linux package
kernel
pkg:linux/kernel
Vulnerabilities (1,755)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-68254 | — | >= 4.12.0, < 5.15.198 | 5.15.198 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: fix out-of-bounds read in OnBeacon ESR IE parsing The Extended Supported Rates (ESR) IE handling in OnBeacon accessed *(p + 1 + ielen) and *(p + 2 + ielen) without verifying that these offse | ||
| CVE-2025-68253 | — | >= 6.15.0, < 6.17.6 | 6.17.6 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: mm: don't spin in add_stack_record when gfp flags don't allow syzbot was able to find the following path: add_stack_record_to_list mm/page_owner.c:182 [inline] inc_stack_record_count mm/page_owner.c:214 [in | ||
| CVE-2025-68252 | — | >= 6.1.156, < 6.1.158 | 6.1.158 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: Fix dma_buf object leak in fastrpc_map_lookup In fastrpc_map_lookup, dma_buf_get is called to obtain a reference to the dma_buf for comparison purposes. However, this reference is never released | ||
| CVE-2025-68251 | — | >= 6.8.0, < 6.17.6 | 6.17.6 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: erofs: avoid infinite loops due to corrupted subpage compact indexes Robert reported an infinite loop observed by two crafted images. The root cause is that `clusterofs` can be larger than `lclustersize` for ! | ||
| CVE-2025-68250 | — | >= 6.16.0, < 6.17.6 | 6.17.6 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: hung_task: fix warnings caused by unaligned lock pointers The blocker tracking mechanism assumes that lock pointers are at least 4-byte aligned to use their lower bits for type encoding. However, as reported b | ||
| CVE-2025-68249 | — | >= 5.9.0, < 5.10.246 | 5.10.246 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: most: usb: hdm_probe: Fix calling put_device() before device initialization The early error path in hdm_probe() can jump to err_free_mdev before &mdev->dev has been initialized with device_initialize(). Calling | ||
| CVE-2025-68248 | — | >= 6.17.0, < 6.17.6 | 6.17.6 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: vmw_balloon: indicate success when effectively deflating during migration When migrating a balloon page, we first deflate the old page to then inflate the new page. However, if inflating the new page succeeded | ||
| CVE-2025-68247 | — | >= 6.15.0, < 6.17.9 | 6.17.9 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: posix-timers: Plug potential memory leak in do_timer_create() When posix timer creation is set to allocate a given timer ID and the access to the user space value faults, the function terminates without freeing | ||
| CVE-2025-68246 | — | >= 5.15.0, < 6.1.159 | 6.1.159 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: ksmbd: close accepted socket when per-IP limit rejects connection When the per-IP connection limit is exceeded in ksmbd_kthread_fn(), the code sets ret = -EAGAIN and continues the accept loop without closing th | ||
| CVE-2025-68245 | — | >= 3.17.0, < 5.4.302 | 5.4.302 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: net: netpoll: fix incorrect refcount handling causing incorrect cleanup commit efa95b01da18 ("netpoll: fix use after free") incorrectly ignored the refcount and prematurely set dev->npinfo to NULL during netpol | ||
| CVE-2025-68244 | — | >= 5.13.0, < 5.15.197 | 5.15.197 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: drm/i915: Avoid lock inversion when pinning to GGTT on CHV/BXT+VTD On completion of i915_vma_pin_ww(), a synchronous variant of dma_fence_work_commit() is called. When pinning a VMA to GGTT address space on a | ||
| CVE-2025-68243 | — | >= 6.17.0, < 6.17.9 | 6.17.9 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: NFS: Check the TLS certificate fields in nfs_match_client() If the TLS security policy is of type RPC_XPRTSEC_TLS_X509, then the cert_serial and privkey_serial fields need to match as well since they define the | ||
| CVE-2025-68242 | — | >= 6.11.0, < 6.12.59 | 6.12.59 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: NFS: Fix LTP test failures when timestamps are delegated The utimes01 and utime06 tests fail when delegated timestamps are enabled, specifically in subtests that modify the atime and mtime fields using the 'nob | ||
| CVE-2025-68241 | — | < 5.4.302 | 5.4.302 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: ipv4: route: Prevent rt_bind_exception() from rebinding stale fnhe The sit driver's packet transmission path calls: sit_tunnel_xmit() -> update_or_create_fnhe(), which lead to fnhe_remove_oldest() being called | ||
