Debian Linux vulnerabilities

CVE-2025-38027 [HIGH] CWE-125 CVE-2025-38027: In the Linux kernel, the following vulnerability has been resolved: regulator: max20086: fix invali In the Linux kernel, the following vulnerability has been resolved: regulator: max20086: fix invalid memory access max20086_parse_regulators_dt() calls of_regulator_match() using an array of struct of_regulator_match allocated on the stack for the matches argument. of_regulator_match() calls devm_of_regulator_put_matches(), which calls devres_alloc(

CVE-2025-38024 [HIGH] CWE-416 CVE-2025-38024: In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix slab-use-after-fr In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix slab-use-after-free Read in rxe_queue_cleanup bug Call Trace: __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x7d/0xa0 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:378 [inline] print_report+0xcf/0x610 mm/kasan/report.c:489 kasan_report+0xb

CVE-2025-38052 [HIGH] CWE-416 CVE-2025-38052: In the Linux kernel, the following vulnerability has been resolved: net/tipc: fix slab-use-after-fr In the Linux kernel, the following vulnerability has been resolved: net/tipc: fix slab-use-after-free Read in tipc_aead_encrypt_done Syzbot reported a slab-use-after-free with the following call trace: BUG: KASAN: slab-use-after-free in tipc_aead_encrypt_done+0x4bd/0x510 net/tipc/crypto.c:840 Read of size 8 at addr ffff88807a733000 by task kworker/1

CVE-2025-38077 [HIGH] CWE-787 CVE-2025-38077: In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell-wmi-sysman: In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell-wmi-sysman: Avoid buffer overflow in current_password_store() If the 'buf' array received from the user contains an empty string, the 'length' variable will be zero. Accessing the 'buf' array element with index 'length - 1' will result in a buffer overflow. Add a c

CVE-2025-38068 [HIGH] CWE-787 CVE-2025-38068: In the Linux kernel, the following vulnerability has been resolved: crypto: lzo - Fix compression b In the Linux kernel, the following vulnerability has been resolved: crypto: lzo - Fix compression buffer overrun Unlike the decompression code, the compression code in LZO never checked for output overruns. It instead assumes that the caller always provides enough buffer space, disregarding the buffer length provided by the caller. Add a safe compre

CVE-2025-38079 [HIGH] CWE-415 CVE-2025-38079: In the Linux kernel, the following vulnerability has been resolved: crypto: algif_hash - fix double In the Linux kernel, the following vulnerability has been resolved: crypto: algif_hash - fix double free in hash_accept If accept(2) is called on socket type algif_hash with MSG_MORE flag set and crypto_ahash_import fails, sk2 is freed. However, it is also freed in af_alg_release, leading to slab-use-after-free error.

CVE-2025-38043 [MEDIUM] CVE-2025-38043: In the Linux kernel, the following vulnerability has been resolved: firmware: arm_ffa: Set dma_mask In the Linux kernel, the following vulnerability has been resolved: firmware: arm_ffa: Set dma_mask for ffa devices Set dma_mask for FFA devices, otherwise DMA allocation using the device pointer lead to following warning: WARNING: CPU: 1 PID: 1 at kernel/dma/mapping.c:597 dma_alloc_attrs+0xe0/0x124

CVE-2025-38058 [MEDIUM] CWE-667 CVE-2025-38058: In the Linux kernel, the following vulnerability has been resolved: __legitimize_mnt(): check for M In the Linux kernel, the following vulnerability has been resolved: __legitimize_mnt(): check for MNT_SYNC_UMOUNT should be under mount_lock ... or we risk stealing final mntput from sync umount - raising mnt_count after umount(2) has verified that victim is not busy, but before it has set MNT_SYNC_UMOUNT; in that case __legitimize_mnt() doesn't se

CVE-2025-38048 [MEDIUM] CWE-362 CVE-2025-38048: In the Linux kernel, the following vulnerability has been resolved: virtio_ring: Fix data race by t In the Linux kernel, the following vulnerability has been resolved: virtio_ring: Fix data race by tagging event_triggered as racy for KCSAN syzbot reports a data-race when accessing the event_triggered, here is the simplified stack when the issue occurred: BUG: KCSAN: data-race in virtqueue_disable_cb / virtqueue_enable_cb_delayed write to 0xffff

CVE-2025-38009 [MEDIUM] CVE-2025-38009: In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: disable napi on dri In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: disable napi on driver removal A warning on driver removal started occurring after commit 9dd05df8403b ("net: warn if NAPI instance wasn't shut down"). Disable tx napi before deleting it in mt76_dma_cleanup(). WARNING: CPU: 4 PID: 18828 at net/core/dev.c:7288 __netif_napi_del_

CVE-2025-38061 [MEDIUM] CVE-2025-38061: In the Linux kernel, the following vulnerability has been resolved: net: pktgen: fix access outside In the Linux kernel, the following vulnerability has been resolved: net: pktgen: fix access outside of user given buffer in pktgen_thread_write() Honour the user given buffer size for the strn_len() calls (otherwise strn_len() will access memory outside of the user given buffer).

