Debian Linux vulnerabilities

CVE-2025-37871 [MEDIUM] CVE-2025-37871: linux - In the Linux kernel, the following vulnerability has been resolved: nfsd: decre... In the Linux kernel, the following vulnerability has been resolved: nfsd: decrease sc_count directly if fail to queue dl_recall A deadlock warning occurred when invoking nfs4_put_stid following a failed dl_recall queue operation: T1 T2 nfs4_laundromat nfs4_get_client_reaplist nfs4_anylock_blockers __break_lease spin_lock // ctx->flc_lock spin_lock // clp->cl_lock nf

CVE-2025-38634 [MEDIUM] CVE-2025-38634: linux - In the Linux kernel, the following vulnerability has been resolved: power: supp... In the Linux kernel, the following vulnerability has been resolved: power: supply: cpcap-charger: Fix null check for power_supply_get_by_name In the cpcap_usb_detect() function, the power_supply_get_by_name() function may return `NULL` instead of an error pointer. To prevent potential null pointer dereferences, Added a null check. Scope: local bookworm: resolved (fi

CVE-2025-38173 [MEDIUM] CVE-2025-38173: linux - In the Linux kernel, the following vulnerability has been resolved: crypto: mar... In the Linux kernel, the following vulnerability has been resolved: crypto: marvell/cesa - Handle zero-length skcipher requests Do not access random memory for zero-length skcipher requests. Just return 0. Scope: local bookworm: resolved (fixed in 6.1.147-1) bullseye: resolved (fixed in 5.10.244-1) forky: resolved (fixed in 6.12.35-1) sid: resolved (fixed in 6.12.35

CVE-2025-38457 [MEDIUM] CVE-2025-38457: linux - In the Linux kernel, the following vulnerability has been resolved: net/sched: ... In the Linux kernel, the following vulnerability has been resolved: net/sched: Abort __tc_modify_qdisc if parent class does not exist Lion's patch [1] revealed an ancient bug in the qdisc API. Whenever a user creates/modifies a qdisc specifying as a parent another qdisc, the qdisc API will, during grafting, detect that the user is not trying to attach to a class and

CVE-2025-38085 [MEDIUM] CVE-2025-38085: linux - In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb:... In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race huge_pmd_unshare() drops a reference on a page table that may have previously been shared across processes, potentially turning it into a normal page table used in another process in which unrelated VMAs can afterwards be installed. If this happens

CVE-2025-39819 [MEDIUM] CVE-2025-39819: linux - In the Linux kernel, the following vulnerability has been resolved: fs/smb: Fix... In the Linux kernel, the following vulnerability has been resolved: fs/smb: Fix inconsistent refcnt update A possible inconsistent update of refcount was identified in `smb2_compound_op`. Such inconsistent update could lead to possible resource leaks. Why it is a possible bug: 1. In the comment section of the function, it clearly states that the reference to `cfile`

CVE-2025-71095 [MEDIUM] CVE-2025-71095: linux - In the Linux kernel, the following vulnerability has been resolved: net: stmmac... In the Linux kernel, the following vulnerability has been resolved: net: stmmac: fix the crash issue for zero copy XDP_TX action There is a crash issue when running zero copy XDP_TX action, the crash log is shown below. [ 216.122464] Unable to handle kernel paging request at virtual address fffeffff80000000 [ 216.187524] Internal error: Oops: 0000000096000144 [#1] S

CVE-2025-21667 [MEDIUM] CVE-2025-21667: linux - In the Linux kernel, the following vulnerability has been resolved: iomap: avoi... In the Linux kernel, the following vulnerability has been resolved: iomap: avoid avoid truncating 64-bit offset to 32 bits on 32-bit kernels, iomap_write_delalloc_scan() was inadvertently using a 32-bit position due to folio_next_index() returning an unsigned long. This could lead to an infinite loop when writing to an xfs filesystem. Scope: local bookworm: resolved

CVE-2025-22089 [MEDIUM] CVE-2025-22089: linux - In the Linux kernel, the following vulnerability has been resolved: RDMA/core: ... In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Don't expose hw_counters outside of init net namespace Commit 467f432a521a ("RDMA/core: Split port and device counter sysfs attributes") accidentally almost exposed hw counters to non-init net namespaces. It didn't expose them fully, as an attempt to read any of those counters leads to a

CVE-2025-21750 [MEDIUM] CVE-2025-21750: linux - In the Linux kernel, the following vulnerability has been resolved: wifi: brcmf... In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: Check the return value of of_property_read_string_index() Somewhen between 6.10 and 6.11 the driver started to crash on my MacBookPro14,3. The property doesn't exist and 'tmp' remains uninitialized, so we pass a random pointer to devm_kstrdup(). The crash I am getting looks like this

