Debian Linux vulnerabilities

CVE-2025-37983 [MEDIUM] CWE-401 CVE-2025-37983: In the Linux kernel, the following vulnerability has been resolved: qibfs: fix _another_ leak fail In the Linux kernel, the following vulnerability has been resolved: qibfs: fix _another_ leak failure to allocate inode => leaked dentry... this one had been there since the initial merge; to be fair, if we are that far OOM, the odds of failing at that particular allocation are low...

CVE-2025-37951 [MEDIUM] CWE-401 CVE-2025-37951: In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Add job to pending lis In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Add job to pending list if the reset was skipped When a CL/CSD job times out, we check if the GPU has made any progress since the last timeout. If so, instead of resetting the hardware, we skip the reset and let the timer get rearmed. This gives long-running jobs a chance

CVE-2025-37901 [MEDIUM] CVE-2025-37901: In the Linux kernel, the following vulnerability has been resolved: irqchip/qcom-mpm: Prevent crash In the Linux kernel, the following vulnerability has been resolved: irqchip/qcom-mpm: Prevent crash when trying to handle non-wake GPIOs On Qualcomm chipsets not all GPIOs are wakeup capable. Those GPIOs do not have a corresponding MPM pin and should not be handled inside the MPM driver. The IRQ domain hierarchy is always applied, so it's required to expl

CVE-2025-37964 [MEDIUM] CVE-2025-37964: In the Linux kernel, the following vulnerability has been resolved: x86/mm: Eliminate window where In the Linux kernel, the following vulnerability has been resolved: x86/mm: Eliminate window where TLB flushes may be inadvertently skipped tl;dr: There is a window in the mm switching code where the new CR3 is set and the CPU should be getting TLB flushes for the new mm. But should_flush_tlb() has a bug and suppresses the flush. Fix it by widening the win

CVE-2025-37985 [MEDIUM] CWE-362 CVE-2025-37985: In the Linux kernel, the following vulnerability has been resolved: USB: wdm: close race between wd In the Linux kernel, the following vulnerability has been resolved: USB: wdm: close race between wdm_open and wdm_wwan_port_stop Clearing WDM_WWAN_IN_USE must be the last action or we can open a chardev whose URBs are still poisoned

CVE-2025-37948 [MEDIUM] CVE-2025-37948: In the Linux kernel, the following vulnerability has been resolved: arm64: bpf: Add BHB mitigation In the Linux kernel, the following vulnerability has been resolved: arm64: bpf: Add BHB mitigation to the epilogue for cBPF programs A malicious BPF program may manipulate the branch history to influence what the hardware speculates will happen next. On exit from a BPF program, emit the BHB mititgation sequence. This is only applied for 'classic' cBPF pr

CVE-2025-37967 [MEDIUM] CWE-667 CVE-2025-37967: In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: displayport: In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: displayport: Fix deadlock This patch introduces the ucsi_con_mutex_lock / ucsi_con_mutex_unlock functions to the UCSI driver. ucsi_con_mutex_lock ensures the connector mutex is only locked if a connection is established and the partner pointer is valid. This resol

CVE-2025-37912 [MEDIUM] CWE-476 CVE-2025-37912: In the Linux kernel, the following vulnerability has been resolved: ice: Check VF VSI Pointer Value In the Linux kernel, the following vulnerability has been resolved: ice: Check VF VSI Pointer Value in ice_vc_add_fdir_fltr() As mentioned in the commit baeb705fd6a7 ("ice: always check VF VSI pointer values"), we need to perform a null pointer check on the return value of ice_get_vf_vsi() before using it.

CVE-2025-37968 [MEDIUM] CWE-667 CVE-2025-37968: In the Linux kernel, the following vulnerability has been resolved: iio: light: opt3001: fix deadlo In the Linux kernel, the following vulnerability has been resolved: iio: light: opt3001: fix deadlock due to concurrent flag access The threaded IRQ function in this driver is reading the flag twice: once to lock a mutex and once to unlock it. Even though the code setting the flag is designed to prevent it, there are subtle cases where the flag co

