linux package
kernel
pkg:linux/kernel
Vulnerabilities (1,755)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-68740 | — | >= 2.6.30, < 5.10.248 | 5.10.248 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: ima: Handle error code returned by ima_filter_rule_match() In ima_match_rules(), if ima_filter_rule_match() returns -ENOENT due to the rule being NULL, the function incorrectly skips the 'if (!rc)' check and se | ||
| CVE-2025-68739 | — | >= 6.17.0, < 6.17.13 | 6.17.13 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: PM / devfreq: hisi: Fix potential UAF in OPP handling Ensure all required data is acquired before calling dev_pm_opp_put(opp) to maintain correct resource acquisition and release order. | ||
| CVE-2025-68738 | — | >= 6.14.0, < 6.17.13 | 6.17.13 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7996: fix null pointer deref in mt7996_conf_tx() If a link does not have an assigned channel yet, mt7996_vif_link returns NULL. We still need to store the updated queue settings in that case, and | ||
| CVE-2025-68737 | — | >= 6.18.0, < 6.18.2 | 6.18.2 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: arm64/pageattr: Propagate return value from __change_memory_common The rodata=on security measure requires that any code path which does vmalloc -> set_memory_ro/set_memory_rox must protect the linear map alias | ||
| CVE-2025-68736 | — | >= 5.13.0, < 6.18.2 | 6.18.2 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: landlock: Fix handling of disconnected directories Disconnected files or directories can appear when they are visible and opened from a bind mount, but have been renamed or moved from the source of the bind mou | ||
| CVE-2025-68735 | — | >= 6.10.0, < 6.17.13 | 6.17.13 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Prevent potential UAF in group creation This commit prevents the possibility of a use after free issue in the GROUP_CREATE ioctl function, which arose as pointer to the group is accessed in that io | ||
| CVE-2023-54160 | — | >= 4.16.0, < 4.19.284 | 4.19.284 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: firmware: arm_sdei: Fix sleep from invalid context BUG Running a preempt-rt (v6.2-rc3-rt1) based kernel on an Ampere Altra triggers: BUG: sleeping function called from invalid context at kernel/locking/spinl | ||
| CVE-2023-54159 | — | >= 5.2.0, < 5.4.243 | 5.4.243 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: usb: mtu3: fix kernel panic at qmu transfer done irq handler When handle qmu transfer irq, it will unlock @mtu->lock before give back request, if another thread handle disconnect event at the same time, and try | ||
| CVE-2023-54158 | — | >= 4.17.0, < 5.4.243 | 5.4.243 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: btrfs: don't free qgroup space unless specified Boris noticed in his simple quotas testing that he was getting a leak with Sweet Tea's change to subvol create that stopped doing a transaction commit. This was | ||
| CVE-2023-54157 | — | >= 4.20.0, < 5.15.115 | 5.15.115 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: binder: fix UAF of alloc->vma in race with munmap() [ cmllamas: clean forward port from commit 015ac18be7de ("binder: fix UAF of alloc->vma in race with munmap()") in 5.10 stable. It is needed in mainline a | ||
| CVE-2023-54156 | — | >= 5.9.0, < 5.10.188 | 5.10.188 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: sfc: fix crash when reading stats while NIC is resetting efx_net_stats() (.ndo_get_stats64) can be called during an ethtool selftest, during which time nic_data->mc_stats is NULL as the NIC has been fini'd. | ||
| CVE-2023-54155 | — | >= 5.12.0, < 5.15.127 | 5.15.127 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: net: core: remove unnecessary frame_sz check in bpf_xdp_adjust_tail() Syzkaller reported the following issue: ======================================= Too BIG xdp->frame_sz = 131072 WARNING: CPU: 0 PID: 5020 at | ||
| CVE-2023-54154 | — | < 6.1.55 | 6.1.55 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: scsi: target: core: Fix target_cmd_counter leak The target_cmd_counter struct allocated via target_alloc_cmd_counter() is never freed, resulting in leaks across various transport types, e.g.: unreferenced obj | ||
| CVE-2023-54153 | — | >= 5.9.0, < 5.15.121 | 5.15.121 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: ext4: turn quotas off if mount failed after enabling quotas Yi found during a review of the patch "ext4: don't BUG on inconsistent journal feature" that when ext4_mark_recovery_complete() returns an error value | ||
| CVE-2023-54152 | — | >= 5.15.0, < 5.15.106 | 5.15.106 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: can: j1939: prevent deadlock by moving j1939_sk_errqueue() This commit addresses a deadlock situation that can occur in certain scenarios, such as when running data TP/ETP transfer and subscribing to the error | ||
| CVE-2023-54151 | — | >= 5.19.0, < 6.1.30 | 6.1.30 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: f2fs: Fix system crash due to lack of free space in LFS When f2fs tries to checkpoint during foreground gc in LFS mode, system crash occurs due to lack of free space if the amount of dirty node and dentry pages | ||
