linux package
kernel
pkg:linux/kernel
Vulnerabilities (1,755)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-40202 | — | >= 5.19.0, < 6.1.157 | 6.1.157 | Nov 12, 2025 | In the Linux kernel, the following vulnerability has been resolved: ipmi: Rework user message limit handling The limit on the number of user messages had a number of issues, improper counting in some cases and a use after free. Restructure how this is all done to handle more i | ||
| CVE-2025-40201 | — | >= 5.18.0, < 6.1.157 | 6.1.157 | Nov 12, 2025 | In the Linux kernel, the following vulnerability has been resolved: kernel/sys.c: fix the racy usage of task_lock(tsk->group_leader) in sys_prlimit64() paths The usage of task_lock(tsk->group_leader) in sys_prlimit64()->do_prlimit() path is very broken. sys_prlimit64() does ge | ||
| CVE-2025-40200 | — | >= 2.6.29, < 5.4.301 | 5.4.301 | Nov 12, 2025 | In the Linux kernel, the following vulnerability has been resolved: Squashfs: reject negative file sizes in squashfs_read_inode() Syskaller reports a "WARNING in ovl_copy_up_file" in overlayfs. This warning is ultimately caused because the underlying Squashfs file system retur | ||
| CVE-2025-40199 | — | < 6.12.54 | 6.12.54 | Nov 12, 2025 | In the Linux kernel, the following vulnerability has been resolved: page_pool: Fix PP_MAGIC_MASK to avoid crashing on some 32-bit arches Helge reported that the introduction of PP_MAGIC_MASK let to crashes on boot on his 32-bit parisc machine. The cause of this is the mask is s | ||
| CVE-2025-40198 | — | >= 2.6.36, < 5.4.301 | 5.4.301 | Nov 12, 2025 | In the Linux kernel, the following vulnerability has been resolved: ext4: avoid potential buffer over-read in parse_apply_sb_mount_options() Unlike other strings in the ext4 superblock, we rely on tune2fs to make sure s_mount_opts is NUL terminated. Harden parse_apply_sb_mount | ||
| CVE-2025-40197 | — | < 5.4.301 | 5.4.301 | Nov 12, 2025 | In the Linux kernel, the following vulnerability has been resolved: media: mc: Clear minor number before put device The device minor should not be cleared after the device is released. | ||
| CVE-2025-40196 | — | < 6.6.114 | 6.6.114 | Nov 12, 2025 | In the Linux kernel, the following vulnerability has been resolved: fs: quota: create dedicated workqueue for quota_release_work There is a kernel panic due to WARN_ONCE when panic_on_warn is set. This issue occurs when writeback is triggered due to sync call for an opened fil | ||
| CVE-2025-40195 | — | >= 6.11.0, < 6.12.54 | 6.12.54 | Nov 12, 2025 | In the Linux kernel, the following vulnerability has been resolved: mount: handle NULL values in mnt_ns_release() When calling in listmount() mnt_ns_release() may be passed a NULL pointer. Handle that case gracefully. | ||
| CVE-2025-40194 | — | >= 5.4.0, < 5.4.301 | 5.4.301 | Nov 12, 2025 | In the Linux kernel, the following vulnerability has been resolved: cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() The cpufreq_cpu_put() call in update_qos_request() takes place too early because the latter subsequently calls freq_qos_update_request() | ||
| CVE-2025-40193 | — | >= 3.9.0, < 6.1.157 | 6.1.157 | Nov 12, 2025 | In the Linux kernel, the following vulnerability has been resolved: xtensa: simdisk: add input size check in proc_write_simdisk A malicious user could pass an arbitrarily bad value to memdup_user_nul(), potentially causing kernel crash. This follows the same pattern as commit | ||
| CVE-2025-40192 | — | >= 6.2.0, < 6.6.113 | 6.6.113 | Nov 12, 2025 | In the Linux kernel, the following vulnerability has been resolved: Revert "ipmi: fix msg stack when IPMI is disconnected" This reverts commit c608966f3f9c2dca596967501d00753282b395fc. This patch has a subtle bug that can cause the IPMI driver to go into an infinite loop if th | ||
| CVE-2025-40191 | — | >= 6.16.0, < 6.17.4 | 6.17.4 | Nov 12, 2025 | In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix kfd process ref leaking when userptr unmapping kfd_lookup_process_by_pid hold the kfd process reference to ensure it doesn't get destroyed while sending the segfault event to user space. Callin | ||
| CVE-2025-40190 | — | < 5.4.301 | 5.4.301 | Nov 12, 2025 | In the Linux kernel, the following vulnerability has been resolved: ext4: guard against EA inode refcount underflow in xattr update syzkaller found a path where ext4_xattr_inode_update_ref() reads an EA inode refcount that is already <= 0 and then applies ref_change (often -1). | ||
