Debian Linux vulnerabilities

CVE-2025-23147 [MEDIUM] CWE-476 CVE-2025-23147: In the Linux kernel, the following vulnerability has been resolved: i3c: Add NULL pointer check in In the Linux kernel, the following vulnerability has been resolved: i3c: Add NULL pointer check in i3c_master_queue_ibi() The I3C master driver may receive an IBI from a target device that has not been probed yet. In such cases, the master calls `i3c_master_queue_ibi()` to queue an IBI work task, leading to "Unable to handle kernel read from unread

CVE-2025-37757 [MEDIUM] CWE-401 CVE-2025-37757: In the Linux kernel, the following vulnerability has been resolved: tipc: fix memory leak in tipc_l In the Linux kernel, the following vulnerability has been resolved: tipc: fix memory leak in tipc_link_xmit In case the backlog transmit queue for system-importance messages is overloaded, tipc_link_xmit() returns -ENOBUFS but the skb list is not purged. This leads to memory leak and failure when a skb is allocated. This commit fixes this issue b

CVE-2025-23144 [MEDIUM] CVE-2025-23144: In the Linux kernel, the following vulnerability has been resolved: backlight: led_bl: Hold led_acc In the Linux kernel, the following vulnerability has been resolved: backlight: led_bl: Hold led_access lock when calling led_sysfs_disable() Lockdep detects the following issue on led-backlight removal: [ 142.315935] ------------[ cut here ]------------ [ 142.315954] WARNING: CPU: 2 PID: 292 at drivers/leds/led-core.c:455 led_sysfs_enable+0x54/0x80 ... [

CVE-2025-37740 [MEDIUM] CWE-369 CVE-2025-37740: In the Linux kernel, the following vulnerability has been resolved: jfs: add sanity check for agwid In the Linux kernel, the following vulnerability has been resolved: jfs: add sanity check for agwidth in dbMount The width in dmapctl of the AG is zero, it trigger a divide error when calculating the control page level in dbAllocAG. To avoid this issue, add a check for agwidth in dbAllocAG.

CVE-2025-37790 [MEDIUM] CVE-2025-37790: In the Linux kernel, the following vulnerability has been resolved: net: mctp: Set SOCK_RCU_FREE B In the Linux kernel, the following vulnerability has been resolved: net: mctp: Set SOCK_RCU_FREE Bind lookup runs under RCU, so ensure that a socket doesn't go away in the middle of a lookup.

CVE-2025-37788 [MEDIUM] CWE-401 CVE-2025-37788: In the Linux kernel, the following vulnerability has been resolved: cxgb4: fix memory leak in cxgb4 In the Linux kernel, the following vulnerability has been resolved: cxgb4: fix memory leak in cxgb4_init_ethtool_filters() error path In the for loop used to allocate the loc_array and bmap for each port, a memory leak is possible when the allocation for loc_array succeeds, but the allocation for bmap fails. This is because when the control flow g

CVE-2025-23150 [MEDIUM] CWE-193 CVE-2025-23150: In the Linux kernel, the following vulnerability has been resolved: ext4: fix off-by-one error in d In the Linux kernel, the following vulnerability has been resolved: ext4: fix off-by-one error in do_split Syzkaller detected a use-after-free issue in ext4_insert_dentry that was caused by out-of-bounds access due to incorrect splitting in do_split. BUG: KASAN: use-after-free in ext4_insert_dentry+0x36a/0x6d0 fs/ext4/namei.c:2109 Write of size 2

CVE-2025-37767 [MEDIUM] CWE-369 CVE-2025-37767: In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Prevent division by In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Prevent division by zero The user can set any speed value. If speed is greater than UINT_MAX/8, division by zero is possible. Found by Linux Verification Center (linuxtesting.org) with SVACE.

CVE-2025-37765 [MEDIUM] CWE-416 CVE-2025-37765: In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: prime: fix ttm_bo_ In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: prime: fix ttm_bo_delayed_delete oops Fix an oops in ttm_bo_delayed_delete which results from dererencing a dangling pointer: Oops: general protection fault, probably for non-canonical address 0x6b6b6b6b6b6b6b7b: 0000 [#1] PREEMPT SMP CPU: 4 UID: 0 PID: 1082 Comm: kw

CVE-2025-37741 [MEDIUM] CWE-667 CVE-2025-37741: In the Linux kernel, the following vulnerability has been resolved: jfs: Prevent copying of nlink w In the Linux kernel, the following vulnerability has been resolved: jfs: Prevent copying of nlink with value 0 from disk inode syzbot report a deadlock in diFree. [1] When calling "ioctl$LOOP_SET_STATUS64", the offset value passed in is 4, which does not match the mounted loop device, causing the mapping of the mounted loop device to be invalidat

