linux package
kernel
pkg:linux/kernel
Vulnerabilities (1,755)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-68360 | — | >= 6.8.0, < 6.17.13 | 6.17.13 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: wed: use proper wed reference in mt76 wed driver callabacks MT7996 driver can use both wed and wed_hif2 devices to offload traffic from/to the wireless NIC. In the current codebase we assume to alwa | ||
| CVE-2025-68359 | — | >= 6.12.0, < 6.17.13 | 6.17.13 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: btrfs: fix double free of qgroup record after failure to add delayed ref head In the previous code it was possible to incur into a double kfree() scenario when calling add_delayed_ref_head(). This could happen | ||
| CVE-2025-68357 | — | >= 6.6.120, < 6.6.130 | 6.6.130 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: iomap: allocate s_dio_done_wq for async reads as well Since commit 222f2c7c6d14 ("iomap: always run error completions in user context"), read error completions are deferred to s_dio_done_wq. This means the wor | ||
| CVE-2025-68356 | — | >= 6.6.0, < 6.12.63 | 6.12.63 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: gfs2: Prevent recursive memory reclaim Function new_inode() returns a new inode with inode->i_mapping->gfp_mask set to GFP_HIGHUSER_MOVABLE. This value includes the __GFP_FS flag, so allocations in that addres | ||
| CVE-2025-68355 | — | >= 6.18.0, < 6.18.2 | 6.18.2 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: bpf: Fix exclusive map memory leak When excl_prog_hash is 0 and excl_prog_hash_size is non-zero, the map also needs to be freed. Otherwise, the map memory will not be reclaimed, just like the memory leak proble | ||
| CVE-2025-68354 | — | >= 3.13.0, < 5.10.248 | 5.10.248 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: regulator: core: Protect regulator_supply_alias_list with regulator_list_mutex regulator_supply_alias_list was accessed without any locking in regulator_supply_alias(), regulator_register_supply_alias(), and re | ||
| CVE-2025-68353 | — | >= 6.7.0, < 6.18.2 | 6.18.2 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: net: vxlan: prevent NULL deref in vxlan_xmit_one Neither sock4 nor sock6 pointers are guaranteed to be non-NULL in vxlan_xmit_one, e.g. if the iface is brought down. This can lead to the following NULL derefere | ||
| CVE-2025-68352 | — | >= 6.11.0, < 6.12.63 | 6.12.63 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: spi: ch341: fix out-of-bounds memory access in ch341_transfer_one Discovered by Atuin - Automated Vulnerability Discovery Engine. The 'len' variable is calculated as 'min(32, trans->len + 1)', which includes t | ||
| CVE-2025-68350 | — | >= 6.18.0, < 6.18.2 | 6.18.2 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: exfat: fix divide-by-zero in exfat_allocate_bitmap The variable max_ra_count can be 0 in exfat_allocate_bitmap(), which causes a divide-by-zero error in the subsequent modulo operation (i % max_ra_count), leadi | ||
| CVE-2025-68349 | — | >= 4.10.0, < 5.10.248 | 5.10.248 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid Fixes a crash when layout is null during this call stack: write_inode -> nfs4_write_inode -> pnfs_layoutcommit_inode pnfs | ||
| CVE-2025-68348 | — | >= 6.11.0, < 6.12.63 | 6.12.63 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: block: fix memory leak in __blkdev_issue_zero_pages Move the fatal signal check before bio_alloc() to prevent a memory leak when BLKDEV_ZERO_KILLABLE is set and a fatal signal is pending. Previously, the bio w | ||
| CVE-2025-68347 | — | >= 5.16.0, < 6.1.160 | 6.1.160 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: ALSA: firewire-motu: fix buffer overflow in hwdep read for DSP events The DSP event handling code in hwdep_read() could write more bytes to the user buffer than requested, when a user provides a buffer smaller | ||
| CVE-2025-68346 | — | >= 4.18.0, < 5.10.248 | 5.10.248 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: ALSA: dice: fix buffer overflow in detect_stream_formats() The function detect_stream_formats() reads the stream_count value directly from a FireWire device without validating it. This can lead to out-of-bounds | ||
