Debian Linux vulnerabilities

CVE-2025-38094 [MEDIUM] CWE-667 CVE-2025-38094: In the Linux kernel, the following vulnerability has been resolved: net: cadence: macb: Fix a possi In the Linux kernel, the following vulnerability has been resolved: net: cadence: macb: Fix a possible deadlock in macb_halt_tx. There is a situation where after THALT is set high, TGO stays high as well. Because jiffies are never updated, as we are in a context with interrupts disabled, we never exit that loop and have a deadlock. That deadlock

CVE-2025-38095 [MEDIUM] CWE-476 CVE-2025-38095: In the Linux kernel, the following vulnerability has been resolved: dma-buf: insert memory barrier In the Linux kernel, the following vulnerability has been resolved: dma-buf: insert memory barrier before updating num_fences smp_store_mb() inserts memory barrier after storing operation. It is different with what the comment is originally aiming so Null pointer dereference can be happened if memory update is reordered.

CVE-2025-38165 [MEDIUM] CWE-401 CVE-2025-38165: In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix panic when ca In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix panic when calling skb_linearize The panic can be reproduced by executing the command: ./bench sockmap -c 2 -p 1 -a --rx-verdict-ingress --rx-strp 100000 Then a kernel panic was captured: ''' [ 657.460555] kernel BUG at net/core/skbuff.c:2178! [ 657.462680] Tain

CVE-2025-38173 [MEDIUM] CVE-2025-38173: In the Linux kernel, the following vulnerability has been resolved: crypto: marvell/cesa - Handle z In the Linux kernel, the following vulnerability has been resolved: crypto: marvell/cesa - Handle zero-length skcipher requests Do not access random memory for zero-length skcipher requests. Just return 0.

CVE-2025-38112 [MEDIUM] CWE-367 CVE-2025-38112: In the Linux kernel, the following vulnerability has been resolved: net: Fix TOCTOU issue in sk_is_ In the Linux kernel, the following vulnerability has been resolved: net: Fix TOCTOU issue in sk_is_readable() sk->sk_prot->sock_is_readable is a valid function pointer when sk resides in a sockmap. After the last sk_psock_put() (which usually happens when socket is removed from sockmap), sk->sk_prot gets restored and sk->sk_prot->sock_is_readable

CVE-2025-38120 [MEDIUM] CVE-2025-38120: In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_set_pipapo_avx2: In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_set_pipapo_avx2: fix initial map fill If the first field doesn't cover the entire start map, then we must zero out the remainder, else we leak those bits into the next match round map. The early fix was incomplete and did only fix up the generic C implementation. A followup

CVE-2025-38142 [MEDIUM] CWE-476 CVE-2025-38142: In the Linux kernel, the following vulnerability has been resolved: hwmon: (asus-ec-sensors) check In the Linux kernel, the following vulnerability has been resolved: hwmon: (asus-ec-sensors) check sensor index in read_string() Prevent a potential invalid memory access when the requested sensor is not found. find_ec_sensor_index() may return a negative value (e.g. -ENOENT), but its result was used without checking, which could lead to undefined

CVE-2025-38160 [MEDIUM] CWE-476 CVE-2025-38160: In the Linux kernel, the following vulnerability has been resolved: clk: bcm: rpi: Add NULL check i In the Linux kernel, the following vulnerability has been resolved: clk: bcm: rpi: Add NULL check in raspberrypi_clk_register() devm_kasprintf() returns NULL when memory allocation fails. Currently, raspberrypi_clk_register() does not check for this case, which results in a NULL pointer dereference. Add NULL check after devm_kasprintf() to preven

CVE-2025-38119 [MEDIUM] CVE-2025-38119: In the Linux kernel, the following vulnerability has been resolved: scsi: core: ufs: Fix a hang in In the Linux kernel, the following vulnerability has been resolved: scsi: core: ufs: Fix a hang in the error handler ufshcd_err_handling_prepare() calls ufshcd_rpm_get_sync(). The latter function can only succeed if UFSHCD_EH_IN_PROGRESS is not set because resuming involves submitting a SCSI command and ufshcd_queuecommand() returns SCSI_MLQUEUE_HOST_BUSY

CVE-2025-38148 [MEDIUM] CWE-401 CVE-2025-38148: In the Linux kernel, the following vulnerability has been resolved: net: phy: mscc: Fix memory leak In the Linux kernel, the following vulnerability has been resolved: net: phy: mscc: Fix memory leak when using one step timestamping Fix memory leak when running one-step timestamping. When running one-step sync timestamping, the HW is configured to insert the TX time into the frame, so there is no reason to keep the skb anymore. As in this case t

