linux package
kernel
pkg:linux/kernel
Vulnerabilities (1,755)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-40304 | — | >= 2.6.12, < 5.4.302 | 5.4.302 | Dec 8, 2025 | In the Linux kernel, the following vulnerability has been resolved: fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds Add bounds checking to prevent writes past framebuffer boundaries when rendering text near screen edges. Return early if the Y position is of | ||
| CVE-2025-40303 | — | >= 3.10.0, < 6.6.117 | 6.6.117 | Dec 8, 2025 | In the Linux kernel, the following vulnerability has been resolved: btrfs: ensure no dirty metadata is written back for an fs with errors [BUG] During development of a minor feature (make sure all btrfs_bio::end_io() is called in task context), I noticed a crash in generic/388, | ||
| CVE-2025-40302 | — | >= 6.10.0, < 6.12.58 | 6.12.58 | Dec 8, 2025 | In the Linux kernel, the following vulnerability has been resolved: media: videobuf2: forbid remove_bufs when legacy fileio is active vb2_ioctl_remove_bufs() call manipulates queue internal buffer list, potentially overwriting some pointers used by the legacy fileio access mode | ||
| CVE-2025-40301 | — | >= 6.1.0, < 6.1.159 | 6.1.159 | Dec 8, 2025 | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: validate skb length for unknown CC opcode In hci_cmd_complete_evt(), if the command complete event has an unknown opcode, we assume the first byte of the remaining skb->data contains the r | ||
| CVE-2025-40299 | — | >= 6.17.0, < 6.17.8 | 6.17.8 | Dec 8, 2025 | In the Linux kernel, the following vulnerability has been resolved: gve: Implement gettimex64 with -EOPNOTSUPP gve implemented a ptp_clock for sole use of do_aux_work at this time. ptp_clock_gettime() and ptp_sys_offset() assume every ptp_clock has implemented either gettimex64 | ||
| CVE-2025-40298 | — | >= 6.17.0, < 6.17.8 | 6.17.8 | Dec 8, 2025 | In the Linux kernel, the following vulnerability has been resolved: gve: Implement settime64 with -EOPNOTSUPP ptp_clock_settime() assumes every ptp_clock has implemented settime64(). Stub it with -EOPNOTSUPP to prevent a NULL dereference. | ||
| CVE-2025-40297 | — | >= 5.18.0, < 6.1.159 | 6.1.159 | Dec 8, 2025 | In the Linux kernel, the following vulnerability has been resolved: net: bridge: fix use-after-free due to MST port state bypass syzbot reported[1] a use-after-free when deleting an expired fdb. It is due to a race condition between learning still happening and a port being del | ||
| CVE-2025-40296 | — | >= 6.16.0, < 6.17.8 | 6.17.8 | Dec 8, 2025 | In the Linux kernel, the following vulnerability has been resolved: platform/x86: int3472: Fix double free of GPIO device during unregister regulator_unregister() already frees the associated GPIO device. On ThinkPad X9 (Lunar Lake), this causes a double free issue that leads t | ||
| CVE-2025-40295 | — | >= 6.15.0, < 6.17.8 | 6.17.8 | Dec 8, 2025 | In the Linux kernel, the following vulnerability has been resolved: fscrypt: fix left shift underflow when inode->i_blkbits > PAGE_SHIFT When simulating an nvme device on qemu with both logical_block_size and physical_block_size set to 8 KiB, an error trace appears during parti | ||
| CVE-2025-40294 | — | < 6.1.159 | 6.1.159 | Dec 8, 2025 | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix OOB access in parse_adv_monitor_pattern() In the parse_adv_monitor_pattern() function, the value of the 'length' variable is currently limited to HCI_MAX_EXT_AD_LENGTH(251). The size of the | ||
| CVE-2025-40293 | — | >= 6.1.0, < 6.1.159 | 6.1.159 | Dec 8, 2025 | In the Linux kernel, the following vulnerability has been resolved: iommufd: Don't overflow during division for dirty tracking If pgshift is 63 then BITS_PER_TYPE(*bitmap->bitmap) * pgsize will overflow to 0 and this triggers divide by 0. In this case the index should just be | ||
| CVE-2025-40292 | — | >= 6.1.0, < 6.1.159 | 6.1.159 | Dec 8, 2025 | In the Linux kernel, the following vulnerability has been resolved: virtio-net: fix received length check in big packets Since commit 4959aebba8c0 ("virtio-net: use mtu size as buffer length for big packets"), when guest gso is off, the allocated size for big packets is not MAX | ||
