Debian Linux vulnerabilities

CVE-2025-38637 [MEDIUM] CVE-2025-38637: linux - In the Linux kernel, the following vulnerability has been resolved: net_sched: ... In the Linux kernel, the following vulnerability has been resolved: net_sched: skbprio: Remove overly strict queue assertions In the current implementation, skbprio enqueue/dequeue contains an assertion that fails under certain conditions when SKBPRIO is used as a child qdisc under TBF with specific parameters. The failure occurs because TBF sometimes peeks at packe

CVE-2025-71236 [MEDIUM] CVE-2025-71236: linux - In the Linux kernel, the following vulnerability has been resolved: scsi: qla2x... In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Validate sp before freeing associated memory System crash with the following signature [154563.214890] nvme nvme2: NVME-FC{1}: controller connect complete [154564.169363] qla2xxx [0000:b0:00.1]-3002:2: nvme: Sched: Set ZIO exchange threshold to 3. [154564.169405] qla2xxx [0000:b0:00.1

CVE-2025-38516 [MEDIUM] CVE-2025-38516: linux - In the Linux kernel, the following vulnerability has been resolved: pinctrl: qc... In the Linux kernel, the following vulnerability has been resolved: pinctrl: qcom: msm: mark certain pins as invalid for interrupts On some platforms, the UFS-reset pin has no interrupt logic in TLMM but is nevertheless registered as a GPIO in the kernel. This enables the user-space to trigger a BUG() in the pinctrl-msm driver by running, for example: `gpiomon -c 0

CVE-2025-39902 [MEDIUM] CVE-2025-39902: linux - In the Linux kernel, the following vulnerability has been resolved: mm/slub: av... In the Linux kernel, the following vulnerability has been resolved: mm/slub: avoid accessing metadata when pointer is invalid in object_err() object_err() reports details of an object for further debugging, such as the freelist pointer, redzone, etc. However, if the pointer is invalid, attempting to access object metadata can lead to a crash since it does not point

CVE-2025-38491 [MEDIUM] CVE-2025-38491: linux - In the Linux kernel, the following vulnerability has been resolved: mptcp: make... In the Linux kernel, the following vulnerability has been resolved: mptcp: make fallback action and fallback decision atomic Syzkaller reported the following splat: WARNING: CPU: 1 PID: 7704 at net/mptcp/protocol.h:1223 __mptcp_do_fallback net/mptcp/protocol.h:1223 [inline] WARNING: CPU: 1 PID: 7704 at net/mptcp/protocol.h:1223 mptcp_do_fallback net/mptcp/protocol.h

CVE-2025-21941 [MEDIUM] CVE-2025-21941: linux - In the Linux kernel, the following vulnerability has been resolved: drm/amd/dis... In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix null check for pipe_ctx->plane_state in resource_build_scaling_params Null pointer dereference issue could occur when pipe_ctx->plane_state is null. The fix adds a check to ensure 'pipe_ctx->plane_state' is not null before accessing. This prevents a null pointer dereference. Fou

CVE-2025-37834 [MEDIUM] CVE-2025-37834: linux - In the Linux kernel, the following vulnerability has been resolved: mm/vmscan: ... In the Linux kernel, the following vulnerability has been resolved: mm/vmscan: don't try to reclaim hwpoison folio Syzkaller reports a bug as follows: Injecting memory failure for pfn 0x18b00e at process virtual address 0x20ffd000 Memory failure: 0x18b00e: dirty swapcache page still referenced by 2 users Memory failure: 0x18b00e: recovery action for dirty swapcache

CVE-2025-39838 [MEDIUM] CVE-2025-39838: linux - In the Linux kernel, the following vulnerability has been resolved: cifs: preve... In the Linux kernel, the following vulnerability has been resolved: cifs: prevent NULL pointer dereference in UTF16 conversion There can be a NULL pointer dereference bug here. NULL is passed to __cifs_sfu_make_node without checks, which passes it unchecked to cifs_strndup_to_utf16, which in turn passes it to cifs_local_to_utf16_bytes where '*from' is dereferenced,

CVE-2025-23161 [MEDIUM] CVE-2025-23161: linux - In the Linux kernel, the following vulnerability has been resolved: PCI: vmd: M... In the Linux kernel, the following vulnerability has been resolved: PCI: vmd: Make vmd_dev::cfg_lock a raw_spinlock_t type The access to the PCI config space via pci_ops::read and pci_ops::write is a low-level hardware access. The functions can be accessed with disabled interrupts even on PREEMPT_RT. The pci_lock is a raw_spinlock_t for this purpose. A spinlock_t be

CVE-2025-38569 [MEDIUM] CVE-2025-38569: linux - In the Linux kernel, the following vulnerability has been resolved: benet: fix ... In the Linux kernel, the following vulnerability has been resolved: benet: fix BUG when creating VFs benet crashes as soon as SRIOV VFs are created: kernel BUG at mm/vmalloc.c:3457! Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI CPU: 4 UID: 0 PID: 7408 Comm: test.sh Kdump: loaded Not tainted 6.16.0+ #1 PREEMPT(voluntary) [...] RIP: 0010:vunmap+0x5f/0x70 [...] Call