CVE-2025-38100 [MEDIUM] CWE-476 CVE-2025-38100: In the Linux kernel, the following vulnerability has been resolved: x86/iopl: Cure TIF_IO_BITMAP in In the Linux kernel, the following vulnerability has been resolved: x86/iopl: Cure TIF_IO_BITMAP inconsistencies io_bitmap_exit() is invoked from exit_thread() when a task exists or when a fork fails. In the latter case the exit_thread() cleans up resources which were allocated during fork(). io_bitmap_exit() invokes task_update_io_bitmap(), whic

CVE-2025-38088 [HIGH] CWE-125 CVE-2025-38088: In the Linux kernel, the following vulnerability has been resolved: powerpc/powernv/memtrace: Fix o In the Linux kernel, the following vulnerability has been resolved: powerpc/powernv/memtrace: Fix out of bounds issue in memtrace mmap memtrace mmap issue has an out of bounds issue. This patch fixes the by checking that the requested mapping region size should stay within the allocated region size.

CVE-2025-32463 [HIGH] CWE-829 CVE-2025-32463: Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.

CVE-2025-38090 [MEDIUM] CVE-2025-38090: In the Linux kernel, the following vulnerability has been resolved: drivers/rapidio/rio_cm.c: preve In the Linux kernel, the following vulnerability has been resolved: drivers/rapidio/rio_cm.c: prevent possible heap overwrite In riocm_cdev_ioctl(RIO_CM_CHAN_SEND) -> cm_chan_msg_send() -> riocm_ch_send() cm_chan_msg_send() checks that userspace didn't send too much data but riocm_ch_send() failed to check that userspace sent sufficient data. The result

CVE-2025-38085 [MEDIUM] CWE-362 CVE-2025-38085: In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: fix huge_pmd_unshar In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race huge_pmd_unshare() drops a reference on a page table that may have previously been shared across processes, potentially turning it into a normal page table used in another process in which unrelated VMAs can afterwards be install

CVE-2025-38084 [MEDIUM] CVE-2025-38084: In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: unshare page tables In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: unshare page tables during VMA split, not before Currently, __split_vma() triggers hugetlb page table unsharing through vm_ops->may_split(). This happens before the VMA lock and rmap locks are taken - which is too early, it allows racing VMA-locked page faults in our process a

CVE-2025-38086 [MEDIUM] CWE-908 CVE-2025-38086: In the Linux kernel, the following vulnerability has been resolved: net: ch9200: fix uninitialised In the Linux kernel, the following vulnerability has been resolved: net: ch9200: fix uninitialised access during mii_nway_restart In mii_nway_restart() the code attempts to call mii->mdio_read which is ch9200_mdio_read(). ch9200_mdio_read() utilises a local buffer called "buff", which is initialised with control_read(). However "buff" is conditiona

CVE-2014-7210 [CRITICAL] CWE-276 CVE-2014-7210: pdns specific as packaged in Debian in version before 3.3.1-1 creates a too privileged MySQL user. I pdns specific as packaged in Debian in version before 3.3.1-1 creates a too privileged MySQL user. It was discovered that the maintainer scripts of pdns-backend-mysql grant too wide database permissions for the pdns user. Other backends are not affected.

CVE-2025-38083 [MEDIUM] CWE-362 CVE-2025-38083: In the Linux kernel, the following vulnerability has been resolved: net_sched: prio: fix a race in In the Linux kernel, the following vulnerability has been resolved: net_sched: prio: fix a race in prio_tune() Gerrard Tai reported a race condition in PRIO, whenever SFQ perturb timer fires at the wrong time. The race is as follows: CPU 0 CPU 1 [1]: lock root [2]: qdisc_tree_flush_backlog() [3]: unlock root | | [5]: lock root | [6]: rehash | [7]

CVE-2025-38051 [HIGH] CWE-416 CVE-2025-38051: In the Linux kernel, the following vulnerability has been resolved: smb: client: Fix use-after-free In the Linux kernel, the following vulnerability has been resolved: smb: client: Fix use-after-free in cifs_fill_dirent There is a race condition in the readdir concurrency process, which may access the rsp buffer after it has been released, triggering the following KASAN warning. BUG: KASAN: slab-use-after-free in cifs_fill_dirent+0xb03/0xb60 [cif