Debian Linux vulnerabilities

CVE-2024-52035 [HIGH] CWE-190 CVE-2024-52035: An integer overflow vulnerability exists in the OLE Document File Allocation Table Parser functional An integer overflow vulnerability exists in the OLE Document File Allocation Table Parser functionality of catdoc 0.95. A specially crafted malformed file can lead to heap-based memory corruption. An attacker can provide a malicious file to trigger this vulnerability.

CVE-2025-4598 [MEDIUM] CWE-364 CVE-2025-4598: A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process. A SUID binary or process has a special type o

CVE-2025-37998 [MEDIUM] CVE-2025-37998: In the Linux kernel, the following vulnerability has been resolved: openvswitch: Fix unsafe attribu In the Linux kernel, the following vulnerability has been resolved: openvswitch: Fix unsafe attribute parsing in output_userspace() This patch replaces the manual Netlink attribute iteration in output_userspace() with nla_for_each_nested(), which ensures that only well-formed attributes are processed.

CVE-2025-37994 [MEDIUM] CWE-476 CVE-2025-37994: In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: displayport: In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: displayport: Fix NULL pointer access This patch ensures that the UCSI driver waits for all pending tasks in the ucsi_displayport_work workqueue to finish executing before proceeding with the partner removal.

CVE-2025-37995 [MEDIUM] CWE-824 CVE-2025-37995: In the Linux kernel, the following vulnerability has been resolved: module: ensure that kobject_put In the Linux kernel, the following vulnerability has been resolved: module: ensure that kobject_put() is safe for module type kobjects In 'lookup_or_create_module_kobject()', an internal kobject is created using 'module_ktype'. So call to 'kobject_put()' on error handling path causes an attempt to use an uninitialized completion pointer in 'module_

CVE-2025-37997 [MEDIUM] CWE-667 CVE-2025-37997: In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: fix region lo In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: fix region locking in hash types Region locking introduced in v5.6-rc4 contained three macros to handle the region locks: ahash_bucket_start(), ahash_bucket_end() which gave back the start and end hash bucket values belonging to a given region lock and ahash_regio

CVE-2025-37992 [MEDIUM] CWE-476 CVE-2025-37992: In the Linux kernel, the following vulnerability has been resolved: net_sched: Flush gso_skb list t In the Linux kernel, the following vulnerability has been resolved: net_sched: Flush gso_skb list too during ->change() Previously, when reducing a qdisc's limit via the ->change() operation, only the main skb queue was trimmed, potentially leaving packets in the gso_skb list. This could result in NULL pointer dereference when we only check sch->li

CVE-2025-3887 [HIGH] CWE-121 CVE-2025-3887: GStreamer H265 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This v GStreamer H265 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw

CVE-2025-37903 [HIGH] CWE-416 CVE-2025-37903: In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix slab-use-a In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix slab-use-after-free in hdcp The HDCP code in amdgpu_dm_hdcp.c copies pointers to amdgpu_dm_connector objects without incrementing the kref reference counts. When using a USB-C dock, and the dock is unplugged, the corresponding amdgpu_dm_connector objects are free

CVE-2025-37892 [HIGH] CVE-2025-37892: In the Linux kernel, the following vulnerability has been resolved: mtd: inftlcore: Add error check In the Linux kernel, the following vulnerability has been resolved: mtd: inftlcore: Add error check for inftl_read_oob() In INFTL_findwriteunit(), the return value of inftl_read_oob() need to be checked. A proper implementation can be found in INFTL_deleteblock(). The status will be set as SECTOR_IGNORE to break from the while-loop correctly if the inftl_rea

CVE-2025-37921 [HIGH] CVE-2025-37921: In the Linux kernel, the following vulnerability has been resolved: vxlan: vnifilter: Fix unlocked In the Linux kernel, the following vulnerability has been resolved: vxlan: vnifilter: Fix unlocked deletion of default FDB entry When a VNI is deleted from a VXLAN device in 'vnifilter' mode, the FDB entry associated with the default remote (assuming one was configured) is deleted without holding the hash lock. This is wrong and will result in a warning [1] b

