Debian Linux vulnerabilities

CVE-2025-38079 [HIGH] CWE-415 CVE-2025-38079: In the Linux kernel, the following vulnerability has been resolved: crypto: algif_hash - fix double In the Linux kernel, the following vulnerability has been resolved: crypto: algif_hash - fix double free in hash_accept If accept(2) is called on socket type algif_hash with MSG_MORE flag set and crypto_ahash_import fails, sk2 is freed. However, it is also freed in af_alg_release, leading to slab-use-after-free error.

CVE-2025-38043 [MEDIUM] CVE-2025-38043: In the Linux kernel, the following vulnerability has been resolved: firmware: arm_ffa: Set dma_mask In the Linux kernel, the following vulnerability has been resolved: firmware: arm_ffa: Set dma_mask for ffa devices Set dma_mask for FFA devices, otherwise DMA allocation using the device pointer lead to following warning: WARNING: CPU: 1 PID: 1 at kernel/dma/mapping.c:597 dma_alloc_attrs+0xe0/0x124

CVE-2025-38058 [MEDIUM] CWE-667 CVE-2025-38058: In the Linux kernel, the following vulnerability has been resolved: __legitimize_mnt(): check for M In the Linux kernel, the following vulnerability has been resolved: __legitimize_mnt(): check for MNT_SYNC_UMOUNT should be under mount_lock ... or we risk stealing final mntput from sync umount - raising mnt_count after umount(2) has verified that victim is not busy, but before it has set MNT_SYNC_UMOUNT; in that case __legitimize_mnt() doesn't s

CVE-2025-38048 [MEDIUM] CWE-362 CVE-2025-38048: In the Linux kernel, the following vulnerability has been resolved: virtio_ring: Fix data race by t In the Linux kernel, the following vulnerability has been resolved: virtio_ring: Fix data race by tagging event_triggered as racy for KCSAN syzbot reports a data-race when accessing the event_triggered, here is the simplified stack when the issue occurred: BUG: KCSAN: data-race in virtqueue_disable_cb / virtqueue_enable_cb_delayed write to 0xfff

CVE-2025-38009 [MEDIUM] CVE-2025-38009: In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: disable napi on dri In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: disable napi on driver removal A warning on driver removal started occurring after commit 9dd05df8403b ("net: warn if NAPI instance wasn't shut down"). Disable tx napi before deleting it in mt76_dma_cleanup(). WARNING: CPU: 4 PID: 18828 at net/core/dev.c:7288 __netif_napi_del

CVE-2025-38061 [MEDIUM] CVE-2025-38061: In the Linux kernel, the following vulnerability has been resolved: net: pktgen: fix access outside In the Linux kernel, the following vulnerability has been resolved: net: pktgen: fix access outside of user given buffer in pktgen_thread_write() Honour the user given buffer size for the strn_len() calls (otherwise strn_len() will access memory outside of the user given buffer).

CVE-2025-38065 [MEDIUM] CVE-2025-38065: In the Linux kernel, the following vulnerability has been resolved: orangefs: Do not truncate file In the Linux kernel, the following vulnerability has been resolved: orangefs: Do not truncate file size 'len' is used to store the result of i_size_read(), so making 'len' a size_t results in truncation to 4GiB on 32-bit systems.

CVE-2025-38031 [MEDIUM] CVE-2025-38031: In the Linux kernel, the following vulnerability has been resolved: padata: do not leak refcount in In the Linux kernel, the following vulnerability has been resolved: padata: do not leak refcount in reorder_work A recent patch that addressed a UAF introduced a reference count leak: the parallel_data refcount is incremented unconditionally, regardless of the return value of queue_work(). If the work item is already queued, the incremented refcount is ne

CVE-2025-38066 [MEDIUM] CWE-617 CVE-2025-38066: In the Linux kernel, the following vulnerability has been resolved: dm cache: prevent BUG_ON by blo In the Linux kernel, the following vulnerability has been resolved: dm cache: prevent BUG_ON by blocking retries on failed device resumes A cache device failing to resume due to mapping errors should not be retried, as the failure leaves a partially initialized policy object. Repeating the resume operation risks triggering BUG_ON when reloading ca

CVE-2025-38075 [MEDIUM] CWE-476 CVE-2025-38075: In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix timeou In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix timeout on deleted connection NOPIN response timer may expire on a deleted connection and crash with such logs: Did not receive response to NOPIN on CID: 0, failing connection for I_T Nexus (null),i,0x00023d000125,iqn.2017-01.com.iscsi.target,t,0x3d BUG:

CVE-2025-38015 [MEDIUM] CWE-401 CVE-2025-38015: In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: fix memory lea In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: fix memory leak in error handling path of idxd_alloc Memory allocated for idxd is not freed if an error occurs during idxd_alloc(). To fix it, free the allocated memory in the reverse order of allocation before exiting the function in case of an error.