| CVE-2025-40291 | — | >= 6.15.0, < 6.17.8 | 6.17.8 | Dec 8, 2025 | In the Linux kernel, the following vulnerability has been resolved: io_uring: fix regbuf vector size truncation There is a report of io_estimate_bvec_size() truncating the calculated number of segments that leads to corruption issues. Check it doesn't overflow "int"s used later | ||
| CVE-2025-40290 | — | >= 6.17.0, < 6.17.11 | 6.17.11 | Dec 8, 2025 | In the Linux kernel, the following vulnerability has been resolved: xsk: avoid data corruption on cq descriptor number Since commit 30f241fcf52a ("xsk: Fix immature cq descriptor production"), the descriptor number is stored in skb control block and xsk_cq_submit_addr_locked() | ||
| CVE-2025-40289 | — | >= 4.2.0, < 6.12.59 | 6.12.59 | Dec 6, 2025 | In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: hide VRAM sysfs attributes on GPUs without VRAM Otherwise accessing them can cause a crash. | ||
| CVE-2025-40288 | — | >= 4.2.0, < 6.1.159 | 6.1.159 | Dec 6, 2025 | In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix NULL pointer dereference in VRAM logic for APU devices Previously, APU platforms (and other scenarios with uninitialized VRAM managers) triggered a NULL pointer dereference in `ttm_resource_mana | ||
| CVE-2025-40287 | — | >= 6.8.0, < 6.12.59 | 6.12.59 | Dec 6, 2025 | In the Linux kernel, the following vulnerability has been resolved: exfat: fix improper check of dentry.stream.valid_size We found an infinite loop bug in the exFAT file system that can lead to a Denial-of-Service (DoS) condition. When a dentry in an exFAT filesystem is malform | ||
| CVE-2025-40286 | — | >= 5.15.0, < 6.1.159 | 6.1.159 | Dec 6, 2025 | In the Linux kernel, the following vulnerability has been resolved: smb/server: fix possible memory leak in smb2_read() Memory leak occurs when ksmbd_vfs_read() fails. Fix this by adding the missing kvfree(). | ||
| CVE-2025-40285 | — | < 6.1.159 | 6.1.159 | Dec 6, 2025 | In the Linux kernel, the following vulnerability has been resolved: smb/server: fix possible refcount leak in smb2_sess_setup() Reference count of ksmbd_session will leak when session need reconnect. Fix this by adding the missing ksmbd_user_session_put(). | ||
| CVE-2025-40284 | — | >= 6.1.0, < 6.1.159 | 6.1.159 | Dec 6, 2025 | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: cancel mesh send timer when hdev removed mesh_send_done timer is not canceled when hdev is removed, which causes crash if the timer triggers after hdev is gone. Cancel the timer when MGMT remo |
- CVE-2025-40304Dec 8, 2025affected >= 2.6.12, < 5.4.302fixed 5.4.302
In the Linux kernel, the following vulnerability has been resolved: fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds Add bounds checking to prevent writes past framebuffer boundaries when rendering text near screen edges. Return early if the Y position is of
- CVE-2025-40303Dec 8, 2025affected >= 3.10.0, < 6.6.117fixed 6.6.117
In the Linux kernel, the following vulnerability has been resolved: btrfs: ensure no dirty metadata is written back for an fs with errors [BUG] During development of a minor feature (make sure all btrfs_bio::end_io() is called in task context), I noticed a crash in generic/388,
- CVE-2025-40302Dec 8, 2025affected >= 6.10.0, < 6.12.58fixed 6.12.58
In the Linux kernel, the following vulnerability has been resolved: media: videobuf2: forbid remove_bufs when legacy fileio is active vb2_ioctl_remove_bufs() call manipulates queue internal buffer list, potentially overwriting some pointers used by the legacy fileio access mode
- CVE-2025-40301Dec 8, 2025affected >= 6.1.0, < 6.1.159fixed 6.1.159
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: validate skb length for unknown CC opcode In hci_cmd_complete_evt(), if the command complete event has an unknown opcode, we assume the first byte of the remaining skb->data contains the r
- CVE-2025-40299Dec 8, 2025affected >= 6.17.0, < 6.17.8fixed 6.17.8
In the Linux kernel, the following vulnerability has been resolved: gve: Implement gettimex64 with -EOPNOTSUPP gve implemented a ptp_clock for sole use of do_aux_work at this time. ptp_clock_gettime() and ptp_sys_offset() assume every ptp_clock has implemented either gettimex64
- CVE-2025-40298Dec 8, 2025affected >= 6.17.0, < 6.17.8fixed 6.17.8
In the Linux kernel, the following vulnerability has been resolved: gve: Implement settime64 with -EOPNOTSUPP ptp_clock_settime() assumes every ptp_clock has implemented settime64(). Stub it with -EOPNOTSUPP to prevent a NULL dereference.
