Debian Linux vulnerabilities

CVE-2025-37817 [HIGH] CWE-415 CVE-2025-37817: In the Linux kernel, the following vulnerability has been resolved: mcb: fix a double free bug in c In the Linux kernel, the following vulnerability has been resolved: mcb: fix a double free bug in chameleon_parse_gdd() In chameleon_parse_gdd(), if mcb_device_register() fails, 'mdev' would be released in mcb_device_register() via put_device(). Thus, goto 'err' label and free 'mdev' again causes a double free. Just return if mcb_device_register() f

CVE-2025-37824 [MEDIUM] CWE-476 CVE-2025-37824: In the Linux kernel, the following vulnerability has been resolved: tipc: fix NULL pointer derefere In the Linux kernel, the following vulnerability has been resolved: tipc: fix NULL pointer dereference in tipc_mon_reinit_self() syzbot reported: tipc: Node number set to 1055423674 Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] SMP KASAN NOPTI KASAN: null-ptr-deref in range [0x0000000000000000-0x

CVE-2025-37818 [MEDIUM] CWE-476 CVE-2025-37818: In the Linux kernel, the following vulnerability has been resolved: LoongArch: Return NULL from hug In the Linux kernel, the following vulnerability has been resolved: LoongArch: Return NULL from huge_pte_offset() for invalid PMD LoongArch's huge_pte_offset() currently returns a pointer to a PMD slot even if the underlying entry points to invalid_pte_table (indicating no mapping). Callers like smaps_hugetlb_range() fetch this invalid entry value

CVE-2025-37812 [MEDIUM] CWE-667 CVE-2025-37812: In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: Fix deadlock when u In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: Fix deadlock when using NCM gadget The cdns3 driver has the same NCM deadlock as fixed in cdnsp by commit 58f2fcb3a845 ("usb: cdnsp: Fix deadlock issue during using NCM gadget"). Under PREEMPT_RT the deadlock can be readily triggered by heavy network traffic, for exam

CVE-2025-37811 [MEDIUM] CWE-476 CVE-2025-37811: In the Linux kernel, the following vulnerability has been resolved: usb: chipidea: ci_hdrc_imx: fix In the Linux kernel, the following vulnerability has been resolved: usb: chipidea: ci_hdrc_imx: fix usbmisc handling usbmisc is an optional device property so it is totally valid for the corresponding data->usbmisc_data to have a NULL value. Check that before dereferencing the pointer. Found by Linux Verification Center (linuxtesting.org) with S

CVE-2025-37820 [MEDIUM] CWE-476 CVE-2025-37820: In the Linux kernel, the following vulnerability has been resolved: xen-netfront: handle NULL retur In the Linux kernel, the following vulnerability has been resolved: xen-netfront: handle NULL returned by xdp_convert_buff_to_frame() The function xdp_convert_buff_to_frame() may return NULL if it fails to correctly convert the XDP buffer into an XDP frame due to memory constraints, internal errors, or invalid data. Failing to check for NULL may l

CVE-2025-37829 [MEDIUM] CWE-476 CVE-2025-37829: In the Linux kernel, the following vulnerability has been resolved: cpufreq: scpi: Fix null-ptr-der In the Linux kernel, the following vulnerability has been resolved: cpufreq: scpi: Fix null-ptr-deref in scpi_cpufreq_get_rate() cpufreq_cpu_get_raw() can return NULL when the target CPU is not present in the policy->cpus mask. scpi_cpufreq_get_rate() does not check for this case, which results in a NULL pointer dereference.

CVE-2025-37830 [MEDIUM] CWE-476 CVE-2025-37830: In the Linux kernel, the following vulnerability has been resolved: cpufreq: scmi: Fix null-ptr-der In the Linux kernel, the following vulnerability has been resolved: cpufreq: scmi: Fix null-ptr-deref in scmi_cpufreq_get_rate() cpufreq_cpu_get_raw() can return NULL when the target CPU is not present in the policy->cpus mask. scmi_cpufreq_get_rate() does not check for this case, which results in a NULL pointer dereference. Add NULL check after

CVE-2025-37808 [MEDIUM] CVE-2025-37808: In the Linux kernel, the following vulnerability has been resolved: crypto: null - Use spin lock in In the Linux kernel, the following vulnerability has been resolved: crypto: null - Use spin lock instead of mutex As the null algorithm may be freed in softirq context through af_alg, use spin locks instead of mutexes to protect the default null algorithm.

