Debian Linux vulnerabilities

CVE-2025-38120 [MEDIUM] CVE-2025-38120: In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_set_pipapo_avx2: In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_set_pipapo_avx2: fix initial map fill If the first field doesn't cover the entire start map, then we must zero out the remainder, else we leak those bits into the next match round map. The early fix was incomplete and did only fix up the generic C implementation. A followup

CVE-2025-38142 [MEDIUM] CWE-476 CVE-2025-38142: In the Linux kernel, the following vulnerability has been resolved: hwmon: (asus-ec-sensors) check In the Linux kernel, the following vulnerability has been resolved: hwmon: (asus-ec-sensors) check sensor index in read_string() Prevent a potential invalid memory access when the requested sensor is not found. find_ec_sensor_index() may return a negative value (e.g. -ENOENT), but its result was used without checking, which could lead to undefined

CVE-2025-38160 [MEDIUM] CWE-476 CVE-2025-38160: In the Linux kernel, the following vulnerability has been resolved: clk: bcm: rpi: Add NULL check i In the Linux kernel, the following vulnerability has been resolved: clk: bcm: rpi: Add NULL check in raspberrypi_clk_register() devm_kasprintf() returns NULL when memory allocation fails. Currently, raspberrypi_clk_register() does not check for this case, which results in a NULL pointer dereference. Add NULL check after devm_kasprintf() to preven

CVE-2025-38119 [MEDIUM] CVE-2025-38119: In the Linux kernel, the following vulnerability has been resolved: scsi: core: ufs: Fix a hang in In the Linux kernel, the following vulnerability has been resolved: scsi: core: ufs: Fix a hang in the error handler ufshcd_err_handling_prepare() calls ufshcd_rpm_get_sync(). The latter function can only succeed if UFSHCD_EH_IN_PROGRESS is not set because resuming involves submitting a SCSI command and ufshcd_queuecommand() returns SCSI_MLQUEUE_HOST_BUSY

CVE-2025-38148 [MEDIUM] CWE-401 CVE-2025-38148: In the Linux kernel, the following vulnerability has been resolved: net: phy: mscc: Fix memory leak In the Linux kernel, the following vulnerability has been resolved: net: phy: mscc: Fix memory leak when using one step timestamping Fix memory leak when running one-step timestamping. When running one-step sync timestamping, the HW is configured to insert the TX time into the frame, so there is no reason to keep the skb anymore. As in this case t

CVE-2025-38100 [MEDIUM] CWE-476 CVE-2025-38100: In the Linux kernel, the following vulnerability has been resolved: x86/iopl: Cure TIF_IO_BITMAP in In the Linux kernel, the following vulnerability has been resolved: x86/iopl: Cure TIF_IO_BITMAP inconsistencies io_bitmap_exit() is invoked from exit_thread() when a task exists or when a fork fails. In the latter case the exit_thread() cleans up resources which were allocated during fork(). io_bitmap_exit() invokes task_update_io_bitmap(), whic

CVE-2025-38088 [HIGH] CWE-125 CVE-2025-38088: In the Linux kernel, the following vulnerability has been resolved: powerpc/powernv/memtrace: Fix o In the Linux kernel, the following vulnerability has been resolved: powerpc/powernv/memtrace: Fix out of bounds issue in memtrace mmap memtrace mmap issue has an out of bounds issue. This patch fixes the by checking that the requested mapping region size should stay within the allocated region size.

CVE-2025-32463 [HIGH] CWE-829 CVE-2025-32463: Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.

CVE-2025-38090 [MEDIUM] CVE-2025-38090: In the Linux kernel, the following vulnerability has been resolved: drivers/rapidio/rio_cm.c: preve In the Linux kernel, the following vulnerability has been resolved: drivers/rapidio/rio_cm.c: prevent possible heap overwrite In riocm_cdev_ioctl(RIO_CM_CHAN_SEND) -> cm_chan_msg_send() -> riocm_ch_send() cm_chan_msg_send() checks that userspace didn't send too much data but riocm_ch_send() failed to check that userspace sent sufficient data. The result

CVE-2025-38085 [MEDIUM] CWE-362 CVE-2025-38085: In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: fix huge_pmd_unshar In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race huge_pmd_unshare() drops a reference on a page table that may have previously been shared across processes, potentially turning it into a normal page table used in another process in which unrelated VMAs can afterwards be install

