Debian Linux vulnerabilities

CVE-2025-37930 [MEDIUM] CWE-617 CVE-2025-37930: In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: Fix WARN_ON in nou In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: Fix WARN_ON in nouveau_fence_context_kill() Nouveau is mostly designed in a way that it's expected that fences only ever get signaled through nouveau_fence_signal(). However, in at least one other place, nouveau_fence_done(), can signal fences, too. If that happens (ra

CVE-2025-37911 [MEDIUM] CWE-125 CVE-2025-37911: In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Fix out-of-bound memcp In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Fix out-of-bound memcpy() during ethtool -w When retrieving the FW coredump using ethtool, it can sometimes cause memory corruption: BUG: KFENCE: memory corruption in __bnxt_get_coredump+0x3ef/0x670 [bnxt_en] Corrupted memory at 0x000000008f0f30e8 [ ! ! ! ! ! ! ! ! ! ! !

CVE-2025-37909 [MEDIUM] CWE-401 CVE-2025-37909: In the Linux kernel, the following vulnerability has been resolved: net: lan743x: Fix memleak issue In the Linux kernel, the following vulnerability has been resolved: net: lan743x: Fix memleak issue when GSO enabled Always map the `skb` to the LS descriptor. Previously skb was mapped to EXT descriptor when the number of fragments is zero with GSO enabled. Mapping the skb to EXT descriptor prevents it from being freed, leading to a memory leak

CVE-2025-37953 [MEDIUM] CWE-476 CVE-2025-37953: In the Linux kernel, the following vulnerability has been resolved: sch_htb: make htb_deactivate() In the Linux kernel, the following vulnerability has been resolved: sch_htb: make htb_deactivate() idempotent Alan reported a NULL pointer dereference in htb_next_rb_node() after we made htb_qlen_notify() idempotent. It turns out in the following case it introduced some regression: htb_dequeue_tree(): |-> fq_codel_dequeue() |-> qdisc_tree_reduce_b

CVE-2025-37958 [MEDIUM] CWE-476 CVE-2025-37958: In the Linux kernel, the following vulnerability has been resolved: mm/huge_memory: fix dereferenci In the Linux kernel, the following vulnerability has been resolved: mm/huge_memory: fix dereferencing invalid pmd migration entry When migrating a THP, concurrent access to the PMD migration entry during a deferred split scan can lead to an invalid address access, as illustrated below. To prevent this invalid access, it is necessary to check the PM

CVE-2025-37937 [MEDIUM] CWE-369 CVE-2025-37937: In the Linux kernel, the following vulnerability has been resolved: objtool, media: dib8000: Preven In the Linux kernel, the following vulnerability has been resolved: objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds() If dib8000_set_dds()'s call to dib8000_read32() returns zero, the result is a divide-by-zero. Prevent that from happening. Fixes the following warning with an UBSAN kernel: drivers/media/dvb-frontends/dib8000.o:

CVE-2025-37963 [MEDIUM] CVE-2025-37963: In the Linux kernel, the following vulnerability has been resolved: arm64: bpf: Only mitigate cBPF In the Linux kernel, the following vulnerability has been resolved: arm64: bpf: Only mitigate cBPF programs loaded by unprivileged users Support for eBPF programs loaded by unprivileged users is typically disabled. This means only cBPF programs need to be mitigated for BHB. In addition, only mitigate cBPF programs that were loaded by an unprivileged user.

CVE-2025-37917 [MEDIUM] CVE-2025-37917: In the Linux kernel, the following vulnerability has been resolved: net: ethernet: mtk-star-emac: f In the Linux kernel, the following vulnerability has been resolved: net: ethernet: mtk-star-emac: fix spinlock recursion issues on rx/tx poll Use spin_lock_irqsave and spin_unlock_irqrestore instead of spin_lock and spin_unlock in mtk_star_emac driver to avoid spinlock recursion occurrence that can happen when enabling the DMA interrupts again in rx/tx pol

CVE-2025-37932 [MEDIUM] CVE-2025-37932: In the Linux kernel, the following vulnerability has been resolved: sch_htb: make htb_qlen_notify() In the Linux kernel, the following vulnerability has been resolved: sch_htb: make htb_qlen_notify() idempotent htb_qlen_notify() always deactivates the HTB class and in fact could trigger a warning if it is already deactivated. Therefore, it is not idempotent and not friendly to its callers, like fq_codel_dequeue(). Let's make it idempotent to ease qdisc_

CVE-2025-37936 [MEDIUM] CVE-2025-37936: In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel: KVM: Mask PEBS_ In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel: KVM: Mask PEBS_ENABLE loaded for guest with vCPU's value. When generating the MSR_IA32_PEBS_ENABLE value that will be loaded on VM-Entry to a KVM guest, mask the value with the vCPU's desired PEBS_ENABLE value. Consulting only the host kernel's host vs. guest masks results