CVE-2024-47619 [HIGH] CWE-295 CVE-2024-47619: syslog-ng is an enhanced log daemo. Prior to version 4.8.2, `tls_wildcard_match()` matches on certif syslog-ng is an enhanced log daemo. Prior to version 4.8.2, `tls_wildcard_match()` matches on certificates such as `foo.*.bar` although that is not allowed. It is also possible to pass partial wildcards such as `foo.a*c.bar` which glib matches but should be avoided / invalidated. This issue could have an impact on TLS connections, such as in man-in-th

CVE-2025-37798 [HIGH] CVE-2025-37798: In the Linux kernel, the following vulnerability has been resolved: codel: remove sch->q.qlen check In the Linux kernel, the following vulnerability has been resolved: codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog() After making all ->qlen_notify() callbacks idempotent, now it is safe to remove the check of qlen!=0 from both fq_codel_dequeue() and codel_qdisc_dequeue().

CVE-2025-37797 [HIGH] CWE-416 CVE-2025-37797: In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Fix a UAF vuln In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Fix a UAF vulnerability in class handling This patch fixes a Use-After-Free vulnerability in the HFSC qdisc class handling. The issue occurs due to a time-of-check/time-of-use condition in hfsc_change_class() when working with certain child qdiscs like netem or code

CVE-2022-21546 [HIGH] CWE-476 CVE-2022-21546: In the Linux kernel, the following vulnerability has been resolved: scsi: target: Fix WRITE_SAME No In the Linux kernel, the following vulnerability has been resolved: scsi: target: Fix WRITE_SAME No Data Buffer crash In newer version of the SBC specs, we have a NDOB bit that indicates there is no data buffer that gets written out. If this bit is set using commands like "sg_write_same --ndob" we will crash in target_core_iblock/file's execute_writ

CVE-2025-4215 [LOW] CWE-400 CVE-2025-4215: A vulnerability was found in gorhill uBlock Origin up to 1.63.3b16. It has been classified as proble A vulnerability was found in gorhill uBlock Origin up to 1.63.3b16. It has been classified as problematic. Affected is the function currentStateChanged of the file src/js/1p-filters.js of the component UI. The manipulation leads to inefficient regular expression complexity. It is possible to launch the attack remotely. The complexity of an attack is rath

CVE-2025-37780 [HIGH] CWE-125 CVE-2025-37780: In the Linux kernel, the following vulnerability has been resolved: isofs: Prevent the use of too s In the Linux kernel, the following vulnerability has been resolved: isofs: Prevent the use of too small fid syzbot reported a slab-out-of-bounds Read in isofs_fh_to_parent. [1] The handle_bytes value passed in by the reproducing program is equal to 12. In handle_to_path(), only 12 bytes of memory are allocated for the structure file_handle->f_handl

CVE-2025-23158 [HIGH] CWE-787 CVE-2025-23158: In the Linux kernel, the following vulnerability has been resolved: media: venus: hfi: add check to In the Linux kernel, the following vulnerability has been resolved: media: venus: hfi: add check to handle incorrect queue size qsize represents size of shared queued between driver and video firmware. Firmware can modify this value to an invalid large value. In such situation, empty_space will be bigger than the space actually available. Since new_

CVE-2025-23156 [HIGH] CWE-125 CVE-2025-23156: In the Linux kernel, the following vulnerability has been resolved: media: venus: hfi_parser: refac In the Linux kernel, the following vulnerability has been resolved: media: venus: hfi_parser: refactor hfi packet parsing logic words_count denotes the number of words in total payload, while data points to payload of various property within it. When words_count reaches last word, data can access memory beyond the total payload. This can lead to OOB

CVE-2025-37749 [HIGH] CWE-125 CVE-2025-37749: In the Linux kernel, the following vulnerability has been resolved: net: ppp: Add bound checking fo In the Linux kernel, the following vulnerability has been resolved: net: ppp: Add bound checking for skb data on ppp_sync_txmung Ensure we have enough data in linear buffer from skb before accessing initial bytes. This prevents potential out-of-bounds accesses when processing short packets. When ppp_sync_txmung receives an incoming package with an

CVE-2025-37778 [HIGH] CWE-416 CVE-2025-37778: In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fix dangling pointer in In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fix dangling pointer in krb_authenticate krb_authenticate frees sess->user and does not set the pointer to NULL. It calls ksmbd_krb5_authenticate to reinitialise sess->user but that function may return without doing so. If that happens then smb2_sess_setup, which calls krb_aut

CVE-2025-37752 [HIGH] CWE-129 CVE-2025-37752: In the Linux kernel, the following vulnerability has been resolved: net_sched: sch_sfq: move the li In the Linux kernel, the following vulnerability has been resolved: net_sched: sch_sfq: move the limit validation It is not sufficient to directly validate the limit on the data that the user passes as it can be updated based on how the other parameters are changed. Move the check at the end of the configuration update process to also catch scenari