CVE-2025-38020 [MEDIUM] CWE-476 CVE-2025-38020: In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Disable MACsec offlo In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Disable MACsec offload for uplink representor profile MACsec offload is not supported in switchdev mode for uplink representors. When switching to the uplink representor profile, the MACsec offload feature must be cleared from the netdevice's features. If left enabled,

CVE-2025-38037 [MEDIUM] CVE-2025-38037: In the Linux kernel, the following vulnerability has been resolved: vxlan: Annotate FDB data races In the Linux kernel, the following vulnerability has been resolved: vxlan: Annotate FDB data races The 'used' and 'updated' fields in the FDB entry structure can be accessed concurrently by multiple threads, leading to reports such as [1]. Can be reproduced using [2]. Suppress these reports by annotating these accesses using READ_ONCE() / WRITE_ONCE(). [

CVE-2025-38040 [MEDIUM] CVE-2025-38040: In the Linux kernel, the following vulnerability has been resolved: serial: mctrl_gpio: split disab In the Linux kernel, the following vulnerability has been resolved: serial: mctrl_gpio: split disable_ms into sync and no_sync APIs The following splat has been observed on a SAMA5D27 platform using atmel_serial: BUG: sleeping function called from invalid context at kernel/irq/manage.c:738 in_atomic(): 1, irqs_disabled(): 128, non_block: 0, pid: 27, name

CVE-2025-38005 [MEDIUM] CVE-2025-38005: In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: k3-udma: Add mis In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: k3-udma: Add missing locking Recent kernels complain about a missing lock in k3-udma.c when the lock validator is enabled: [ 4.128073] WARNING: CPU: 0 PID: 746 at drivers/dma/ti/../virt-dma.h:169 udma_start.isra.0+0x34/0x238 [ 4.137352] CPU: 0 UID: 0 PID: 746 Comm: kworker

CVE-2025-38078 [MEDIUM] CWE-362 CVE-2025-38078: In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Fix race of buffer a In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Fix race of buffer access at PCM OSS layer The PCM OSS layer tries to clear the buffer with the silence data at initialization (or reconfiguration) of a stream with the explicit call of snd_pcm_format_set_silence() with runtime->dma_area. But this may lead to a UAF beca

CVE-2025-38035 [MEDIUM] CWE-476 CVE-2025-38035: In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: don't restore null s In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: don't restore null sk_state_change queue->state_change is set as part of nvmet_tcp_set_queue_sock(), but if the TCP connection isn't established when nvmet_tcp_set_queue_sock() is called then queue->state_change isn't set and sock->sk->sk_state_change isn't replaced. A

CVE-2025-38062 [MEDIUM] CVE-2025-38062: In the Linux kernel, the following vulnerability has been resolved: genirq/msi: Store the IOMMU IOV In the Linux kernel, the following vulnerability has been resolved: genirq/msi: Store the IOMMU IOVA directly in msi_desc instead of iommu_cookie The IOMMU translation for MSI message addresses has been a 2-step process, separated in time: 1) iommu_dma_prepare_msi(): A cookie pointer containing the IOVA address is stored in the MSI descriptor when an MSI

CVE-2025-38023 [MEDIUM] CWE-476 CVE-2025-38023: In the Linux kernel, the following vulnerability has been resolved: nfs: handle failure of nfs_get_ In the Linux kernel, the following vulnerability has been resolved: nfs: handle failure of nfs_get_lock_context in unlock path When memory is insufficient, the allocation of nfs_lock_context in nfs_get_lock_context() fails and returns -ENOMEM. If we mistakenly treat an nfs4_unlockdata structure (whose l_ctx member has been set to -ENOMEM) as valid

CVE-2025-38007 [MEDIUM] CWE-476 CVE-2025-38007: In the Linux kernel, the following vulnerability has been resolved: HID: uclogic: Add NULL check in In the Linux kernel, the following vulnerability has been resolved: HID: uclogic: Add NULL check in uclogic_input_configured() devm_kasprintf() returns NULL when memory allocation fails. Currently, uclogic_input_configured() does not check for this case, which results in a NULL pointer dereference. Add NULL check after devm_kasprintf() to prevent