linux package
kernel
pkg:linux/kernel
Vulnerabilities (1,755)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-68771 | — | >= 2.6.16, < 5.10.248 | 5.10.248 | Jan 13, 2026 | In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix kernel BUG in ocfs2_find_victim_chain syzbot reported a kernel BUG in ocfs2_find_victim_chain() because the `cl_next_free_rec` field of the allocation chain list (next free slot in the chain list) is | ||
| CVE-2025-68770 | — | >= 6.8.0, < 6.12.64 | 6.12.64 | Jan 13, 2026 | In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Fix XDP_TX path For XDP_TX action in bnxt_rx_xdp(), clearing of the event flags is not correct. __bnxt_poll_work() -> bnxt_rx_pkt() -> bnxt_rx_xdp() may be looping within NAPI and some event flags may | ||
| CVE-2025-68769 | — | >= 4.7.0, < 5.10.248 | 5.10.248 | Jan 13, 2026 | In the Linux kernel, the following vulnerability has been resolved: f2fs: fix return value of f2fs_recover_fsync_data() With below scripts, it will trigger panic in f2fs: mkfs.f2fs -f /dev/vdd mount /dev/vdd /mnt/f2fs touch /mnt/f2fs/foo sync echo 111 >> /mnt/f2fs/foo f2fs_io | ||
| CVE-2025-68768 | — | >= 5.3.0, < 6.18.3 | 6.18.3 | Jan 13, 2026 | In the Linux kernel, the following vulnerability has been resolved: inet: frags: flush pending skbs in fqdir_pre_exit() We have been seeing occasional deadlocks on pernet_ops_rwsem since September in NIPA. The stuck task was usually modprobe (often loading a driver like ipvlan) | ||
| CVE-2025-68767 | — | >= 2.6.12, < 5.10.248 | 5.10.248 | Jan 13, 2026 | In the Linux kernel, the following vulnerability has been resolved: hfsplus: Verify inode mode when loading from disk syzbot is reporting that S_IFMT bits of inode->i_mode can become bogus when the S_IFMT bits of the 16bits "mode" field loaded from disk are corrupted. Accordin | ||
| CVE-2025-71101 | — | >= 6.6.0, < 6.6.120 | 6.6.120 | Jan 13, 2026 | In the Linux kernel, the following vulnerability has been resolved: platform/x86: hp-bioscfg: Fix out-of-bounds array access in ACPI package parsing The hp_populate_*_elements_from_package() functions in the hp-bioscfg driver contain out-of-bounds array access vulnerabilities. | ||
| CVE-2025-71100 | — | >= 6.9.0, < 6.12.64 | 6.12.64 | Jan 13, 2026 | In the Linux kernel, the following vulnerability has been resolved: wifi: rtlwifi: 8192cu: fix tid out of range in rtl92cu_tx_fill_desc() TID getting from ieee80211_get_tid() might be out of range of array size of sta_entry->tids[], so check TID is less than MAX_TID_COUNT. Othw | ||
| CVE-2025-71099 | — | >= 6.11.0, < 6.12.64 | 6.12.64 | Jan 13, 2026 | In the Linux kernel, the following vulnerability has been resolved: drm/xe/oa: Fix potential UAF in xe_oa_add_config_ioctl() In xe_oa_add_config_ioctl(), we accessed oa_config->id after dropping metrics_lock. Since this lock protects the lifetime of oa_config, an attacker could | ||
| CVE-2025-71098 | — | >= 3.7.0, < 5.10.248 | 5.10.248 | Jan 13, 2026 | In the Linux kernel, the following vulnerability has been resolved: ip6_gre: make ip6gre_header() robust Over the years, syzbot found many ways to crash the kernel in ip6gre_header() [1]. This involves team or bonding drivers ability to dynamically change their dev->needed_hea | ||
| CVE-2025-71097 | — | >= 5.3.0, < 5.10.248 | 5.10.248 | Jan 13, 2026 | In the Linux kernel, the following vulnerability has been resolved: ipv4: Fix reference count leak when using error routes with nexthop objects When a nexthop object is deleted, it is marked as dead and then fib_table_flush() is called to flush all the routes that are using the | ||
