Debian Linux-6.1 vulnerabilities

CVE-2025-38166 [MEDIUM] CVE-2025-38166: linux - In the Linux kernel, the following vulnerability has been resolved: bpf: fix kt... In the Linux kernel, the following vulnerability has been resolved: bpf: fix ktls panic with sockmap [ 2172.936997] ------------[ cut here ]------------ [ 2172.936999] kernel BUG at lib/iov_iter.c:629! ...... [ 2172.944996] PKRU: 55555554 [ 2172.945155] Call Trace: [ 2172.945299] [ 2172.945428] ? die+0x36/0x90 [ 2172.945601] ? do_trap+0xdd/0x100 [ 2172.945795] ? iov

CVE-2025-38712 [MEDIUM] CVE-2025-38712: linux - In the Linux kernel, the following vulnerability has been resolved: hfsplus: do... In the Linux kernel, the following vulnerability has been resolved: hfsplus: don't use BUG_ON() in hfsplus_create_attributes_file() When the volume header contains erroneous values that do not reflect the actual state of the filesystem, hfsplus_fill_super() assumes that the attributes file is not yet created, which later results in hitting BUG_ON() when hfsplus_crea

CVE-2025-38097 [MEDIUM] CVE-2025-38097: linux - In the Linux kernel, the following vulnerability has been resolved: espintcp: r... In the Linux kernel, the following vulnerability has been resolved: espintcp: remove encap socket caching to avoid reference leak The current scheme for caching the encap socket can lead to reference leaks when we try to delete the netns. The reference chain is: xfrm_state -> enacp_sk -> netns Since the encap socket is a userspace socket, it holds a reference on the

CVE-2025-38576 [MEDIUM] CVE-2025-38576: linux - In the Linux kernel, the following vulnerability has been resolved: powerpc/eeh... In the Linux kernel, the following vulnerability has been resolved: powerpc/eeh: Make EEH driver device hotplug safe Multiple race conditions existed between the PCIe hotplug driver and the EEH driver, leading to a variety of kernel oopses of the same general nature: A second class of oops is also seen when the underlying bus disappears during device recovery. Refac

CVE-2025-21721 [MEDIUM] CVE-2025-21721: linux - In the Linux kernel, the following vulnerability has been resolved: nilfs2: han... In the Linux kernel, the following vulnerability has been resolved: nilfs2: handle errors that nilfs_prepare_chunk() may return Patch series "nilfs2: fix issues with rename operations". This series fixes BUG_ON check failures reported by syzbot around rename operations, and a minor behavioral issue where the mtime of a child directory changes when it is renamed inst

CVE-2025-38177 [MEDIUM] CVE-2025-38177: linux - In the Linux kernel, the following vulnerability has been resolved: sch_hfsc: m... In the Linux kernel, the following vulnerability has been resolved: sch_hfsc: make hfsc_qlen_notify() idempotent hfsc_qlen_notify() is not idempotent either and not friendly to its callers, like fq_codel_dequeue(). Let's make it idempotent to ease qdisc_tree_reduce_backlog() callers' life: 1. update_vf() decreases cl->cl_nactive, so we can check whether it is non-ze

CVE-2025-39681 [MEDIUM] CVE-2025-39681: linux - In the Linux kernel, the following vulnerability has been resolved: x86/cpu/hyg... In the Linux kernel, the following vulnerability has been resolved: x86/cpu/hygon: Add missing resctrl_cpu_detect() in bsp_init helper Since 923f3a2b48bd ("x86/resctrl: Query LLC monitoring properties once during boot") resctrl_cpu_detect() has been moved from common CPU initialization code to the vendor-specific BSP init helper, while Hygon didn't put that call in

CVE-2025-21711 [MEDIUM] CVE-2025-21711: linux - In the Linux kernel, the following vulnerability has been resolved: net/rose: p... In the Linux kernel, the following vulnerability has been resolved: net/rose: prevent integer overflows in rose_setsockopt() In case of possible unpredictably large arguments passed to rose_setsockopt() and multiplied by extra values on top of that, integer overflows may occur. Do the safest minimum and fix these issues by checking the contents of 'opt' and returnin

CVE-2025-38344 [MEDIUM] CVE-2025-38344: linux - In the Linux kernel, the following vulnerability has been resolved: ACPICA: fix... In the Linux kernel, the following vulnerability has been resolved: ACPICA: fix acpi parse and parseext cache leaks ACPICA commit 8829e70e1360c81e7a5a901b5d4f48330e021ea5 I'm Seunghun Han, and I work for National Security Research Institute of South Korea. I have been doing a research on ACPI and found an ACPI cache leak in ACPI early abort cases. Boot log of ACPI c

CVE-2025-21699 [MEDIUM] CVE-2025-21699: linux - In the Linux kernel, the following vulnerability has been resolved: gfs2: Trunc... In the Linux kernel, the following vulnerability has been resolved: gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag Truncate an inode's address space when flipping the GFS2_DIF_JDATA flag: depending on that flag, the pages in the address space will either use buffer heads or iomap_folio_state structs, and we cannot mix the two. Scope: local bookworm:

