Debian Linux-6.1 vulnerabilities

CVE-2025-37765 [MEDIUM] CVE-2025-37765: linux - In the Linux kernel, the following vulnerability has been resolved: drm/nouveau... In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: prime: fix ttm_bo_delayed_delete oops Fix an oops in ttm_bo_delayed_delete which results from dererencing a dangling pointer: Oops: general protection fault, probably for non-canonical address 0x6b6b6b6b6b6b6b7b: 0000 [#1] PREEMPT SMP CPU: 4 UID: 0 PID: 1082 Comm: kworker/u65:2 Not tain

CVE-2025-37990 [MEDIUM] CVE-2025-37990: linux - In the Linux kernel, the following vulnerability has been resolved: wifi: brcm8... In the Linux kernel, the following vulnerability has been resolved: wifi: brcm80211: fmac: Add error handling for brcmf_usb_dl_writeimage() The function brcmf_usb_dl_writeimage() calls the function brcmf_usb_dl_cmd() but dose not check its return value. The 'state.state' and the 'state.bytes' are uninitialized if the function brcmf_usb_dl_cmd() fails. It is dangerou

CVE-2025-38601 [MEDIUM] CVE-2025-38601: linux - In the Linux kernel, the following vulnerability has been resolved: wifi: ath11... In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: clear initialized flag for deinit-ed srng lists In a number of cases we see kernel panics on resume due to ath11k kernel page fault, which happens under the following circumstances: 1) First ath11k_hal_dump_srng_stats() call Last interrupt received for each group: ath11k_pci 0000:01:00

CVE-2025-38191 [MEDIUM] CVE-2025-38191: linux - In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix ... In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix null pointer dereference in destroy_previous_session If client set ->PreviousSessionId on kerberos session setup stage, NULL pointer dereference error will happen. Since sess->user is not set yet, It can pass the user argument as NULL to destroy_previous_session. sess->user will be set in

CVE-2025-37998 [MEDIUM] CVE-2025-37998: linux - In the Linux kernel, the following vulnerability has been resolved: openvswitch... In the Linux kernel, the following vulnerability has been resolved: openvswitch: Fix unsafe attribute parsing in output_userspace() This patch replaces the manual Netlink attribute iteration in output_userspace() with nla_for_each_nested(), which ensures that only well-formed attributes are processed. Scope: local bookworm: resolved (fixed in 6.1.139-1) bullseye: re

CVE-2025-38424 [MEDIUM] CVE-2025-38424: linux - In the Linux kernel, the following vulnerability has been resolved: perf: Fix s... In the Linux kernel, the following vulnerability has been resolved: perf: Fix sample vs do_exit() Baisheng Gao reported an ARM64 crash, which Mark decoded as being a synchronous external abort -- most likely due to trying to access MMIO in bad ways. The crash further shows perf trying to do a user stack sample while in exit_mmap()'s tlb_finish_mmu() -- i.e. while te

CVE-2025-37844 [MEDIUM] CVE-2025-37844: linux - In the Linux kernel, the following vulnerability has been resolved: cifs: avoid... In the Linux kernel, the following vulnerability has been resolved: cifs: avoid NULL pointer dereference in dbg call cifs_server_dbg() implies server to be non-NULL so move call under condition to avoid NULL pointer dereference. Found by Linux Verification Center (linuxtesting.org) with SVACE. Scope: local bookworm: resolved (fixed in 6.1.135-1) bullseye: resolved (

CVE-2025-38725 [MEDIUM] CVE-2025-38725: linux - In the Linux kernel, the following vulnerability has been resolved: net: usb: a... In the Linux kernel, the following vulnerability has been resolved: net: usb: asix_devices: add phy_mask for ax88772 mdio bus Without setting phy_mask for ax88772 mdio bus, current driver may create at most 32 mdio phy devices with phy address range from 0x00 ~ 0x1f. DLink DUB-E100 H/W Ver B1 is such a device. However, only one main phy device will bind to net phy d

CVE-2025-21689 [MEDIUM] CVE-2025-21689: linux - In the Linux kernel, the following vulnerability has been resolved: USB: serial... In the Linux kernel, the following vulnerability has been resolved: USB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb() This patch addresses a null-ptr-deref in qt2_process_read_urb() due to an incorrect bounds check in the following: if (newport > serial->num_ports) { dev_err(&port->dev, "%s - port change to invalid port: %i\n", __func__, newport);

CVE-2025-22018 [MEDIUM] CVE-2025-22018: linux - In the Linux kernel, the following vulnerability has been resolved: atm: Fix NU... In the Linux kernel, the following vulnerability has been resolved: atm: Fix NULL pointer dereference When MPOA_cache_impos_rcvd() receives the msg, it can trigger Null Pointer Dereference Vulnerability if both entry and holding_time are NULL. Because there is only for the situation where entry is NULL and holding_time exists, it can be passed when both entry and ho

