Debian Linux vulnerabilities

CVE-2025-37738 [HIGH] CWE-416 CVE-2025-37738: In the Linux kernel, the following vulnerability has been resolved: ext4: ignore xattrs past end O In the Linux kernel, the following vulnerability has been resolved: ext4: ignore xattrs past end Once inside 'ext4_xattr_inode_dec_ref_all' we should ignore xattrs entries past the 'end' entry. This fixes the following KASAN reported issue: BUG: KASAN: slab-use-after-free in ext4_xattr_inode_dec_ref_all+0xb8c/0xe90 Read of size 4 at addr ffff88801

CVE-2025-37789 [HIGH] CVE-2025-37789: In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix nested ke In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix nested key length validation in the set() action It's not safe to access nla_len(ovs_key) if the data is smaller than the netlink header. Check that the attribute is OK first.

CVE-2025-23142 [HIGH] CWE-416 CVE-2025-23142: In the Linux kernel, the following vulnerability has been resolved: sctp: detect and prevent refere In the Linux kernel, the following vulnerability has been resolved: sctp: detect and prevent references to a freed transport in sendmsg sctp_sendmsg() re-uses associations and transports when possible by doing a lookup based on the socket endpoint and the message destination address, and then sctp_sendmsg_to_asoc() sets the selected transport in all

CVE-2025-37739 [HIGH] CWE-125 CVE-2025-37739: In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid out-of-bound In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid out-of-bounds access in f2fs_truncate_inode_blocks() syzbot reports an UBSAN issue as below: ------------[ cut here ]------------ UBSAN: array-index-out-of-bounds in fs/f2fs/node.h:381:10 index 18446744073709550692 is out of range for type '__le32[5]' (aka 'unsig

CVE-2025-23157 [HIGH] CWE-125 CVE-2025-23157: In the Linux kernel, the following vulnerability has been resolved: media: venus: hfi_parser: add c In the Linux kernel, the following vulnerability has been resolved: media: venus: hfi_parser: add check to avoid out of bound access There is a possibility that init_codecs is invoked multiple times during manipulated payload from video firmware. In such case, if codecs_count can get incremented to value more than MAX_CODEC_NUM, there can be OOB acc

CVE-2025-23160 [MEDIUM] CWE-401 CVE-2025-23160: In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Fix a In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Fix a resource leak related to the scp device in FW initialization On Mediatek devices with a system companion processor (SCP) the mtk_scp structure has to be removed explicitly to avoid a resource leak. Free the structure in case the allocation of the firm

CVE-2025-23145 [MEDIUM] CWE-476 CVE-2025-23145: In the Linux kernel, the following vulnerability has been resolved: mptcp: fix NULL pointer in can_ In the Linux kernel, the following vulnerability has been resolved: mptcp: fix NULL pointer in can_accept_new_subflow When testing valkey benchmark tool with MPTCP, the kernel panics in 'mptcp_can_accept_new_subflow' because subflow_req->msk is NULL. Call trace: mptcp_can_accept_new_subflow (./net/mptcp/subflow.c:63 (discriminator 4)) (P) subflo

CVE-2025-37771 [MEDIUM] CWE-369 CVE-2025-37771: In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Prevent division by In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Prevent division by zero The user can set any speed value. If speed is greater than UINT_MAX/8, division by zero is possible. Found by Linux Verification Center (linuxtesting.org) with SVACE.

CVE-2025-37770 [MEDIUM] CWE-369 CVE-2025-37770: In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Prevent division by In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Prevent division by zero The user can set any speed value. If speed is greater than UINT_MAX/8, division by zero is possible. Found by Linux Verification Center (linuxtesting.org) with SVACE.

CVE-2025-37756 [MEDIUM] CVE-2025-37756: In the Linux kernel, the following vulnerability has been resolved: net: tls: explicitly disallow d In the Linux kernel, the following vulnerability has been resolved: net: tls: explicitly disallow disconnect syzbot discovered that it can disconnect a TLS socket and then run into all sort of unexpected corner cases. I have a vague recollection of Eric pointing this out to us a long time ago. Supporting disconnect is really hard, for one thing if offload

CVE-2025-23148 [MEDIUM] CWE-476 CVE-2025-23148: In the Linux kernel, the following vulnerability has been resolved: soc: samsung: exynos-chipid: Ad In the Linux kernel, the following vulnerability has been resolved: soc: samsung: exynos-chipid: Add NULL pointer check in exynos_chipid_probe() soc_dev_attr->revision could be NULL, thus, a pointer check is added to prevent potential NULL pointer dereference. This is similar to the fix in commit 3027e7b15b02 ("ice: Fix some null pointer dereferen

