linux package

kernel

pkg:linux/kernel

Vulnerabilities (1,755)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2025-39979		—	>= 6.14.0, < 6.16.10	6.16.10	Oct 15, 2025	In the Linux kernel, the following vulnerability has been resolved: net/mlx5: fs, fix UAF in flow counter release Fix a kernel trace [1] caused by releasing an HWS action of a local flow counter in mlx5_cmd_hws_delete_fte(), where the HWS action refcount and mutex were not init
CVE-2025-39978		—	>= 5.14.0, < 6.1.155	6.1.155	Oct 15, 2025	In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: Fix potential use after free in otx2_tc_add_flow() This code calls kfree_rcu(new_node, rcu) and then dereferences "new_node" and then dereferences it on the next line. Two lines later, we take a
CVE-2025-39977		—	>= 5.15.0, < 6.1.155	6.1.155	Oct 15, 2025	In the Linux kernel, the following vulnerability has been resolved: futex: Prevent use-after-free during requeue-PI syzbot managed to trigger the following race: T1 T2 futex_wait_requeue_pi() futex_do_wait() schedule()
CVE-2025-39976		—	>= 6.16.0, < 6.16.10	6.16.10	Oct 15, 2025	In the Linux kernel, the following vulnerability has been resolved: futex: Use correct exit on failure from futex_hash_allocate_default() copy_process() uses the wrong error exit path from futex_hash_allocate_default(). After exiting from futex_hash_allocate_default(), neither
CVE-2025-39975		—	< 6.6.109	6.6.109	Oct 15, 2025	In the Linux kernel, the following vulnerability has been resolved: smb: client: fix wrong index reference in smb2_compound_op() In smb2_compound_op(), the loop that processes each command's response uses wrong indices when accessing response bufferes. This incorrect indexing
CVE-2025-39974		—	>= 6.16.0, < 6.16.10	6.16.10	Oct 15, 2025	In the Linux kernel, the following vulnerability has been resolved: tracing/osnoise: Fix slab-out-of-bounds in _parse_integer_limit() When config osnoise cpus by write() syscall, the following KASAN splat may be observed: BUG: KASAN: slab-out-of-bounds in _parse_integer_limit+
CVE-2025-39973		—	>= 3.12.0, < 5.4.300	5.4.300	Oct 15, 2025	In the Linux kernel, the following vulnerability has been resolved: i40e: add validation for ring_len param The `ring_len` parameter provided by the virtual function (VF) is assigned directly to the hardware memory context (HMC) without any validation. To address this, introdu
CVE-2025-39972		—	>= 4.17.0, < 5.4.300	5.4.300	Oct 15, 2025	In the Linux kernel, the following vulnerability has been resolved: i40e: fix idx validation in i40e_validate_queue_map Ensure idx is within range of active/initialized TCs when iterating over vf->ch[idx] in i40e_validate_queue_map().
CVE-2025-39971		—	>= 4.17.0, < 5.4.300	5.4.300	Oct 15, 2025	In the Linux kernel, the following vulnerability has been resolved: i40e: fix idx validation in config queues msg Ensure idx is within range of active/initialized TCs when iterating over vf->ch[idx] in i40e_vc_config_queues_msg().
CVE-2025-39970		—	>= 4.17.0, < 5.4.300	5.4.300	Oct 15, 2025	In the Linux kernel, the following vulnerability has been resolved: i40e: fix input validation logic for action_meta Fix condition to check 'greater or equal' to prevent OOB dereference.
CVE-2025-39969		—	< 5.4.300	5.4.300	Oct 15, 2025	In the Linux kernel, the following vulnerability has been resolved: i40e: fix validation of VF state in get resources VF state I40E_VF_STATE_ACTIVE is not the only state in which VF is actually active so it should not be used to determine if a VF is allowed to obtain resources.
CVE-2025-39968		—	>= 4.17.0, < 5.4.300	5.4.300	Oct 15, 2025	In the Linux kernel, the following vulnerability has been resolved: i40e: add max boundary check for VF filters There is no check for max filters that VF can request. Add it.
CVE-2023-52904		—	>= 5.15.152, < 5.15.168	5.15.168	Aug 21, 2024	In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix possible NULL pointer dereference in snd_usb_pcm_has_fixed_rate() The subs function argument may be NULL, so do not use it before the NULL check.
CVE-2022-3786	Hig	7.5	>= b653db77350c7307a513b81856fe53e94cf42446	—	Nov 1, 2022	A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certificate or for an application to continue ce
CVE-2022-3602	Hig	7.5	>= b653db77350c7307a513b81856fe53e94cf42446	—	Nov 1, 2022	A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue

CVE-2025-39979Oct 15, 2025
affected >= 6.14.0, < 6.16.10fixed 6.16.10
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: fs, fix UAF in flow counter release Fix a kernel trace [1] caused by releasing an HWS action of a local flow counter in mlx5_cmd_hws_delete_fte(), where the HWS action refcount and mutex were not init
CVE-2025-39978Oct 15, 2025
affected >= 5.14.0, < 6.1.155fixed 6.1.155
In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: Fix potential use after free in otx2_tc_add_flow() This code calls kfree_rcu(new_node, rcu) and then dereferences "new_node" and then dereferences it on the next line. Two lines later, we take a
CVE-2025-39977Oct 15, 2025
affected >= 5.15.0, < 6.1.155fixed 6.1.155
In the Linux kernel, the following vulnerability has been resolved: futex: Prevent use-after-free during requeue-PI syzbot managed to trigger the following race: T1 T2 futex_wait_requeue_pi() futex_do_wait() schedule()
CVE-2025-39976Oct 15, 2025
affected >= 6.16.0, < 6.16.10fixed 6.16.10
In the Linux kernel, the following vulnerability has been resolved: futex: Use correct exit on failure from futex_hash_allocate_default() copy_process() uses the wrong error exit path from futex_hash_allocate_default(). After exiting from futex_hash_allocate_default(), neither
CVE-2025-39975Oct 15, 2025
affected < 6.6.109fixed 6.6.109
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix wrong index reference in smb2_compound_op() In smb2_compound_op(), the loop that processes each command's response uses wrong indices when accessing response bufferes. This incorrect indexing
CVE-2025-39974Oct 15, 2025
affected >= 6.16.0, < 6.16.10fixed 6.16.10
In the Linux kernel, the following vulnerability has been resolved: tracing/osnoise: Fix slab-out-of-bounds in _parse_integer_limit() When config osnoise cpus by write() syscall, the following KASAN splat may be observed: BUG: KASAN: slab-out-of-bounds in _parse_integer_limit+
CVE-2025-39973Oct 15, 2025
affected >= 3.12.0, < 5.4.300fixed 5.4.300
In the Linux kernel, the following vulnerability has been resolved: i40e: add validation for ring_len param The `ring_len` parameter provided by the virtual function (VF) is assigned directly to the hardware memory context (HMC) without any validation. To address this, introdu
CVE-2025-39972Oct 15, 2025
affected >= 4.17.0, < 5.4.300fixed 5.4.300
In the Linux kernel, the following vulnerability has been resolved: i40e: fix idx validation in i40e_validate_queue_map Ensure idx is within range of active/initialized TCs when iterating over vf->ch[idx] in i40e_validate_queue_map().
CVE-2025-39971Oct 15, 2025
affected >= 4.17.0, < 5.4.300fixed 5.4.300
In the Linux kernel, the following vulnerability has been resolved: i40e: fix idx validation in config queues msg Ensure idx is within range of active/initialized TCs when iterating over vf->ch[idx] in i40e_vc_config_queues_msg().
CVE-2025-39970Oct 15, 2025
affected >= 4.17.0, < 5.4.300fixed 5.4.300
In the Linux kernel, the following vulnerability has been resolved: i40e: fix input validation logic for action_meta Fix condition to check 'greater or equal' to prevent OOB dereference.
CVE-2025-39969Oct 15, 2025
affected < 5.4.300fixed 5.4.300
In the Linux kernel, the following vulnerability has been resolved: i40e: fix validation of VF state in get resources VF state I40E_VF_STATE_ACTIVE is not the only state in which VF is actually active so it should not be used to determine if a VF is allowed to obtain resources.
CVE-2025-39968Oct 15, 2025
affected >= 4.17.0, < 5.4.300fixed 5.4.300
In the Linux kernel, the following vulnerability has been resolved: i40e: add max boundary check for VF filters There is no check for max filters that VF can request. Add it.
CVE-2023-52904Aug 21, 2024
affected >= 5.15.152, < 5.15.168fixed 5.15.168
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix possible NULL pointer dereference in snd_usb_pcm_has_fixed_rate() The subs function argument may be NULL, so do not use it before the NULL check.
CVE-2022-3786HigNov 1, 2022
affected >= b653db77350c7307a513b81856fe53e94cf42446
A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certificate or for an application to continue ce
CVE-2022-3602HigNov 1, 2022
affected >= b653db77350c7307a513b81856fe53e94cf42446
A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue

Page 88 of 88