Debian Linux vulnerabilities

CVE-2025-37858 [MEDIUM] CWE-190 CVE-2025-37858: In the Linux kernel, the following vulnerability has been resolved: fs/jfs: Prevent integer overflo In the Linux kernel, the following vulnerability has been resolved: fs/jfs: Prevent integer overflow in AG size calculation The JFS filesystem calculates allocation group (AG) size using 1 2TB aggregates on 32-bit systems), this 32-bit shift operation causes undefined behavior and improper AG sizing. On 32-bit architectures: - Left-shifting 1 by

CVE-2025-37875 [MEDIUM] CVE-2025-37875: In the Linux kernel, the following vulnerability has been resolved: igc: fix PTM cycle trigger logi In the Linux kernel, the following vulnerability has been resolved: igc: fix PTM cycle trigger logic Writing to clear the PTM status 'valid' bit while the PTM cycle is triggered results in unreliable PTM operation. To fix this, clear the PTM 'trigger' and status after each PTM transaction. The issue can be reproduced with the following: $ sudo phc2sys -

CVE-2025-37865 [MEDIUM] CWE-908 CVE-2025-37865: In the Linux kernel, the following vulnerability has been resolved: net: dsa: mv88e6xxx: fix -ENOEN In the Linux kernel, the following vulnerability has been resolved: net: dsa: mv88e6xxx: fix -ENOENT when deleting VLANs and MST is unsupported Russell King reports that on the ZII dev rev B, deleting a bridge VLAN from a user port fails with -ENOENT: https://lore.kernel.org/netdev/[email protected]/ This comes from mv88e6xxx

CVE-2025-37859 [MEDIUM] CWE-835 CVE-2025-37859: In the Linux kernel, the following vulnerability has been resolved: page_pool: avoid infinite loop In the Linux kernel, the following vulnerability has been resolved: page_pool: avoid infinite loop to schedule delayed worker We noticed the kworker in page_pool_release_retry() was waken up repeatedly and infinitely in production because of the buggy driver causing the inflight less than 0 and warning us in page_pool_inflight()[1]. Since the infl

CVE-2025-37844 [MEDIUM] CWE-476 CVE-2025-37844: In the Linux kernel, the following vulnerability has been resolved: cifs: avoid NULL pointer derefe In the Linux kernel, the following vulnerability has been resolved: cifs: avoid NULL pointer dereference in dbg call cifs_server_dbg() implies server to be non-NULL so move call under condition to avoid NULL pointer dereference. Found by Linux Verification Center (linuxtesting.org) with SVACE.

CVE-2025-37884 [MEDIUM] CWE-667 CVE-2025-37884: In the Linux kernel, the following vulnerability has been resolved: bpf: Fix deadlock between rcu_t In the Linux kernel, the following vulnerability has been resolved: bpf: Fix deadlock between rcu_tasks_trace and event_mutex. Fix the following deadlock: CPU A _free_event() perf_kprobe_destroy() mutex_lock(&event_mutex) perf_trace_event_unreg() synchronize_rcu_tasks_trace() There are several paths where _free_event() grabs event_mutex and calls

CVE-2025-37852 [MEDIUM] CWE-476 CVE-2025-37852: In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: handle amdgpu_cgs_c In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: handle amdgpu_cgs_create_device() errors in amd_powerplay_create() Add error handling to propagate amdgpu_cgs_create_device() failures to the caller. When amdgpu_cgs_create_device() fails, release hwmgr and return -ENOMEM to prevent null pointer dereference. [v1]->[v2

CVE-2025-37867 [MEDIUM] CVE-2025-37867: In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Silence oversized kv In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Silence oversized kvmalloc() warning syzkaller triggered an oversized kvmalloc() warning. Silence it by adding __GFP_NOWARN. syzkaller log: WARNING: CPU: 7 PID: 518 at mm/util.c:665 __kvmalloc_node_noprof+0x175/0x180 CPU: 7 UID: 0 PID: 518 Comm: c_repro Not tainted 6.11.0-rc6+

CVE-2025-37881 [MEDIUM] CWE-476 CVE-2025-37881: In the Linux kernel, the following vulnerability has been resolved: usb: gadget: aspeed: Add NULL p In the Linux kernel, the following vulnerability has been resolved: usb: gadget: aspeed: Add NULL pointer check in ast_vhub_init_dev() The variable d->name, returned by devm_kasprintf(), could be NULL. A pointer check is added to prevent potential NULL pointer dereference. This is similar to the fix in commit 3027e7b15b02 ("ice: Fix some null poin