| CVE-2025-68345 | — | >= 5.17.0, < 6.1.160 | 6.1.160 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: cs35l41: Fix NULL pointer dereference in cs35l41_hda_read_acpi() The acpi_get_first_physical_node() function can return NULL, in which case the get_device() function also returns NULL, but this value | ||
| CVE-2025-68344 | — | >= 2.6.12, < 5.10.248 | 5.10.248 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: ALSA: wavefront: Fix integer overflow in sample size validation The wavefront_send_sample() function has an integer overflow issue when validating sample size. The header->size field is u32 but gets cast to int | ||
| CVE-2023-54042 | — | >= 5.14.0, < 5.15.121 | 5.15.121 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: powerpc/64s: Fix VAS mm use after free The refcount on mm is dropped before the coprocessor is detached. | ||
| CVE-2023-54041 | — | >= 5.18.0, < 6.1.24 | 6.1.24 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: io_uring: fix memory leak when removing provided buffers When removing provided buffers, io_buffer structs are not being disposed of, leading to a memory leak. They can't be freed individually, because they are | ||
| CVE-2023-54040 | — | >= 5.13.0, < 5.15.107 | 5.15.107 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: ice: fix wrong fallback logic for FDIR When adding a FDIR filter, if ice_vc_fdir_set_irq_ctx returns failure, the inserted fdir entry will not be removed and if ice_vc_fdir_write_fltr returns failure, the fdir | ||
| CVE-2023-54039 | — | >= 5.4.0, < 5.4.241 | 5.4.241 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: can: j1939: j1939_tp_tx_dat_new(): fix out-of-bounds memory access In the j1939_tp_tx_dat_new() function, an out-of-bounds memory access could occur during the memcpy() operation if the size of skb->cb is large | ||
| CVE-2023-54038 | — | >= 6.4.0, < 6.4.7 | 6.4.7 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_conn: return ERR_PTR instead of NULL when there is no link hci_connect_sco currently returns NULL when there is no link (i.e. when hci_conn_link() returns NULL). sco_connect() expects an ERR_PTR |
- CVE-2025-68360Dec 24, 2025affected >= 6.8.0, < 6.17.13fixed 6.17.13
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: wed: use proper wed reference in mt76 wed driver callabacks MT7996 driver can use both wed and wed_hif2 devices to offload traffic from/to the wireless NIC. In the current codebase we assume to alwa
- CVE-2025-68359Dec 24, 2025affected >= 6.12.0, < 6.17.13fixed 6.17.13
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix double free of qgroup record after failure to add delayed ref head In the previous code it was possible to incur into a double kfree() scenario when calling add_delayed_ref_head(). This could happen
- CVE-2025-68357Dec 24, 2025affected >= 6.6.120, < 6.6.130fixed 6.6.130
In the Linux kernel, the following vulnerability has been resolved: iomap: allocate s_dio_done_wq for async reads as well Since commit 222f2c7c6d14 ("iomap: always run error completions in user context"), read error completions are deferred to s_dio_done_wq. This means the wor
- CVE-2025-68356Dec 24, 2025affected >= 6.6.0, < 6.12.63fixed 6.12.63
In the Linux kernel, the following vulnerability has been resolved: gfs2: Prevent recursive memory reclaim Function new_inode() returns a new inode with inode->i_mapping->gfp_mask set to GFP_HIGHUSER_MOVABLE. This value includes the __GFP_FS flag, so allocations in that addres
- CVE-2025-68355Dec 24, 2025affected >= 6.18.0, < 6.18.2fixed 6.18.2
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix exclusive map memory leak When excl_prog_hash is 0 and excl_prog_hash_size is non-zero, the map also needs to be freed. Otherwise, the map memory will not be reclaimed, just like the memory leak proble
- CVE-2025-68354Dec 24, 2025affected >= 3.13.0, < 5.10.248fixed 5.10.248
In the Linux kernel, the following vulnerability has been resolved: regulator: core: Protect regulator_supply_alias_list with regulator_list_mutex regulator_supply_alias_list was accessed without any locking in regulator_supply_alias(), regulator_register_supply_alias(), and re
- CVE-2025-68353Dec 24, 2025affected >= 6.7.0, < 6.18.2fixed 6.18.2
In the Linux kernel, the following vulnerability has been resolved: net: vxlan: prevent NULL deref in vxlan_xmit_one Neither sock4 nor sock6 pointers are guaranteed to be non-NULL in vxlan_xmit_one, e.g. if the iface is brought down. This can lead to the following NULL derefere