| CVE-2025-71096 | — | >= 4.7.0, < 5.10.248 | 5.10.248 | Jan 13, 2026 | In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Check for the presence of LS_NLA_TYPE_DGID correctly The netlink response for RDMA_NL_LS_OP_IP_RESOLVE should always have a LS_NLA_TYPE_DGID attribute, it is invalid if it does not. Use the nl parsi | ||
| CVE-2025-71095 | — | >= 5.13.0, < 6.1.160 | 6.1.160 | Jan 13, 2026 | In the Linux kernel, the following vulnerability has been resolved: net: stmmac: fix the crash issue for zero copy XDP_TX action There is a crash issue when running zero copy XDP_TX action, the crash log is shown below. [ 216.122464] Unable to handle kernel paging request at | ||
| CVE-2025-71094 | — | >= 5.14.0, < 5.15.198 | 5.15.198 | Jan 13, 2026 | In the Linux kernel, the following vulnerability has been resolved: net: usb: asix: validate PHY address before use The ASIX driver reads the PHY address from the USB device via asix_read_phy_addr(). A malicious or faulty device can return an invalid address (>= PHY_MAX_ADDR), | ||
| CVE-2025-71093 | — | >= 3.18.0, < 5.10.248 | 5.10.248 | Jan 13, 2026 | In the Linux kernel, the following vulnerability has been resolved: e1000: fix OOB in e1000_tbi_should_accept() In e1000_tbi_should_accept() we read the last byte of the frame via 'data[length - 1]' to evaluate the TBI workaround. If the descriptor- reported length is zero or l | ||
| CVE-2025-71092 | — | >= 6.18.0, < 6.18.4 | 6.18.4 | Jan 13, 2026 | In the Linux kernel, the following vulnerability has been resolved: RDMA/bnxt_re: Fix OOB write in bnxt_re_copy_err_stats() Commit ef56081d1864 ("RDMA/bnxt_re: RoCE related hardware counters update") added three new counters and placed them after BNXT_RE_OUT_OF_SEQ_ERR. BNXT_R | ||
| CVE-2025-71091 | — | >= 3.11.0, < 5.10.248 | 5.10.248 | Jan 13, 2026 | In the Linux kernel, the following vulnerability has been resolved: team: fix check for port enabled in team_queue_override_port_prio_changed() There has been a syzkaller bug reported recently with the following trace: list_del corruption, ffff888058bea080->prev is LIST_POISON | ||
| CVE-2025-71090 | — | >= 6.17.0, < 6.18.4 | 6.18.4 | Jan 13, 2026 | In the Linux kernel, the following vulnerability has been resolved: nfsd: fix nfsd_file reference leak in nfsd4_add_rdaccess_to_wrdeleg() nfsd4_add_rdaccess_to_wrdeleg() unconditionally overwrites fp->fi_fds[O_RDONLY] with a newly acquired nfsd_file. However, if the client alre | ||
| CVE-2025-71088 | — | < 6.1.160 | 6.1.160 | Jan 13, 2026 | In the Linux kernel, the following vulnerability has been resolved: mptcp: fallback earlier on simult connection Syzkaller reports a simult-connect race leading to inconsistent fallback status: WARNING: CPU: 3 PID: 33 at net/mptcp/subflow.c:1515 subflow_data_ready+0x40b/0x7c | ||
| CVE-2025-71087 | — | >= 4.7.0, < 5.10.248 | 5.10.248 | Jan 13, 2026 | In the Linux kernel, the following vulnerability has been resolved: iavf: fix off-by-one issues in iavf_config_rss_reg() There are off-by-one bugs when configuring RSS hash key and lookup table, causing out-of-bounds reads to memory [1] and out-of-bounds writes to device regist | ||
| CVE-2025-71086 | — | < 5.10.248 | 5.10.248 | Jan 13, 2026 | In the Linux kernel, the following vulnerability has been resolved: net: rose: fix invalid array index in rose_kill_by_device() rose_kill_by_device() collects sockets into a local array[] and then iterates over them to disconnect sockets bound to a device being brought down. T |