CVE-2025-37889 [MEDIUM] CVE-2025-37889: In the Linux kernel, the following vulnerability has been resolved: ASoC: ops: Consistently treat p In the Linux kernel, the following vulnerability has been resolved: ASoC: ops: Consistently treat platform_max as control value This reverts commit 9bdd10d57a88 ("ASoC: ops: Shift tested values in snd_soc_put_volsw() by +min"), and makes some additional related updates. There are two ways the platform_max could be interpreted; the maximum register value,

CVE-2025-37836 [MEDIUM] CVE-2025-37836: In the Linux kernel, the following vulnerability has been resolved: PCI: Fix reference leak in pci_ In the Linux kernel, the following vulnerability has been resolved: PCI: Fix reference leak in pci_register_host_bridge() If device_register() fails, call put_device() to give up the reference to avoid a memory leak, per the comment at device_register(). Found by code review. [bhelgaas: squash Dan Carpenter's double free fix from https://lore.kernel.org

CVE-2025-37850 [MEDIUM] CWE-369 CVE-2025-37850: In the Linux kernel, the following vulnerability has been resolved: pwm: mediatek: Prevent divide-b In the Linux kernel, the following vulnerability has been resolved: pwm: mediatek: Prevent divide-by-zero in pwm_mediatek_config() With CONFIG_COMPILE_TEST && !CONFIG_HAVE_CLK, pwm_mediatek_config() has a divide-by-zero in the following line: do_div(resolution, clk_get_rate(pc->clk_pwms[pwm->hwpwm])); due to the fact that the !CONFIG_HAVE_CLK ve

CVE-2025-37871 [MEDIUM] CVE-2025-37871: In the Linux kernel, the following vulnerability has been resolved: nfsd: decrease sc_count directl In the Linux kernel, the following vulnerability has been resolved: nfsd: decrease sc_count directly if fail to queue dl_recall A deadlock warning occurred when invoking nfs4_put_stid following a failed dl_recall queue operation: T1 T2 nfs4_laundromat nfs4_get_client_reaplist nfs4_anylock_blockers __break_lease spin_lock // ctx->flc_lock spin_lock // clp-

CVE-2025-37841 [MEDIUM] CWE-476 CVE-2025-37841: In the Linux kernel, the following vulnerability has been resolved: pm: cpupower: bench: Prevent NU In the Linux kernel, the following vulnerability has been resolved: pm: cpupower: bench: Prevent NULL dereference on malloc failure If malloc returns NULL due to low memory, 'config' pointer can be NULL. Add a check to prevent NULL dereference.

CVE-2025-37857 [MEDIUM] CWE-190 CVE-2025-37857: In the Linux kernel, the following vulnerability has been resolved: scsi: st: Fix array overflow in In the Linux kernel, the following vulnerability has been resolved: scsi: st: Fix array overflow in st_setup() Change the array size to follow parms size instead of a fixed value.

CVE-2025-37851 [MEDIUM] CWE-674 CVE-2025-37851: In the Linux kernel, the following vulnerability has been resolved: fbdev: omapfb: Add 'plane' valu In the Linux kernel, the following vulnerability has been resolved: fbdev: omapfb: Add 'plane' value check Function dispc_ovl_setup is not intended to work with the value OMAP_DSS_WB of the enum parameter plane. The value of this parameter is initialized in dss_init_overlays and in the current state of the code it cannot take this value so it's n

CVE-2025-37883 [MEDIUM] CWE-476 CVE-2025-37883: In the Linux kernel, the following vulnerability has been resolved: s390/sclp: Add check for get_ze In the Linux kernel, the following vulnerability has been resolved: s390/sclp: Add check for get_zeroed_page() Add check for the return value of get_zeroed_page() in sclp_console_init() to prevent null pointer dereference. Furthermore, to solve the memory leak caused by the loop allocation, add a free helper to do the free job.

CVE-2025-37819 [HIGH] CWE-416 CVE-2025-37819: In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v2m: Prevent use af In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v2m: Prevent use after free of gicv2m_get_fwnode() With ACPI in place, gicv2m_get_fwnode() is registered with the pci subsystem as pci_msi_get_fwnode_cb(), which may get invoked at runtime during a PCI host bridge probe. But, the call back is wrongly marked as __init, ca

CVE-2025-37823 [HIGH] CWE-416 CVE-2025-37823: In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Fix a potentia In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too Similarly to the previous patch, we need to safe guard hfsc_dequeue() too. But for this one, we don't have a reliable reproducer.

CVE-2025-37810 [HIGH] CWE-787 CVE-2025-37810: In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: gadget: check that e In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: gadget: check that event count does not exceed event buffer length The event count is read from register DWC3_GEVNTCOUNT. There is a check for the count being zero, but not for exceeding the event buffer length. Check that event count does not exceed event buffer length,