Debian Linux-6.1 vulnerabilities

CVE-2025-38691 [MEDIUM] CVE-2025-38691: linux - In the Linux kernel, the following vulnerability has been resolved: pNFS: Fix u... In the Linux kernel, the following vulnerability has been resolved: pNFS: Fix uninited ptr deref in block/scsi layout The error occurs on the third attempt to encode extents. When function ext_tree_prepare_commit() reallocates a larger buffer to retry encoding extents, the "layoutupdate_pages" page array is initialized only after the retry loop. But ext_tree_free_co

CVE-2025-38678 [MEDIUM] CVE-2025-38678: linux - In the Linux kernel, the following vulnerability has been resolved: netfilter: ... In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: reject duplicate device on updates A chain/flowtable update with duplicated devices in the same batch is possible. Unfortunately, netdev event path only removes the first device that is found, leaving unregistered the hook of the duplicated device. Check if a duplicated device

CVE-2025-71147 [MEDIUM] CVE-2025-71147: linux - In the Linux kernel, the following vulnerability has been resolved: KEYS: trust... In the Linux kernel, the following vulnerability has been resolved: KEYS: trusted: Fix a memory leak in tpm2_load_cmd 'tpm2_load_cmd' allocates a tempoary blob indirectly via 'tpm2_key_decode' but it is not freed in the failure paths. Address this by wrapping the blob into with a cleanup helper. Scope: local bookworm: resolved (fixed in 6.1.162-1) bullseye: resolved

CVE-2025-21814 [MEDIUM] CVE-2025-21814: linux - In the Linux kernel, the following vulnerability has been resolved: ptp: Ensure... In the Linux kernel, the following vulnerability has been resolved: ptp: Ensure info->enable callback is always set The ioctl and sysfs handlers unconditionally call the ->enable callback. Not all drivers implement that callback, leading to NULL dereferences. Example of affected drivers: ptp_s390.c, ptp_vclock.c and ptp_mock.c. Instead use a dummy callback if no bet

CVE-2025-38451 [MEDIUM] CVE-2025-38451: linux - In the Linux kernel, the following vulnerability has been resolved: md/md-bitma... In the Linux kernel, the following vulnerability has been resolved: md/md-bitmap: fix GPF in bitmap_get_stats() The commit message of commit 6ec1f0239485 ("md/md-bitmap: fix stats collection for external bitmaps") states: Remove the external bitmap check as the statistics should be available regardless of bitmap storage location. Return -EINVAL only for invalid bitm

CVE-2025-38163 [MEDIUM] CVE-2025-38163: linux - In the Linux kernel, the following vulnerability has been resolved: f2fs: fix t... In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on sbi->total_valid_block_count syzbot reported a f2fs bug as below: ------------[ cut here ]------------ kernel BUG at fs/f2fs/f2fs.h:2521! RIP: 0010:dec_valid_block_count+0x3b2/0x3c0 fs/f2fs/f2fs.h:2521 Call Trace: f2fs_truncate_data_blocks_range+0xc8c/0x11a0 fs/f2fs/f

CVE-2025-21839 [MEDIUM] CVE-2025-21839: linux - In the Linux kernel, the following vulnerability has been resolved: KVM: x86: L... In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Load DR6 with guest value only before entering .vcpu_run() loop Move the conditional loading of hardware DR6 with the guest's DR6 value out of the core .vcpu_run() loop to fix a bug where KVM can load hardware with a stale vcpu->arch.dr6. When the guest accesses a DR and host userspace isn

CVE-2025-38623 [MEDIUM] CVE-2025-38623: linux - In the Linux kernel, the following vulnerability has been resolved: PCI: pnv_ph... In the Linux kernel, the following vulnerability has been resolved: PCI: pnv_php: Fix surprise plug detection and recovery The existing PowerNV hotplug code did not handle surprise plug events correctly, leading to a complete failure of the hotplug system after device removal and a required reboot to detect new devices. This comes down to two issues: 1) When a devic

CVE-2025-21992 [MEDIUM] CVE-2025-21992: linux - In the Linux kernel, the following vulnerability has been resolved: HID: ignore... In the Linux kernel, the following vulnerability has been resolved: HID: ignore non-functional sensor in HP 5MP Camera The HP 5MP Camera (USB ID 0408:5473) reports a HID sensor interface that is not actually implemented. Attempting to access this non-functional sensor via iio_info causes system hangs as runtime PM tries to wake up an unresponsive sensor. [453] hid-s

CVE-2025-71108 [MEDIUM] CVE-2025-71108: linux - In the Linux kernel, the following vulnerability has been resolved: usb: typec:... In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: Handle incorrect num_connectors capability The UCSI spec states that the num_connectors field is 7 bits, and the 8th bit is reserved and should be set to zero. Some buggy FW has been known to set this bit, and it can lead to a system not booting. Flag that the FW is not behaving co