CVE-2025-38084 [MEDIUM] CVE-2025-38084: In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: unshare page tables In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: unshare page tables during VMA split, not before Currently, __split_vma() triggers hugetlb page table unsharing through vm_ops->may_split(). This happens before the VMA lock and rmap locks are taken - which is too early, it allows racing VMA-locked page faults in our process a

CVE-2025-38086 [MEDIUM] CWE-908 CVE-2025-38086: In the Linux kernel, the following vulnerability has been resolved: net: ch9200: fix uninitialised In the Linux kernel, the following vulnerability has been resolved: net: ch9200: fix uninitialised access during mii_nway_restart In mii_nway_restart() the code attempts to call mii->mdio_read which is ch9200_mdio_read(). ch9200_mdio_read() utilises a local buffer called "buff", which is initialised with control_read(). However "buff" is conditiona

CVE-2014-7210 [CRITICAL] CWE-276 CVE-2014-7210: pdns specific as packaged in Debian in version before 3.3.1-1 creates a too privileged MySQL user. I pdns specific as packaged in Debian in version before 3.3.1-1 creates a too privileged MySQL user. It was discovered that the maintainer scripts of pdns-backend-mysql grant too wide database permissions for the pdns user. Other backends are not affected.

CVE-2025-38083 [MEDIUM] CWE-362 CVE-2025-38083: In the Linux kernel, the following vulnerability has been resolved: net_sched: prio: fix a race in In the Linux kernel, the following vulnerability has been resolved: net_sched: prio: fix a race in prio_tune() Gerrard Tai reported a race condition in PRIO, whenever SFQ perturb timer fires at the wrong time. The race is as follows: CPU 0 CPU 1 [1]: lock root [2]: qdisc_tree_flush_backlog() [3]: unlock root | | [5]: lock root | [6]: rehash | [7]

CVE-2025-38051 [HIGH] CWE-416 CVE-2025-38051: In the Linux kernel, the following vulnerability has been resolved: smb: client: Fix use-after-free In the Linux kernel, the following vulnerability has been resolved: smb: client: Fix use-after-free in cifs_fill_dirent There is a race condition in the readdir concurrency process, which may access the rsp buffer after it has been released, triggering the following KASAN warning. BUG: KASAN: slab-use-after-free in cifs_fill_dirent+0xb03/0xb60 [cif

CVE-2025-38027 [HIGH] CWE-125 CVE-2025-38027: In the Linux kernel, the following vulnerability has been resolved: regulator: max20086: fix invali In the Linux kernel, the following vulnerability has been resolved: regulator: max20086: fix invalid memory access max20086_parse_regulators_dt() calls of_regulator_match() using an array of struct of_regulator_match allocated on the stack for the matches argument. of_regulator_match() calls devm_of_regulator_put_matches(), which calls devres_alloc

CVE-2025-38024 [HIGH] CWE-416 CVE-2025-38024: In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix slab-use-after-fr In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix slab-use-after-free Read in rxe_queue_cleanup bug Call Trace: __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x7d/0xa0 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:378 [inline] print_report+0xcf/0x610 mm/kasan/report.c:489 kasan_report+0x

CVE-2025-38052 [HIGH] CWE-416 CVE-2025-38052: In the Linux kernel, the following vulnerability has been resolved: net/tipc: fix slab-use-after-fr In the Linux kernel, the following vulnerability has been resolved: net/tipc: fix slab-use-after-free Read in tipc_aead_encrypt_done Syzbot reported a slab-use-after-free with the following call trace: BUG: KASAN: slab-use-after-free in tipc_aead_encrypt_done+0x4bd/0x510 net/tipc/crypto.c:840 Read of size 8 at addr ffff88807a733000 by task kworker/

CVE-2025-38077 [HIGH] CWE-787 CVE-2025-38077: In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell-wmi-sysman: In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell-wmi-sysman: Avoid buffer overflow in current_password_store() If the 'buf' array received from the user contains an empty string, the 'length' variable will be zero. Accessing the 'buf' array element with index 'length - 1' will result in a buffer overflow. Add a

CVE-2025-38068 [HIGH] CWE-787 CVE-2025-38068: In the Linux kernel, the following vulnerability has been resolved: crypto: lzo - Fix compression b In the Linux kernel, the following vulnerability has been resolved: crypto: lzo - Fix compression buffer overrun Unlike the decompression code, the compression code in LZO never checked for output overruns. It instead assumes that the caller always provides enough buffer space, disregarding the buffer length provided by the caller. Add a safe compr