linux package
kernel
pkg:linux/kernel
Vulnerabilities (1,755)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-40097 | — | >= 5.17.0, < 6.12.59 | 6.12.59 | Oct 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: Fix missing pointer check in hda_component_manager_init function The __component_match_add function may assign the 'matchptr' pointer the value ERR_PTR(-ENOMEM), which will subsequently be dereferenc | ||
| CVE-2025-40096 | — | >= 5.16.0, < 6.1.158 | 6.1.158 | Oct 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: drm/sched: Fix potential double free in drm_sched_job_add_resv_dependencies When adding dependencies with drm_sched_job_add_dependency(), that function consumes the fence reference both on success and failure, | ||
| CVE-2025-40095 | — | >= 2.6.27, < 6.1.158 | 6.1.158 | Oct 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_rndis: Refactor bind path to use __free() After an bind/unbind cycle, the rndis->notify_req is left stale. If a subsequent bind fails, the unified error label attempts to free this stale request, | ||
| CVE-2025-40094 | — | >= 2.6.27, < 5.15.196 | 5.15.196 | Oct 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_acm: Refactor bind path to use __free() After an bind/unbind cycle, the acm->notify_req is left stale. If a subsequent bind fails, the unified error label attempts to free this stale request, lea | ||
| CVE-2025-40093 | — | >= 2.6.27, < 6.1.158 | 6.1.158 | Oct 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_ecm: Refactor bind path to use __free() After an bind/unbind cycle, the ecm->notify_req is left stale. If a subsequent bind fails, the unified error label attempts to free this stale request, lea | ||
| CVE-2025-40092 | — | >= 2.6.38, < 5.15.196 | 5.15.196 | Oct 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_ncm: Refactor bind path to use __free() After an bind/unbind cycle, the ncm->notify_req is left stale. If a subsequent bind fails, the unified error label attempts to free this stale request, lea | ||
| CVE-2025-40091 | — | >= 6.16.0, < 6.17.5 | 6.17.5 | Oct 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: ixgbe: fix too early devlink_free() in ixgbe_remove() Since ixgbe_adapter is embedded in devlink, calling devlink_free() prematurely in the ixgbe_remove() path can lead to UAF. Move devlink_free() to the end. | ||
| CVE-2025-40089 | — | >= 6.15.0, < 6.17.5 | 6.17.5 | Oct 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: cxl/features: Add check for no entries in cxl_feature_info cxl EDAC calls cxl_feature_info() to get the feature information and if the hardware has no Features support, cxlfs may be passed in as NULL. [ 51.9 | ||
| CVE-2025-40088 | — | >= 2.6.12, < 5.4.301 | 5.4.301 | Oct 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp() The hfsplus_strcasecmp() logic can trigger the issue: [ 117.317703][ T9855] ================================================================== [ 1 | ||
| CVE-2025-40087 | — | >= 4.8.0, < 5.4.301 | 5.4.301 | Oct 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: NFSD: Define a proc_layoutcommit for the FlexFiles layout type Avoid a crash if a pNFS client should happen to send a LAYOUTCOMMIT operation on a FlexFiles layout. | ||
| CVE-2025-40086 | — | >= 6.8.0, < 6.17.5 | 6.17.5 | Oct 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: drm/xe: Don't allow evicting of BOs in same VM in array of VM binds An array of VM binds can potentially evict other buffer objects (BOs) within the same VM under certain conditions, which may lead to NULL poin | ||
| CVE-2025-40085 | — | < 5.15.196 | 5.15.196 | Oct 29, 2025 | In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix NULL pointer deference in try_to_register_card In try_to_register_card(), the return value of usb_ifnum_to_if() is passed directly to usb_interface_claimed() without a NULL check, which wil | ||
| CVE-2025-40084 | — | >= 5.15.0, < 6.1.158 | 6.1.158 | Oct 29, 2025 | In the Linux kernel, the following vulnerability has been resolved: ksmbd: transport_ipc: validate payload size before reading handle handle_response() dereferences the payload as a 4-byte handle without verifying that the declared payload size is at least 4 bytes. A malformed | ||