- CVE-2025-68352Dec 24, 2025affected >= 6.11.0, < 6.12.63fixed 6.12.63
In the Linux kernel, the following vulnerability has been resolved: spi: ch341: fix out-of-bounds memory access in ch341_transfer_one Discovered by Atuin - Automated Vulnerability Discovery Engine. The 'len' variable is calculated as 'min(32, trans->len + 1)', which includes t
- CVE-2025-68350Dec 24, 2025affected >= 6.18.0, < 6.18.2fixed 6.18.2
In the Linux kernel, the following vulnerability has been resolved: exfat: fix divide-by-zero in exfat_allocate_bitmap The variable max_ra_count can be 0 in exfat_allocate_bitmap(), which causes a divide-by-zero error in the subsequent modulo operation (i % max_ra_count), leadi
- CVE-2025-68349Dec 24, 2025affected >= 4.10.0, < 5.10.248fixed 5.10.248
In the Linux kernel, the following vulnerability has been resolved: NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid Fixes a crash when layout is null during this call stack: write_inode -> nfs4_write_inode -> pnfs_layoutcommit_inode pnfs
- CVE-2025-68348Dec 24, 2025affected >= 6.11.0, < 6.12.63fixed 6.12.63
In the Linux kernel, the following vulnerability has been resolved: block: fix memory leak in __blkdev_issue_zero_pages Move the fatal signal check before bio_alloc() to prevent a memory leak when BLKDEV_ZERO_KILLABLE is set and a fatal signal is pending. Previously, the bio w
- CVE-2025-68347Dec 24, 2025affected >= 5.16.0, < 6.1.160fixed 6.1.160
In the Linux kernel, the following vulnerability has been resolved: ALSA: firewire-motu: fix buffer overflow in hwdep read for DSP events The DSP event handling code in hwdep_read() could write more bytes to the user buffer than requested, when a user provides a buffer smaller
- CVE-2025-68346Dec 24, 2025affected >= 4.18.0, < 5.10.248fixed 5.10.248
In the Linux kernel, the following vulnerability has been resolved: ALSA: dice: fix buffer overflow in detect_stream_formats() The function detect_stream_formats() reads the stream_count value directly from a FireWire device without validating it. This can lead to out-of-bounds
- CVE-2025-68345Dec 24, 2025affected >= 5.17.0, < 6.1.160fixed 6.1.160
In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: cs35l41: Fix NULL pointer dereference in cs35l41_hda_read_acpi() The acpi_get_first_physical_node() function can return NULL, in which case the get_device() function also returns NULL, but this value
- CVE-2025-68344Dec 24, 2025affected >= 2.6.12, < 5.10.248fixed 5.10.248
In the Linux kernel, the following vulnerability has been resolved: ALSA: wavefront: Fix integer overflow in sample size validation The wavefront_send_sample() function has an integer overflow issue when validating sample size. The header->size field is u32 but gets cast to int
- CVE-2023-54042Dec 24, 2025affected >= 5.14.0, < 5.15.121fixed 5.15.121
In the Linux kernel, the following vulnerability has been resolved: powerpc/64s: Fix VAS mm use after free The refcount on mm is dropped before the coprocessor is detached.
- CVE-2023-54041Dec 24, 2025affected >= 5.18.0, < 6.1.24fixed 6.1.24
In the Linux kernel, the following vulnerability has been resolved: io_uring: fix memory leak when removing provided buffers When removing provided buffers, io_buffer structs are not being disposed of, leading to a memory leak. They can't be freed individually, because they are
- CVE-2023-54040Dec 24, 2025affected >= 5.13.0, < 5.15.107fixed 5.15.107
In the Linux kernel, the following vulnerability has been resolved: ice: fix wrong fallback logic for FDIR When adding a FDIR filter, if ice_vc_fdir_set_irq_ctx returns failure, the inserted fdir entry will not be removed and if ice_vc_fdir_write_fltr returns failure, the fdir
- CVE-2023-54039Dec 24, 2025affected >= 5.4.0, < 5.4.241fixed 5.4.241
In the Linux kernel, the following vulnerability has been resolved: can: j1939: j1939_tp_tx_dat_new(): fix out-of-bounds memory access In the j1939_tp_tx_dat_new() function, an out-of-bounds memory access could occur during the memcpy() operation if the size of skb->cb is large
- CVE-2023-54038Dec 24, 2025affected >= 6.4.0, < 6.4.7fixed 6.4.7
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_conn: return ERR_PTR instead of NULL when there is no link hci_connect_sco currently returns NULL when there is no link (i.e. when hci_conn_link() returns NULL). sco_connect() expects an ERR_PTR
Page 45 of 88