CVE-2025-37990 [MEDIUM] CWE-908 CVE-2025-37990: In the Linux kernel, the following vulnerability has been resolved: wifi: brcm80211: fmac: Add erro In the Linux kernel, the following vulnerability has been resolved: wifi: brcm80211: fmac: Add error handling for brcmf_usb_dl_writeimage() The function brcmf_usb_dl_writeimage() calls the function brcmf_usb_dl_cmd() but dose not check its return value. The 'state.state' and the 'state.bytes' are uninitialized if the function brcmf_usb_dl_cmd() fai

CVE-2025-37972 [MEDIUM] CWE-476 CVE-2025-37972: In the Linux kernel, the following vulnerability has been resolved: Input: mtk-pmic-keys - fix poss In the Linux kernel, the following vulnerability has been resolved: Input: mtk-pmic-keys - fix possible null pointer dereference In mtk_pmic_keys_probe, the regs parameter is only set if the button is parsed in the device tree. However, on hardware where the button is left floating, that node will most likely be removed not to enable that input. In

CVE-2025-37929 [MEDIUM] CWE-476 CVE-2025-37929: In the Linux kernel, the following vulnerability has been resolved: arm64: errata: Add missing sent In the Linux kernel, the following vulnerability has been resolved: arm64: errata: Add missing sentinels to Spectre-BHB MIDR arrays Commit a5951389e58d ("arm64: errata: Add newer ARM cores to the spectre_bhb_loop_affected() lists") added some additional CPUs to the Spectre-BHB workaround, including some new arrays for designs that require new 'k' v

CVE-2025-37969 [MEDIUM] CWE-667 CVE-2025-37969: In the Linux kernel, the following vulnerability has been resolved: iio: imu: st_lsm6dsx: fix possi In the Linux kernel, the following vulnerability has been resolved: iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_tagged_fifo Prevent st_lsm6dsx_read_tagged_fifo from falling in an infinite loop in case pattern_len is equal to zero and the device FIFO is not empty.

CVE-2025-37949 [MEDIUM] CWE-476 CVE-2025-37949: In the Linux kernel, the following vulnerability has been resolved: xenbus: Use kref to track req l In the Linux kernel, the following vulnerability has been resolved: xenbus: Use kref to track req lifetime Marek reported seeing a NULL pointer fault in the xenbus_thread callstack: BUG: kernel NULL pointer dereference, address: 0000000000000000 RIP: e030:__wake_up_common+0x4c/0x180 Call Trace: __wake_up_common_lock+0x82/0xd0 process_msg+0x18e/0x2

CVE-2025-37931 [MEDIUM] CVE-2025-37931: In the Linux kernel, the following vulnerability has been resolved: btrfs: adjust subpage bit start In the Linux kernel, the following vulnerability has been resolved: btrfs: adjust subpage bit start based on sectorsize When running machines with 64k page size and a 16k nodesize we started seeing tree log corruption in production. This turned out to be because we were not writing out dirty blocks sometimes, so this in fact affects all metadata writes. W

CVE-2025-37905 [MEDIUM] CWE-401 CVE-2025-37905: In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scmi: Balance dev In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scmi: Balance device refcount when destroying devices Using device_find_child() to lookup the proper SCMI device to destroy causes an unbalance in device refcount, since device_find_child() calls an implicit get_device(): this, in turns, inhibits the call of the provi

CVE-2025-37961 [MEDIUM] CWE-908 CVE-2025-37961: In the Linux kernel, the following vulnerability has been resolved: ipvs: fix uninit-value for sadd In the Linux kernel, the following vulnerability has been resolved: ipvs: fix uninit-value for saddr in do_output_route4 syzbot reports for uninit-value for the saddr argument [1]. commit 4754957f04f5 ("ipvs: do not use random local source address for tunnels") already implies that the input value of saddr should be ignored but the code is still re

CVE-2025-37938 [MEDIUM] CWE-476 CVE-2025-37938: In the Linux kernel, the following vulnerability has been resolved: tracing: Verify event formats t In the Linux kernel, the following vulnerability has been resolved: tracing: Verify event formats that have "%*p.." The trace event verifier checks the formats of trace events to make sure that they do not point at memory that is not in the trace event itself or in data that will never be freed. If an event references data that was allocated when t

CVE-2025-37940 [MEDIUM] CWE-667 CVE-2025-37940: In the Linux kernel, the following vulnerability has been resolved: ftrace: Add cond_resched() to f In the Linux kernel, the following vulnerability has been resolved: ftrace: Add cond_resched() to ftrace_graph_set_hash() When the kernel contains a large number of functions that can be traced, the loop in ftrace_graph_set_hash() may take a lot of time to execute. This may trigger the softlockup watchdog. Add cond_resched() within the loop to all