Debian Linux vulnerabilities

CVE-2025-38693 [MEDIUM] CWE-476 CVE-2025-38693: In the Linux kernel, the following vulnerability has been resolved: media: dvb-frontends: w7090p: f In the Linux kernel, the following vulnerability has been resolved: media: dvb-frontends: w7090p: fix null-ptr-deref in w7090p_tuner_write_serpar and w7090p_tuner_read_serpar In w7090p_tuner_write_serpar, msg is controlled by user. When msg[0].buf is null and msg[0].len is zero, former checks on msg[0].buf would be passed. If accessing msg[0].buf[

CVE-2025-38684 [MEDIUM] CWE-476 CVE-2025-38684: In the Linux kernel, the following vulnerability has been resolved: net/sched: ets: use old 'nbands In the Linux kernel, the following vulnerability has been resolved: net/sched: ets: use old 'nbands' while purging unused classes Shuang reported sch_ets test-case [1] crashing in ets_class_qlen_notify() after recent changes from Lion [2]. The problem is: in ets_qdisc_change() we purge unused DWRR queues; the value of 'q->nbands' is the new one, a

CVE-2025-38725 [MEDIUM] CWE-476 CVE-2025-38725: In the Linux kernel, the following vulnerability has been resolved: net: usb: asix_devices: add phy In the Linux kernel, the following vulnerability has been resolved: net: usb: asix_devices: add phy_mask for ax88772 mdio bus Without setting phy_mask for ax88772 mdio bus, current driver may create at most 32 mdio phy devices with phy address range from 0x00 ~ 0x1f. DLink DUB-E100 H/W Ver B1 is such a device. However, only one main phy device wil

CVE-2025-38711 [MEDIUM] CWE-667 CVE-2025-38711: In the Linux kernel, the following vulnerability has been resolved: smb/server: avoid deadlock when In the Linux kernel, the following vulnerability has been resolved: smb/server: avoid deadlock when linking with ReplaceIfExists If smb2_create_link() is called with ReplaceIfExists set and the name does exist then a deadlock will happen. ksmbd_vfs_kern_path_locked() will return with success and the parent directory will be locked. ksmbd_vfs_remo

CVE-2025-38683 [MEDIUM] CWE-476 CVE-2025-38683: In the Linux kernel, the following vulnerability has been resolved: hv_netvsc: Fix panic during nam In the Linux kernel, the following vulnerability has been resolved: hv_netvsc: Fix panic during namespace deletion with VF The existing code move the VF NIC to new namespace when NETDEV_REGISTER is received on netvsc NIC. During deletion of the namespace, default_device_exit_batch() >> default_device_exit_net() is called. When netvsc NIC is moved

CVE-2025-38695 [MEDIUM] CWE-476 CVE-2025-38695: In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Check for hdwq null In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport structure If a call to lpfc_sli4_read_rev() from lpfc_sli4_hba_setup() fails, the resultant cleanup routine lpfc_sli4_vport_delete_fcp_xri_aborted() may occur before sli4_hba.hdwqs are allocated. This may result in a

CVE-2025-38696 [MEDIUM] CWE-476 CVE-2025-38696: In the Linux kernel, the following vulnerability has been resolved: MIPS: Don't crash in stack_top( In the Linux kernel, the following vulnerability has been resolved: MIPS: Don't crash in stack_top() for tasks without ABI or vDSO Not all tasks have an ABI associated or vDSO mapped, for example kthreads never do. If such a task ever ends up calling stack_top(), it will derefence the NULL ABI pointer and crash. This can for example happen when u

CVE-2025-38723 [MEDIUM] CVE-2025-38723: In the Linux kernel, the following vulnerability has been resolved: LoongArch: BPF: Fix jump offset In the Linux kernel, the following vulnerability has been resolved: LoongArch: BPF: Fix jump offset calculation in tailcall The extra pass of bpf_int_jit_compile() skips JIT context initialization which essentially skips offset calculation leaving out_offset = -1, so the jmp_offset in emit_bpf_tail_call is calculated by "#define jmp_offset (out_offset -

CVE-2025-38721 [MEDIUM] CVE-2025-38721: In the Linux kernel, the following vulnerability has been resolved: netfilter: ctnetlink: fix refco In the Linux kernel, the following vulnerability has been resolved: netfilter: ctnetlink: fix refcount leak on table dump There is a reference count leak in ctnetlink_dump_table(): if (res ct_general); // HERE cb->args[1] = (unsigned long)ct; ... While its very unlikely, its possible that ct == last. If this happens, then the refcount of ct was already i