| CVE-2025-40083 | — | >= 3.8.0, < 5.4.302 | 5.4.302 | Oct 29, 2025 | In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_qfq: Fix null-deref in agg_dequeue To prevent a potential crash in agg_dequeue (net/sched/sch_qfq.c) when cl->qdisc->ops->peek(cl->qdisc) returns NULL, we check the return value before using it, | ||
| CVE-2023-7324 | — | >= 2.6.25, < 4.14.308 | 4.14.308 | Oct 29, 2025 | In the Linux kernel, the following vulnerability has been resolved: scsi: ses: Fix possible addl_desc_ptr out-of-bounds accesses Sanitize possible addl_desc_ptr out-of-bounds accesses in ses_enclosure_data_process(). | ||
| CVE-2025-40081 | — | >= 4.15.0, < 5.4.301 | 5.4.301 | Oct 28, 2025 | In the Linux kernel, the following vulnerability has been resolved: perf: arm_spe: Prevent overflow in PERF_IDX2OFF() Cast nr_pages to unsigned long to avoid overflow when handling large AUX buffer sizes (>= 2 GiB). | ||
| CVE-2025-40080 | — | >= 5.4.0, < 6.1.156 | 6.1.156 | Oct 28, 2025 | In the Linux kernel, the following vulnerability has been resolved: nbd: restrict sockets to TCP and UDP Recently, syzbot started to abuse NBD with all kinds of sockets. Commit cf1b2326b734 ("nbd: verify socket is supported during setup") made sure the socket supported a shutd | ||
| CVE-2025-40079 | — | >= 6.6.0, < 6.12.53 | 6.12.53 | Oct 28, 2025 | In the Linux kernel, the following vulnerability has been resolved: riscv, bpf: Sign extend struct ops return values properly The ns_bpf_qdisc selftest triggers a kernel panic: Unable to handle kernel paging request at virtual address ffffffffa38dbf58 Current test_prog | ||
| CVE-2025-40078 | — | >= 4.18.0, < 5.4.301 | 5.4.301 | Oct 28, 2025 | In the Linux kernel, the following vulnerability has been resolved: bpf: Explicitly check accesses to bpf_sock_addr Syzkaller found a kernel warning on the following sock_addr program: 0: r0 = 0 1: r2 = *(u32 *)(r1 +60) 2: exit which triggers: verifier bug: e | ||
| CVE-2025-40077 | — | >= 5.8.0, < 6.6.117 | 6.6.117 | Oct 28, 2025 | In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid overflow while left shift operation Should cast type of folio->index from pgoff_t to loff_t to avoid overflow while left shift operation. |
- CVE-2025-40097Oct 30, 2025affected >= 5.17.0, < 6.12.59fixed 6.12.59
In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: Fix missing pointer check in hda_component_manager_init function The __component_match_add function may assign the 'matchptr' pointer the value ERR_PTR(-ENOMEM), which will subsequently be dereferenc
- CVE-2025-40096Oct 30, 2025affected >= 5.16.0, < 6.1.158fixed 6.1.158
In the Linux kernel, the following vulnerability has been resolved: drm/sched: Fix potential double free in drm_sched_job_add_resv_dependencies When adding dependencies with drm_sched_job_add_dependency(), that function consumes the fence reference both on success and failure,
- CVE-2025-40095Oct 30, 2025affected >= 2.6.27, < 6.1.158fixed 6.1.158
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_rndis: Refactor bind path to use __free() After an bind/unbind cycle, the rndis->notify_req is left stale. If a subsequent bind fails, the unified error label attempts to free this stale request,
- CVE-2025-40094Oct 30, 2025affected >= 2.6.27, < 5.15.196fixed 5.15.196
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_acm: Refactor bind path to use __free() After an bind/unbind cycle, the acm->notify_req is left stale. If a subsequent bind fails, the unified error label attempts to free this stale request, lea
- CVE-2025-40093Oct 30, 2025affected >= 2.6.27, < 6.1.158fixed 6.1.158
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_ecm: Refactor bind path to use __free() After an bind/unbind cycle, the ecm->notify_req is left stale. If a subsequent bind fails, the unified error label attempts to free this stale request, lea
- CVE-2025-40092Oct 30, 2025affected >= 2.6.38, < 5.15.196fixed 5.15.196
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_ncm: Refactor bind path to use __free() After an bind/unbind cycle, the ncm->notify_req is left stale. If a subsequent bind fails, the unified error label attempts to free this stale request, lea
- CVE-2025-40091Oct 30, 2025affected >= 6.16.0, < 6.17.5fixed 6.17.5
In the Linux kernel, the following vulnerability has been resolved: ixgbe: fix too early devlink_free() in ixgbe_remove() Since ixgbe_adapter is embedded in devlink, calling devlink_free() prematurely in the ixgbe_remove() path can lead to UAF. Move devlink_free() to the end.
