firmware failure for RQ destruction Upon RQ destruction if the firmware command fails which is the last resource to be destroyed some SW resources were already cleaned regardless of the failure. Now properly rollback the object to its original state

CVE-2025-38097 [MEDIUM] CVE-2025-38097: In the Linux kernel, the following vulnerability has been resolved: espintcp: remove encap socket c In the Linux kernel, the following vulnerability has been resolved: espintcp: remove encap socket caching to avoid reference leak The current scheme for caching the encap socket can lead to reference leaks when we try to delete the netns. The reference chain is: xfrm_state -> enacp_sk -> netns Since the encap socket is a userspace socket, it holds a ref

CVE-2025-38124 [MEDIUM] CWE-401 CVE-2025-38124: In the Linux kernel, the following vulnerability has been resolved: net: fix udp gso skb_segment af In the Linux kernel, the following vulnerability has been resolved: net: fix udp gso skb_segment after pull from frag_list Commit a1e40ac5b5e9 ("net: gso: fix udp gso fraglist segmentation after pull from frag_list") detected invalid geometry in frag_list skbs and redirects them from skb_segment_list to more robust skb_segment. But some packets wi

CVE-2025-38158 [MEDIUM] CVE-2025-38158: In the Linux kernel, the following vulnerability has been resolved: hisi_acc_vfio_pci: fix XQE dma In the Linux kernel, the following vulnerability has been resolved: hisi_acc_vfio_pci: fix XQE dma address error The dma addresses of EQE and AEQE are wrong after migration and results in guest kernel-mode encryption services failure. Comparing the definition of hardware registers, we found that there was an error when the data read from the register was c

CVE-2025-38163 [MEDIUM] CWE-476 CVE-2025-38163: In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on sbi->total_valid_block_count syzbot reported a f2fs bug as below: ------------[ cut here ]------------ kernel BUG at fs/f2fs/f2fs.h:2521! RIP: 0010:dec_valid_block_count+0x3b2/0x3c0 fs/f2fs/f2fs.h:2521 Call Trace: f2fs_truncate_data_blocks_range+0x

CVE-2025-38113 [MEDIUM] CWE-476 CVE-2025-38113: In the Linux kernel, the following vulnerability has been resolved: ACPI: CPPC: Fix NULL pointer de In the Linux kernel, the following vulnerability has been resolved: ACPI: CPPC: Fix NULL pointer dereference when nosmp is used With nosmp in cmdline, other CPUs are not brought up, leaving their cpc_desc_ptr NULL. CPU0's iteration via for_each_possible_cpu() dereferences these NULL pointers, causing panic. Panic backtrace: [ 0.401123] Unable to

CVE-2025-38126 [MEDIUM] CWE-369 CVE-2025-38126: In the Linux kernel, the following vulnerability has been resolved: net: stmmac: make sure that ptp In the Linux kernel, the following vulnerability has been resolved: net: stmmac: make sure that ptp_rate is not 0 before configuring timestamping The stmmac platform drivers that do not open-code the clk_ptp_rate value after having retrieved the default one from the device-tree can end up with 0 in clk_ptp_rate (as clk_get_rate can return 0). It w

CVE-2025-38122 [MEDIUM] CWE-476 CVE-2025-38122: In the Linux kernel, the following vulnerability has been resolved: gve: add missing NULL check for In the Linux kernel, the following vulnerability has been resolved: gve: add missing NULL check for gve_alloc_pending_packet() in TX DQO gve_alloc_pending_packet() can return NULL, but gve_tx_add_skb_dqo() did not check for this case before dereferencing the returned pointer. Add a missing NULL check to prevent a potential NULL pointer dereferenc

CVE-2025-38145 [MEDIUM] CWE-476 CVE-2025-38145: In the Linux kernel, the following vulnerability has been resolved: soc: aspeed: Add NULL check in In the Linux kernel, the following vulnerability has been resolved: soc: aspeed: Add NULL check in aspeed_lpc_enable_snoop() devm_kasprintf() returns NULL when memory allocation fails. Currently, aspeed_lpc_enable_snoop() does not check for this case, which results in a NULL pointer dereference. Add NULL check after devm_kasprintf() to prevent thi

CVE-2025-38147 [MEDIUM] CWE-476 CVE-2025-38147: In the Linux kernel, the following vulnerability has been resolved: calipso: Don't call calipso fun In the Linux kernel, the following vulnerability has been resolved: calipso: Don't call calipso functions for AF_INET sk. syzkaller reported a null-ptr-deref in txopt_get(). [0] The offset 0x70 was of struct ipv6_txoptions in struct ipv6_pinfo, so struct ipv6_pinfo was NULL there. However, this never happens for IPv6 sockets as inet_sk(sk)->pine

CVE-2025-38094 [MEDIUM] CWE-667 CVE-2025-38094: In the Linux kernel, the following vulnerability has been resolved: net: cadence: macb: Fix a possi In the Linux kernel, the following vulnerability has been resolved: net: cadence: macb: Fix a possible deadlock in macb_halt_tx. There is a situation where after THALT is set high, TGO stays high as well. Because jiffies are never updated, as we are in a context with interrupts disabled, we never exit that loop and have a deadlock. That deadlock

CVE-2025-38095 [MEDIUM] CWE-476 CVE-2025-38095: In the Linux kernel, the following vulnerability has been resolved: dma-buf: insert memory barrier In the Linux kernel, the following vulnerability has been resolved: dma-buf: insert memory barrier before updating num_fences smp_store_mb() inserts memory barrier after storing operation. It is different with what the comment is originally aiming so Null pointer dereference can be happened if memory update is reordered.

CVE-2025-38165 [MEDIUM] CWE-401 CVE-2025-38165: In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix panic when ca In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix panic when calling skb_linearize The panic can be reproduced by executing the command: ./bench sockmap -c 2 -p 1 -a --rx-verdict-ingress --rx-strp 100000 Then a kernel panic was captured: ''' [ 657.460555] kernel BUG at net/core/skbuff.c:2178! [ 657.462680] Tain

CVE-2025-38173 [MEDIUM] CVE-2025-38173: In the Linux kernel, the following vulnerability has been resolved: crypto: marvell/cesa - Handle z In the Linux kernel, the following vulnerability has been resolved: crypto: marvell/cesa - Handle zero-length skcipher requests Do not access random memory for zero-length skcipher requests. Just return 0.

CVE-2025-38112 [MEDIUM] CWE-367 CVE-2025-38112: In the Linux kernel, the following vulnerability has been resolved: net: Fix TOCTOU issue in sk_is_ In the Linux kernel, the following vulnerability has been resolved: net: Fix TOCTOU issue in sk_is_readable() sk->sk_prot->sock_is_readable is a valid function pointer when sk resides in a sockmap. After the last sk_psock_put() (which usually happens when socket is removed from sockmap), sk->sk_prot gets restored and sk->sk_prot->sock_is_readable