CVE-2025-38065 [MEDIUM] CVE-2025-38065: In the Linux kernel, the following vulnerability has been resolved: orangefs: Do not truncate file In the Linux kernel, the following vulnerability has been resolved: orangefs: Do not truncate file size 'len' is used to store the result of i_size_read(), so making 'len' a size_t results in truncation to 4GiB on 32-bit systems.

CVE-2025-38031 [MEDIUM] CVE-2025-38031: In the Linux kernel, the following vulnerability has been resolved: padata: do not leak refcount in In the Linux kernel, the following vulnerability has been resolved: padata: do not leak refcount in reorder_work A recent patch that addressed a UAF introduced a reference count leak: the parallel_data refcount is incremented unconditionally, regardless of the return value of queue_work(). If the work item is already queued, the incremented refcount is nev

CVE-2025-38066 [MEDIUM] CWE-617 CVE-2025-38066: In the Linux kernel, the following vulnerability has been resolved: dm cache: prevent BUG_ON by blo In the Linux kernel, the following vulnerability has been resolved: dm cache: prevent BUG_ON by blocking retries on failed device resumes A cache device failing to resume due to mapping errors should not be retried, as the failure leaves a partially initialized policy object. Repeating the resume operation risks triggering BUG_ON when reloading cac

CVE-2025-38075 [MEDIUM] CWE-476 CVE-2025-38075: In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix timeou In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix timeout on deleted connection NOPIN response timer may expire on a deleted connection and crash with such logs: Did not receive response to NOPIN on CID: 0, failing connection for I_T Nexus (null),i,0x00023d000125,iqn.2017-01.com.iscsi.target,t,0x3d BUG:

CVE-2025-38015 [MEDIUM] CWE-401 CVE-2025-38015: In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: fix memory lea In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: fix memory leak in error handling path of idxd_alloc Memory allocated for idxd is not freed if an error occurs during idxd_alloc(). To fix it, free the allocated memory in the reverse order of allocation before exiting the function in case of an error.

CVE-2025-38020 [MEDIUM] CWE-476 CVE-2025-38020: In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Disable MACsec offlo In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Disable MACsec offload for uplink representor profile MACsec offload is not supported in switchdev mode for uplink representors. When switching to the uplink representor profile, the MACsec offload feature must be cleared from the netdevice's features. If left enabled,

CVE-2025-38037 [MEDIUM] CVE-2025-38037: In the Linux kernel, the following vulnerability has been resolved: vxlan: Annotate FDB data races In the Linux kernel, the following vulnerability has been resolved: vxlan: Annotate FDB data races The 'used' and 'updated' fields in the FDB entry structure can be accessed concurrently by multiple threads, leading to reports such as [1]. Can be reproduced using [2]. Suppress these reports by annotating these accesses using READ_ONCE() / WRITE_ONCE(). [1

CVE-2025-38040 [MEDIUM] CVE-2025-38040: In the Linux kernel, the following vulnerability has been resolved: serial: mctrl_gpio: split disab In the Linux kernel, the following vulnerability has been resolved: serial: mctrl_gpio: split disable_ms into sync and no_sync APIs The following splat has been observed on a SAMA5D27 platform using atmel_serial: BUG: sleeping function called from invalid context at kernel/irq/manage.c:738 in_atomic(): 1, irqs_disabled(): 128, non_block: 0, pid: 27, name:

CVE-2025-38005 [MEDIUM] CVE-2025-38005: In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: k3-udma: Add mis In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: k3-udma: Add missing locking Recent kernels complain about a missing lock in k3-udma.c when the lock validator is enabled: [ 4.128073] WARNING: CPU: 0 PID: 746 at drivers/dma/ti/../virt-dma.h:169 udma_start.isra.0+0x34/0x238 [ 4.137352] CPU: 0 UID: 0 PID: 746 Comm: kworker/