linux package
kernel
pkg:linux/kernel
Vulnerabilities (1,755)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-71125 | — | >= 4.17.0, < 5.10.248 | 5.10.248 | Jan 14, 2026 | In the Linux kernel, the following vulnerability has been resolved: tracing: Do not register unsupported perf events Synthetic events currently do not have a function to register perf events. This leads to calling the tracepoint register functions with a NULL function pointer w | ||
| CVE-2025-71124 | — | >= 6.13.0, < 6.18.3 | 6.18.3 | Jan 14, 2026 | In the Linux kernel, the following vulnerability has been resolved: drm/msm/a6xx: move preempt_prepare_postamble after error check Move the call to preempt_prepare_postamble() after verifying that preempt_postamble_ptr is valid. If preempt_postamble_ptr is NULL, dereferencing i | ||
| CVE-2025-71123 | — | < 5.10.248 | 5.10.248 | Jan 14, 2026 | In the Linux kernel, the following vulnerability has been resolved: ext4: fix string copying in parse_apply_sb_mount_options() strscpy_pad() can't be used to copy a non-NUL-term string into a NUL-term string of possibly bigger size. Commit 0efc5990bca5 ("string.h: Introduce me | ||
| CVE-2025-71122 | — | >= 6.2.0, < 6.6.120 | 6.6.120 | Jan 14, 2026 | In the Linux kernel, the following vulnerability has been resolved: iommufd/selftest: Check for overflow in IOMMU_TEST_OP_ADD_RESERVED syzkaller found it could overflow math in the test infrastructure and cause a WARN_ON by corrupting the reserved interval tree. This only effec | ||
| CVE-2025-71121 | — | < 5.10.248 | 5.10.248 | Jan 14, 2026 | In the Linux kernel, the following vulnerability has been resolved: parisc: Do not reprogram affinitiy on ASP chip The ASP chip is a very old variant of the GSP chip and is used e.g. in HP 730 workstations. When trying to reprogram the affinity it will crash with a HPMC as the | ||
| CVE-2025-71120 | — | >= 5.5.0, < 5.10.248 | 5.10.248 | Jan 14, 2026 | In the Linux kernel, the following vulnerability has been resolved: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf A zero length gss_token results in pages == 0 and in_token->pages[0] is NULL. The code unconditionally evaluates page_addres | ||
| CVE-2025-71119 | — | < 6.1.160 | 6.1.160 | Jan 14, 2026 | In the Linux kernel, the following vulnerability has been resolved: powerpc/kexec: Enable SMT before waking offline CPUs If SMT is disabled or a partial SMT state is enabled, when a new kernel image is loaded for kexec, on reboot the following warning is observed: kexec: Wakin | ||
| CVE-2025-71118 | — | >= 2.6.12, < 5.10.248 | 5.10.248 | Jan 14, 2026 | In the Linux kernel, the following vulnerability has been resolved: ACPICA: Avoid walking the Namespace if start_node is NULL Although commit 0c9992315e73 ("ACPICA: Avoid walking the ACPI Namespace if it is not there") fixed the situation when both start_node and acpi_gbl_root_ | ||
| CVE-2025-71117 | — | >= 6.11.0, < 6.18.3 | 6.18.3 | Jan 14, 2026 | In the Linux kernel, the following vulnerability has been resolved: block: Remove queue freezing from several sysfs store callbacks Freezing the request queue from inside sysfs store callbacks may cause a deadlock in combination with the dm-multipath driver and the queue_if_no_ | ||
| CVE-2025-71116 | — | >= 3.9.0, < 5.10.248 | 5.10.248 | Jan 14, 2026 | In the Linux kernel, the following vulnerability has been resolved: libceph: make decode_pool() more resilient against corrupted osdmaps If the osdmap is (maliciously) corrupted such that the encoded length of ceph_pg_pool envelope is less than what is expected for a particular | ||
| CVE-2025-71115 | — | >= 6.13.0, < 6.18.3 | 6.18.3 | Jan 14, 2026 | In the Linux kernel, the following vulnerability has been resolved: um: init cpu_tasks[] earlier This is currently done in uml_finishsetup(), but e.g. with KCOV enabled we'll crash because some init code can call into e.g. memparse(), which has coverage annotations, and then th | ||
| CVE-2025-71114 | — | >= 3.3.0, < 5.10.248 | 5.10.248 | Jan 14, 2026 | In the Linux kernel, the following vulnerability has been resolved: via_wdt: fix critical boot hang due to unnamed resource allocation The VIA watchdog driver uses allocate_resource() to reserve a MMIO region for the watchdog control register. However, the allocated resource wa | ||
| CVE-2025-71113 | — | >= 2.6.38, < 5.10.248 | 5.10.248 | Jan 14, 2026 | In the Linux kernel, the following vulnerability has been resolved: crypto: af_alg - zero initialize memory allocated via sock_kmalloc Several crypto user API contexts and requests allocated with sock_kmalloc() were left uninitialized, relying on callers to set fields explicitl | ||
