Debian Linux vulnerabilities

CVE-2025-68810 [LOW] CVE-2025-68810: linux - In the Linux kernel, the following vulnerability has been resolved: KVM: Disall... In the Linux kernel, the following vulnerability has been resolved: KVM: Disallow toggling KVM_MEM_GUEST_MEMFD on an existing memslot Reject attempts to disable KVM_MEM_GUEST_MEMFD on a memslot that was initially created with a guest_memfd binding, as KVM doesn't support toggling KVM_MEM_GUEST_MEMFD on existing memslots. KVM prevents enabling KVM_MEM_GUEST_MEMFD, but d

CVE-2025-38291 [MEDIUM] CVE-2025-38291: linux - In the Linux kernel, the following vulnerability has been resolved: wifi: ath12... In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Prevent sending WMI commands to firmware during firmware crash Currently, we encounter the following kernel call trace when a firmware crash occurs. This happens because the host sends WMI commands to the firmware while it is in recovery, causing the commands to fail and resulting in t

CVE-2025-68299 [LOW] CVE-2025-68299: linux - In the Linux kernel, the following vulnerability has been resolved: afs: Fix de... In the Linux kernel, the following vulnerability has been resolved: afs: Fix delayed allocation of a cell's anonymous key The allocation of a cell's anonymous key is done in a background thread along with other cell setup such as doing a DNS upcall. In the reported bug, this is triggered by afs_parse_source() parsing the device name given to mount() and calling afs_loo

CVE-2025-40015 [LOW] CVE-2025-40015: linux - In the Linux kernel, the following vulnerability has been resolved: media: stm3... In the Linux kernel, the following vulnerability has been resolved: media: stm32-csi: Fix dereference before NULL check In 'stm32_csi_start', 'csidev->s_subdev' is dereferenced directly while assigning a value to the 'src_pad'. However the same value is being checked against NULL at a later point of time indicating that there are chances that the value can be NULL. Mov

CVE-2025-40238 [LOW] CVE-2025-40238: linux - In the Linux kernel, the following vulnerability has been resolved: net/mlx5: F... In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix IPsec cleanup over MPV device When we do mlx5e_detach_netdev() we eventually disable blocking events notifier, among those events are IPsec MPV events from IB to core. So before disabling those blocking events, make sure to also unregister the devcom device and mark all this device operat

CVE-2025-39696 [MEDIUM] CVE-2025-39696: linux - In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: ... In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: tas2781: Fix wrong reference of tasdevice_priv During the conversion to unify the calibration data management, the reference to tasdevice_priv was wrongly set to h->hda_priv instead of h->priv. This resulted in memory corruption and crashes eventually. Unfortunately it's a void pointer, h

CVE-2025-37866 [MEDIUM] CVE-2025-37866: linux - In the Linux kernel, the following vulnerability has been resolved: mlxbf-bootc... In the Linux kernel, the following vulnerability has been resolved: mlxbf-bootctl: use sysfs_emit_at() in secure_boot_fuse_state_show() A warning is seen when running the latest kernel on a BlueField SOC: [251.512704] ------------[ cut here ]------------ [251.512711] invalid sysfs_emit: buf:0000000003aa32ae [251.512720] WARNING: CPU: 1 PID: 705264 at fs/sysfs/file.c

CVE-2025-38265 [MEDIUM] CVE-2025-38265: linux - In the Linux kernel, the following vulnerability has been resolved: serial: jsm... In the Linux kernel, the following vulnerability has been resolved: serial: jsm: fix NPE during jsm_uart_port_init No device was set which caused serial_base_ctrl_add to crash. BUG: kernel NULL pointer dereference, address: 0000000000000050 Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI CPU: 16 UID: 0 PID: 368 Comm: (udev-worker) Not tainted 6.12.25-amd64 #1 Debian 6.12.25

CVE-2025-68247 [LOW] CVE-2025-68247: linux - In the Linux kernel, the following vulnerability has been resolved: posix-timer... In the Linux kernel, the following vulnerability has been resolved: posix-timers: Plug potential memory leak in do_timer_create() When posix timer creation is set to allocate a given timer ID and the access to the user space value faults, the function terminates without freeing the already allocated posix timer structure. Move the allocation after the user space access

CVE-2025-21786 [HIGH] CVE-2025-21786: linux - In the Linux kernel, the following vulnerability has been resolved: workqueue: ... In the Linux kernel, the following vulnerability has been resolved: workqueue: Put the pwq after detaching the rescuer from the pool The commit 68f83057b913("workqueue: Reap workers via kthread_stop() and remove detach_completion") adds code to reap the normal workers but mistakenly does not handle the rescuer and also removes the code waiting for the rescuer in put_u

