Debian Linux vulnerabilities

CVE-2025-40052 [LOW] CVE-2025-40052: linux - In the Linux kernel, the following vulnerability has been resolved: smb: client... In the Linux kernel, the following vulnerability has been resolved: smb: client: fix crypto buffers in non-linear memory The crypto API, through the scatterlist API, expects input buffers to be in linear memory. We handle this with the cifs_sg_set_buf() helper that converts vmalloc'd memory to their corresponding pages. However, when we allocate our aead_request buffer

CVE-2025-40234 [LOW] CVE-2025-40234: linux - In the Linux kernel, the following vulnerability has been resolved: platform/x8... In the Linux kernel, the following vulnerability has been resolved: platform/x86: alienware-wmi-wmax: Fix NULL pointer dereference in sleep handlers Devices without the AWCC interface don't initialize `awcc`. Add a check before dereferencing it in sleep handlers. Scope: local bookworm: resolved bullseye: resolved forky: resolved (fixed in 6.17.6-1) sid: resolved (fixed

CVE-2025-37907 [MEDIUM] CVE-2025-37907: linux - In the Linux kernel, the following vulnerability has been resolved: accel/ivpu:... In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Fix locking order in ivpu_job_submit Fix deadlock in job submission and abort handling. When a thread aborts currently executing jobs due to a fault, it first locks the global lock protecting submitted_jobs (#1). After the last job is destroyed, it proceeds to release the related context

CVE-2025-22024 [MEDIUM] CVE-2025-22024: linux - In the Linux kernel, the following vulnerability has been resolved: nfsd: fix m... In the Linux kernel, the following vulnerability has been resolved: nfsd: fix management of listener transports Currently, when no active threads are running, a root user using nfsdctl command can try to remove a particular listener from the list of previously added ones, then start the server by increasing the number of threads, it leads to the following problem: [

CVE-2025-37744 [MEDIUM] CVE-2025-37744: linux - In the Linux kernel, the following vulnerability has been resolved: wifi: ath12... In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix memory leak in ath12k_pci_remove() Kmemleak reported this error: unreferenced object 0xffff1c165cec3060 (size 32): comm "insmod", pid 560, jiffies 4296964570 (age 235.596s) backtrace: [] __kmem_cache_alloc_node+0x1f4/0x2c0 [] kmalloc_trace+0x40/0x88 [] _request_firmware+0xb8/0x608

CVE-2025-21966 [HIGH] CVE-2025-21966: linux - In the Linux kernel, the following vulnerability has been resolved: dm-flakey: ... In the Linux kernel, the following vulnerability has been resolved: dm-flakey: Fix memory corruption in optional corrupt_bio_byte feature Fix memory corruption due to incorrect parameter being passed to bio_init Scope: local bookworm: resolved bullseye: resolved forky: resolved (fixed in 6.12.20-1) sid: resolved (fixed in 6.12.20-1) trixie: resolved (fixed in 6.12.20-

CVE-2025-40356 [LOW] CVE-2025-40356: linux - In the Linux kernel, the following vulnerability has been resolved: spi: rockch... In the Linux kernel, the following vulnerability has been resolved: spi: rockchip-sfc: Fix DMA-API usage Use DMA-API dma_map_single() call for getting the DMA address of the transfer buffer instead of hacking with virt_to_phys(). This fixes the following DMA-API debug warning: ------------[ cut here ]------------ DMA-API: rockchip-sfc fe300000.spi: device driver tries

CVE-2025-40229 [LOW] CVE-2025-40229: linux - In the Linux kernel, the following vulnerability has been resolved: mm/damon/co... In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: fix potential memory leak by cleaning ops_filter in damon_destroy_scheme Currently, damon_destroy_scheme() only cleans up the filter list but leaves ops_filter untouched, which could lead to memory leaks when a scheme is destroyed. This patch ensures both filter and ops_filter are proper

CVE-2025-37941 [MEDIUM] CVE-2025-37941: linux - In the Linux kernel, the following vulnerability has been resolved: ASoC: codec... In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: wcd937x: fix a potential memory leak in wcd937x_soc_codec_probe() When snd_soc_dapm_new_controls() or snd_soc_dapm_add_routes() fails, wcd937x_soc_codec_probe() returns without releasing 'wcd937x->clsh_info', which is allocated by wcd_clsh_ctrl_alloc. Add wcd_clsh_ctrl_free() to preven

CVE-2025-40165 [LOW] CVE-2025-40165: linux - In the Linux kernel, the following vulnerability has been resolved: media: nxp:... In the Linux kernel, the following vulnerability has been resolved: media: nxp: imx8-isi: m2m: Fix streaming cleanup on release If streamon/streamoff calls are imbalanced, such as when exiting an application with Ctrl+C when streaming, the m2m usage_count will never reach zero and the ISI channel won't be freed. Besides from that, if the input line width is more than 2

