Debian Linux vulnerabilities

CVE-2025-38102 [HIGH] CWE-362 CVE-2025-38102: In the Linux kernel, the following vulnerability has been resolved: VMCI: fix race between vmci_hos In the Linux kernel, the following vulnerability has been resolved: VMCI: fix race between vmci_host_setup_notify and vmci_ctx_unset_notify During our test, it is found that a warning can be trigger in try_grab_folio as follow: ------------[ cut here ]------------ WARNING: CPU: 0 PID: 1678 at mm/gup.c:147 try_grab_folio+0x106/0x130 Modules linked i

CVE-2025-38135 [MEDIUM] CWE-476 CVE-2025-38135: In the Linux kernel, the following vulnerability has been resolved: serial: Fix potential null-ptr- In the Linux kernel, the following vulnerability has been resolved: serial: Fix potential null-ptr-deref in mlb_usio_probe() devm_ioremap() can return NULL on error. Currently, mlb_usio_probe() does not check for this case, which could result in a NULL pointer dereference. Add NULL check after devm_ioremap() to prevent this issue.

CVE-2025-38167 [MEDIUM] CWE-476 CVE-2025-38167: In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: handle hdr_first_de() In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: handle hdr_first_de() return value The hdr_first_de() function returns a pointer to a struct NTFS_DE. This pointer may be NULL. To handle the NULL error effectively, it is important to implement an error handler. This will help manage potential errors consistently. Addi

CVE-2025-38151 [MEDIUM] CVE-2025-38151: In the Linux kernel, the following vulnerability has been resolved: RDMA/cma: Fix hang when cma_net In the Linux kernel, the following vulnerability has been resolved: RDMA/cma: Fix hang when cma_netevent_callback fails to queue_work The cited commit fixed a crash when cma_netevent_callback was called for a cma_id while work on that id from a previous call had not yet started. The work item was re-initialized in the second call, which corrupted the work

CVE-2025-38166 [MEDIUM] CVE-2025-38166: In the Linux kernel, the following vulnerability has been resolved: bpf: fix ktls panic with sockma In the Linux kernel, the following vulnerability has been resolved: bpf: fix ktls panic with sockmap [ 2172.936997] ------------[ cut here ]------------ [ 2172.936999] kernel BUG at lib/iov_iter.c:629! ...... [ 2172.944996] PKRU: 55555554 [ 2172.945155] Call Trace: [ 2172.945299] [ 2172.945428] ? die+0x36/0x90 [ 2172.945601] ? do_trap+0xdd/0x100 [ 2172.94

CVE-2025-38170 [MEDIUM] CVE-2025-38170: In the Linux kernel, the following vulnerability has been resolved: arm64/fpsimd: Discard stale CPU In the Linux kernel, the following vulnerability has been resolved: arm64/fpsimd: Discard stale CPU state when handling SME traps The logic for handling SME traps manipulates saved FPSIMD/SVE/SME state incorrectly, and a race with preemption can result in a task having TIF_SME set and TIF_FOREIGN_FPSTATE clear even though the live CPU state is stale (e.g.

CVE-2025-38143 [MEDIUM] CWE-476 CVE-2025-38143: In the Linux kernel, the following vulnerability has been resolved: backlight: pm8941: Add NULL che In the Linux kernel, the following vulnerability has been resolved: backlight: pm8941: Add NULL check in wled_configure() devm_kasprintf() returns NULL when memory allocation fails. Currently, wled_configure() does not check for this case, which results in a NULL pointer dereference. Add NULL check after devm_kasprintf() to prevent this issue.

CVE-2025-38136 [MEDIUM] CWE-908 CVE-2025-38136: In the Linux kernel, the following vulnerability has been resolved: usb: renesas_usbhs: Reorder clo In the Linux kernel, the following vulnerability has been resolved: usb: renesas_usbhs: Reorder clock handling and power management in probe Reorder the initialization sequence in `usbhs_probe()` to enable runtime PM before accessing registers, preventing potential crashes due to uninitialized clocks. Currently, in the probe path, registers are a

CVE-2025-38115 [MEDIUM] CWE-401 CVE-2025-38115: In the Linux kernel, the following vulnerability has been resolved: net_sched: sch_sfq: fix a poten In the Linux kernel, the following vulnerability has been resolved: net_sched: sch_sfq: fix a potential crash on gso_skb handling SFQ has an assumption of always being able to queue at least one packet. However, after the blamed commit, sch->q.len can be inflated by packets in sch->gso_skb, and an enqueue() on an empty SFQ qdisc can be followed b

CVE-2025-38138 [MEDIUM] CWE-476 CVE-2025-38138: In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: Add NULL check i In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: Add NULL check in udma_probe() devm_kasprintf() returns NULL when memory allocation fails. Currently, udma_probe() does not check for this case, which results in a NULL pointer dereference. Add NULL check after devm_kasprintf() to prevent this issue.