| CVE-2023-54150 | — | >= 4.15.0, < 5.10.181 | 5.10.181 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: drm/amd: Fix an out of bounds error in BIOS parser The array is hardcoded to 8 in atomfirmware.h, but firmware provides a bigger one sometimes. Deferencing the larger array causes an out of bounds error. commi | ||
| CVE-2023-54149 | — | >= 6.3.0, < 6.3.13 | 6.3.13 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: net: dsa: avoid suspicious RCU usage for synced VLAN-aware MAC addresses When using the felix driver (the only one which supports UC filtering and MC filtering) as a DSA master for a random other DSA switch, on | ||
| CVE-2023-54148 | — | < 6.1.45 | 6.1.45 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Move representor neigh cleanup to profile cleanup_tx For IP tunnel encapsulation in ECMP (Equal-Cost Multipath) mode, as the flow is duplicated to the peer eswitch, the related neighbour information | ||
| CVE-2023-54147 | — | >= 6.1.0, < 6.1.28 | 6.1.28 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: media: platform: mtk-mdp3: Add missing check and free for ida_alloc Add the check for the return value of the ida_alloc in order to avoid NULL pointer dereference. Moreover, free allocated "ctx->id" if mdp_m2m_ |
- CVE-2025-68740Dec 24, 2025affected >= 2.6.30, < 5.10.248fixed 5.10.248
In the Linux kernel, the following vulnerability has been resolved: ima: Handle error code returned by ima_filter_rule_match() In ima_match_rules(), if ima_filter_rule_match() returns -ENOENT due to the rule being NULL, the function incorrectly skips the 'if (!rc)' check and se
- CVE-2025-68739Dec 24, 2025affected >= 6.17.0, < 6.17.13fixed 6.17.13
In the Linux kernel, the following vulnerability has been resolved: PM / devfreq: hisi: Fix potential UAF in OPP handling Ensure all required data is acquired before calling dev_pm_opp_put(opp) to maintain correct resource acquisition and release order.
- CVE-2025-68738Dec 24, 2025affected >= 6.14.0, < 6.17.13fixed 6.17.13
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7996: fix null pointer deref in mt7996_conf_tx() If a link does not have an assigned channel yet, mt7996_vif_link returns NULL. We still need to store the updated queue settings in that case, and
- CVE-2025-68737Dec 24, 2025affected >= 6.18.0, < 6.18.2fixed 6.18.2
In the Linux kernel, the following vulnerability has been resolved: arm64/pageattr: Propagate return value from __change_memory_common The rodata=on security measure requires that any code path which does vmalloc -> set_memory_ro/set_memory_rox must protect the linear map alias
- CVE-2025-68736Dec 24, 2025affected >= 5.13.0, < 6.18.2fixed 6.18.2
In the Linux kernel, the following vulnerability has been resolved: landlock: Fix handling of disconnected directories Disconnected files or directories can appear when they are visible and opened from a bind mount, but have been renamed or moved from the source of the bind mou
- CVE-2025-68735Dec 24, 2025affected >= 6.10.0, < 6.17.13fixed 6.17.13
In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Prevent potential UAF in group creation This commit prevents the possibility of a use after free issue in the GROUP_CREATE ioctl function, which arose as pointer to the group is accessed in that io
- CVE-2023-54160Dec 24, 2025affected >= 4.16.0, < 4.19.284fixed 4.19.284
In the Linux kernel, the following vulnerability has been resolved: firmware: arm_sdei: Fix sleep from invalid context BUG Running a preempt-rt (v6.2-rc3-rt1) based kernel on an Ampere Altra triggers: BUG: sleeping function called from invalid context at kernel/locking/spinl
- CVE-2023-54159Dec 24, 2025affected >= 5.2.0, < 5.4.243fixed 5.4.243
In the Linux kernel, the following vulnerability has been resolved: usb: mtu3: fix kernel panic at qmu transfer done irq handler When handle qmu transfer irq, it will unlock @mtu->lock before give back request, if another thread handle disconnect event at the same time, and try
- CVE-2023-54158Dec 24, 2025affected >= 4.17.0, < 5.4.243fixed 5.4.243
In the Linux kernel, the following vulnerability has been resolved: btrfs: don't free qgroup space unless specified Boris noticed in his simple quotas testing that he was getting a leak with Sweet Tea's change to subvol create that stopped doing a transaction commit. This was
- CVE-2023-54157Dec 24, 2025affected >= 4.20.0, < 5.15.115fixed 5.15.115
In the Linux kernel, the following vulnerability has been resolved: binder: fix UAF of alloc->vma in race with munmap() [ cmllamas: clean forward port from commit 015ac18be7de ("binder: fix UAF of alloc->vma in race with munmap()") in 5.10 stable. It is needed in mainline a
- CVE-2023-54156Dec 24, 2025affected >= 5.9.0, < 5.10.188fixed 5.10.188
In the Linux kernel, the following vulnerability has been resolved: sfc: fix crash when reading stats while NIC is resetting efx_net_stats() (.ndo_get_stats64) can be called during an ethtool selftest, during which time nic_data->mc_stats is NULL as the NIC has been fini'd.