CVE-2025-21936 [MEDIUM] CVE-2025-21936: linux - In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ... In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Add check for mgmt_alloc_skb() in mgmt_device_connected() Add check for the return value of mgmt_alloc_skb() in mgmt_device_connected() to prevent null pointer dereference. Scope: local bookworm: resolved (fixed in 6.1.133-1) bullseye: resolved forky: resolved (fixed in 6.12.19-1) sid: re

CVE-2025-38152 [MEDIUM] CVE-2025-38152: linux - In the Linux kernel, the following vulnerability has been resolved: remoteproc:... In the Linux kernel, the following vulnerability has been resolved: remoteproc: core: Clear table_sz when rproc_shutdown There is case as below could trigger kernel dump: Use U-Boot to start remote processor(rproc) with resource table published to a fixed address by rproc. After Kernel boots up, stop the rproc, load a new firmware which doesn't have resource table ,

CVE-2025-38126 [MEDIUM] CVE-2025-38126: linux - In the Linux kernel, the following vulnerability has been resolved: net: stmmac... In the Linux kernel, the following vulnerability has been resolved: net: stmmac: make sure that ptp_rate is not 0 before configuring timestamping The stmmac platform drivers that do not open-code the clk_ptp_rate value after having retrieved the default one from the device-tree can end up with 0 in clk_ptp_rate (as clk_get_rate can return 0). It will eventually prop

CVE-2025-38694 [MEDIUM] CVE-2025-38694: linux - In the Linux kernel, the following vulnerability has been resolved: media: dvb-... In the Linux kernel, the following vulnerability has been resolved: media: dvb-frontends: dib7090p: fix null-ptr-deref in dib7090p_rw_on_apb() In dib7090p_rw_on_apb, msg is controlled by user. When msg[0].buf is null and msg[0].len is zero, former checks on msg[0].buf would be passed. If accessing msg[0].buf[2] without sanity check, null pointer deref would happen.

CVE-2025-39938 [MEDIUM] CVE-2025-39938: linux - In the Linux kernel, the following vulnerability has been resolved: ASoC: qcom:... In the Linux kernel, the following vulnerability has been resolved: ASoC: qcom: q6apm-lpass-dais: Fix NULL pointer dereference if source graph failed If earlier opening of source graph fails (e.g. ADSP rejects due to incorrect audioreach topology), the graph is closed and "dai_data->graph[dai->id]" is assigned NULL. Preparing the DAI for sink graph continues though

CVE-2025-38387 [MEDIUM] CVE-2025-38387: linux - In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: ... In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Initialize obj_event->obj_sub_list before xa_insert The obj_event may be loaded immediately after inserted, then if the list_head is not initialized then we may get a poisonous pointer. This fixes the crash below: mlx5_core 0000:03:00.0: MLX5E: StrdRq(1) RqSz(8) StrdSz(2048) RxCqeCmprss(0

CVE-2025-38420 [MEDIUM] CVE-2025-38420: linux - In the Linux kernel, the following vulnerability has been resolved: wifi: carl9... In the Linux kernel, the following vulnerability has been resolved: wifi: carl9170: do not ping device which has failed to load firmware Syzkaller reports [1, 2] crashes caused by an attempts to ping the device which has failed to load firmware. Since such a device doesn't pass 'ieee80211_register_hw()', an internal workqueue managed by 'ieee80211_queue_work()' is n

CVE-2025-37883 [MEDIUM] CVE-2025-37883: linux - In the Linux kernel, the following vulnerability has been resolved: s390/sclp: ... In the Linux kernel, the following vulnerability has been resolved: s390/sclp: Add check for get_zeroed_page() Add check for the return value of get_zeroed_page() in sclp_console_init() to prevent null pointer dereference. Furthermore, to solve the memory leak caused by the loop allocation, add a free helper to do the free job. Scope: local bookworm: resolved (fixed

CVE-2025-38386 [MEDIUM] CVE-2025-38386: linux - In the Linux kernel, the following vulnerability has been resolved: ACPICA: Ref... In the Linux kernel, the following vulnerability has been resolved: ACPICA: Refuse to evaluate a method if arguments are missing As reported in [1], a platform firmware update that increased the number of method parameters and forgot to update a least one of its callers, caused ACPICA to crash due to use-after-free. Since this a result of a clear AML issue that argu

CVE-2025-38540 [MEDIUM] CVE-2025-38540: linux - In the Linux kernel, the following vulnerability has been resolved: HID: quirks... In the Linux kernel, the following vulnerability has been resolved: HID: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras The Chicony Electronics HP 5MP Cameras (USB ID 04F2:B824 & 04F2:B82C) report a HID sensor interface that is not actually implemented. Attempting to access this non-functional sensor via iio_info causes system hangs as runtime PM tries t