| CVE-2025-68240 | — | >= 6.12.0, < 6.12.59 | 6.12.59 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: nilfs2: avoid having an active sc_timer before freeing sci Because kthread_stop did not stop sc_task properly and returned -EINTR, the sc_timer was not properly closed, ultimately causing the problem [1] report | ||
| CVE-2025-68239 | — | >= 5.12.0, < 6.1.167 | 6.1.167 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: binfmt_misc: restore write access before closing files opened by open_exec() bm_register_write() opens an executable file using open_exec(), which internally calls do_open_execat() and denies write access on th | ||
| CVE-2025-68238 | — | < 5.10.247 | 5.10.247 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: mtd: rawnand: cadence: fix DMA device NULL pointer dereference The DMA device pointer `dma_dev` was being dereferenced before ensuring that `cdns_ctrl->dmac` is properly initialized. Move the assignment of `dm | ||
| CVE-2025-68237 | — | >= 5.17.0, < 6.1.159 | 6.1.159 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: mtdchar: fix integer overflow in read/write ioctls The "req.start" and "req.len" variables are u64 values that come from the user at the start of the function. We mask away the high 32 bits of "req.len" so tha | ||
| CVE-2025-68236 | — | >= 5.12.0, < 6.17.10 | 6.17.10 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: ufs-qcom: Fix UFS OCP issue during UFS power down (PC=3) According to UFS specifications, the power-off sequence for a UFS device includes: - Sending an SSU command with Power_Condition=3 and await | ||
| CVE-2025-68235 | — | >= 6.2.0, < 6.6.118 | 6.6.118 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: nouveau/firmware: Add missing kfree() of nvkm_falcon_fw::boot nvkm_falcon_fw::boot is allocated, but no one frees it. This causes a kmemleak warning. Make sure this data is deallocated. |
- CVE-2025-68254Dec 16, 2025affected >= 4.12.0, < 5.15.198fixed 5.15.198
In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: fix out-of-bounds read in OnBeacon ESR IE parsing The Extended Supported Rates (ESR) IE handling in OnBeacon accessed *(p + 1 + ielen) and *(p + 2 + ielen) without verifying that these offse
- CVE-2025-68253Dec 16, 2025affected >= 6.15.0, < 6.17.6fixed 6.17.6
In the Linux kernel, the following vulnerability has been resolved: mm: don't spin in add_stack_record when gfp flags don't allow syzbot was able to find the following path: add_stack_record_to_list mm/page_owner.c:182 [inline] inc_stack_record_count mm/page_owner.c:214 [in
- CVE-2025-68252Dec 16, 2025affected >= 6.1.156, < 6.1.158fixed 6.1.158
In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: Fix dma_buf object leak in fastrpc_map_lookup In fastrpc_map_lookup, dma_buf_get is called to obtain a reference to the dma_buf for comparison purposes. However, this reference is never released
- CVE-2025-68251Dec 16, 2025affected >= 6.8.0, < 6.17.6fixed 6.17.6
In the Linux kernel, the following vulnerability has been resolved: erofs: avoid infinite loops due to corrupted subpage compact indexes Robert reported an infinite loop observed by two crafted images. The root cause is that `clusterofs` can be larger than `lclustersize` for !
- CVE-2025-68250Dec 16, 2025affected >= 6.16.0, < 6.17.6fixed 6.17.6
In the Linux kernel, the following vulnerability has been resolved: hung_task: fix warnings caused by unaligned lock pointers The blocker tracking mechanism assumes that lock pointers are at least 4-byte aligned to use their lower bits for type encoding. However, as reported b
- CVE-2025-68249Dec 16, 2025affected >= 5.9.0, < 5.10.246fixed 5.10.246
In the Linux kernel, the following vulnerability has been resolved: most: usb: hdm_probe: Fix calling put_device() before device initialization The early error path in hdm_probe() can jump to err_free_mdev before &mdev->dev has been initialized with device_initialize(). Calling
- CVE-2025-68248Dec 16, 2025affected >= 6.17.0, < 6.17.6fixed 6.17.6
In the Linux kernel, the following vulnerability has been resolved: vmw_balloon: indicate success when effectively deflating during migration When migrating a balloon page, we first deflate the old page to then inflate the new page. However, if inflating the new page succeeded
- CVE-2025-68247Dec 16, 2025affected >= 6.15.0, < 6.17.9fixed 6.17.9
