VYPR

Vendor CVEs

Linux

All CVEs

15,998 total · sorted by risk
  • CVE-2025-38660MedAug 22, 2025
    risk 0.36cvss 5.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: [ceph] parse_longname(): strrchr() expects NUL-terminated string ... and parse_longname() is not guaranteed that. That's the reason why it uses kmemdup_nul() to build the argument for kstrtou64(); the problem…

  • CVE-2025-38658MedAug 22, 2025
    risk 0.36cvss 5.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: nvmet: pci-epf: Do not complete commands twice if nvmet_req_init() fails Have nvmet_req_init() and req->execute() complete failed commands. Description of the problem: nvmet_req_init() calls…

  • CVE-2025-38655MedAug 22, 2025
    risk 0.36cvss 5.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: pinctrl: canaan: k230: add NULL check in DT parse Add a NULL check for the return value of of_get_property() when retrieving the "pinmux" property in the group parser. This avoids a potential NULL pointer…

  • CVE-2025-38654MedAug 22, 2025
    risk 0.36cvss 5.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: pinctrl: canaan: k230: Fix order of DT parse and pinctrl register Move DT parse before pinctrl register. This ensures that device tree parsing is done before calling devm_pinctrl_register() to prevent using…

  • CVE-2025-38651MedAug 22, 2025
    risk 0.36cvss 5.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: landlock: Fix warning from KUnit tests get_id_range() expects a positive value as first argument but get_random_u8() can return 0. Fix this by clamping it. Validated by running the test in a for loop for…

  • CVE-2025-38650MedAug 22, 2025
    risk 0.36cvss 5.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: hfsplus: remove mutex_lock check in hfsplus_free_extents Syzbot reported an issue in hfsplus filesystem: ------------[ cut here ]------------ WARNING: CPU: 0 PID: 4400 at fs/hfsplus/extents.c:346 …

  • CVE-2025-38649MedAug 22, 2025
    risk 0.36cvss 5.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: arm64: dts: qcom: qcs615: fix a crash issue caused by infinite loop for Coresight An infinite loop has been created by the Coresight devices. When only a source device is enabled, the…

  • CVE-2025-38648MedAug 22, 2025
    risk 0.36cvss 5.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: spi: stm32: Check for cfg availability in stm32_spi_probe The stm32_spi_probe function now includes a check to ensure that the pointer returned by of_device_get_match_data is not NULL before accessing its…

  • CVE-2025-38647MedAug 22, 2025
    risk 0.36cvss 5.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: sar: drop lockdep assertion in rtw89_set_sar_from_acpi The following assertion is triggered on the rtw89 driver startup. It looks meaningless to hold wiphy lock on the early init stage so drop the…

  • CVE-2025-38646MedAug 22, 2025
    risk 0.36cvss 5.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: avoid NULL dereference when RX problematic packet on unsupported 6 GHz band With a quite rare chance, RX report might be problematic to make SW think a packet is received on 6 GHz band even if the…

  • CVE-2025-38645MedAug 22, 2025
    risk 0.36cvss 5.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Check device memory pointer before usage Add a NULL check before accessing device memory to prevent a crash if dev->dm allocation in mlx5_init_once() fails.

  • CVE-2025-38644MedAug 22, 2025
    risk 0.36cvss 5.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: reject TDLS operations when station is not associated syzbot triggered a WARN in ieee80211_tdls_oper() by sending NL80211_TDLS_ENABLE_LINK immediately after NL80211_CMD_CONNECT, before…

  • CVE-2025-38643MedAug 22, 2025
    risk 0.36cvss 5.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: Add missing lock in cfg80211_check_and_end_cac() Callers of wdev_chandef() must hold the wiphy mutex. But the worker cfg80211_propagate_cac_done_wk() never takes the lock. Which triggers the…

  • CVE-2025-38642MedAug 22, 2025
    risk 0.36cvss 5.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix WARN_ON for monitor mode on some devices On devices without WANT_MONITOR_VIF (and probably without channel context support) we get a WARN_ON for changing the per-link setting of a monitor…

  • CVE-2025-38641MedAug 22, 2025
    risk 0.36cvss 5.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btusb: Fix potential NULL dereference on kmalloc failure Avoid potential NULL pointer dereference by checking the return value of kmalloc and handling allocation failure properly.