| CVE-2025-71112 | — | >= 5.3.0, < 5.10.248 | 5.10.248 | Jan 14, 2026 | In the Linux kernel, the following vulnerability has been resolved: net: hns3: add VLAN id validation before using Currently, the VLAN id may be used without validation when receive a VLAN configuration mailbox from VF. The length of vlan_del_fail_bmap is BITS_TO_LONGS(VLAN_N_V | ||
| CVE-2025-71111 | — | >= 2.6.18, < 5.10.248 | 5.10.248 | Jan 14, 2026 | In the Linux kernel, the following vulnerability has been resolved: hwmon: (w83791d) Convert macros to functions to avoid TOCTOU The macro FAN_FROM_REG evaluates its arguments multiple times. When used in lockless contexts involving shared driver data, this leads to Time-of-Che | ||
| CVE-2025-71110 | — | >= 6.18.0, < 6.18.3 | 6.18.3 | Jan 14, 2026 | In the Linux kernel, the following vulnerability has been resolved: mm/slub: reset KASAN tag in defer_free() before accessing freed memory When CONFIG_SLUB_TINY is enabled, kfree_nolock() calls kasan_slab_free() before defer_free(). On ARM64 with MTE (Memory Tagging Extension), | ||
| CVE-2025-71109 | — | >= 2.6.35, < 6.12.64 | 6.12.64 | Jan 14, 2026 | In the Linux kernel, the following vulnerability has been resolved: MIPS: ftrace: Fix memory corruption when kernel is located beyond 32 bits Since commit e424054000878 ("MIPS: Tracing: Reduce the overhead of dynamic Function Tracer"), the macro UASM_i_LA_mostly has been used, | ||
| CVE-2025-71108 | — | >= 4.13.0, < 5.10.248 | 5.10.248 | Jan 14, 2026 | In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: Handle incorrect num_connectors capability The UCSI spec states that the num_connectors field is 7 bits, and the 8th bit is reserved and should be set to zero. Some buggy FW has been known to | ||
| CVE-2025-71107 | — | >= 6.5.0, < 6.6.120 | 6.6.120 | Jan 14, 2026 | In the Linux kernel, the following vulnerability has been resolved: f2fs: ensure node page reads complete before f2fs_put_super() finishes Xfstests generic/335, generic/336 sometimes crash with the following message: F2FS-fs (dm-0): detect filesystem reference count leak durin | ||
| CVE-2025-71106 | — | >= 6.18.0, < 6.18.3 | 6.18.3 | Jan 14, 2026 | In the Linux kernel, the following vulnerability has been resolved: fs: PM: Fix reverse check in filesystems_freeze_callback() The freeze_all_ptr check in filesystems_freeze_callback() introduced by commit a3f8f8662771 ("power: always freeze efivarfs") is reverse which quite co |
- CVE-2025-71125Jan 14, 2026affected >= 4.17.0, < 5.10.248fixed 5.10.248
In the Linux kernel, the following vulnerability has been resolved: tracing: Do not register unsupported perf events Synthetic events currently do not have a function to register perf events. This leads to calling the tracepoint register functions with a NULL function pointer w
- CVE-2025-71124Jan 14, 2026affected >= 6.13.0, < 6.18.3fixed 6.18.3
In the Linux kernel, the following vulnerability has been resolved: drm/msm/a6xx: move preempt_prepare_postamble after error check Move the call to preempt_prepare_postamble() after verifying that preempt_postamble_ptr is valid. If preempt_postamble_ptr is NULL, dereferencing i
- CVE-2025-71123Jan 14, 2026affected < 5.10.248fixed 5.10.248
In the Linux kernel, the following vulnerability has been resolved: ext4: fix string copying in parse_apply_sb_mount_options() strscpy_pad() can't be used to copy a non-NUL-term string into a NUL-term string of possibly bigger size. Commit 0efc5990bca5 ("string.h: Introduce me
- CVE-2025-71122Jan 14, 2026affected >= 6.2.0, < 6.6.120fixed 6.6.120
In the Linux kernel, the following vulnerability has been resolved: iommufd/selftest: Check for overflow in IOMMU_TEST_OP_ADD_RESERVED syzkaller found it could overflow math in the test infrastructure and cause a WARN_ON by corrupting the reserved interval tree. This only effec
- CVE-2025-71121Jan 14, 2026affected < 5.10.248fixed 5.10.248
In the Linux kernel, the following vulnerability has been resolved: parisc: Do not reprogram affinitiy on ASP chip The ASP chip is a very old variant of the GSP chip and is used e.g. in HP 730 workstations. When trying to reprogram the affinity it will crash with a HPMC as the
- CVE-2025-71120Jan 14, 2026affected >= 5.5.0, < 5.10.248fixed 5.10.248
In the Linux kernel, the following vulnerability has been resolved: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf A zero length gss_token results in pages == 0 and in_token->pages[0] is NULL. The code unconditionally evaluates page_addres
- CVE-2025-71119Jan 14, 2026affected < 6.1.160fixed 6.1.160
