Debian Linux-6.1 vulnerabilities

CVE-2025-37850 [MEDIUM] CVE-2025-37850: linux - In the Linux kernel, the following vulnerability has been resolved: pwm: mediat... In the Linux kernel, the following vulnerability has been resolved: pwm: mediatek: Prevent divide-by-zero in pwm_mediatek_config() With CONFIG_COMPILE_TEST && !CONFIG_HAVE_CLK, pwm_mediatek_config() has a divide-by-zero in the following line: do_div(resolution, clk_get_rate(pc->clk_pwms[pwm->hwpwm])); due to the fact that the !CONFIG_HAVE_CLK version of clk_get_rate

CVE-2025-38160 [MEDIUM] CVE-2025-38160: linux - In the Linux kernel, the following vulnerability has been resolved: clk: bcm: r... In the Linux kernel, the following vulnerability has been resolved: clk: bcm: rpi: Add NULL check in raspberrypi_clk_register() devm_kasprintf() returns NULL when memory allocation fails. Currently, raspberrypi_clk_register() does not check for this case, which results in a NULL pointer dereference. Add NULL check after devm_kasprintf() to prevent this issue. Scope:

CVE-2025-38609 [MEDIUM] CVE-2025-38609: linux - In the Linux kernel, the following vulnerability has been resolved: PM / devfre... In the Linux kernel, the following vulnerability has been resolved: PM / devfreq: Check governor before using governor->name Commit 96ffcdf239de ("PM / devfreq: Remove redundant governor_name from struct devfreq") removes governor_name and uses governor->name to replace it. But devfreq->governor may be NULL and directly using devfreq->governor->name may cause null p

CVE-2025-71118 [MEDIUM] CVE-2025-71118: linux - In the Linux kernel, the following vulnerability has been resolved: ACPICA: Avo... In the Linux kernel, the following vulnerability has been resolved: ACPICA: Avoid walking the Namespace if start_node is NULL Although commit 0c9992315e73 ("ACPICA: Avoid walking the ACPI Namespace if it is not there") fixed the situation when both start_node and acpi_gbl_root_node are NULL, the Linux kernel mainline now still crashed on Honor Magicbook 14 Pro [1].

CVE-2025-22005 [MEDIUM] CVE-2025-22005: linux - In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix m... In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw(). fib_check_nh_v6_gw() expects that fib6_nh_init() cleans up everything when it fails. Commit 7dd73168e273 ("ipv6: Always allocate pcpu memory in a fib6_nh") moved fib_nh_common_init() before alloc_percpu_gfp() within fib6_nh_init() but

CVE-2025-38510 [MEDIUM] CVE-2025-38510: linux - In the Linux kernel, the following vulnerability has been resolved: kasan: remo... In the Linux kernel, the following vulnerability has been resolved: kasan: remove kasan_find_vm_area() to prevent possible deadlock find_vm_area() couldn't be called in atomic_context. If find_vm_area() is called to reports vm area information, kasan can trigger deadlock like: CPU0 CPU1 vmalloc(); alloc_vmap_area(); spin_lock(&vn->busy.lock) spin_lock_bh(&some_lock)

CVE-2025-38293 [MEDIUM] CVE-2025-38293: linux - In the Linux kernel, the following vulnerability has been resolved: wifi: ath11... In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fix node corruption in ar->arvifs list In current WLAN recovery code flow, ath11k_core_halt() only reinitializes the "arvifs" list head. This will cause the list node immediately following the list head to become an invalid list node. Because the prev of that node still points to the l

CVE-2025-71097 [MEDIUM] CVE-2025-71097: linux - In the Linux kernel, the following vulnerability has been resolved: ipv4: Fix r... In the Linux kernel, the following vulnerability has been resolved: ipv4: Fix reference count leak when using error routes with nexthop objects When a nexthop object is deleted, it is marked as dead and then fib_table_flush() is called to flush all the routes that are using the dead nexthop. The current logic in fib_table_flush() is to only flush error routes (e.g.,

CVE-2025-21790 [MEDIUM] CVE-2025-21790: linux - In the Linux kernel, the following vulnerability has been resolved: vxlan: chec... In the Linux kernel, the following vulnerability has been resolved: vxlan: check vxlan_vnigroup_init() return value vxlan_init() must check vxlan_vnigroup_init() success otherwise a crash happens later, spotted by syzbot. Oops: general protection fault, probably for non-canonical address 0xdffffc000000002c: 0000 [#1] PREEMPT SMP KASAN NOPTI KASAN: null-ptr-deref in

CVE-2025-21821 [MEDIUM] CVE-2025-21821: linux - In the Linux kernel, the following vulnerability has been resolved: fbdev: omap... In the Linux kernel, the following vulnerability has been resolved: fbdev: omap: use threaded IRQ for LCD DMA When using touchscreen and framebuffer, Nokia 770 crashes easily with: BUG: scheduling while atomic: irq/144-ads7846/82/0x00010000 Modules linked in: usb_f_ecm g_ether usb_f_rndis u_ether libcomposite configfs omap_udc ohci_omap ohci_hcd CPU: 0 UID: 0 PID: 8