  • CVE-2025-38640MedAug 22, 2025
    risk 0.36cvss 5.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: bpf: Disable migration in nf_hook_run_bpf(). syzbot reported that the netfilter bpf prog can be called without migration disabled in xmit path. Then the assertion in __bpf_prog_run() fails, triggering the…

  • CVE-2025-38639MedAug 22, 2025
    risk 0.36cvss 5.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: netfilter: xt_nfacct: don't assume acct name is null-terminated BUG: KASAN: slab-out-of-bounds in .. lib/vsprintf.c:721 Read of size 1 at addr ffff88801eac95c8 by task syz-executor183/5851 [..] …

  • CVE-2025-38638MedAug 22, 2025
    risk 0.36cvss 5.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: ipv6: add a retry logic in net6_rt_notify() inet6_rt_notify() can be called under RCU protection only. This means the route could be changed concurrently and rt6_fill_node() could return -EMSGSIZE. Re-size…

  • CVE-2025-38635MedAug 22, 2025
    risk 0.36cvss 5.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: clk: davinci: Add NULL check in davinci_lpsc_clk_register() devm_kasprintf() returns NULL when memory allocation fails. Currently, davinci_lpsc_clk_register() does not check for this case, which results in a…

  • CVE-2025-38634MedAug 22, 2025
    risk 0.36cvss 5.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: power: supply: cpcap-charger: Fix null check for power_supply_get_by_name In the cpcap_usb_detect() function, the power_supply_get_by_name() function may return `NULL` instead of an error pointer. To prevent…

  • CVE-2025-38633MedAug 22, 2025
    risk 0.36cvss 5.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: clk: spacemit: mark K1 pll1_d8 as critical The pll1_d8 clock is enabled by the boot loader, and is ultimately a parent for numerous clocks, including those used by APB and AXI buses. Guodong Xu discovered that…

  • CVE-2025-38631MedAug 22, 2025
    risk 0.36cvss 5.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: clk: imx95-blk-ctl: Fix synchronous abort When enabling runtime PM for clock suppliers that also belong to a power domain, the following crash is thrown: error: synchronous external abort: 0000000096000010…

  • CVE-2025-38630MedAug 22, 2025
    risk 0.36cvss 5.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: fbdev: imxfb: Check fb_add_videomode to prevent null-ptr-deref fb_add_videomode() can fail with -ENOMEM when its internal kmalloc() cannot allocate a struct fb_modelist. If that happens, the modelist stays…

  • CVE-2025-38629MedAug 22, 2025
    risk 0.36cvss 5.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: ALSA: usb: scarlett2: Fix missing NULL check scarlett2_input_select_ctl_info() sets up the string arrays allocated via kasprintf(), but it misses NULL checks, which may lead to NULL dereference Oops. Let's…

  • CVE-2025-38628MedAug 22, 2025
    risk 0.36cvss 5.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: vdpa/mlx5: Fix release of uninitialized resources on error path The commit in the fixes tag made sure that mlx5_vdpa_free() is the single entrypoint for removing the vdpa device resources added in…

  • CVE-2025-38626MedAug 22, 2025
    risk 0.36cvss 5.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to trigger foreground gc during f2fs_map_blocks() in lfs mode w/ "mode=lfs" mount option, generic/299 will cause system panic as below: ------------[ cut here ]------------ kernel BUG at…

  • CVE-2025-38625MedAug 22, 2025
    risk 0.36cvss 5.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: vfio/pds: Fix missing detach_ioas op When CONFIG_IOMMUFD is enabled and a device is bound to the pds_vfio_pci driver, the following WARN_ON() trace is seen and probe fails: WARNING: CPU: 0 PID: 5040 at…

  • CVE-2025-38624MedAug 22, 2025
    risk 0.36cvss 5.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: PCI: pnv_php: Clean up allocated IRQs on unplug When the root of a nested PCIe bridge configuration is unplugged, the pnv_php driver leaked the allocated IRQ resources for the child bridges' hotplug event…

  • CVE-2025-38623MedAug 22, 2025
    risk 0.36cvss 5.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: PCI: pnv_php: Fix surprise plug detection and recovery The existing PowerNV hotplug code did not handle surprise plug events correctly, leading to a complete failure of the hotplug system after device removal…

  • CVE-2025-38622MedAug 22, 2025
    risk 0.36cvss 5.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: net: drop UFO packets in udp_rcv_segment() When sending a packet with virtio_net_hdr to tun device, if the gso_type in virtio_net_hdr is SKB_GSO_UDP and the gso_size is less than udphdr size, below crash may…

  • CVE-2025-38621MedAug 22, 2025
    risk 0.36cvss 5.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: md: make rdev_addable usable for rcu mode Our testcase trigger panic: BUG: kernel NULL pointer dereference, address: 00000000000000e0 ... Oops: Oops: 0000 [#1] SMP NOPTI CPU: 2 UID: 0 PID: 85 Comm:…

  • CVE-2025-38619MedAug 22, 2025
    risk 0.36cvss 5.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: media: ti: j721e-csi2rx: fix list_del corruption If ti_csi2rx_start_dma() fails in ti_csi2rx_dma_callback(), the buffer is marked done with VB2_BUF_STATE_ERROR but is not removed from the DMA queue. This…

  • CVE-2024-58239MedAug 22, 2025
    risk 0.36cvss 5.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: tls: stop recv() if initial process_rx_list gave us non-DATA If we have a non-DATA record on the rx_list and another record of the same type still on the queue, we will end up merging them: - process_rx_list…