CVE-2025-37979 [HIGH] CWE-787 CVE-2025-37979: In the Linux kernel, the following vulnerability has been resolved: ASoC: qcom: Fix sc7280 lpass po In the Linux kernel, the following vulnerability has been resolved: ASoC: qcom: Fix sc7280 lpass potential buffer overflow Case values introduced in commit 5f78e1fb7a3e ("ASoC: qcom: Add driver support for audioreach solution") cause out of bounds access in arrays of sc7280 driver data (e.g. in case of RX_CODEC_DMA_RX_0 in sc7280_snd_hw_params()). R

CVE-2025-37928 [HIGH] CVE-2025-37928: In the Linux kernel, the following vulnerability has been resolved: dm-bufio: don't schedule in ato In the Linux kernel, the following vulnerability has been resolved: dm-bufio: don't schedule in atomic context A BUG was reported as below when CONFIG_DEBUG_ATOMIC_SLEEP and try_verify_in_tasklet are enabled. [ 129.444685][ T934] BUG: sleeping function called from invalid context at drivers/md/dm-bufio.c:2421 [ 129.444723][ T934] in_atomic(): 1, irqs_disable

CVE-2025-37991 [HIGH] CWE-415 CVE-2025-37991: In the Linux kernel, the following vulnerability has been resolved: parisc: Fix double SIGFPE crash In the Linux kernel, the following vulnerability has been resolved: parisc: Fix double SIGFPE crash Camm noticed that on parisc a SIGFPE exception will crash an application with a second SIGFPE in the signal handler. Dave analyzed it, and it happens because glibc uses a double-word floating-point store to atomically update function descriptors. As a

CVE-2025-37913 [HIGH] CWE-415 CVE-2025-37913: In the Linux kernel, the following vulnerability has been resolved: net_sched: qfq: Fix double list In the Linux kernel, the following vulnerability has been resolved: net_sched: qfq: Fix double list add in class with netem as child qdisc As described in Gerrard's report [1], there are use cases where a netem child qdisc will make the parent qdisc's enqueue callback reentrant. In the case of qfq, there won't be a UAF, but the code will add the same

CVE-2025-37923 [HIGH] CWE-787 CVE-2025-37923: In the Linux kernel, the following vulnerability has been resolved: tracing: Fix oob write in trace In the Linux kernel, the following vulnerability has been resolved: tracing: Fix oob write in trace_seq_to_buffer() syzbot reported this bug: BUG: KASAN: slab-out-of-bounds in trace_seq_to_buffer kernel/trace/trace.c:1830 [inline] BUG: KASAN: slab-out-of-bounds in tracing_splice_read_pipe+0x6be/0xdd0 kernel/trace/trace.c:6822 Write of size 4507 at ad

CVE-2025-37927 [HIGH] CWE-787 CVE-2025-37927: In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Fix potential buffer In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Fix potential buffer overflow in parse_ivrs_acpihid There is a string parsing logic error which can lead to an overflow of hid or uid buffers. Comparing ACPIID_LEN against a total string length doesn't take into account the lengths of individual hid and uid buffers so the

CVE-2025-37914 [HIGH] CWE-415 CVE-2025-37914: In the Linux kernel, the following vulnerability has been resolved: net_sched: ets: Fix double list In the Linux kernel, the following vulnerability has been resolved: net_sched: ets: Fix double list add in class with netem as child qdisc As described in Gerrard's report [1], there are use cases where a netem child qdisc will make the parent qdisc's enqueue callback reentrant. In the case of ets, there won't be a UAF, but the code will add the same

CVE-2025-37924 [HIGH] CWE-416 CVE-2025-37924: In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in ke In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in kerberos authentication Setting sess->user = NULL was introduced to fix the dangling pointer created by ksmbd_free_user. However, it is possible another thread could be operating on the session and make use of sess->user after it has been passed to ksmbd_

CVE-2025-37947 [HIGH] CWE-787 CVE-2025-37947: In the Linux kernel, the following vulnerability has been resolved: ksmbd: prevent out-of-bounds st In the Linux kernel, the following vulnerability has been resolved: ksmbd: prevent out-of-bounds stream writes by validating *pos ksmbd_vfs_stream_write() did not validate whether the write offset (*pos) was within the bounds of the existing stream data length (v_len). If *pos was greater than or equal to v_len, this could lead to an out-of-bounds me