CVE-2025-37959 [MEDIUM] CVE-2025-37959: linux - In the Linux kernel, the following vulnerability has been resolved: bpf: Scrub ... In the Linux kernel, the following vulnerability has been resolved: bpf: Scrub packet on bpf_redirect_peer When bpf_redirect_peer is used to redirect packets to a device in another network namespace, the skb isn't scrubbed. That can lead skb information from one namespace to be "misused" in another namespace. As one example, this is causing Cilium to drop traffic wh

CVE-2025-21951 [MEDIUM] CVE-2025-21951: linux - In the Linux kernel, the following vulnerability has been resolved: bus: mhi: h... In the Linux kernel, the following vulnerability has been resolved: bus: mhi: host: pci_generic: Use pci_try_reset_function() to avoid deadlock There are multiple places from where the recovery work gets scheduled asynchronously. Also, there are multiple places where the caller waits synchronously for the recovery to be completed. One such place is during the PM shu

CVE-2025-38732 [MEDIUM] CVE-2025-38732: linux - In the Linux kernel, the following vulnerability has been resolved: netfilter: ... In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_reject: don't leak dst refcount for loopback packets recent patches to add a WARN() when replacing skb dst entry found an old bug: WARNING: include/linux/skbuff.h:1165 skb_dst_check_unset include/linux/skbuff.h:1164 [inline] WARNING: include/linux/skbuff.h:1165 skb_dst_set include/linu

CVE-2025-38331 [MEDIUM] CVE-2025-38331: linux - In the Linux kernel, the following vulnerability has been resolved: net: ethern... In the Linux kernel, the following vulnerability has been resolved: net: ethernet: cortina: Use TOE/TSO on all TCP It is desireable to push the hardware accelerator to also process non-segmented TCP frames: we pass the skb->len to the "TOE/TSO" offloader and it will handle them. Without this quirk the driver becomes unstable and lock up and and crash. I do not know

CVE-2025-21964 [MEDIUM] CVE-2025-21964: linux - In the Linux kernel, the following vulnerability has been resolved: cifs: Fix i... In the Linux kernel, the following vulnerability has been resolved: cifs: Fix integer overflow while processing acregmax mount option User-provided mount parameter acregmax of type u32 is intended to have an upper limit, but before it is validated, the value is converted from seconds to jiffies which can lead to an integer overflow. Found by Linux Verification Cente

CVE-2025-37985 [MEDIUM] CVE-2025-37985: linux - In the Linux kernel, the following vulnerability has been resolved: USB: wdm: c... In the Linux kernel, the following vulnerability has been resolved: USB: wdm: close race between wdm_open and wdm_wwan_port_stop Clearing WDM_WWAN_IN_USE must be the last action or we can open a chardev whose URBs are still poisoned Scope: local bookworm: resolved (fixed in 6.1.137-1) bullseye: resolved forky: resolved (fixed in 6.12.27-1) sid: resolved (fixed in 6.

CVE-2025-37830 [MEDIUM] CVE-2025-37830: linux - In the Linux kernel, the following vulnerability has been resolved: cpufreq: sc... In the Linux kernel, the following vulnerability has been resolved: cpufreq: scmi: Fix null-ptr-deref in scmi_cpufreq_get_rate() cpufreq_cpu_get_raw() can return NULL when the target CPU is not present in the policy->cpus mask. scmi_cpufreq_get_rate() does not check for this case, which results in a NULL pointer dereference. Add NULL check after cpufreq_cpu_get_raw(

CVE-2025-39846 [MEDIUM] CVE-2025-39846: linux - In the Linux kernel, the following vulnerability has been resolved: pcmcia: Fix... In the Linux kernel, the following vulnerability has been resolved: pcmcia: Fix a NULL pointer dereference in __iodyn_find_io_region() In __iodyn_find_io_region(), pcmcia_make_resource() is assigned to res and used in pci_bus_alloc_resource(). There is a dereference of res in pci_bus_alloc_resource(), which could lead to a NULL pointer dereference on failure of pcmc

CVE-2025-38470 [MEDIUM] CVE-2025-38470: linux - In the Linux kernel, the following vulnerability has been resolved: net: vlan: ... In the Linux kernel, the following vulnerability has been resolved: net: vlan: fix VLAN 0 refcount imbalance of toggling filtering during runtime Assuming the "rx-vlan-filter" feature is enabled on a net device, the 8021q module will automatically add or remove VLAN 0 when the net device is put administratively up or down, respectively. There are a couple of problem

CVE-2025-23132 [MEDIUM] CVE-2025-23132: linux - In the Linux kernel, the following vulnerability has been resolved: f2fs: quota... In the Linux kernel, the following vulnerability has been resolved: f2fs: quota: fix to avoid warning in dquot_writeback_dquots() F2FS-fs (dm-59): checkpoint=enable has some unwritten data. ------------[ cut here ]------------ WARNING: CPU: 6 PID: 8013 at fs/quota/dquot.c:691 dquot_writeback_dquots+0x2fc/0x308 pc : dquot_writeback_dquots+0x2fc/0x308 lr : f2fs_quota_