linux package
kernel
pkg:linux/kernel
Vulnerabilities (1,755)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-68168 | — | < 5.4.302 | 5.4.302 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: jfs: fix uninitialized waitqueue in transaction manager The transaction manager initialization in txInit() was not properly initializing TxBlock[0].waitor waitqueue, causing a crash when txEnd(0) is called on r | ||
| CVE-2025-68167 | — | >= 6.9.0, < 6.12.58 | 6.12.58 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: gpiolib: fix invalid pointer access in debugfs If the memory allocation in gpiolib_seq_start() fails, the s->private field remains uninitialized and is later dereferenced without checking in gpiolib_seq_stop(). | ||
| CVE-2025-40363 | — | >= 2.6.12, < 5.4.302 | 5.4.302 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: net: ipv6: fix field-spanning memcpy warning in AH output Fix field-spanning memcpy warnings in ah6_output() and ah6_output_done() where extension headers are copied to/from IPv6 address fields, triggering fort | ||
| CVE-2025-40362 | — | >= 6.10.0, < 6.12.58 | 6.12.58 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: ceph: fix multifs mds auth caps issue The mds auth caps check should also validate the fsname along with the associated caps. Not doing so would result in applying the mds auth caps of one fs on to the other fs | ||
| CVE-2025-40360 | — | >= 5.15.0, < 5.15.197 | 5.15.197 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: drm/sysfb: Do not dereference NULL pointer in plane reset The plane state in __drm_gem_reset_shadow_plane() can be NULL. Do not deref that pointer, but forward NULL to the other plane-reset helpers. Clears plan | ||
| CVE-2025-40359 | — | >= 6.11.0, < 6.12.58 | 6.12.58 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel: Fix KASAN global-out-of-bounds warning When running "perf mem record" command on CWF, the below KASAN global-out-of-bounds warning is seen. =================================================== | ||
| CVE-2025-40358 | — | >= 4.15.0, < 6.1.167 | 6.1.167 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: riscv: stacktrace: Disable KASAN checks for non-current tasks Unwinding the stack of a task other than current, KASAN would report "BUG: KASAN: out-of-bounds in walk_stackframe+0x41c/0x460" There is a same iss | ||
| CVE-2025-40357 | — | >= 6.11.0, < 6.12.56 | 6.12.56 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: net/smc: fix general protection fault in __smc_diag_dump The syzbot report a crash: Oops: general protection fault, probably for non-canonical address 0xfbd5a5d5a0000003: 0000 [#1] SMP KASAN NOPTI KASAN: m | ||
| CVE-2025-40356 | — | >= 6.14.0, < 6.17.6 | 6.17.6 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: spi: rockchip-sfc: Fix DMA-API usage Use DMA-API dma_map_single() call for getting the DMA address of the transfer buffer instead of hacking with virt_to_phys(). This fixes the following DMA-API debug warning: | ||
| CVE-2025-40355 | — | >= 5.7.0, < 6.17.6 | 6.17.6 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: sysfs: check visibility before changing group attribute ownership Since commit 0c17270f9b92 ("net: sysfs: Implement is_visible for phys_(port_id, port_name, switch_id)"), __dev_change_net_namespace() can hit WA | ||
| CVE-2025-40354 | — | >= 4.15.0, < 6.12.56 | 6.12.56 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: increase max link count and fix link->enc NULL pointer access [why] 1.) dc->links[MAX_LINKS] array size smaller than actual requested. max_connector + max_dpia + 4 virtual = 14. increase from 1 | ||
| CVE-2025-40353 | — | >= 6.11.0, < 6.12.56 | 6.12.56 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: arm64: mte: Do not warn if the page is already tagged in copy_highpage() The arm64 copy_highpage() assumes that the destination page is newly allocated and not MTE-tagged (PG_mte_tagged unset) and warns accordi | ||
| CVE-2025-40352 | — | >= 6.14.0, < 6.17.6 | 6.17.6 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: platform/mellanox: mlxbf-pmc: add sysfs_attr_init() to count_clock init The lock-related debug logic (CONFIG_LOCK_STAT) in the kernel is noting the following warning when the BlueField-3 SOC is booted: BUG: | ||
| CVE-2025-40351 | — | >= 3.14.0, < 5.4.301 | 5.4.301 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat() The syzbot reported issue in hfsplus_delete_cat(): [ 70.682285][ T9333] ===================================================== [ 70.682943][ T93 | ||