CVE-2025-38712 [MEDIUM] CWE-617 CVE-2025-38712: In the Linux kernel, the following vulnerability has been resolved: hfsplus: don't use BUG_ON() in In the Linux kernel, the following vulnerability has been resolved: hfsplus: don't use BUG_ON() in hfsplus_create_attributes_file() When the volume header contains erroneous values that do not reflect the actual state of the filesystem, hfsplus_fill_super() assumes that the attributes file is not yet created, which later results in hitting BUG_ON()

CVE-2025-38681 [MEDIUM] CWE-362 CVE-2025-38681: In the Linux kernel, the following vulnerability has been resolved: mm/ptdump: take the memory hotp In the Linux kernel, the following vulnerability has been resolved: mm/ptdump: take the memory hotplug lock inside ptdump_walk_pgd() Memory hot remove unmaps and tears down various kernel page table regions as required. The ptdump code can race with concurrent modifications of the kernel page tables. When leaf entries are modified concurrently, th

CVE-2025-38700 [MEDIUM] CWE-476 CVE-2025-38700: In the Linux kernel, the following vulnerability has been resolved: scsi: libiscsi: Initialize iscs In the Linux kernel, the following vulnerability has been resolved: scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated In case of an ib_fast_reg_mr allocation failure during iSER setup, the machine hits a panic because iscsi_conn->dd_data is initialized unconditionally, even when no memory is allocated (dd_size == 0). This

CVE-2025-38727 [MEDIUM] CWE-835 CVE-2025-38727: In the Linux kernel, the following vulnerability has been resolved: netlink: avoid infinite retry l In the Linux kernel, the following vulnerability has been resolved: netlink: avoid infinite retry looping in netlink_unicast() netlink_attachskb() checks for the socket's read memory allocation constraints. Firstly, it has: rmem sk_rcvbuf) to check if the just increased rmem value fits into the socket's receive buffer. If not, it proceeds and tr

CVE-2025-38701 [MEDIUM] CWE-617 CVE-2025-38701: In the Linux kernel, the following vulnerability has been resolved: ext4: do not BUG when INLINE_DA In the Linux kernel, the following vulnerability has been resolved: ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr A syzbot fuzzed image triggered a BUG_ON in ext4_update_inline_data() when an inode had the INLINE_DATA_FL flag set but was missing the system.data extended attribute. Since this can happen due to a maiciouly fuzzed fil

CVE-2025-38687 [MEDIUM] CWE-362 CVE-2025-38687: In the Linux kernel, the following vulnerability has been resolved: comedi: fix race between pollin In the Linux kernel, the following vulnerability has been resolved: comedi: fix race between polling and detaching syzbot reports a use-after-free in comedi in the below link, which is due to comedi gladly removing the allocated async area even though poll requests are still active on the wait_queue_head inside of it. This can cause a use-after-fr

CVE-2025-38677 [HIGH] CWE-125 CVE-2025-38677: In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid out-of-bound In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid out-of-boundary access in dnode page As Jiaming Zhang reported: __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x1c1/0x2a0 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:378 [inline] print_report+0x17e/0x800 mm/kasan/report.c:480 kasa

CVE-2024-58240 [HIGH] CWE-416 CVE-2024-58240: In the Linux kernel, the following vulnerability has been resolved: tls: separate no-async decrypti In the Linux kernel, the following vulnerability has been resolved: tls: separate no-async decryption request handling from async If we're not doing async, the handling is much simpler. There's no reference counting, we just need to wait for the completion to wake us up and return its result. We should preferably also use a separate crypto_wait. I'

CVE-2025-38676 [HIGH] CWE-787 CVE-2025-38676: In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Avoid stack buffer o In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Avoid stack buffer overflow from kernel cmdline While the kernel command line is considered trusted in most environments, avoid writing 1 byte past the end of "acpiid" if the "str" argument is maximum length.

CVE-2025-38618 [HIGH] CWE-416 CVE-2025-38618: In the Linux kernel, the following vulnerability has been resolved: vsock: Do not allow binding to In the Linux kernel, the following vulnerability has been resolved: vsock: Do not allow binding to VMADDR_PORT_ANY It is possible for a vsock to autobind to VMADDR_PORT_ANY. This can cause a use-after-free when a connection is made to the bound socket. The socket returned by accept() also has port VMADDR_PORT_ANY but is not on the list of unbound soc

CVE-2025-38652 [HIGH] CWE-125 CVE-2025-38652: In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid out-of-bound In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid out-of-boundary access in devs.path - touch /mnt/f2fs/012345678901234567890123456789012345678901234567890123 - truncate -s $((1024*1024*1024)) \ /mnt/f2fs/012345678901234567890123456789012345678901234567890123 - touch /mnt/f2fs/file - truncate -s $((1024*1024*1024