CVE-2025-38161 [MEDIUM] CWE-191 CVE-2025-38161: In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix error flow upon In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix error flow upon firmware failure for RQ destruction Upon RQ destruction if the firmware command fails which is the last resource to be destroyed some SW resources were already cleaned regardless of the failure. Now properly rollback the object to its original state

CVE-2025-38097 [MEDIUM] CVE-2025-38097: In the Linux kernel, the following vulnerability has been resolved: espintcp: remove encap socket c In the Linux kernel, the following vulnerability has been resolved: espintcp: remove encap socket caching to avoid reference leak The current scheme for caching the encap socket can lead to reference leaks when we try to delete the netns. The reference chain is: xfrm_state -> enacp_sk -> netns Since the encap socket is a userspace socket, it holds a ref

CVE-2025-38124 [MEDIUM] CWE-401 CVE-2025-38124: In the Linux kernel, the following vulnerability has been resolved: net: fix udp gso skb_segment af In the Linux kernel, the following vulnerability has been resolved: net: fix udp gso skb_segment after pull from frag_list Commit a1e40ac5b5e9 ("net: gso: fix udp gso fraglist segmentation after pull from frag_list") detected invalid geometry in frag_list skbs and redirects them from skb_segment_list to more robust skb_segment. But some packets wi

CVE-2025-38158 [MEDIUM] CVE-2025-38158: In the Linux kernel, the following vulnerability has been resolved: hisi_acc_vfio_pci: fix XQE dma In the Linux kernel, the following vulnerability has been resolved: hisi_acc_vfio_pci: fix XQE dma address error The dma addresses of EQE and AEQE are wrong after migration and results in guest kernel-mode encryption services failure. Comparing the definition of hardware registers, we found that there was an error when the data read from the register was c

CVE-2025-38163 [MEDIUM] CWE-476 CVE-2025-38163: In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on sbi->total_valid_block_count syzbot reported a f2fs bug as below: ------------[ cut here ]------------ kernel BUG at fs/f2fs/f2fs.h:2521! RIP: 0010:dec_valid_block_count+0x3b2/0x3c0 fs/f2fs/f2fs.h:2521 Call Trace: f2fs_truncate_data_blocks_range+0x

CVE-2025-38113 [MEDIUM] CWE-476 CVE-2025-38113: In the Linux kernel, the following vulnerability has been resolved: ACPI: CPPC: Fix NULL pointer de In the Linux kernel, the following vulnerability has been resolved: ACPI: CPPC: Fix NULL pointer dereference when nosmp is used With nosmp in cmdline, other CPUs are not brought up, leaving their cpc_desc_ptr NULL. CPU0's iteration via for_each_possible_cpu() dereferences these NULL pointers, causing panic. Panic backtrace: [ 0.401123] Unable to

CVE-2025-38126 [MEDIUM] CWE-369 CVE-2025-38126: In the Linux kernel, the following vulnerability has been resolved: net: stmmac: make sure that ptp In the Linux kernel, the following vulnerability has been resolved: net: stmmac: make sure that ptp_rate is not 0 before configuring timestamping The stmmac platform drivers that do not open-code the clk_ptp_rate value after having retrieved the default one from the device-tree can end up with 0 in clk_ptp_rate (as clk_get_rate can return 0). It w

CVE-2025-38122 [MEDIUM] CWE-476 CVE-2025-38122: In the Linux kernel, the following vulnerability has been resolved: gve: add missing NULL check for In the Linux kernel, the following vulnerability has been resolved: gve: add missing NULL check for gve_alloc_pending_packet() in TX DQO gve_alloc_pending_packet() can return NULL, but gve_tx_add_skb_dqo() did not check for this case before dereferencing the returned pointer. Add a missing NULL check to prevent a potential NULL pointer dereferenc

CVE-2025-38145 [MEDIUM] CWE-476 CVE-2025-38145: In the Linux kernel, the following vulnerability has been resolved: soc: aspeed: Add NULL check in In the Linux kernel, the following vulnerability has been resolved: soc: aspeed: Add NULL check in aspeed_lpc_enable_snoop() devm_kasprintf() returns NULL when memory allocation fails. Currently, aspeed_lpc_enable_snoop() does not check for this case, which results in a NULL pointer dereference. Add NULL check after devm_kasprintf() to prevent thi

CVE-2025-38147 [MEDIUM] CWE-476 CVE-2025-38147: In the Linux kernel, the following vulnerability has been resolved: calipso: Don't call calipso fun In the Linux kernel, the following vulnerability has been resolved: calipso: Don't call calipso functions for AF_INET sk. syzkaller reported a null-ptr-deref in txopt_get(). [0] The offset 0x70 was of struct ipv6_txoptions in struct ipv6_pinfo, so struct ipv6_pinfo was NULL there. However, this never happens for IPv6 sockets as inet_sk(sk)->pine