Debian Linux vulnerabilities

CVE-2025-37937 [MEDIUM] CWE-369 CVE-2025-37937: In the Linux kernel, the following vulnerability has been resolved: objtool, media: dib8000: Preven In the Linux kernel, the following vulnerability has been resolved: objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds() If dib8000_set_dds()'s call to dib8000_read32() returns zero, the result is a divide-by-zero. Prevent that from happening. Fixes the following warning with an UBSAN kernel: drivers/media/dvb-frontends/dib8000.o

CVE-2025-37963 [MEDIUM] CVE-2025-37963: In the Linux kernel, the following vulnerability has been resolved: arm64: bpf: Only mitigate cBPF In the Linux kernel, the following vulnerability has been resolved: arm64: bpf: Only mitigate cBPF programs loaded by unprivileged users Support for eBPF programs loaded by unprivileged users is typically disabled. This means only cBPF programs need to be mitigated for BHB. In addition, only mitigate cBPF programs that were loaded by an unprivileged user.

CVE-2025-37917 [MEDIUM] CVE-2025-37917: In the Linux kernel, the following vulnerability has been resolved: net: ethernet: mtk-star-emac: f In the Linux kernel, the following vulnerability has been resolved: net: ethernet: mtk-star-emac: fix spinlock recursion issues on rx/tx poll Use spin_lock_irqsave and spin_unlock_irqrestore instead of spin_lock and spin_unlock in mtk_star_emac driver to avoid spinlock recursion occurrence that can happen when enabling the DMA interrupts again in rx/tx po

CVE-2025-37932 [MEDIUM] CVE-2025-37932: In the Linux kernel, the following vulnerability has been resolved: sch_htb: make htb_qlen_notify() In the Linux kernel, the following vulnerability has been resolved: sch_htb: make htb_qlen_notify() idempotent htb_qlen_notify() always deactivates the HTB class and in fact could trigger a warning if it is already deactivated. Therefore, it is not idempotent and not friendly to its callers, like fq_codel_dequeue(). Let's make it idempotent to ease qdisc

CVE-2025-37936 [MEDIUM] CVE-2025-37936: In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel: KVM: Mask PEBS_ In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel: KVM: Mask PEBS_ENABLE loaded for guest with vCPU's value. When generating the MSR_IA32_PEBS_ENABLE value that will be loaded on VM-Entry to a KVM guest, mask the value with the vCPU's desired PEBS_ENABLE value. Consulting only the host kernel's host vs. guest masks results

CVE-2025-37990 [MEDIUM] CWE-908 CVE-2025-37990: In the Linux kernel, the following vulnerability has been resolved: wifi: brcm80211: fmac: Add erro In the Linux kernel, the following vulnerability has been resolved: wifi: brcm80211: fmac: Add error handling for brcmf_usb_dl_writeimage() The function brcmf_usb_dl_writeimage() calls the function brcmf_usb_dl_cmd() but dose not check its return value. The 'state.state' and the 'state.bytes' are uninitialized if the function brcmf_usb_dl_cmd() fa

CVE-2025-37972 [MEDIUM] CWE-476 CVE-2025-37972: In the Linux kernel, the following vulnerability has been resolved: Input: mtk-pmic-keys - fix poss In the Linux kernel, the following vulnerability has been resolved: Input: mtk-pmic-keys - fix possible null pointer dereference In mtk_pmic_keys_probe, the regs parameter is only set if the button is parsed in the device tree. However, on hardware where the button is left floating, that node will most likely be removed not to enable that input. I

CVE-2025-37929 [MEDIUM] CWE-476 CVE-2025-37929: In the Linux kernel, the following vulnerability has been resolved: arm64: errata: Add missing sent In the Linux kernel, the following vulnerability has been resolved: arm64: errata: Add missing sentinels to Spectre-BHB MIDR arrays Commit a5951389e58d ("arm64: errata: Add newer ARM cores to the spectre_bhb_loop_affected() lists") added some additional CPUs to the Spectre-BHB workaround, including some new arrays for designs that require new 'k'

CVE-2025-37969 [MEDIUM] CWE-667 CVE-2025-37969: In the Linux kernel, the following vulnerability has been resolved: iio: imu: st_lsm6dsx: fix possi In the Linux kernel, the following vulnerability has been resolved: iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_tagged_fifo Prevent st_lsm6dsx_read_tagged_fifo from falling in an infinite loop in case pattern_len is equal to zero and the device FIFO is not empty.