CVE-2025-23146 [MEDIUM] CWE-476 CVE-2025-23146: In the Linux kernel, the following vulnerability has been resolved: mfd: ene-kb3930: Fix a potentia In the Linux kernel, the following vulnerability has been resolved: mfd: ene-kb3930: Fix a potential NULL pointer dereference The off_gpios could be NULL. Add missing check in the kb3930_probe(). This is similar to the issue fixed in commit b1ba8bcb2d1f ("backlight: hx8357: Fix potential NULL pointer dereference"). This was detected by our static

CVE-2025-23141 [MEDIUM] CVE-2025-23141: In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Acquire SRCU in KVM_G In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Acquire SRCU in KVM_GET_MP_STATE to protect guest memory accesses Acquire a lock on kvm->srcu when userspace is getting MP state to handle a rather extreme edge case where "accepting" APIC events, i.e. processing pending INIT or SIPI, can trigger accesses to guest memory. If the

CVE-2025-37769 [MEDIUM] CWE-369 CVE-2025-37769: In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm/smu11: Prevent divis In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm/smu11: Prevent division by zero The user can set any speed value. If speed is greater than UINT_MAX/8, division by zero is possible. Found by Linux Verification Center (linuxtesting.org) with SVACE. (cherry picked from commit da7dc714a8f8e1c9fc33c57cd63583779a3bef71)

CVE-2025-23143 [MEDIUM] CWE-476 CVE-2025-23143: In the Linux kernel, the following vulnerability has been resolved: net: Fix null-ptr-deref by sock In the Linux kernel, the following vulnerability has been resolved: net: Fix null-ptr-deref by sock_lock_init_class_and_name() and rmmod. When I ran the repro [0] and waited a few seconds, I observed two LOCKDEP splats: a warning immediately followed by a null-ptr-deref. [1] Reproduction Steps: 1) Mount CIFS 2) Add an iptables rule to drop incom

CVE-2025-23161 [MEDIUM] CWE-667 CVE-2025-23161: In the Linux kernel, the following vulnerability has been resolved: PCI: vmd: Make vmd_dev::cfg_loc In the Linux kernel, the following vulnerability has been resolved: PCI: vmd: Make vmd_dev::cfg_lock a raw_spinlock_t type The access to the PCI config space via pci_ops::read and pci_ops::write is a low-level hardware access. The functions can be accessed with disabled interrupts even on PREEMPT_RT. The pci_lock is a raw_spinlock_t for this purpo

CVE-2025-37773 [MEDIUM] CVE-2025-37773: In the Linux kernel, the following vulnerability has been resolved: virtiofs: add filesystem contex In the Linux kernel, the following vulnerability has been resolved: virtiofs: add filesystem context source name check In certain scenarios, for example, during fuzz testing, the source name may be NULL, which could lead to a kernel panic. Therefore, an extra check for the source name should be added.

CVE-2025-37758 [MEDIUM] CWE-476 CVE-2025-37758: In the Linux kernel, the following vulnerability has been resolved: ata: pata_pxa: Fix potential NU In the Linux kernel, the following vulnerability has been resolved: ata: pata_pxa: Fix potential NULL pointer dereference in pxa_ata_probe() devm_ioremap() returns NULL on error. Currently, pxa_ata_probe() does not check for this case, which can result in a NULL pointer dereference. Add NULL check after devm_ioremap() to prevent this issue.

CVE-2025-23140 [MEDIUM] CVE-2025-23140: In the Linux kernel, the following vulnerability has been resolved: misc: pci_endpoint_test: Avoid In the Linux kernel, the following vulnerability has been resolved: misc: pci_endpoint_test: Avoid issue of interrupts remaining after request_irq error After devm_request_irq() fails with error in pci_endpoint_test_request_irq(), the pci_endpoint_test_free_irq_vectors() is called assuming that all IRQs have been released. However, some requested IRQs rem

CVE-2025-37768 [MEDIUM] CWE-369 CVE-2025-37768: In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Prevent division by In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Prevent division by zero The user can set any speed value. If speed is greater than UINT_MAX/8, division by zero is possible. Found by Linux Verification Center (linuxtesting.org) with SVACE.