| CVE-2025-40350 | — | >= 6.4.0, < 6.6.115 | 6.6.115 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: RX, Fix generating skb from non-linear xdp_buff for striding RQ XDP programs can change the layout of an xdp_buff through bpf_xdp_adjust_tail() and bpf_xdp_adjust_head(). Therefore, the driver cannot | ||
| CVE-2025-40349 | — | >= 2.6.12, < 5.4.301 | 5.4.301 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: hfs: validate record offset in hfsplus_bmap_alloc hfsplus_bmap_alloc can trigger a crash if a record offset or length is larger than node_size [ 15.264282] BUG: KASAN: slab-out-of-bounds in hfsplus_bmap_allo | ||
| CVE-2025-40348 | — | >= 6.12.54, < 6.12.56 | 6.12.56 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: slab: Avoid race on slab->obj_exts in alloc_slab_obj_exts If two competing threads enter alloc_slab_obj_exts() and one of them fails to allocate the object extension vector, it might override the valid slab->ob | ||
| CVE-2025-40347 | — | >= 5.12.0, < 6.6.115 | 6.6.115 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: net: enetc: fix the deadlock of enetc_mdio_lock After applying the workaround for err050089, the LS1028A platform experiences RCU stalls on RT kernel. This issue is caused by the recursive acquisition of the re | ||
| CVE-2025-40346 | — | >= 5.7.0, < 5.10.246 | 5.10.246 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: arch_topology: Fix incorrect error check in topology_parse_cpu_capacity() Fix incorrect use of PTR_ERR_OR_ZERO() in topology_parse_cpu_capacity() which causes the code to proceed with NULL clock pointers. The c | ||
| CVE-2025-40345 | — | >= 2.6.12, < 5.10.247 | 5.10.247 | Dec 12, 2025 | In the Linux kernel, the following vulnerability has been resolved: usb: storage: sddr55: Reject out-of-bound new_pba Discovered by Atuin - Automated Vulnerability Discovery Engine. new_pba comes from the status packet returned after each write. A bogus device could report val |
- CVE-2025-68168Dec 16, 2025affected < 5.4.302fixed 5.4.302
In the Linux kernel, the following vulnerability has been resolved: jfs: fix uninitialized waitqueue in transaction manager The transaction manager initialization in txInit() was not properly initializing TxBlock[0].waitor waitqueue, causing a crash when txEnd(0) is called on r
- CVE-2025-68167Dec 16, 2025affected >= 6.9.0, < 6.12.58fixed 6.12.58
In the Linux kernel, the following vulnerability has been resolved: gpiolib: fix invalid pointer access in debugfs If the memory allocation in gpiolib_seq_start() fails, the s->private field remains uninitialized and is later dereferenced without checking in gpiolib_seq_stop().
- CVE-2025-40363Dec 16, 2025affected >= 2.6.12, < 5.4.302fixed 5.4.302
In the Linux kernel, the following vulnerability has been resolved: net: ipv6: fix field-spanning memcpy warning in AH output Fix field-spanning memcpy warnings in ah6_output() and ah6_output_done() where extension headers are copied to/from IPv6 address fields, triggering fort
- CVE-2025-40362Dec 16, 2025affected >= 6.10.0, < 6.12.58fixed 6.12.58
In the Linux kernel, the following vulnerability has been resolved: ceph: fix multifs mds auth caps issue The mds auth caps check should also validate the fsname along with the associated caps. Not doing so would result in applying the mds auth caps of one fs on to the other fs
- CVE-2025-40360Dec 16, 2025affected >= 5.15.0, < 5.15.197fixed 5.15.197
In the Linux kernel, the following vulnerability has been resolved: drm/sysfb: Do not dereference NULL pointer in plane reset The plane state in __drm_gem_reset_shadow_plane() can be NULL. Do not deref that pointer, but forward NULL to the other plane-reset helpers. Clears plan
- CVE-2025-40359Dec 16, 2025affected >= 6.11.0, < 6.12.58fixed 6.12.58
In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel: Fix KASAN global-out-of-bounds warning When running "perf mem record" command on CWF, the below KASAN global-out-of-bounds warning is seen. ===================================================
- CVE-2025-40358Dec 16, 2025affected >= 4.15.0, < 6.1.167fixed 6.1.167
In the Linux kernel, the following vulnerability has been resolved: riscv: stacktrace: Disable KASAN checks for non-current tasks Unwinding the stack of a task other than current, KASAN would report "BUG: KASAN: out-of-bounds in walk_stackframe+0x41c/0x460" There is a same iss