CVE-2025-37748 [MEDIUM] CWE-476 CVE-2025-37748: In the Linux kernel, the following vulnerability has been resolved: iommu/mediatek: Fix NULL pointe In the Linux kernel, the following vulnerability has been resolved: iommu/mediatek: Fix NULL pointer deference in mtk_iommu_device_group Currently, mtk_iommu calls during probe iommu_device_register before the hw_list from driver data is initialized. Since iommu probing issue fix, it leads to NULL pointer dereference in mtk_iommu_device_group when

CVE-2025-37742 [MEDIUM] CWE-908 CVE-2025-37742: In the Linux kernel, the following vulnerability has been resolved: jfs: Fix uninit-value access of In the Linux kernel, the following vulnerability has been resolved: jfs: Fix uninit-value access of imap allocated in the diMount() function syzbot reports that hex_dump_to_buffer is using uninit-value: BUG: KMSAN: uninit-value in hex_dump_to_buffer+0x888/0x1100 lib/hexdump.c:171 hex_dump_to_buffer+0x888/0x1100 lib/hexdump.c:171 print_hex_dump+0x

CVE-2025-37772 [MEDIUM] CWE-476 CVE-2025-37772: In the Linux kernel, the following vulnerability has been resolved: RDMA/cma: Fix workqueue crash i In the Linux kernel, the following vulnerability has been resolved: RDMA/cma: Fix workqueue crash in cma_netevent_work_handler struct rdma_cm_id has member "struct work_struct net_work" that is reused for enqueuing cma_netevent_work_handler()s onto cma_wq. Below crash[1] can occur if more than one call to cma_netevent_callback() occurs in quick s

CVE-2025-37781 [MEDIUM] CWE-476 CVE-2025-37781: In the Linux kernel, the following vulnerability has been resolved: i2c: cros-ec-tunnel: defer prob In the Linux kernel, the following vulnerability has been resolved: i2c: cros-ec-tunnel: defer probe if parent EC is not present When i2c-cros-ec-tunnel and the EC driver are built-in, the EC parent device will not be found, leading to NULL pointer dereference. That can also be reproduced by unbinding the controller driver and then loading i2c-cr

CVE-2025-37792 [MEDIUM] CWE-476 CVE-2025-37792: In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btrtl: Prevent poten In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btrtl: Prevent potential NULL dereference The btrtl_initialize() function checks that rtl_load_file() either had an error or it loaded a zero length file. However, if it loaded a zero length file then the error code is not set correctly. It results in an error pointer v

CVE-2025-37775 [MEDIUM] CVE-2025-37775: In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix the warning from __k In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix the warning from __kernel_write_iter [ 2110.972290] ------------[ cut here ]------------ [ 2110.972301] WARNING: CPU: 3 PID: 735 at fs/read_write.c:599 __kernel_write_iter+0x21b/0x280 This patch doesn't allow writing to directory.

CVE-2025-23163 [MEDIUM] CWE-667 CVE-2025-23163: In the Linux kernel, the following vulnerability has been resolved: net: vlan: don't propagate flag In the Linux kernel, the following vulnerability has been resolved: net: vlan: don't propagate flags on open With the device instance lock, there is now a possibility of a deadlock: [ 1.211455] ============================================ [ 1.211571] WARNING: possible recursive locking detected [ 1.211687] 6.14.0-rc5-01215-g032756b4ca7a-dirty #5

CVE-2025-37766 [MEDIUM] CWE-369 CVE-2025-37766: In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Prevent division by In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Prevent division by zero The user can set any speed value. If speed is greater than UINT_MAX/8, division by zero is possible. Found by Linux Verification Center (linuxtesting.org) with SVACE.

CVE-2025-23151 [MEDIUM] CWE-362 CVE-2025-23151: In the Linux kernel, the following vulnerability has been resolved: bus: mhi: host: Fix race betwee In the Linux kernel, the following vulnerability has been resolved: bus: mhi: host: Fix race between unprepare and queue_buf A client driver may use mhi_unprepare_from_transfer() to quiesce incoming data during the client driver's tear down. The client driver might also be processing data at the same time, resulting in a call to mhi_queue_buf() wh

CVE-2025-23159 [MEDIUM] CWE-787 CVE-2025-23159: In the Linux kernel, the following vulnerability has been resolved: media: venus: hfi: add a check In the Linux kernel, the following vulnerability has been resolved: media: venus: hfi: add a check to handle OOB in sfr region sfr->buf_size is in shared memory and can be modified by malicious user. OOB write is possible when the size is made higher than actual sfr data buffer. Cap the size to allocated size for such cases.