CVE-2025-23160 [MEDIUM] CVE-2025-23160: linux - In the Linux kernel, the following vulnerability has been resolved: media: medi... In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Fix a resource leak related to the scp device in FW initialization On Mediatek devices with a system companion processor (SCP) the mtk_scp structure has to be removed explicitly to avoid a resource leak. Free the structure in case the allocation of the firmware structure fai

CVE-2025-38119 [MEDIUM] CVE-2025-38119: linux - In the Linux kernel, the following vulnerability has been resolved: scsi: core:... In the Linux kernel, the following vulnerability has been resolved: scsi: core: ufs: Fix a hang in the error handler ufshcd_err_handling_prepare() calls ufshcd_rpm_get_sync(). The latter function can only succeed if UFSHCD_EH_IN_PROGRESS is not set because resuming involves submitting a SCSI command and ufshcd_queuecommand() returns SCSI_MLQUEUE_HOST_BUSY if UFSHCD_

CVE-2025-37911 [MEDIUM] CVE-2025-37911: linux - In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Fi... In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Fix out-of-bound memcpy() during ethtool -w When retrieving the FW coredump using ethtool, it can sometimes cause memory corruption: BUG: KFENCE: memory corruption in __bnxt_get_coredump+0x3ef/0x670 [bnxt_en] Corrupted memory at 0x000000008f0f30e8 [ ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ] (in kfe

CVE-2025-21792 [MEDIUM] CVE-2025-21792: linux - In the Linux kernel, the following vulnerability has been resolved: ax25: Fix r... In the Linux kernel, the following vulnerability has been resolved: ax25: Fix refcount leak caused by setting SO_BINDTODEVICE sockopt If an AX25 device is bound to a socket by setting the SO_BINDTODEVICE socket option, a refcount leak will occur in ax25_release(). Commit 9fd75b66b8f6 ("ax25: Fix refcount leaks caused by ax25_cb_del()") added decrement of device refc

CVE-2025-71083 [MEDIUM] CVE-2025-71083: linux - In the Linux kernel, the following vulnerability has been resolved: drm/ttm: Av... In the Linux kernel, the following vulnerability has been resolved: drm/ttm: Avoid NULL pointer deref for evicted BOs It is possible for a BO to exist that is not currently associated with a resource, e.g. because it has been evicted. When devcoredump tries to read the contents of all BOs for dumping, we need to expect this as well -- in this case, ENODATA is record

CVE-2025-39843 [MEDIUM] CVE-2025-39843: linux - In the Linux kernel, the following vulnerability has been resolved: mm: slub: a... In the Linux kernel, the following vulnerability has been resolved: mm: slub: avoid wake up kswapd in set_track_prepare set_track_prepare() can incur lock recursion. The issue is that it is called from hrtimer_start_range_ns holding the per_cpu(hrtimer_bases)[n].lock, but when enabled CONFIG_DEBUG_OBJECTS_TIMERS, may wake up kswapd in set_track_prepare, and try to h

CVE-2025-38400 [MEDIUM] CVE-2025-38400: linux - In the Linux kernel, the following vulnerability has been resolved: nfs: Clean ... In the Linux kernel, the following vulnerability has been resolved: nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails. syzbot reported a warning below [1] following a fault injection in nfs_fs_proc_net_init(). [0] When nfs_fs_proc_net_init() fails, /proc/net/rpc/nfs is not removed. Later, rpc_proc_exit() tries to remove /proc/net/rpc, and the warning

CVE-2025-37775 [MEDIUM] CVE-2025-37775: linux - In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix ... In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix the warning from __kernel_write_iter [ 2110.972290] ------------[ cut here ]------------ [ 2110.972301] WARNING: CPU: 3 PID: 735 at fs/read_write.c:599 __kernel_write_iter+0x21b/0x280 This patch doesn't allow writing to directory. Scope: local bookworm: resolved (fixed in 6.1.135-1) bulls

CVE-2025-39787 [MEDIUM] CVE-2025-39787: linux - In the Linux kernel, the following vulnerability has been resolved: soc: qcom: ... In the Linux kernel, the following vulnerability has been resolved: soc: qcom: mdt_loader: Ensure we don't read past the ELF header When the MDT loader is used in remoteproc, the ELF header is sanitized beforehand, but that's not necessary the case for other clients. Validate the size of the firmware buffer to ensure that we don't read past the end as we iterate ove

CVE-2025-38478 [MEDIUM] CVE-2025-38478: linux - In the Linux kernel, the following vulnerability has been resolved: comedi: Fix... In the Linux kernel, the following vulnerability has been resolved: comedi: Fix initialization of data for instructions that write to subdevice Some Comedi subdevice instruction handlers are known to access instruction data elements beyond the first `insn->n` elements in some cases. The `do_insn_ioctl()` and `do_insnlist_ioctl()` functions allocate at least `MIN_SAM