- CVE-2025-40357Dec 16, 2025affected >= 6.11.0, < 6.12.56fixed 6.12.56
In the Linux kernel, the following vulnerability has been resolved: net/smc: fix general protection fault in __smc_diag_dump The syzbot report a crash: Oops: general protection fault, probably for non-canonical address 0xfbd5a5d5a0000003: 0000 [#1] SMP KASAN NOPTI KASAN: m
- CVE-2025-40356Dec 16, 2025affected >= 6.14.0, < 6.17.6fixed 6.17.6
In the Linux kernel, the following vulnerability has been resolved: spi: rockchip-sfc: Fix DMA-API usage Use DMA-API dma_map_single() call for getting the DMA address of the transfer buffer instead of hacking with virt_to_phys(). This fixes the following DMA-API debug warning:
- CVE-2025-40355Dec 16, 2025affected >= 5.7.0, < 6.17.6fixed 6.17.6
In the Linux kernel, the following vulnerability has been resolved: sysfs: check visibility before changing group attribute ownership Since commit 0c17270f9b92 ("net: sysfs: Implement is_visible for phys_(port_id, port_name, switch_id)"), __dev_change_net_namespace() can hit WA
- CVE-2025-40354Dec 16, 2025affected >= 4.15.0, < 6.12.56fixed 6.12.56
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: increase max link count and fix link->enc NULL pointer access [why] 1.) dc->links[MAX_LINKS] array size smaller than actual requested. max_connector + max_dpia + 4 virtual = 14. increase from 1
- CVE-2025-40353Dec 16, 2025affected >= 6.11.0, < 6.12.56fixed 6.12.56
In the Linux kernel, the following vulnerability has been resolved: arm64: mte: Do not warn if the page is already tagged in copy_highpage() The arm64 copy_highpage() assumes that the destination page is newly allocated and not MTE-tagged (PG_mte_tagged unset) and warns accordi
- CVE-2025-40352Dec 16, 2025affected >= 6.14.0, < 6.17.6fixed 6.17.6
In the Linux kernel, the following vulnerability has been resolved: platform/mellanox: mlxbf-pmc: add sysfs_attr_init() to count_clock init The lock-related debug logic (CONFIG_LOCK_STAT) in the kernel is noting the following warning when the BlueField-3 SOC is booted: BUG:
- CVE-2025-40351Dec 16, 2025affected >= 3.14.0, < 5.4.301fixed 5.4.301
In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat() The syzbot reported issue in hfsplus_delete_cat(): [ 70.682285][ T9333] ===================================================== [ 70.682943][ T93
- CVE-2025-40350Dec 16, 2025affected >= 6.4.0, < 6.6.115fixed 6.6.115
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: RX, Fix generating skb from non-linear xdp_buff for striding RQ XDP programs can change the layout of an xdp_buff through bpf_xdp_adjust_tail() and bpf_xdp_adjust_head(). Therefore, the driver cannot
- CVE-2025-40349Dec 16, 2025affected >= 2.6.12, < 5.4.301fixed 5.4.301
In the Linux kernel, the following vulnerability has been resolved: hfs: validate record offset in hfsplus_bmap_alloc hfsplus_bmap_alloc can trigger a crash if a record offset or length is larger than node_size [ 15.264282] BUG: KASAN: slab-out-of-bounds in hfsplus_bmap_allo
- CVE-2025-40348Dec 16, 2025affected >= 6.12.54, < 6.12.56fixed 6.12.56
In the Linux kernel, the following vulnerability has been resolved: slab: Avoid race on slab->obj_exts in alloc_slab_obj_exts If two competing threads enter alloc_slab_obj_exts() and one of them fails to allocate the object extension vector, it might override the valid slab->ob
- CVE-2025-40347Dec 16, 2025affected >= 5.12.0, < 6.6.115fixed 6.6.115
In the Linux kernel, the following vulnerability has been resolved: net: enetc: fix the deadlock of enetc_mdio_lock After applying the workaround for err050089, the LS1028A platform experiences RCU stalls on RT kernel. This issue is caused by the recursive acquisition of the re
- CVE-2025-40346Dec 16, 2025affected >= 5.7.0, < 5.10.246fixed 5.10.246
In the Linux kernel, the following vulnerability has been resolved: arch_topology: Fix incorrect error check in topology_parse_cpu_capacity() Fix incorrect use of PTR_ERR_OR_ZERO() in topology_parse_cpu_capacity() which causes the code to proceed with NULL clock pointers. The c
- CVE-2025-40345Dec 12, 2025affected >= 2.6.12, < 5.10.247fixed 5.10.247
In the Linux kernel, the following vulnerability has been resolved: usb: storage: sddr55: Reject out-of-bound new_pba Discovered by Atuin - Automated Vulnerability Discovery Engine. new_pba comes from the status packet returned after each write. A bogus device could report val
Page 57 of 88