- CVE-2025-40297Dec 8, 2025affected >= 5.18.0, < 6.1.159fixed 6.1.159
In the Linux kernel, the following vulnerability has been resolved: net: bridge: fix use-after-free due to MST port state bypass syzbot reported[1] a use-after-free when deleting an expired fdb. It is due to a race condition between learning still happening and a port being del
- CVE-2025-40296Dec 8, 2025affected >= 6.16.0, < 6.17.8fixed 6.17.8
In the Linux kernel, the following vulnerability has been resolved: platform/x86: int3472: Fix double free of GPIO device during unregister regulator_unregister() already frees the associated GPIO device. On ThinkPad X9 (Lunar Lake), this causes a double free issue that leads t
- CVE-2025-40295Dec 8, 2025affected >= 6.15.0, < 6.17.8fixed 6.17.8
In the Linux kernel, the following vulnerability has been resolved: fscrypt: fix left shift underflow when inode->i_blkbits > PAGE_SHIFT When simulating an nvme device on qemu with both logical_block_size and physical_block_size set to 8 KiB, an error trace appears during parti
- CVE-2025-40294Dec 8, 2025affected < 6.1.159fixed 6.1.159
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix OOB access in parse_adv_monitor_pattern() In the parse_adv_monitor_pattern() function, the value of the 'length' variable is currently limited to HCI_MAX_EXT_AD_LENGTH(251). The size of the
- CVE-2025-40293Dec 8, 2025affected >= 6.1.0, < 6.1.159fixed 6.1.159
In the Linux kernel, the following vulnerability has been resolved: iommufd: Don't overflow during division for dirty tracking If pgshift is 63 then BITS_PER_TYPE(*bitmap->bitmap) * pgsize will overflow to 0 and this triggers divide by 0. In this case the index should just be
- CVE-2025-40292Dec 8, 2025affected >= 6.1.0, < 6.1.159fixed 6.1.159
In the Linux kernel, the following vulnerability has been resolved: virtio-net: fix received length check in big packets Since commit 4959aebba8c0 ("virtio-net: use mtu size as buffer length for big packets"), when guest gso is off, the allocated size for big packets is not MAX
- CVE-2025-40291Dec 8, 2025affected >= 6.15.0, < 6.17.8fixed 6.17.8
In the Linux kernel, the following vulnerability has been resolved: io_uring: fix regbuf vector size truncation There is a report of io_estimate_bvec_size() truncating the calculated number of segments that leads to corruption issues. Check it doesn't overflow "int"s used later
- CVE-2025-40290Dec 8, 2025affected >= 6.17.0, < 6.17.11fixed 6.17.11
In the Linux kernel, the following vulnerability has been resolved: xsk: avoid data corruption on cq descriptor number Since commit 30f241fcf52a ("xsk: Fix immature cq descriptor production"), the descriptor number is stored in skb control block and xsk_cq_submit_addr_locked()
- CVE-2025-40289Dec 6, 2025affected >= 4.2.0, < 6.12.59fixed 6.12.59
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: hide VRAM sysfs attributes on GPUs without VRAM Otherwise accessing them can cause a crash.
- CVE-2025-40288Dec 6, 2025affected >= 4.2.0, < 6.1.159fixed 6.1.159
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix NULL pointer dereference in VRAM logic for APU devices Previously, APU platforms (and other scenarios with uninitialized VRAM managers) triggered a NULL pointer dereference in `ttm_resource_mana
- CVE-2025-40287Dec 6, 2025affected >= 6.8.0, < 6.12.59fixed 6.12.59
In the Linux kernel, the following vulnerability has been resolved: exfat: fix improper check of dentry.stream.valid_size We found an infinite loop bug in the exFAT file system that can lead to a Denial-of-Service (DoS) condition. When a dentry in an exFAT filesystem is malform
- CVE-2025-40286Dec 6, 2025affected >= 5.15.0, < 6.1.159fixed 6.1.159
In the Linux kernel, the following vulnerability has been resolved: smb/server: fix possible memory leak in smb2_read() Memory leak occurs when ksmbd_vfs_read() fails. Fix this by adding the missing kvfree().
- CVE-2025-40285Dec 6, 2025affected < 6.1.159fixed 6.1.159
In the Linux kernel, the following vulnerability has been resolved: smb/server: fix possible refcount leak in smb2_sess_setup() Reference count of ksmbd_session will leak when session need reconnect. Fix this by adding the missing ksmbd_user_session_put().
- CVE-2025-40284Dec 6, 2025affected >= 6.1.0, < 6.1.159fixed 6.1.159
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: cancel mesh send timer when hdev removed mesh_send_done timer is not canceled when hdev is removed, which causes crash if the timer triggers after hdev is gone. Cancel the timer when MGMT remo
Page 69 of 88