CVE-2025-37949 [MEDIUM] CWE-476 CVE-2025-37949: In the Linux kernel, the following vulnerability has been resolved: xenbus: Use kref to track req l In the Linux kernel, the following vulnerability has been resolved: xenbus: Use kref to track req lifetime Marek reported seeing a NULL pointer fault in the xenbus_thread callstack: BUG: kernel NULL pointer dereference, address: 0000000000000000 RIP: e030:__wake_up_common+0x4c/0x180 Call Trace: __wake_up_common_lock+0x82/0xd0 process_msg+0x18e/0x

CVE-2025-37931 [MEDIUM] CVE-2025-37931: In the Linux kernel, the following vulnerability has been resolved: btrfs: adjust subpage bit start In the Linux kernel, the following vulnerability has been resolved: btrfs: adjust subpage bit start based on sectorsize When running machines with 64k page size and a 16k nodesize we started seeing tree log corruption in production. This turned out to be because we were not writing out dirty blocks sometimes, so this in fact affects all metadata writes.

CVE-2025-37905 [MEDIUM] CWE-401 CVE-2025-37905: In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scmi: Balance dev In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scmi: Balance device refcount when destroying devices Using device_find_child() to lookup the proper SCMI device to destroy causes an unbalance in device refcount, since device_find_child() calls an implicit get_device(): this, in turns, inhibits the call of the prov

CVE-2025-37961 [MEDIUM] CWE-908 CVE-2025-37961: In the Linux kernel, the following vulnerability has been resolved: ipvs: fix uninit-value for sadd In the Linux kernel, the following vulnerability has been resolved: ipvs: fix uninit-value for saddr in do_output_route4 syzbot reports for uninit-value for the saddr argument [1]. commit 4754957f04f5 ("ipvs: do not use random local source address for tunnels") already implies that the input value of saddr should be ignored but the code is still r

CVE-2025-37938 [MEDIUM] CWE-476 CVE-2025-37938: In the Linux kernel, the following vulnerability has been resolved: tracing: Verify event formats t In the Linux kernel, the following vulnerability has been resolved: tracing: Verify event formats that have "%*p.." The trace event verifier checks the formats of trace events to make sure that they do not point at memory that is not in the trace event itself or in data that will never be freed. If an event references data that was allocated when

CVE-2025-37940 [MEDIUM] CWE-667 CVE-2025-37940: In the Linux kernel, the following vulnerability has been resolved: ftrace: Add cond_resched() to f In the Linux kernel, the following vulnerability has been resolved: ftrace: Add cond_resched() to ftrace_graph_set_hash() When the kernel contains a large number of functions that can be traced, the loop in ftrace_graph_set_hash() may take a lot of time to execute. This may trigger the softlockup watchdog. Add cond_resched() within the loop to al

CVE-2025-37982 [MEDIUM] CWE-401 CVE-2025-37982: In the Linux kernel, the following vulnerability has been resolved: wifi: wl1251: fix memory leak i In the Linux kernel, the following vulnerability has been resolved: wifi: wl1251: fix memory leak in wl1251_tx_work The skb dequeued from tx_queue is lost when wl1251_ps_elp_wakeup fails with a -ETIMEDOUT error. Fix that by queueing the skb back to tx_queue.

CVE-2025-37959 [MEDIUM] CVE-2025-37959: In the Linux kernel, the following vulnerability has been resolved: bpf: Scrub packet on bpf_redire In the Linux kernel, the following vulnerability has been resolved: bpf: Scrub packet on bpf_redirect_peer When bpf_redirect_peer is used to redirect packets to a device in another network namespace, the skb isn't scrubbed. That can lead skb information from one namespace to be "misused" in another namespace. As one example, this is causing Cilium to dro

CVE-2025-37962 [MEDIUM] CWE-401 CVE-2025-37962: In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix memory leak in parse In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix memory leak in parse_lease_state() The previous patch that added bounds check for create lease context introduced a memory leak. When the bounds check fails, the function returns NULL without freeing the previously allocated lease_ctx_info structure. This patch fixes t

CVE-2025-37897 [MEDIUM] CWE-617 CVE-2025-37897: In the Linux kernel, the following vulnerability has been resolved: wifi: plfxlc: Remove erroneous In the Linux kernel, the following vulnerability has been resolved: wifi: plfxlc: Remove erroneous assert in plfxlc_mac_release plfxlc_mac_release() asserts that mac->lock is held. This assertion is incorrect, because even if it was possible, it would not be the valid behaviour. The function is used when probe fails or after the device is disconnec

CVE-2025-37970 [MEDIUM] CWE-667 CVE-2025-37970: In the Linux kernel, the following vulnerability has been resolved: iio: imu: st_lsm6dsx: fix possi In the Linux kernel, the following vulnerability has been resolved: iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_fifo Prevent st_lsm6dsx_read_fifo from falling in an infinite loop in case pattern_len is equal to zero and the device FIFO is not empty.