linux package
kernel
pkg:linux/kernel
Vulnerabilities (1,755)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-40344 | — | >= 6.12.0, < 6.12.58 | 6.12.58 | Dec 9, 2025 | In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: avs: Disable periods-elapsed work when closing PCM avs_dai_fe_shutdown() handles the shutdown procedure for HOST HDAudio stream while period-elapsed work services its IRQs. As the former frees the | ||
| CVE-2025-40343 | — | >= 4.8.0, < 5.15.197 | 5.15.197 | Dec 9, 2025 | In the Linux kernel, the following vulnerability has been resolved: nvmet-fc: avoid scheduling association deletion twice When forcefully shutting down a port via the configfs interface, nvmet_port_subsys_drop_link() first calls nvmet_port_del_ctrls() and then nvmet_disable_por | ||
| CVE-2025-40342 | — | >= 4.10.0, < 5.10.247 | 5.10.247 | Dec 9, 2025 | In the Linux kernel, the following vulnerability has been resolved: nvme-fc: use lock accessing port_state and rport state nvme_fc_unregister_remote removes the remote port on a lport object at any point in time when there is no active association. This races with with the reco | ||
| CVE-2025-40341 | — | >= 2.6.17, < 6.1.159 | 6.1.159 | Dec 9, 2025 | In the Linux kernel, the following vulnerability has been resolved: futex: Don't leak robust_list pointer on exec race sys_get_robust_list() and compat_get_robust_list() use ptrace_may_access() to check if the calling task is allowed to access another task's robust_list pointer | ||
| CVE-2025-40340 | — | >= 6.8.0, < 6.12.58 | 6.12.58 | Dec 9, 2025 | In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix oops in xe_gem_fault when running core_hotunplug test. I saw an oops in xe_gem_fault when running the xe-fast-feedback testlist against the realtime kernel without debug options enabled. The panic | ||
| CVE-2025-40339 | — | >= 4.2.0, < 6.12.58 | 6.12.58 | Dec 9, 2025 | In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix nullptr err of vm_handle_moved If a amdgpu_bo_va is fpriv->prt_va, the bo of this one is always NULL. So, such kind of amdgpu_bo_va should be updated separately before amdgpu_vm_handle_moved. | ||
| CVE-2025-40338 | — | >= 5.19.0, < 6.17.8 | 6.17.8 | Dec 9, 2025 | In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: avs: Do not share the name pointer between components By sharing 'name' directly, tearing down components may lead to use-after-free errors. Duplicate the name to avoid that. At the same time, upd | ||
| CVE-2025-40337 | — | >= 3.2.0, < 6.6.117 | 6.6.117 | Dec 9, 2025 | In the Linux kernel, the following vulnerability has been resolved: net: stmmac: Correctly handle Rx checksum offload errors The stmmac_rx function would previously set skb->ip_summed to CHECKSUM_UNNECESSARY if hardware checksum offload (CoE) was enabled and the packet was of a | ||
| CVE-2025-40336 | — | >= 6.15.0, < 6.17.8 | 6.17.8 | Dec 9, 2025 | In the Linux kernel, the following vulnerability has been resolved: drm/gpusvm: fix hmm_pfn_to_map_order() usage Handle the case where the hmm range partially covers a huge page (like 2M), otherwise we can potentially end up doing something nasty like mapping memory which is ou | ||
| CVE-2025-40335 | — | >= 6.16.0, < 6.17.8 | 6.17.8 | Dec 9, 2025 | In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate userq input args This will help on validating the userq input args, and rejecting for the invalid userq request at the IOCTLs first place. | ||
| CVE-2025-40334 | — | >= 6.16.0, < 6.17.8 | 6.17.8 | Dec 9, 2025 | In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate userq buffer virtual address and size It needs to validate the userq object virtual address to determine whether it is residented in a valid vm mapping. | ||
| CVE-2025-40333 | — | >= 3.8.0, < 6.6.117 | 6.6.117 | Dec 9, 2025 | In the Linux kernel, the following vulnerability has been resolved: f2fs: fix infinite loop in __insert_extent_tree() When we get wrong extent info data, and look up extent_node in rb tree, it will cause infinite loop (CONFIG_F2FS_CHECK_FS=n). Avoiding this by return NULL and p | ||
| CVE-2025-40332 | — | < 6.12.58 | 6.12.58 | Dec 9, 2025 | In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix mmap write lock not release If mmap write lock is taken while draining retry fault, mmap write lock is not released because svm_range_restore_pages calls mmap_read_unlock then returns. This caus | ||