In the Linux kernel, the following vulnerability has been resolved: powerpc/kexec: Enable SMT before waking offline CPUs If SMT is disabled or a partial SMT state is enabled, when a new kernel image is loaded for kexec, on reboot the following warning is observed: kexec: Wakin
- CVE-2025-71118Jan 14, 2026affected >= 2.6.12, < 5.10.248fixed 5.10.248
In the Linux kernel, the following vulnerability has been resolved: ACPICA: Avoid walking the Namespace if start_node is NULL Although commit 0c9992315e73 ("ACPICA: Avoid walking the ACPI Namespace if it is not there") fixed the situation when both start_node and acpi_gbl_root_
- CVE-2025-71117Jan 14, 2026affected >= 6.11.0, < 6.18.3fixed 6.18.3
In the Linux kernel, the following vulnerability has been resolved: block: Remove queue freezing from several sysfs store callbacks Freezing the request queue from inside sysfs store callbacks may cause a deadlock in combination with the dm-multipath driver and the queue_if_no_
- CVE-2025-71116Jan 14, 2026affected >= 3.9.0, < 5.10.248fixed 5.10.248
In the Linux kernel, the following vulnerability has been resolved: libceph: make decode_pool() more resilient against corrupted osdmaps If the osdmap is (maliciously) corrupted such that the encoded length of ceph_pg_pool envelope is less than what is expected for a particular
- CVE-2025-71115Jan 14, 2026affected >= 6.13.0, < 6.18.3fixed 6.18.3
In the Linux kernel, the following vulnerability has been resolved: um: init cpu_tasks[] earlier This is currently done in uml_finishsetup(), but e.g. with KCOV enabled we'll crash because some init code can call into e.g. memparse(), which has coverage annotations, and then th
- CVE-2025-71114Jan 14, 2026affected >= 3.3.0, < 5.10.248fixed 5.10.248
In the Linux kernel, the following vulnerability has been resolved: via_wdt: fix critical boot hang due to unnamed resource allocation The VIA watchdog driver uses allocate_resource() to reserve a MMIO region for the watchdog control register. However, the allocated resource wa
- CVE-2025-71113Jan 14, 2026affected >= 2.6.38, < 5.10.248fixed 5.10.248
In the Linux kernel, the following vulnerability has been resolved: crypto: af_alg - zero initialize memory allocated via sock_kmalloc Several crypto user API contexts and requests allocated with sock_kmalloc() were left uninitialized, relying on callers to set fields explicitl
- CVE-2025-71112Jan 14, 2026affected >= 5.3.0, < 5.10.248fixed 5.10.248
In the Linux kernel, the following vulnerability has been resolved: net: hns3: add VLAN id validation before using Currently, the VLAN id may be used without validation when receive a VLAN configuration mailbox from VF. The length of vlan_del_fail_bmap is BITS_TO_LONGS(VLAN_N_V
- CVE-2025-71111Jan 14, 2026affected >= 2.6.18, < 5.10.248fixed 5.10.248
In the Linux kernel, the following vulnerability has been resolved: hwmon: (w83791d) Convert macros to functions to avoid TOCTOU The macro FAN_FROM_REG evaluates its arguments multiple times. When used in lockless contexts involving shared driver data, this leads to Time-of-Che
- CVE-2025-71110Jan 14, 2026affected >= 6.18.0, < 6.18.3fixed 6.18.3
In the Linux kernel, the following vulnerability has been resolved: mm/slub: reset KASAN tag in defer_free() before accessing freed memory When CONFIG_SLUB_TINY is enabled, kfree_nolock() calls kasan_slab_free() before defer_free(). On ARM64 with MTE (Memory Tagging Extension),
- CVE-2025-71109Jan 14, 2026affected >= 2.6.35, < 6.12.64fixed 6.12.64
In the Linux kernel, the following vulnerability has been resolved: MIPS: ftrace: Fix memory corruption when kernel is located beyond 32 bits Since commit e424054000878 ("MIPS: Tracing: Reduce the overhead of dynamic Function Tracer"), the macro UASM_i_LA_mostly has been used,
- CVE-2025-71108Jan 14, 2026affected >= 4.13.0, < 5.10.248fixed 5.10.248
In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: Handle incorrect num_connectors capability The UCSI spec states that the num_connectors field is 7 bits, and the 8th bit is reserved and should be set to zero. Some buggy FW has been known to
- CVE-2025-71107Jan 14, 2026affected >= 6.5.0, < 6.6.120fixed 6.6.120
In the Linux kernel, the following vulnerability has been resolved: f2fs: ensure node page reads complete before f2fs_put_super() finishes Xfstests generic/335, generic/336 sometimes crash with the following message: F2FS-fs (dm-0): detect filesystem reference count leak durin
- CVE-2025-71106Jan 14, 2026affected >= 6.18.0, < 6.18.3fixed 6.18.3
In the Linux kernel, the following vulnerability has been resolved: fs: PM: Fix reverse check in filesystems_freeze_callback() The freeze_all_ptr check in filesystems_freeze_callback() introduced by commit a3f8f8662771 ("power: always freeze efivarfs") is reverse which quite co
Page 15 of 88