- CVE-2025-68771Jan 13, 2026affected >= 2.6.16, < 5.10.248fixed 5.10.248
In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix kernel BUG in ocfs2_find_victim_chain syzbot reported a kernel BUG in ocfs2_find_victim_chain() because the `cl_next_free_rec` field of the allocation chain list (next free slot in the chain list) is
- CVE-2025-68770Jan 13, 2026affected >= 6.8.0, < 6.12.64fixed 6.12.64
In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Fix XDP_TX path For XDP_TX action in bnxt_rx_xdp(), clearing of the event flags is not correct. __bnxt_poll_work() -> bnxt_rx_pkt() -> bnxt_rx_xdp() may be looping within NAPI and some event flags may
- CVE-2025-68769Jan 13, 2026affected >= 4.7.0, < 5.10.248fixed 5.10.248
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix return value of f2fs_recover_fsync_data() With below scripts, it will trigger panic in f2fs: mkfs.f2fs -f /dev/vdd mount /dev/vdd /mnt/f2fs touch /mnt/f2fs/foo sync echo 111 >> /mnt/f2fs/foo f2fs_io
- CVE-2025-68768Jan 13, 2026affected >= 5.3.0, < 6.18.3fixed 6.18.3
In the Linux kernel, the following vulnerability has been resolved: inet: frags: flush pending skbs in fqdir_pre_exit() We have been seeing occasional deadlocks on pernet_ops_rwsem since September in NIPA. The stuck task was usually modprobe (often loading a driver like ipvlan)
- CVE-2025-68767Jan 13, 2026affected >= 2.6.12, < 5.10.248fixed 5.10.248
In the Linux kernel, the following vulnerability has been resolved: hfsplus: Verify inode mode when loading from disk syzbot is reporting that S_IFMT bits of inode->i_mode can become bogus when the S_IFMT bits of the 16bits "mode" field loaded from disk are corrupted. Accordin
- CVE-2025-71101Jan 13, 2026affected >= 6.6.0, < 6.6.120fixed 6.6.120
In the Linux kernel, the following vulnerability has been resolved: platform/x86: hp-bioscfg: Fix out-of-bounds array access in ACPI package parsing The hp_populate_*_elements_from_package() functions in the hp-bioscfg driver contain out-of-bounds array access vulnerabilities.
- CVE-2025-71100Jan 13, 2026affected >= 6.9.0, < 6.12.64fixed 6.12.64
In the Linux kernel, the following vulnerability has been resolved: wifi: rtlwifi: 8192cu: fix tid out of range in rtl92cu_tx_fill_desc() TID getting from ieee80211_get_tid() might be out of range of array size of sta_entry->tids[], so check TID is less than MAX_TID_COUNT. Othw
- CVE-2025-71099Jan 13, 2026affected >= 6.11.0, < 6.12.64fixed 6.12.64
In the Linux kernel, the following vulnerability has been resolved: drm/xe/oa: Fix potential UAF in xe_oa_add_config_ioctl() In xe_oa_add_config_ioctl(), we accessed oa_config->id after dropping metrics_lock. Since this lock protects the lifetime of oa_config, an attacker could
- CVE-2025-71098Jan 13, 2026affected >= 3.7.0, < 5.10.248fixed 5.10.248
In the Linux kernel, the following vulnerability has been resolved: ip6_gre: make ip6gre_header() robust Over the years, syzbot found many ways to crash the kernel in ip6gre_header() [1]. This involves team or bonding drivers ability to dynamically change their dev->needed_hea
- CVE-2025-71097Jan 13, 2026affected >= 5.3.0, < 5.10.248fixed 5.10.248
In the Linux kernel, the following vulnerability has been resolved: ipv4: Fix reference count leak when using error routes with nexthop objects When a nexthop object is deleted, it is marked as dead and then fib_table_flush() is called to flush all the routes that are using the