| CVE-2025-40189 | — | >= 6.14.0, < 6.17.4 | 6.17.4 | Nov 12, 2025 | In the Linux kernel, the following vulnerability has been resolved: net: usb: lan78xx: Fix lost EEPROM read timeout error(-ETIMEDOUT) in lan78xx_read_raw_eeprom Syzbot reported read of uninitialized variable BUG with following call stack. lan78xx 8-1:1.0 (unnamed net_device) ( | ||
| CVE-2025-40188 | — | >= 4.9.0, < 5.4.301 | 5.4.301 | Nov 12, 2025 | In the Linux kernel, the following vulnerability has been resolved: pwm: berlin: Fix wrong register in suspend/resume The 'enable' register should be BERLIN_PWM_EN rather than BERLIN_PWM_ENABLE, otherwise, the driver accesses wrong address, there will be cpu exception then kern | ||
| CVE-2025-40187 | — | >= 4.17.0, < 5.4.301 | 5.4.301 | Nov 12, 2025 | In the Linux kernel, the following vulnerability has been resolved: net/sctp: fix a null dereference in sctp_disposition sctp_sf_do_5_1D_ce() If new_asoc->peer.adaptation_ind=0 and sctp_ulpevent_make_authkey=0 and sctp_ulpevent_make_authkey() returns 0, then the variable ai_ev | ||
| CVE-2025-40186 | — | < 5.4.301 | 5.4.301 | Nov 12, 2025 | In the Linux kernel, the following vulnerability has been resolved: tcp: Don't call reqsk_fastopen_remove() in tcp_conn_request(). syzbot reported the splat below in tcp_conn_request(). [0] If a listener is close()d while a TFO socket is being processed in tcp_conn_request(), | ||
| CVE-2025-40185 | — | >= 6.11.0, < 6.12.54 | 6.12.54 | Nov 12, 2025 | In the Linux kernel, the following vulnerability has been resolved: ice: ice_adapter: release xa entry on adapter allocation failure When ice_adapter_new() fails, the reserved XArray entry created by xa_insert() is not released. This causes subsequent insertions at the same ind | ||
| CVE-2025-40184 | — | >= 6.16.0, < 6.17.4 | 6.17.4 | Nov 12, 2025 | In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Fix debug checking for np-guests using huge mappings When running with transparent huge pages and CONFIG_NVHE_EL2_DEBUG then the debug checking in assert_host_shared_guest() fails on the launch of a | ||
| CVE-2025-40183 | — | >= 5.10.0, < 5.10.246 | 5.10.246 | Nov 12, 2025 | In the Linux kernel, the following vulnerability has been resolved: bpf: Fix metadata_dst leak __bpf_redirect_neigh_v{4,6} Cilium has a BPF egress gateway feature which forces outgoing K8s Pod traffic to pass through dedicated egress gateways which then SNAT the traffic in orde |
- CVE-2025-40202Nov 12, 2025affected >= 5.19.0, < 6.1.157fixed 6.1.157
In the Linux kernel, the following vulnerability has been resolved: ipmi: Rework user message limit handling The limit on the number of user messages had a number of issues, improper counting in some cases and a use after free. Restructure how this is all done to handle more i
- CVE-2025-40201Nov 12, 2025affected >= 5.18.0, < 6.1.157fixed 6.1.157
In the Linux kernel, the following vulnerability has been resolved: kernel/sys.c: fix the racy usage of task_lock(tsk->group_leader) in sys_prlimit64() paths The usage of task_lock(tsk->group_leader) in sys_prlimit64()->do_prlimit() path is very broken. sys_prlimit64() does ge
- CVE-2025-40200Nov 12, 2025affected >= 2.6.29, < 5.4.301fixed 5.4.301
In the Linux kernel, the following vulnerability has been resolved: Squashfs: reject negative file sizes in squashfs_read_inode() Syskaller reports a "WARNING in ovl_copy_up_file" in overlayfs. This warning is ultimately caused because the underlying Squashfs file system retur
- CVE-2025-40199Nov 12, 2025affected < 6.12.54fixed 6.12.54
In the Linux kernel, the following vulnerability has been resolved: page_pool: Fix PP_MAGIC_MASK to avoid crashing on some 32-bit arches Helge reported that the introduction of PP_MAGIC_MASK let to crashes on boot on his 32-bit parisc machine. The cause of this is the mask is s
- CVE-2025-40198Nov 12, 2025affected >= 2.6.36, < 5.4.301fixed 5.4.301
In the Linux kernel, the following vulnerability has been resolved: ext4: avoid potential buffer over-read in parse_apply_sb_mount_options() Unlike other strings in the ext4 superblock, we rely on tune2fs to make sure s_mount_opts is NUL terminated. Harden parse_apply_sb_mount
- CVE-2025-40197Nov 12, 2025affected < 5.4.301fixed 5.4.301
In the Linux kernel, the following vulnerability has been resolved: media: mc: Clear minor number before put device The device minor should not be cleared after the device is released.