| CVE-2025-40331 | — | >= 4.7.0, < 5.4.302 | 5.4.302 | Dec 9, 2025 | In the Linux kernel, the following vulnerability has been resolved: sctp: Prevent TOCTOU out-of-bounds write For the following path not holding the sock lock, sctp_diag_dump() -> sctp_for_each_endpoint() -> sctp_ep_dump() make sure not to exceed bounds in case the address l | ||
| CVE-2025-40330 | — | >= 6.13.0, < 6.17.8 | 6.17.8 | Dec 9, 2025 | In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Shutdown FW DMA in bnxt_shutdown() The netif_close() call in bnxt_shutdown() only stops packet DMA. There may be FW DMA for trace logging (recently added) that will continue. If we kexec to a new ker | ||
| CVE-2025-40329 | — | >= 6.2.0, < 6.6.117 | 6.6.117 | Dec 9, 2025 | In the Linux kernel, the following vulnerability has been resolved: drm/sched: Fix deadlock in drm_sched_entity_kill_jobs_cb The Mesa issue referenced below pointed out a possible deadlock: [ 1231.611031] Possible interrupt unsafe locking scenario: [ 1231.611033] CPU0 | ||
| CVE-2025-40328 | — | >= 6.1.0, < 6.6.117 | 6.6.117 | Dec 9, 2025 | In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF in smb2_close_cached_fid() find_or_create_cached_dir() could grab a new reference after kref_put() had seen the refcount drop to zero but before cfid_list_lock is acquired in smb2 | ||
| CVE-2025-40327 | — | >= 6.17.0, < 6.17.8 | 6.17.8 | Dec 9, 2025 | In the Linux kernel, the following vulnerability has been resolved: perf/core: Fix system hang caused by cpu-clock usage cpu-clock usage by the async-profiler tool can trigger a system hang, which got bisected back to the following commit by Octavia Togami: 18dbcbfabfff ("pe | ||
| CVE-2023-53866 | — | >= 5.17.0, < 6.1.16 | 6.1.16 | Dec 9, 2025 | In the Linux kernel, the following vulnerability has been resolved: ASoC: soc-compress: Reposition and add pcm_mutex If panic_on_warn is set and compress stream(DPCM) is started, then kernel panic occurred because card->pcm_mutex isn't held appropriately. In the following funct | ||
| CVE-2023-53865 | — | < 5.4.251 | 5.4.251 | Dec 9, 2025 | In the Linux kernel, the following vulnerability has been resolved: btrfs: fix warning when putting transaction with qgroups enabled after abort If we have a transaction abort with qgroups enabled we get a warning triggered when doing the final put on the transaction, like this |
- CVE-2025-40344Dec 9, 2025affected >= 6.12.0, < 6.12.58fixed 6.12.58
In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: avs: Disable periods-elapsed work when closing PCM avs_dai_fe_shutdown() handles the shutdown procedure for HOST HDAudio stream while period-elapsed work services its IRQs. As the former frees the
- CVE-2025-40343Dec 9, 2025affected >= 4.8.0, < 5.15.197fixed 5.15.197
In the Linux kernel, the following vulnerability has been resolved: nvmet-fc: avoid scheduling association deletion twice When forcefully shutting down a port via the configfs interface, nvmet_port_subsys_drop_link() first calls nvmet_port_del_ctrls() and then nvmet_disable_por
- CVE-2025-40342Dec 9, 2025affected >= 4.10.0, < 5.10.247fixed 5.10.247
In the Linux kernel, the following vulnerability has been resolved: nvme-fc: use lock accessing port_state and rport state nvme_fc_unregister_remote removes the remote port on a lport object at any point in time when there is no active association. This races with with the reco
- CVE-2025-40341Dec 9, 2025affected >= 2.6.17, < 6.1.159fixed 6.1.159
In the Linux kernel, the following vulnerability has been resolved: futex: Don't leak robust_list pointer on exec race sys_get_robust_list() and compat_get_robust_list() use ptrace_may_access() to check if the calling task is allowed to access another task's robust_list pointer
- CVE-2025-40340Dec 9, 2025affected >= 6.8.0, < 6.12.58fixed 6.12.58
In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix oops in xe_gem_fault when running core_hotunplug test. I saw an oops in xe_gem_fault when running the xe-fast-feedback testlist against the realtime kernel without debug options enabled. The panic
- CVE-2025-40339Dec 9, 2025affected >= 4.2.0, < 6.12.58fixed 6.12.58
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix nullptr err of vm_handle_moved If a amdgpu_bo_va is fpriv->prt_va, the bo of this one is always NULL. So, such kind of amdgpu_bo_va should be updated separately before amdgpu_vm_handle_moved.