- CVE-2025-40089Oct 30, 2025affected >= 6.15.0, < 6.17.5fixed 6.17.5
In the Linux kernel, the following vulnerability has been resolved: cxl/features: Add check for no entries in cxl_feature_info cxl EDAC calls cxl_feature_info() to get the feature information and if the hardware has no Features support, cxlfs may be passed in as NULL. [ 51.9
- CVE-2025-40088Oct 30, 2025affected >= 2.6.12, < 5.4.301fixed 5.4.301
In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp() The hfsplus_strcasecmp() logic can trigger the issue: [ 117.317703][ T9855] ================================================================== [ 1
- CVE-2025-40087Oct 30, 2025affected >= 4.8.0, < 5.4.301fixed 5.4.301
In the Linux kernel, the following vulnerability has been resolved: NFSD: Define a proc_layoutcommit for the FlexFiles layout type Avoid a crash if a pNFS client should happen to send a LAYOUTCOMMIT operation on a FlexFiles layout.
- CVE-2025-40086Oct 30, 2025affected >= 6.8.0, < 6.17.5fixed 6.17.5
In the Linux kernel, the following vulnerability has been resolved: drm/xe: Don't allow evicting of BOs in same VM in array of VM binds An array of VM binds can potentially evict other buffer objects (BOs) within the same VM under certain conditions, which may lead to NULL poin
- CVE-2025-40085Oct 29, 2025affected < 5.15.196fixed 5.15.196
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix NULL pointer deference in try_to_register_card In try_to_register_card(), the return value of usb_ifnum_to_if() is passed directly to usb_interface_claimed() without a NULL check, which wil
- CVE-2025-40084Oct 29, 2025affected >= 5.15.0, < 6.1.158fixed 6.1.158
In the Linux kernel, the following vulnerability has been resolved: ksmbd: transport_ipc: validate payload size before reading handle handle_response() dereferences the payload as a 4-byte handle without verifying that the declared payload size is at least 4 bytes. A malformed
- CVE-2025-40083Oct 29, 2025affected >= 3.8.0, < 5.4.302fixed 5.4.302
In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_qfq: Fix null-deref in agg_dequeue To prevent a potential crash in agg_dequeue (net/sched/sch_qfq.c) when cl->qdisc->ops->peek(cl->qdisc) returns NULL, we check the return value before using it,
- CVE-2023-7324Oct 29, 2025affected >= 2.6.25, < 4.14.308fixed 4.14.308
In the Linux kernel, the following vulnerability has been resolved: scsi: ses: Fix possible addl_desc_ptr out-of-bounds accesses Sanitize possible addl_desc_ptr out-of-bounds accesses in ses_enclosure_data_process().
- CVE-2025-40081Oct 28, 2025affected >= 4.15.0, < 5.4.301fixed 5.4.301
In the Linux kernel, the following vulnerability has been resolved: perf: arm_spe: Prevent overflow in PERF_IDX2OFF() Cast nr_pages to unsigned long to avoid overflow when handling large AUX buffer sizes (>= 2 GiB).
- CVE-2025-40080Oct 28, 2025affected >= 5.4.0, < 6.1.156fixed 6.1.156
In the Linux kernel, the following vulnerability has been resolved: nbd: restrict sockets to TCP and UDP Recently, syzbot started to abuse NBD with all kinds of sockets. Commit cf1b2326b734 ("nbd: verify socket is supported during setup") made sure the socket supported a shutd
- CVE-2025-40079Oct 28, 2025affected >= 6.6.0, < 6.12.53fixed 6.12.53
In the Linux kernel, the following vulnerability has been resolved: riscv, bpf: Sign extend struct ops return values properly The ns_bpf_qdisc selftest triggers a kernel panic: Unable to handle kernel paging request at virtual address ffffffffa38dbf58 Current test_prog
- CVE-2025-40078Oct 28, 2025affected >= 4.18.0, < 5.4.301fixed 5.4.301
In the Linux kernel, the following vulnerability has been resolved: bpf: Explicitly check accesses to bpf_sock_addr Syzkaller found a kernel warning on the following sock_addr program: 0: r0 = 0 1: r2 = *(u32 *)(r1 +60) 2: exit which triggers: verifier bug: e
- CVE-2025-40077Oct 28, 2025affected >= 5.8.0, < 6.6.117fixed 6.6.117
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid overflow while left shift operation Should cast type of folio->index from pgoff_t to loff_t to avoid overflow while left shift operation.
Page 79 of 88