- CVE-2025-40196Nov 12, 2025affected < 6.6.114fixed 6.6.114
In the Linux kernel, the following vulnerability has been resolved: fs: quota: create dedicated workqueue for quota_release_work There is a kernel panic due to WARN_ONCE when panic_on_warn is set. This issue occurs when writeback is triggered due to sync call for an opened fil
- CVE-2025-40195Nov 12, 2025affected >= 6.11.0, < 6.12.54fixed 6.12.54
In the Linux kernel, the following vulnerability has been resolved: mount: handle NULL values in mnt_ns_release() When calling in listmount() mnt_ns_release() may be passed a NULL pointer. Handle that case gracefully.
- CVE-2025-40194Nov 12, 2025affected >= 5.4.0, < 5.4.301fixed 5.4.301
In the Linux kernel, the following vulnerability has been resolved: cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() The cpufreq_cpu_put() call in update_qos_request() takes place too early because the latter subsequently calls freq_qos_update_request()
- CVE-2025-40193Nov 12, 2025affected >= 3.9.0, < 6.1.157fixed 6.1.157
In the Linux kernel, the following vulnerability has been resolved: xtensa: simdisk: add input size check in proc_write_simdisk A malicious user could pass an arbitrarily bad value to memdup_user_nul(), potentially causing kernel crash. This follows the same pattern as commit
- CVE-2025-40192Nov 12, 2025affected >= 6.2.0, < 6.6.113fixed 6.6.113
In the Linux kernel, the following vulnerability has been resolved: Revert "ipmi: fix msg stack when IPMI is disconnected" This reverts commit c608966f3f9c2dca596967501d00753282b395fc. This patch has a subtle bug that can cause the IPMI driver to go into an infinite loop if th
- CVE-2025-40191Nov 12, 2025affected >= 6.16.0, < 6.17.4fixed 6.17.4
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix kfd process ref leaking when userptr unmapping kfd_lookup_process_by_pid hold the kfd process reference to ensure it doesn't get destroyed while sending the segfault event to user space. Callin
- CVE-2025-40190Nov 12, 2025affected < 5.4.301fixed 5.4.301
In the Linux kernel, the following vulnerability has been resolved: ext4: guard against EA inode refcount underflow in xattr update syzkaller found a path where ext4_xattr_inode_update_ref() reads an EA inode refcount that is already <= 0 and then applies ref_change (often -1).
- CVE-2025-40189Nov 12, 2025affected >= 6.14.0, < 6.17.4fixed 6.17.4
In the Linux kernel, the following vulnerability has been resolved: net: usb: lan78xx: Fix lost EEPROM read timeout error(-ETIMEDOUT) in lan78xx_read_raw_eeprom Syzbot reported read of uninitialized variable BUG with following call stack. lan78xx 8-1:1.0 (unnamed net_device) (
- CVE-2025-40188Nov 12, 2025affected >= 4.9.0, < 5.4.301fixed 5.4.301
In the Linux kernel, the following vulnerability has been resolved: pwm: berlin: Fix wrong register in suspend/resume The 'enable' register should be BERLIN_PWM_EN rather than BERLIN_PWM_ENABLE, otherwise, the driver accesses wrong address, there will be cpu exception then kern
- CVE-2025-40187Nov 12, 2025affected >= 4.17.0, < 5.4.301fixed 5.4.301
In the Linux kernel, the following vulnerability has been resolved: net/sctp: fix a null dereference in sctp_disposition sctp_sf_do_5_1D_ce() If new_asoc->peer.adaptation_ind=0 and sctp_ulpevent_make_authkey=0 and sctp_ulpevent_make_authkey() returns 0, then the variable ai_ev
- CVE-2025-40186Nov 12, 2025affected < 5.4.301fixed 5.4.301
In the Linux kernel, the following vulnerability has been resolved: tcp: Don't call reqsk_fastopen_remove() in tcp_conn_request(). syzbot reported the splat below in tcp_conn_request(). [0] If a listener is close()d while a TFO socket is being processed in tcp_conn_request(),
- CVE-2025-40185Nov 12, 2025affected >= 6.11.0, < 6.12.54fixed 6.12.54
In the Linux kernel, the following vulnerability has been resolved: ice: ice_adapter: release xa entry on adapter allocation failure When ice_adapter_new() fails, the reserved XArray entry created by xa_insert() is not released. This causes subsequent insertions at the same ind
- CVE-2025-40184Nov 12, 2025affected >= 6.16.0, < 6.17.4fixed 6.17.4
In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Fix debug checking for np-guests using huge mappings When running with transparent huge pages and CONFIG_NVHE_EL2_DEBUG then the debug checking in assert_host_shared_guest() fails on the launch of a
- CVE-2025-40183Nov 12, 2025affected >= 5.10.0, < 5.10.246fixed 5.10.246
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix metadata_dst leak __bpf_redirect_neigh_v{4,6} Cilium has a BPF egress gateway feature which forces outgoing K8s Pod traffic to pass through dedicated egress gateways which then SNAT the traffic in orde
Page 74 of 88