- CVE-2025-71096Jan 13, 2026affected >= 4.7.0, < 5.10.248fixed 5.10.248
In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Check for the presence of LS_NLA_TYPE_DGID correctly The netlink response for RDMA_NL_LS_OP_IP_RESOLVE should always have a LS_NLA_TYPE_DGID attribute, it is invalid if it does not. Use the nl parsi
- CVE-2025-71095Jan 13, 2026affected >= 5.13.0, < 6.1.160fixed 6.1.160
In the Linux kernel, the following vulnerability has been resolved: net: stmmac: fix the crash issue for zero copy XDP_TX action There is a crash issue when running zero copy XDP_TX action, the crash log is shown below. [ 216.122464] Unable to handle kernel paging request at
- CVE-2025-71094Jan 13, 2026affected >= 5.14.0, < 5.15.198fixed 5.15.198
In the Linux kernel, the following vulnerability has been resolved: net: usb: asix: validate PHY address before use The ASIX driver reads the PHY address from the USB device via asix_read_phy_addr(). A malicious or faulty device can return an invalid address (>= PHY_MAX_ADDR),
- CVE-2025-71093Jan 13, 2026affected >= 3.18.0, < 5.10.248fixed 5.10.248
In the Linux kernel, the following vulnerability has been resolved: e1000: fix OOB in e1000_tbi_should_accept() In e1000_tbi_should_accept() we read the last byte of the frame via 'data[length - 1]' to evaluate the TBI workaround. If the descriptor- reported length is zero or l
- CVE-2025-71092Jan 13, 2026affected >= 6.18.0, < 6.18.4fixed 6.18.4
In the Linux kernel, the following vulnerability has been resolved: RDMA/bnxt_re: Fix OOB write in bnxt_re_copy_err_stats() Commit ef56081d1864 ("RDMA/bnxt_re: RoCE related hardware counters update") added three new counters and placed them after BNXT_RE_OUT_OF_SEQ_ERR. BNXT_R
- CVE-2025-71091Jan 13, 2026affected >= 3.11.0, < 5.10.248fixed 5.10.248
In the Linux kernel, the following vulnerability has been resolved: team: fix check for port enabled in team_queue_override_port_prio_changed() There has been a syzkaller bug reported recently with the following trace: list_del corruption, ffff888058bea080->prev is LIST_POISON
- CVE-2025-71090Jan 13, 2026affected >= 6.17.0, < 6.18.4fixed 6.18.4
In the Linux kernel, the following vulnerability has been resolved: nfsd: fix nfsd_file reference leak in nfsd4_add_rdaccess_to_wrdeleg() nfsd4_add_rdaccess_to_wrdeleg() unconditionally overwrites fp->fi_fds[O_RDONLY] with a newly acquired nfsd_file. However, if the client alre
- CVE-2025-71088Jan 13, 2026affected < 6.1.160fixed 6.1.160
In the Linux kernel, the following vulnerability has been resolved: mptcp: fallback earlier on simult connection Syzkaller reports a simult-connect race leading to inconsistent fallback status: WARNING: CPU: 3 PID: 33 at net/mptcp/subflow.c:1515 subflow_data_ready+0x40b/0x7c
- CVE-2025-71087Jan 13, 2026affected >= 4.7.0, < 5.10.248fixed 5.10.248
In the Linux kernel, the following vulnerability has been resolved: iavf: fix off-by-one issues in iavf_config_rss_reg() There are off-by-one bugs when configuring RSS hash key and lookup table, causing out-of-bounds reads to memory [1] and out-of-bounds writes to device regist
- CVE-2025-71086Jan 13, 2026affected < 5.10.248fixed 5.10.248
In the Linux kernel, the following vulnerability has been resolved: net: rose: fix invalid array index in rose_kill_by_device() rose_kill_by_device() collects sockets into a local array[] and then iterates over them to disconnect sockets bound to a device being brought down. T
Page 19 of 88