- CVE-2025-40338Dec 9, 2025affected >= 5.19.0, < 6.17.8fixed 6.17.8
In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: avs: Do not share the name pointer between components By sharing 'name' directly, tearing down components may lead to use-after-free errors. Duplicate the name to avoid that. At the same time, upd
- CVE-2025-40337Dec 9, 2025affected >= 3.2.0, < 6.6.117fixed 6.6.117
In the Linux kernel, the following vulnerability has been resolved: net: stmmac: Correctly handle Rx checksum offload errors The stmmac_rx function would previously set skb->ip_summed to CHECKSUM_UNNECESSARY if hardware checksum offload (CoE) was enabled and the packet was of a
- CVE-2025-40336Dec 9, 2025affected >= 6.15.0, < 6.17.8fixed 6.17.8
In the Linux kernel, the following vulnerability has been resolved: drm/gpusvm: fix hmm_pfn_to_map_order() usage Handle the case where the hmm range partially covers a huge page (like 2M), otherwise we can potentially end up doing something nasty like mapping memory which is ou
- CVE-2025-40335Dec 9, 2025affected >= 6.16.0, < 6.17.8fixed 6.17.8
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate userq input args This will help on validating the userq input args, and rejecting for the invalid userq request at the IOCTLs first place.
- CVE-2025-40334Dec 9, 2025affected >= 6.16.0, < 6.17.8fixed 6.17.8
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate userq buffer virtual address and size It needs to validate the userq object virtual address to determine whether it is residented in a valid vm mapping.
- CVE-2025-40333Dec 9, 2025affected >= 3.8.0, < 6.6.117fixed 6.6.117
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix infinite loop in __insert_extent_tree() When we get wrong extent info data, and look up extent_node in rb tree, it will cause infinite loop (CONFIG_F2FS_CHECK_FS=n). Avoiding this by return NULL and p
- CVE-2025-40332Dec 9, 2025affected < 6.12.58fixed 6.12.58
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix mmap write lock not release If mmap write lock is taken while draining retry fault, mmap write lock is not released because svm_range_restore_pages calls mmap_read_unlock then returns. This caus
- CVE-2025-40331Dec 9, 2025affected >= 4.7.0, < 5.4.302fixed 5.4.302
In the Linux kernel, the following vulnerability has been resolved: sctp: Prevent TOCTOU out-of-bounds write For the following path not holding the sock lock, sctp_diag_dump() -> sctp_for_each_endpoint() -> sctp_ep_dump() make sure not to exceed bounds in case the address l
- CVE-2025-40330Dec 9, 2025affected >= 6.13.0, < 6.17.8fixed 6.17.8
In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Shutdown FW DMA in bnxt_shutdown() The netif_close() call in bnxt_shutdown() only stops packet DMA. There may be FW DMA for trace logging (recently added) that will continue. If we kexec to a new ker
- CVE-2025-40329Dec 9, 2025affected >= 6.2.0, < 6.6.117fixed 6.6.117
In the Linux kernel, the following vulnerability has been resolved: drm/sched: Fix deadlock in drm_sched_entity_kill_jobs_cb The Mesa issue referenced below pointed out a possible deadlock: [ 1231.611031] Possible interrupt unsafe locking scenario: [ 1231.611033] CPU0
- CVE-2025-40328Dec 9, 2025affected >= 6.1.0, < 6.6.117fixed 6.6.117
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF in smb2_close_cached_fid() find_or_create_cached_dir() could grab a new reference after kref_put() had seen the refcount drop to zero but before cfid_list_lock is acquired in smb2
- CVE-2025-40327Dec 9, 2025affected >= 6.17.0, < 6.17.8fixed 6.17.8
In the Linux kernel, the following vulnerability has been resolved: perf/core: Fix system hang caused by cpu-clock usage cpu-clock usage by the async-profiler tool can trigger a system hang, which got bisected back to the following commit by Octavia Togami: 18dbcbfabfff ("pe
- CVE-2023-53866Dec 9, 2025affected >= 5.17.0, < 6.1.16fixed 6.1.16
In the Linux kernel, the following vulnerability has been resolved: ASoC: soc-compress: Reposition and add pcm_mutex If panic_on_warn is set and compress stream(DPCM) is started, then kernel panic occurred because card->pcm_mutex isn't held appropriately. In the following funct
- CVE-2023-53865Dec 9, 2025affected < 5.4.251fixed 5.4.251
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix warning when putting transaction with qgroups enabled after abort If we have a transaction abort with qgroups enabled we get a warning triggered when doing the final put on the transaction, like this
Page 58 of 88