CVE-2025-37989 [MEDIUM] CWE-401 CVE-2025-37989: In the Linux kernel, the following vulnerability has been resolved: net: phy: leds: fix memory leak In the Linux kernel, the following vulnerability has been resolved: net: phy: leds: fix memory leak A network restart test on a router led to an out-of-memory condition, which was traced to a memory leak in the PHY LED trigger code. The root cause is misuse of the devm API. The registration function (phy_led_triggers_register) is called from phy_

CVE-2025-47273 [HIGH] CWE-22 CVE-2025-47273: setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in `PackageIndex` is present in setuptools prior to version 78.1.1. An attacker would be allowed to write files to arbitrary locations on the filesystem with the permissions of the process running the Python code

CVE-2025-37890 [HIGH] CWE-416 CVE-2025-37890: In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Fix a UAF vuln In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc As described in Gerrard's report [1], we have a UAF case when an hfsc class has a netem child qdisc. The crux of the issue is that hfsc is assuming that checking for cl->qdisc->q.qlen == 0 guarantees that it

CVE-2025-47287 [HIGH] CWE-770 CVE-2025-47287: Tornado is a Python web framework and asynchronous networking library. When Tornado's ``multipart/fo Tornado is a Python web framework and asynchronous networking library. When Tornado's ``multipart/form-data`` parser encounters certain errors, it logs a warning but continues trying to parse the remainder of the data. This allows remote attackers to generate an extremely high volume of logs, constituting a DoS attack. This DoS is compounded by the fa

CVE-2025-37885 [HIGH] CWE-416 CVE-2025-37885: In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Reset IRTE to host co In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Reset IRTE to host control if *new* route isn't postable Restore an IRTE back to host control (remapped or posted MSI mode) if the *new* GSI route prevents posting the IRQ directly to a vCPU, regardless of the GSI routing type. Updating the IRTE if and only if the new GSI

CVE-2025-37879 [HIGH] CWE-125 CVE-2025-37879: In the Linux kernel, the following vulnerability has been resolved: 9p/net: fix improper handling o In the Linux kernel, the following vulnerability has been resolved: 9p/net: fix improper handling of bogus negative read/write replies In p9_client_write() and p9_client_read_once(), if the server incorrectly replies with success but a negative write/read count then we would consider written (negative) 3)

CVE-2025-37840 [HIGH] CVE-2025-37840: In the Linux kernel, the following vulnerability has been resolved: mtd: rawnand: brcmnand: fix PM In the Linux kernel, the following vulnerability has been resolved: mtd: rawnand: brcmnand: fix PM resume warning Fixed warning on PM resume as shown below caused due to uninitialized struct nand_operation that checks chip select field : WARN_ON(op->cs >= nanddev_ntargets(&chip->base) [ 14.588522] ------------[ cut here ]------------ [ 14.588529] WARNING: C

CVE-2025-37849 [HIGH] CWE-416 CVE-2025-37849: In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Tear down vGIC on f In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Tear down vGIC on failed vCPU creation If kvm_arch_vcpu_create() fails to share the vCPU page with the hypervisor, we propagate the error back to the ioctl but leave the vGIC vCPU data initialised. Note only does this leak the corresponding memory when the vCPU is destro

CVE-2025-37839 [HIGH] CVE-2025-37839: In the Linux kernel, the following vulnerability has been resolved: jbd2: remove wrong sb->s_sequen In the Linux kernel, the following vulnerability has been resolved: jbd2: remove wrong sb->s_sequence check Journal emptiness is not determined by sb->s_sequence == 0 but rather by sb->s_start == 0 (which is set a few lines above). Furthermore 0 is a valid transaction ID so the check can spuriously trigger. Remove the invalid WARN_ON.

CVE-2025-37854 [HIGH] CWE-416 CVE-2025-37854: In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix mode1 reset cra In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix mode1 reset crash issue If HW scheduler hangs and mode1 reset is used to recover GPU, KFD signal user space to abort the processes. After process abort exit, user queues still use the GPU to access system memory before h/w is reset while KFD cleanup worker free syste

CVE-2025-37862 [MEDIUM] CWE-476 CVE-2025-37862: In the Linux kernel, the following vulnerability has been resolved: HID: pidff: Fix null pointer de In the Linux kernel, the following vulnerability has been resolved: HID: pidff: Fix null pointer dereference in pidff_find_fields This function triggered a null pointer dereference if used to search for a report that isn't implemented on the device. This happened both for optional and required reports alike. The same logic was applied to pidff_fi