In the Linux kernel, the following vulnerability has been resolved: posix-timers: Plug potential memory leak in do_timer_create() When posix timer creation is set to allocate a given timer ID and the access to the user space value faults, the function terminates without freeing
- CVE-2025-68246Dec 16, 2025affected >= 5.15.0, < 6.1.159fixed 6.1.159
In the Linux kernel, the following vulnerability has been resolved: ksmbd: close accepted socket when per-IP limit rejects connection When the per-IP connection limit is exceeded in ksmbd_kthread_fn(), the code sets ret = -EAGAIN and continues the accept loop without closing th
- CVE-2025-68245Dec 16, 2025affected >= 3.17.0, < 5.4.302fixed 5.4.302
In the Linux kernel, the following vulnerability has been resolved: net: netpoll: fix incorrect refcount handling causing incorrect cleanup commit efa95b01da18 ("netpoll: fix use after free") incorrectly ignored the refcount and prematurely set dev->npinfo to NULL during netpol
- CVE-2025-68244Dec 16, 2025affected >= 5.13.0, < 5.15.197fixed 5.15.197
In the Linux kernel, the following vulnerability has been resolved: drm/i915: Avoid lock inversion when pinning to GGTT on CHV/BXT+VTD On completion of i915_vma_pin_ww(), a synchronous variant of dma_fence_work_commit() is called. When pinning a VMA to GGTT address space on a
- CVE-2025-68243Dec 16, 2025affected >= 6.17.0, < 6.17.9fixed 6.17.9
In the Linux kernel, the following vulnerability has been resolved: NFS: Check the TLS certificate fields in nfs_match_client() If the TLS security policy is of type RPC_XPRTSEC_TLS_X509, then the cert_serial and privkey_serial fields need to match as well since they define the
- CVE-2025-68242Dec 16, 2025affected >= 6.11.0, < 6.12.59fixed 6.12.59
In the Linux kernel, the following vulnerability has been resolved: NFS: Fix LTP test failures when timestamps are delegated The utimes01 and utime06 tests fail when delegated timestamps are enabled, specifically in subtests that modify the atime and mtime fields using the 'nob
- CVE-2025-68241Dec 16, 2025affected < 5.4.302fixed 5.4.302
In the Linux kernel, the following vulnerability has been resolved: ipv4: route: Prevent rt_bind_exception() from rebinding stale fnhe The sit driver's packet transmission path calls: sit_tunnel_xmit() -> update_or_create_fnhe(), which lead to fnhe_remove_oldest() being called
- CVE-2025-68240Dec 16, 2025affected >= 6.12.0, < 6.12.59fixed 6.12.59
In the Linux kernel, the following vulnerability has been resolved: nilfs2: avoid having an active sc_timer before freeing sci Because kthread_stop did not stop sc_task properly and returned -EINTR, the sc_timer was not properly closed, ultimately causing the problem [1] report
- CVE-2025-68239Dec 16, 2025affected >= 5.12.0, < 6.1.167fixed 6.1.167
In the Linux kernel, the following vulnerability has been resolved: binfmt_misc: restore write access before closing files opened by open_exec() bm_register_write() opens an executable file using open_exec(), which internally calls do_open_execat() and denies write access on th
- CVE-2025-68238Dec 16, 2025affected < 5.10.247fixed 5.10.247
In the Linux kernel, the following vulnerability has been resolved: mtd: rawnand: cadence: fix DMA device NULL pointer dereference The DMA device pointer `dma_dev` was being dereferenced before ensuring that `cdns_ctrl->dmac` is properly initialized. Move the assignment of `dm
- CVE-2025-68237Dec 16, 2025affected >= 5.17.0, < 6.1.159fixed 6.1.159
In the Linux kernel, the following vulnerability has been resolved: mtdchar: fix integer overflow in read/write ioctls The "req.start" and "req.len" variables are u64 values that come from the user at the start of the function. We mask away the high 32 bits of "req.len" so tha
- CVE-2025-68236Dec 16, 2025affected >= 5.12.0, < 6.17.10fixed 6.17.10
In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: ufs-qcom: Fix UFS OCP issue during UFS power down (PC=3) According to UFS specifications, the power-off sequence for a UFS device includes: - Sending an SSU command with Power_Condition=3 and await
- CVE-2025-68235Dec 16, 2025affected >= 6.2.0, < 6.6.118fixed 6.6.118
In the Linux kernel, the following vulnerability has been resolved: nouveau/firmware: Add missing kfree() of nvkm_falcon_fw::boot nvkm_falcon_fw::boot is allocated, but no one frees it. This causes a kmemleak warning. Make sure this data is deallocated.
Page 53 of 88