CVE-2025-71132 [MEDIUM] CVE-2025-71132: linux - In the Linux kernel, the following vulnerability has been resolved: smc91x: fix... In the Linux kernel, the following vulnerability has been resolved: smc91x: fix broken irq-context in PREEMPT_RT When smc91x.c is built with PREEMPT_RT, the following splat occurs in FVP_RevC: [ 13.055000] smc91x LNRO0003:00 eth0: link up, 10Mbps, half-duplex, lpa 0x0000 [ 13.062137] BUG: workqueue leaked atomic, lock or RCU: kworker/2:1[106] [ 13.062137] preempt=0x

CVE-2025-21970 [MEDIUM] CVE-2025-21970: linux - In the Linux kernel, the following vulnerability has been resolved: net/mlx5: B... In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Bridge, fix the crash caused by LAG state check When removing LAG device from bridge, NETDEV_CHANGEUPPER event is triggered. Driver finds the lower devices (PFs) to flush all the offloaded entries. And mlx5_lag_is_shared_fdb is checked, it returns false if one of PF is unloaded. In such ca

CVE-2025-38140 [MEDIUM] CVE-2025-38140: linux - In the Linux kernel, the following vulnerability has been resolved: dm: limit s... In the Linux kernel, the following vulnerability has been resolved: dm: limit swapping tables for devices with zone write plugs dm_revalidate_zones() only allowed new or previously unzoned devices to call blk_revalidate_disk_zones(). If the device was already zoned, disk->nr_zones would always equal md->nr_zones, so dm_revalidate_zones() returned without doing any w

CVE-2025-38045 [MEDIUM] CVE-2025-38045: linux - In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwi... In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: fix debug actions order The order of actions taken for debug was implemented incorrectly. Now we implemented the dump split and do the FW reset only in the middle of the dump (rather than the FW killing itself on error.) As a result, some of the actions taken when applying the config

CVE-2025-39772 [MEDIUM] CVE-2025-39772: linux - In the Linux kernel, the following vulnerability has been resolved: drm/hisilic... In the Linux kernel, the following vulnerability has been resolved: drm/hisilicon/hibmc: fix the hibmc loaded failed bug When hibmc loaded failed, the driver use hibmc_unload to free the resource, but the mutexes in mode.config are not init, which will access an NULL pointer. Just change goto statement to return, because hibnc_hw_init() doesn't need to free anything

CVE-2025-38039 [MEDIUM] CVE-2025-38039: linux - In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: ... In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Avoid WARN_ON when configuring MQPRIO with HTB offload enabled When attempting to enable MQPRIO while HTB offload is already configured, the driver currently returns `-EINVAL` and triggers a `WARN_ON`, leading to an unnecessary call trace. Update the code to handle this case more graceful

CVE-2025-21781 [MEDIUM] CVE-2025-21781: linux - In the Linux kernel, the following vulnerability has been resolved: batman-adv:... In the Linux kernel, the following vulnerability has been resolved: batman-adv: fix panic during interface removal Reference counting is used to ensure that batadv_hardif_neigh_node and batadv_hard_iface are not freed before/during batadv_v_elp_throughput_metric_update work is finished. But there isn't a guarantee that the hard if will remain associated with a soft

CVE-2025-37917 [MEDIUM] CVE-2025-37917: linux - In the Linux kernel, the following vulnerability has been resolved: net: ethern... In the Linux kernel, the following vulnerability has been resolved: net: ethernet: mtk-star-emac: fix spinlock recursion issues on rx/tx poll Use spin_lock_irqsave and spin_unlock_irqrestore instead of spin_lock and spin_unlock in mtk_star_emac driver to avoid spinlock recursion occurrence that can happen when enabling the DMA interrupts again in rx/tx poll. ``` BUG

CVE-2025-39694 [MEDIUM] CVE-2025-39694: linux - In the Linux kernel, the following vulnerability has been resolved: s390/sclp: ... In the Linux kernel, the following vulnerability has been resolved: s390/sclp: Fix SCCB present check Tracing code called by the SCLP interrupt handler contains early exits if the SCCB address associated with an interrupt is NULL. This check is performed after physical to virtual address translation. If the kernel identity mapping does not start at address zero, the

CVE-2025-38663 [MEDIUM] CVE-2025-38663: linux - In the Linux kernel, the following vulnerability has been resolved: nilfs2: rej... In the Linux kernel, the following vulnerability has been resolved: nilfs2: reject invalid file types when reading inodes To prevent inodes with invalid file types from tripping through the vfs and causing malfunctions or assertion failures, add a missing sanity check when reading an inode from a block device. If the file type is not valid, treat it as a filesystem