CVE-2025-38503 [MEDIUM] CVE-2025-38503: linux - In the Linux kernel, the following vulnerability has been resolved: btrfs: fix ... In the Linux kernel, the following vulnerability has been resolved: btrfs: fix assertion when building free space tree When building the free space tree with the block group tree feature enabled, we can hit an assertion failure like this: BTRFS info (device loop0 state M): rebuilding free space tree assertion failed: ret == 0, in fs/btrfs/free-space-tree.c:1102 ----

CVE-2025-40040 [MEDIUM] CVE-2025-40040: linux - In the Linux kernel, the following vulnerability has been resolved: mm/ksm: fix... In the Linux kernel, the following vulnerability has been resolved: mm/ksm: fix flag-dropping behavior in ksm_madvise syzkaller discovered the following crash: (kernel BUG) [ 44.607039] ------------[ cut here ]------------ [ 44.607422] kernel BUG at mm/userfaultfd.c:2067! [ 44.608148] Oops: invalid opcode: 0000 [#1] SMP DEBUG_PAGEALLOC KASAN NOPTI [ 44.608814] CPU:

CVE-2025-71077 [MEDIUM] CVE-2025-71077: linux - In the Linux kernel, the following vulnerability has been resolved: tpm: Cap th... In the Linux kernel, the following vulnerability has been resolved: tpm: Cap the number of PCR banks tpm2_get_pcr_allocation() does not cap any upper limit for the number of banks. Cap the limit to eight banks so that out of bounds values coming from external I/O cause on only limited harm. Scope: local bookworm: resolved (fixed in 6.1.162-1) bullseye: resolved (fix

CVE-2025-37818 [MEDIUM] CVE-2025-37818: linux - In the Linux kernel, the following vulnerability has been resolved: LoongArch: ... In the Linux kernel, the following vulnerability has been resolved: LoongArch: Return NULL from huge_pte_offset() for invalid PMD LoongArch's huge_pte_offset() currently returns a pointer to a PMD slot even if the underlying entry points to invalid_pte_table (indicating no mapping). Callers like smaps_hugetlb_range() fetch this invalid entry value (the address of in

CVE-2025-21697 [MEDIUM] CVE-2025-21697: linux - In the Linux kernel, the following vulnerability has been resolved: drm/v3d: En... In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Ensure job pointer is set to NULL after job completion After a job completes, the corresponding pointer in the device must be set to NULL. Failing to do so triggers a warning when unloading the driver, as it appears the job is still active. To prevent this, assign the job pointer to NULL af

CVE-2025-22010 [MEDIUM] CVE-2025-22010: linux - In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: F... In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix soft lockup during bt pages loop Driver runs a for-loop when allocating bt pages and mapping them with buffer pages. When a large buffer (e.g. MR over 100GB) is being allocated, it may require a considerable loop count. This will lead to soft lockup: watchdog: BUG: soft lockup - CPU#27

CVE-2025-21931 [MEDIUM] CVE-2025-21931: linux - In the Linux kernel, the following vulnerability has been resolved: hwpoison, m... In the Linux kernel, the following vulnerability has been resolved: hwpoison, memory_hotplug: lock folio before unmap hwpoisoned folio Commit b15c87263a69 ("hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined) add page poison checks in do_migrate_range in order to make offline hwpoisoned page possible by introducing isolate_lru_page and try_to_unmap for

CVE-2025-21898 [MEDIUM] CVE-2025-21898: linux - In the Linux kernel, the following vulnerability has been resolved: ftrace: Avo... In the Linux kernel, the following vulnerability has been resolved: ftrace: Avoid potential division by zero in function_stat_show() Check whether denominator expression x * (x - 1) * 1000 mod {2^32, 2^64} produce zero and skip stddev computation in that case. For now don't care about rec->counter * rec->counter overflow because rec->time * rec->time overflow will l

CVE-2025-37972 [MEDIUM] CVE-2025-37972: linux - In the Linux kernel, the following vulnerability has been resolved: Input: mtk-... In the Linux kernel, the following vulnerability has been resolved: Input: mtk-pmic-keys - fix possible null pointer dereference In mtk_pmic_keys_probe, the regs parameter is only set if the button is parsed in the device tree. However, on hardware where the button is left floating, that node will most likely be removed not to enable that input. In that case the cod

CVE-2025-68365 [MEDIUM] CVE-2025-68365: linux - In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: I... In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Initialize allocated memory before use KMSAN reports: Multiple uninitialized values detected: - KMSAN: uninit-value in ntfs_read_hdr (3) - KMSAN: uninit-value in bcmp (3) Memory is allocated by __getname(), which is a wrapper for kmem_cache_alloc(). This memory is used before being properl