- CVE-2023-54155Dec 24, 2025affected >= 5.12.0, < 5.15.127fixed 5.15.127
In the Linux kernel, the following vulnerability has been resolved: net: core: remove unnecessary frame_sz check in bpf_xdp_adjust_tail() Syzkaller reported the following issue: ======================================= Too BIG xdp->frame_sz = 131072 WARNING: CPU: 0 PID: 5020 at
- CVE-2023-54154Dec 24, 2025affected < 6.1.55fixed 6.1.55
In the Linux kernel, the following vulnerability has been resolved: scsi: target: core: Fix target_cmd_counter leak The target_cmd_counter struct allocated via target_alloc_cmd_counter() is never freed, resulting in leaks across various transport types, e.g.: unreferenced obj
- CVE-2023-54153Dec 24, 2025affected >= 5.9.0, < 5.15.121fixed 5.15.121
In the Linux kernel, the following vulnerability has been resolved: ext4: turn quotas off if mount failed after enabling quotas Yi found during a review of the patch "ext4: don't BUG on inconsistent journal feature" that when ext4_mark_recovery_complete() returns an error value
- CVE-2023-54152Dec 24, 2025affected >= 5.15.0, < 5.15.106fixed 5.15.106
In the Linux kernel, the following vulnerability has been resolved: can: j1939: prevent deadlock by moving j1939_sk_errqueue() This commit addresses a deadlock situation that can occur in certain scenarios, such as when running data TP/ETP transfer and subscribing to the error
- CVE-2023-54151Dec 24, 2025affected >= 5.19.0, < 6.1.30fixed 6.1.30
In the Linux kernel, the following vulnerability has been resolved: f2fs: Fix system crash due to lack of free space in LFS When f2fs tries to checkpoint during foreground gc in LFS mode, system crash occurs due to lack of free space if the amount of dirty node and dentry pages
- CVE-2023-54150Dec 24, 2025affected >= 4.15.0, < 5.10.181fixed 5.10.181
In the Linux kernel, the following vulnerability has been resolved: drm/amd: Fix an out of bounds error in BIOS parser The array is hardcoded to 8 in atomfirmware.h, but firmware provides a bigger one sometimes. Deferencing the larger array causes an out of bounds error. commi
- CVE-2023-54149Dec 24, 2025affected >= 6.3.0, < 6.3.13fixed 6.3.13
In the Linux kernel, the following vulnerability has been resolved: net: dsa: avoid suspicious RCU usage for synced VLAN-aware MAC addresses When using the felix driver (the only one which supports UC filtering and MC filtering) as a DSA master for a random other DSA switch, on
- CVE-2023-54148Dec 24, 2025affected < 6.1.45fixed 6.1.45
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Move representor neigh cleanup to profile cleanup_tx For IP tunnel encapsulation in ECMP (Equal-Cost Multipath) mode, as the flow is duplicated to the peer eswitch, the related neighbour information
- CVE-2023-54147Dec 24, 2025affected >= 6.1.0, < 6.1.28fixed 6.1.28
In the Linux kernel, the following vulnerability has been resolved: media: platform: mtk-mdp3: Add missing check and free for ida_alloc Add the check for the return value of the ida_alloc in order to avoid NULL pointer dereference. Moreover, free allocated "ctx->id" if mdp_m2m_
Page 34 of 88