  • CVE-2025-38615MedAug 19, 2025
    risk 0.36cvss 5.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: cancle set bad inode after removing name fails The reproducer uses a file0 on a ntfs3 file system with a corrupted i_link. When renaming, the file0's inode is marked as a bad inode because the file…

  • CVE-2025-38614MedAug 19, 2025
    risk 0.36cvss 5.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: eventpoll: Fix semi-unbounded recursion Ensure that epoll instances can never form a graph deeper than EP_MAX_NESTS+1 links. Currently, ep_loop_check_proc() ensures that the graph is loop-free and does some…

  • CVE-2025-38613MedAug 19, 2025
    risk 0.36cvss 5.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: staging: gpib: fix unset padding field copy back to userspace The introduction of a padding field in the gpib_board_info_ioctl is showing up as initialized data on the stack frame being copyied back to…

  • CVE-2025-38612MedAug 19, 2025
    risk 0.36cvss 5.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: staging: fbtft: fix potential memory leak in fbtft_framebuffer_alloc() In the error paths after fb_info structure is successfully allocated, the memory allocated in fb_deferred_io_init() for info->pagerefs is…

  • CVE-2025-38610MedAug 19, 2025
    risk 0.36cvss 5.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: powercap: dtpm_cpu: Fix NULL pointer dereference in get_pd_power_uw() The get_pd_power_uw() function can crash with a NULL pointer dereference when em_cpu_get() returns NULL. This occurs when a CPU becomes…

  • CVE-2025-38609MedAug 19, 2025
    risk 0.36cvss 5.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: PM / devfreq: Check governor before using governor->name Commit 96ffcdf239de ("PM / devfreq: Remove redundant governor_name from struct devfreq") removes governor_name and uses governor->name to replace it.…

  • CVE-2025-38608MedAug 19, 2025
    risk 0.36cvss 5.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls When sending plaintext data, we initially calculated the corresponding ciphertext length. However, if we later reduced the plaintext data…

  • CVE-2025-38607MedAug 19, 2025
    risk 0.36cvss 5.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: bpf: handle jset (if a & b ...) as a jump in CFG computation BPF_JSET is a conditional jump and currently verifier.c:can_jump() does not know about that. This can lead to incorrect live registers and SCC…

  • CVE-2025-38606MedAug 19, 2025
    risk 0.36cvss 5.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Avoid accessing uninitialized arvif->ar during beacon miss During beacon miss handling, ath12k driver iterates over active virtual interfaces (vifs) and attempts to access the radio object (ar)…

  • CVE-2025-38605MedAug 19, 2025
    risk 0.36cvss 5.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Pass ab pointer directly to ath12k_dp_tx_get_encap_type() In ath12k_dp_tx_get_encap_type(), the arvif parameter is only used to retrieve the ab pointer. In vdev delete sequence the arvif->ar…

  • CVE-2025-38604MedAug 19, 2025
    risk 0.36cvss 5.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: wifi: rtl818x: Kill URBs before clearing tx status queue In rtl8187_stop() move the call of usb_kill_anchored_urbs() before clearing b_tx_status.queue. This change prevents callbacks from using already freed…

  • CVE-2025-38602MedAug 19, 2025
    risk 0.36cvss 5.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: iwlwifi: Add missing check for alloc_ordered_workqueue Add check for the return value of alloc_ordered_workqueue since it may return NULL pointer.

  • CVE-2025-38601MedAug 19, 2025
    risk 0.36cvss 5.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: clear initialized flag for deinit-ed srng lists In a number of cases we see kernel panics on resume due to ath11k kernel page fault, which happens under the following circumstances: 1) First…

  • CVE-2025-38600MedAug 19, 2025
    risk 0.36cvss 5.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7925: fix off by one in mt7925_mcu_hw_scan() The ssid->ssids[] and sreq->ssids[] arrays have MT7925_RNR_SCAN_MAX_BSSIDS elements so this >= needs to be > to prevent an out of bounds access.

  • CVE-2025-38597MedAug 19, 2025
    risk 0.36cvss 5.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: drm/rockchip: vop2: fail cleanly if missing a primary plane for a video-port Each window of a vop2 is usable by a specific set of video ports, so while binding the vop2, we look through the list of available…

  • CVE-2025-38591MedAug 19, 2025
    risk 0.36cvss 5.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: bpf: Reject narrower access to pointer ctx fields The following BPF program, simplified from a syzkaller repro, causes a kernel warning: r0 = *(u8 *)(r1 + 169); exit; With pointer field sk being at…

  • CVE-2025-38590MedAug 19, 2025
    risk 0.36cvss 5.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Remove skb secpath if xfrm state is not found Hardware returns a unique identifier for a decrypted packet's xfrm state, this state is looked up in an xarray. However, the state might have been freed…

Page 100 of 320