CVE-2025-38549 [MEDIUM] CVE-2025-38549: linux - In the Linux kernel, the following vulnerability has been resolved: efivarfs: F... In the Linux kernel, the following vulnerability has been resolved: efivarfs: Fix memory leak of efivarfs_fs_info in fs_context error paths When processing mount options, efivarfs allocates efivarfs_fs_info (sfi) early in fs_context initialization. However, sfi is associated with the superblock and typically freed when the superblock is destroyed. If the fs_context

CVE-2025-38370 [MEDIUM] CVE-2025-38370: linux - In the Linux kernel, the following vulnerability has been resolved: btrfs: fix ... In the Linux kernel, the following vulnerability has been resolved: btrfs: fix failure to rebuild free space tree using multiple transactions If we are rebuilding a free space tree, while modifying the free space tree we may need to allocate a new metadata block group. If we end up using multiple transactions for the rebuild, when we call btrfs_end_transaction() we

CVE-2025-68318 [LOW] CVE-2025-68318: linux - In the Linux kernel, the following vulnerability has been resolved: clk: thead:... In the Linux kernel, the following vulnerability has been resolved: clk: thead: th1520-ap: set all AXI clocks to CLK_IS_CRITICAL The AXI crossbar of TH1520 has no proper timeout handling, which means gating AXI clocks can easily lead to bus timeout and thus system hang. Set all AXI clock gates to CLK_IS_CRITICAL. All these clock gates are ungated by default on system r

CVE-2025-38454 [MEDIUM] CVE-2025-38454: linux - In the Linux kernel, the following vulnerability has been resolved: ALSA: ad181... In the Linux kernel, the following vulnerability has been resolved: ALSA: ad1816a: Fix potential NULL pointer deref in snd_card_ad1816a_pnp() Use pr_warn() instead of dev_warn() when 'pdev' is NULL to avoid a potential NULL pointer dereference. Scope: local bookworm: resolved bullseye: resolved forky: resolved (fixed in 6.16.3-1) sid: resolved (fixed in 6.16.3-1) tr

CVE-2025-38329 [HIGH] CVE-2025-38329: linux - In the Linux kernel, the following vulnerability has been resolved: firmware: c... In the Linux kernel, the following vulnerability has been resolved: firmware: cs_dsp: Fix OOB memory read access in KUnit test (wmfw info) KASAN reported out of bounds access - cs_dsp_mock_wmfw_add_info(), because the source string length was rounded up to the allocation size. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: res

CVE-2025-71195 [LOW] CVE-2025-71195: linux - In the Linux kernel, the following vulnerability has been resolved: dmaengine: ... In the Linux kernel, the following vulnerability has been resolved: dmaengine: xilinx: xdma: Fix regmap max_register The max_register field is assigned the size of the register memory region instead of the offset of the last register. The result is that reading from the regmap via debugfs can cause a segmentation fault: tail /sys/kernel/debug/regmap/xdma.1.auto/registe

CVE-2025-40295 [LOW] CVE-2025-40295: linux - In the Linux kernel, the following vulnerability has been resolved: fscrypt: fi... In the Linux kernel, the following vulnerability has been resolved: fscrypt: fix left shift underflow when inode->i_blkbits > PAGE_SHIFT When simulating an nvme device on qemu with both logical_block_size and physical_block_size set to 8 KiB, an error trace appears during partition table reading at boot time. The issue is caused by inode->i_blkbits being larger than PA

CVE-2025-68216 [LOW] CVE-2025-68216: linux - In the Linux kernel, the following vulnerability has been resolved: LoongArch: ... In the Linux kernel, the following vulnerability has been resolved: LoongArch: BPF: Disable trampoline for kernel module function trace The current LoongArch BPF trampoline implementation is incompatible with tracing functions in kernel modules. This causes several severe and user-visible problems: * The `bpf_selftests/module_attach` test fails consistently. * Kernel l

CVE-2025-38633 [MEDIUM] CVE-2025-38633: linux - In the Linux kernel, the following vulnerability has been resolved: clk: spacem... In the Linux kernel, the following vulnerability has been resolved: clk: spacemit: mark K1 pll1_d8 as critical The pll1_d8 clock is enabled by the boot loader, and is ultimately a parent for numerous clocks, including those used by APB and AXI buses. Guodong Xu discovered that this clock got disabled while responding to getting -EPROBE_DEFER when requesting a reset

CVE-2025-38381 [MEDIUM] CVE-2025-38381: linux - In the Linux kernel, the following vulnerability has been resolved: Input: cs40... In the Linux kernel, the following vulnerability has been resolved: Input: cs40l50-vibra - fix potential NULL dereference in cs40l50_upload_owt() The cs40l50_upload_owt() function allocates memory via kmalloc() without checking for allocation failure, which could lead to a NULL pointer dereference. Return -ENOMEM in case allocation fails. Scope: local bookworm: reso