Debian Linux vulnerabilities

CVE-2025-38695 [MEDIUM] CWE-476 CVE-2025-38695: In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Check for hdwq null In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport structure If a call to lpfc_sli4_read_rev() from lpfc_sli4_hba_setup() fails, the resultant cleanup routine lpfc_sli4_vport_delete_fcp_xri_aborted() may occur before sli4_hba.hdwqs are allocated. This may result in a

CVE-2025-38696 [MEDIUM] CWE-476 CVE-2025-38696: In the Linux kernel, the following vulnerability has been resolved: MIPS: Don't crash in stack_top( In the Linux kernel, the following vulnerability has been resolved: MIPS: Don't crash in stack_top() for tasks without ABI or vDSO Not all tasks have an ABI associated or vDSO mapped, for example kthreads never do. If such a task ever ends up calling stack_top(), it will derefence the NULL ABI pointer and crash. This can for example happen when u

CVE-2025-38723 [MEDIUM] CVE-2025-38723: In the Linux kernel, the following vulnerability has been resolved: LoongArch: BPF: Fix jump offset In the Linux kernel, the following vulnerability has been resolved: LoongArch: BPF: Fix jump offset calculation in tailcall The extra pass of bpf_int_jit_compile() skips JIT context initialization which essentially skips offset calculation leaving out_offset = -1, so the jmp_offset in emit_bpf_tail_call is calculated by "#define jmp_offset (out_offset -

CVE-2025-38721 [MEDIUM] CVE-2025-38721: In the Linux kernel, the following vulnerability has been resolved: netfilter: ctnetlink: fix refco In the Linux kernel, the following vulnerability has been resolved: netfilter: ctnetlink: fix refcount leak on table dump There is a reference count leak in ctnetlink_dump_table(): if (res ct_general); // HERE cb->args[1] = (unsigned long)ct; ... While its very unlikely, its possible that ct == last. If this happens, then the refcount of ct was already i

CVE-2025-38712 [MEDIUM] CWE-617 CVE-2025-38712: In the Linux kernel, the following vulnerability has been resolved: hfsplus: don't use BUG_ON() in In the Linux kernel, the following vulnerability has been resolved: hfsplus: don't use BUG_ON() in hfsplus_create_attributes_file() When the volume header contains erroneous values that do not reflect the actual state of the filesystem, hfsplus_fill_super() assumes that the attributes file is not yet created, which later results in hitting BUG_ON()

CVE-2025-38681 [MEDIUM] CWE-362 CVE-2025-38681: In the Linux kernel, the following vulnerability has been resolved: mm/ptdump: take the memory hotp In the Linux kernel, the following vulnerability has been resolved: mm/ptdump: take the memory hotplug lock inside ptdump_walk_pgd() Memory hot remove unmaps and tears down various kernel page table regions as required. The ptdump code can race with concurrent modifications of the kernel page tables. When leaf entries are modified concurrently, th

CVE-2025-38700 [MEDIUM] CWE-476 CVE-2025-38700: In the Linux kernel, the following vulnerability has been resolved: scsi: libiscsi: Initialize iscs In the Linux kernel, the following vulnerability has been resolved: scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated In case of an ib_fast_reg_mr allocation failure during iSER setup, the machine hits a panic because iscsi_conn->dd_data is initialized unconditionally, even when no memory is allocated (dd_size == 0). This

CVE-2025-38727 [MEDIUM] CWE-835 CVE-2025-38727: In the Linux kernel, the following vulnerability has been resolved: netlink: avoid infinite retry l In the Linux kernel, the following vulnerability has been resolved: netlink: avoid infinite retry looping in netlink_unicast() netlink_attachskb() checks for the socket's read memory allocation constraints. Firstly, it has: rmem sk_rcvbuf) to check if the just increased rmem value fits into the socket's receive buffer. If not, it proceeds and tr

CVE-2025-38701 [MEDIUM] CWE-617 CVE-2025-38701: In the Linux kernel, the following vulnerability has been resolved: ext4: do not BUG when INLINE_DA In the Linux kernel, the following vulnerability has been resolved: ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr A syzbot fuzzed image triggered a BUG_ON in ext4_update_inline_data() when an inode had the INLINE_DATA_FL flag set but was missing the system.data extended attribute. Since this can happen due to a maiciouly fuzzed fil

CVE-2025-38687 [MEDIUM] CWE-362 CVE-2025-38687: In the Linux kernel, the following vulnerability has been resolved: comedi: fix race between pollin In the Linux kernel, the following vulnerability has been resolved: comedi: fix race between polling and detaching syzbot reports a use-after-free in comedi in the below link, which is due to comedi gladly removing the allocated async area even though poll requests are still active on the wait_queue_head inside of it. This can cause a use-after-fr