CVE-2025-21938 [MEDIUM] CVE-2025-21938: linux - In the Linux kernel, the following vulnerability has been resolved: mptcp: fix ... In the Linux kernel, the following vulnerability has been resolved: mptcp: fix 'scheduling while atomic' in mptcp_pm_nl_append_new_local_addr If multiple connection requests attempt to create an implicit mptcp endpoint in parallel, more than one caller may end up in mptcp_pm_nl_append_new_local_addr because none found the address in local_addr_list during their call

CVE-2025-37859 [MEDIUM] CVE-2025-37859: linux - In the Linux kernel, the following vulnerability has been resolved: page_pool: ... In the Linux kernel, the following vulnerability has been resolved: page_pool: avoid infinite loop to schedule delayed worker We noticed the kworker in page_pool_release_retry() was waken up repeatedly and infinitely in production because of the buggy driver causing the inflight less than 0 and warning us in page_pool_inflight()[1]. Since the inflight value goes neg

CVE-2025-21877 [MEDIUM] CVE-2025-21877: linux - In the Linux kernel, the following vulnerability has been resolved: usbnet: gl6... In the Linux kernel, the following vulnerability has been resolved: usbnet: gl620a: fix endpoint checking in genelink_bind() Syzbot reports [1] a warning in usb_submit_urb() triggered by inconsistencies between expected and actually present endpoints in gl620a driver. Since genelink_bind() does not properly verify whether specified eps are in fact provided by the de

CVE-2025-38100 [MEDIUM] CVE-2025-38100: linux - In the Linux kernel, the following vulnerability has been resolved: x86/iopl: C... In the Linux kernel, the following vulnerability has been resolved: x86/iopl: Cure TIF_IO_BITMAP inconsistencies io_bitmap_exit() is invoked from exit_thread() when a task exists or when a fork fails. In the latter case the exit_thread() cleans up resources which were allocated during fork(). io_bitmap_exit() invokes task_update_io_bitmap(), which in turn ends up in

CVE-2025-71191 [MEDIUM] CVE-2025-71191: linux - In the Linux kernel, the following vulnerability has been resolved: dmaengine: ... In the Linux kernel, the following vulnerability has been resolved: dmaengine: at_hdmac: fix device leak on of_dma_xlate() Make sure to drop the reference taken when looking up the DMA platform device during of_dma_xlate() when releasing channel resources. Note that commit 3832b78b3ec2 ("dmaengine: at_hdmac: add missing put_device() call in at_dma_xlate()") fixed th

CVE-2025-37951 [MEDIUM] CVE-2025-37951: linux - In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Ad... In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Add job to pending list if the reset was skipped When a CL/CSD job times out, we check if the GPU has made any progress since the last timeout. If so, instead of resetting the hardware, we skip the reset and let the timer get rearmed. This gives long-running jobs a chance to complete. Howev

CVE-2025-38468 [MEDIUM] CVE-2025-38468: linux - In the Linux kernel, the following vulnerability has been resolved: net/sched: ... In the Linux kernel, the following vulnerability has been resolved: net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree htb_lookup_leaf has a BUG_ON that can trigger with the following: tc qdisc del dev lo root tc qdisc add dev lo root handle 1: htb default 1 tc class add dev lo parent 1: classid 1:1 htb rate 64bit tc qdisc add dev lo parent 1:1 h

CVE-2025-21848 [MEDIUM] CVE-2025-21848: linux - In the Linux kernel, the following vulnerability has been resolved: nfp: bpf: A... In the Linux kernel, the following vulnerability has been resolved: nfp: bpf: Add check for nfp_app_ctrl_msg_alloc() Add check for the return value of nfp_app_ctrl_msg_alloc() in nfp_bpf_cmsg_alloc() to prevent null pointer dereference. Scope: local bookworm: resolved (fixed in 6.1.133-1) bullseye: resolved (fixed in 5.10.237-1) forky: resolved (fixed in 6.12.17-1)

CVE-2025-38562 [MEDIUM] CVE-2025-38562: linux - In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix ... In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix null pointer dereference error in generate_encryptionkey If client send two session setups with krb5 authenticate to ksmbd, null pointer dereference error in generate_encryptionkey could happen. sess->Preauth_HashValue is set to NULL if session is valid. So this patch skip generate encryp

CVE-2025-71096 [MEDIUM] CVE-2025-71096: linux - In the Linux kernel, the following vulnerability has been resolved: RDMA/core: ... In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Check for the presence of LS_NLA_TYPE_DGID correctly The netlink response for RDMA_NL_LS_OP_IP_RESOLVE should always have a LS_NLA_TYPE_DGID attribute, it is invalid if it does not. Use the nl parsing logic properly and call nla_parse_deprecated() to fill the nlattrs array and then direct