CVE-2025-40143 [LOW] CVE-2025-40143: linux - In the Linux kernel, the following vulnerability has been resolved: bpf: dont r... In the Linux kernel, the following vulnerability has been resolved: bpf: dont report verifier bug for missing bpf_scc_visit on speculative path Syzbot generated a program that triggers a verifier_bug() call in maybe_exit_scc(). maybe_exit_scc() assumes that, when called for a state with insn_idx in some SCC, there should be an instance of struct bpf_scc_visit allocated

CVE-2025-40336 [LOW] CVE-2025-40336: linux - In the Linux kernel, the following vulnerability has been resolved: drm/gpusvm:... In the Linux kernel, the following vulnerability has been resolved: drm/gpusvm: fix hmm_pfn_to_map_order() usage Handle the case where the hmm range partially covers a huge page (like 2M), otherwise we can potentially end up doing something nasty like mapping memory which is outside the range, and maybe not even mapped by the mm. Fix is based on the xe userptr code, wh

CVE-2025-21886 [MEDIUM] CVE-2025-21886: linux - In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: ... In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix implicit ODP hang on parent deregistration Fix the destroy_unused_implicit_child_mr() to prevent hanging during parent deregistration as of below [1]. Upon entering destroy_unused_implicit_child_mr(), the reference count for the implicit MR parent is incremented using: refcount_inc_no

CVE-2025-40298 [LOW] CVE-2025-40298: linux - In the Linux kernel, the following vulnerability has been resolved: gve: Implem... In the Linux kernel, the following vulnerability has been resolved: gve: Implement settime64 with -EOPNOTSUPP ptp_clock_settime() assumes every ptp_clock has implemented settime64(). Stub it with -EOPNOTSUPP to prevent a NULL dereference. Scope: local bookworm: resolved bullseye: resolved forky: resolved (fixed in 6.17.8-1) sid: resolved (fixed in 6.17.8-1) trixie: res

CVE-2025-39831 [MEDIUM] CVE-2025-39831: linux - In the Linux kernel, the following vulnerability has been resolved: fbnic: Move... In the Linux kernel, the following vulnerability has been resolved: fbnic: Move phylink resume out of service_task and into open/close The fbnic driver was presenting with the following locking assert coming out of a PM resume: [ 42.208116][ T164] RTNL: assertion failed at drivers/net/phy/phylink.c (2611) [ 42.208492][ T164] WARNING: CPU: 1 PID: 164 at drivers/net/p

CVE-2025-68184 [LOW] CVE-2025-68184: linux - In the Linux kernel, the following vulnerability has been resolved: drm/mediate... In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Disable AFBC support on Mediatek DRM driver Commit c410fa9b07c3 ("drm/mediatek: Add AFBC support to Mediatek DRM driver") added AFBC support to Mediatek DRM and enabled the 32x8/split/sparse modifier. However, this is currently broken on Mediatek MT8188 (Genio 700 EVK platform); tested us

CVE-2025-39780 [MEDIUM] CVE-2025-39780: linux - In the Linux kernel, the following vulnerability has been resolved: sched/ext: ... In the Linux kernel, the following vulnerability has been resolved: sched/ext: Fix invalid task state transitions on class switch When enabling a sched_ext scheduler, we may trigger invalid task state transitions, resulting in warnings like the following (which can be easily reproduced by running the hotplug selftest in a loop): sched_ext: Invalid task state transit

CVE-2025-40290 [LOW] CVE-2025-40290: linux - In the Linux kernel, the following vulnerability has been resolved: xsk: avoid ... In the Linux kernel, the following vulnerability has been resolved: xsk: avoid data corruption on cq descriptor number Since commit 30f241fcf52a ("xsk: Fix immature cq descriptor production"), the descriptor number is stored in skb control block and xsk_cq_submit_addr_locked() relies on it to put the umem addrs onto pool's completion queue. skb control block shouldn't

CVE-2025-38172 [HIGH] CVE-2025-38172: linux - In the Linux kernel, the following vulnerability has been resolved: erofs: avoi... In the Linux kernel, the following vulnerability has been resolved: erofs: avoid using multiple devices with different type For multiple devices, both primary and extra devices should be the same type. `erofs_init_device` has already guaranteed that if the primary is a file-backed device, extra devices should also be regular files. However, if the primary is a block d

CVE-2025-21672 [MEDIUM] CVE-2025-21672: linux - In the Linux kernel, the following vulnerability has been resolved: afs: Fix me... In the Linux kernel, the following vulnerability has been resolved: afs: Fix merge preference rule failure condition syzbot reported a lock held when returning to userspace[1]. This is because if argc is less than 0 and the function returns directly, the held inode lock is not released. Fix this by store the error in ret and jump to done to clean up instead of retur