CVE-2025-38677 [HIGH] CWE-125 CVE-2025-38677: In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid out-of-bound In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid out-of-boundary access in dnode page As Jiaming Zhang reported: __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x1c1/0x2a0 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:378 [inline] print_report+0x17e/0x800 mm/kasan/report.c:480 kasa

CVE-2024-58240 [HIGH] CWE-416 CVE-2024-58240: In the Linux kernel, the following vulnerability has been resolved: tls: separate no-async decrypti In the Linux kernel, the following vulnerability has been resolved: tls: separate no-async decryption request handling from async If we're not doing async, the handling is much simpler. There's no reference counting, we just need to wait for the completion to wake us up and return its result. We should preferably also use a separate crypto_wait. I'

CVE-2025-38676 [HIGH] CWE-787 CVE-2025-38676: In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Avoid stack buffer o In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Avoid stack buffer overflow from kernel cmdline While the kernel command line is considered trusted in most environments, avoid writing 1 byte past the end of "acpiid" if the "str" argument is maximum length.

CVE-2025-38618 [HIGH] CWE-416 CVE-2025-38618: In the Linux kernel, the following vulnerability has been resolved: vsock: Do not allow binding to In the Linux kernel, the following vulnerability has been resolved: vsock: Do not allow binding to VMADDR_PORT_ANY It is possible for a vsock to autobind to VMADDR_PORT_ANY. This can cause a use-after-free when a connection is made to the bound socket. The socket returned by accept() also has port VMADDR_PORT_ANY but is not on the list of unbound soc

CVE-2025-38652 [HIGH] CWE-125 CVE-2025-38652: In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid out-of-bound In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid out-of-boundary access in devs.path - touch /mnt/f2fs/012345678901234567890123456789012345678901234567890123 - truncate -s $((1024*1024*1024)) \ /mnt/f2fs/012345678901234567890123456789012345678901234567890123 - touch /mnt/f2fs/file - truncate -s $((1024*1024*1024

CVE-2025-38670 [HIGH] CWE-668 CVE-2025-38670: In the Linux kernel, the following vulnerability has been resolved: arm64/entry: Mask DAIF in cpu_s In the Linux kernel, the following vulnerability has been resolved: arm64/entry: Mask DAIF in cpu_switch_to(), call_on_irq_stack() `cpu_switch_to()` and `call_on_irq_stack()` manipulate SP to change to different stacks along with the Shadow Call Stack if it is enabled. Those two stack changes cannot be done atomically and both functions can be inter

CVE-2025-38666 [HIGH] CWE-416 CVE-2025-38666: In the Linux kernel, the following vulnerability has been resolved: net: appletalk: Fix use-after-f In the Linux kernel, the following vulnerability has been resolved: net: appletalk: Fix use-after-free in AARP proxy probe The AARP proxy‐probe routine (aarp_proxy_probe_network) sends a probe, releases the aarp_lock, sleeps, then re-acquires the lock. During that window an expire timer thread (__aarp_expire_timer) can remove and kfree() the same en

CVE-2025-38653 [HIGH] CWE-416 CVE-2025-38653: In the Linux kernel, the following vulnerability has been resolved: proc: use the same treatment to In the Linux kernel, the following vulnerability has been resolved: proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al Check pde->proc_ops->proc_lseek directly may cause UAF in rmmod scenario. It's a gap in proc_reg_open() after commit 654b33ada4ab("proc: fix UAF in proc_get_inode()"). Followed by AI Viro's suggestion,

CVE-2025-38624 [MEDIUM] CVE-2025-38624: In the Linux kernel, the following vulnerability has been resolved: PCI: pnv_php: Clean up allocate In the Linux kernel, the following vulnerability has been resolved: PCI: pnv_php: Clean up allocated IRQs on unplug When the root of a nested PCIe bridge configuration is unplugged, the pnv_php driver leaked the allocated IRQ resources for the child bridges' hotplug event notifications, resulting in a panic. Fix this by walking all child buses and deallo

CVE-2025-38617 [MEDIUM] CWE-362 CVE-2025-38617: In the Linux kernel, the following vulnerability has been resolved: net/packet: fix a race in packe In the Linux kernel, the following vulnerability has been resolved: net/packet: fix a race in packet_set_ring() and packet_notifier() When packet_set_ring() releases po->bind_lock, another thread can run packet_notifier() and process an NETDEV_UP event. This race and the fix are both similar to that of commit 15fe076edea7 ("net/packet: fix a race