In the Linux kernel, the following vulnerability has been resolved: devres: Fix memory leakage caused by driver API devm_free_percpu().

In the Linux kernel, the following vulnerability has been resolved: protect the fetch of ->fd[fd] in do_dup2() from mispredictions.

A buffer overflow flaw was found in of_modalias() in the Linux kernel, occurring after the first snprintf() call. This issue could result in loss of availability of the system.

A denial of service vulnerability exists in the Linux kernel. A possible divide-by-0 is in the padata_mt_helper() function when the ps->chunk_size is 0. This vulnerability could result in a loss of system availability.

In the Linux kernel, the following vulnerability has been resolved: bonding: fix xfrm real_dev null pointer dereference.

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_reject_ipv6: fix potential crash in nf_send_reset6().

In the Linux kernel, the following vulnerability has been resolved: xen-netfront: Fix NULL sring after live migration.

In the Linux kernel, the following vulnerability has been resolved: fscache: Fix oops due to race with cookie_lru and use_cookie.

In the Linux kernel, the following vulnerability has been resolved: tracing: Free buffers when a used dynamic event is removed.

In the Linux kernel, the following vulnerability has been resolved: net: tun: Fix use-after-free in tun_detach().

In the Linux kernel, the following vulnerability has been resolved: hwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc() fails.

In the Linux kernel, the following vulnerability has been resolved: pipe: wakeup wr_wait after setting max_usage.

In the Linux kernel, the following vulnerability has been resolved: ntb: intel: Fix the NULL vs IS_ERR() bug for debugfs_create_dir().

In the Linux kernel, the following vulnerability has been resolved: drm: nv04: Fix out of bounds access.

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout.

In the Linux kernel, the following vulnerability has been resolved: net: phy: micrel: Fix potential null pointer dereference.

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btintel: Fix null ptr deref in btintel_read_version.

Linux Kernel is vulnerable to a denial of service, caused by a flaw related to rtnl pressure in smc_pnet_create_pnetids_list(). By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.

Linux Kernel is vulnerable to a denial of service, caused by improper validation of setsockopt user input. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ISO: Fix not validating setsockopt user input Check user input length before copying data.

Linux Kernel is vulnerable to a denial of service, caused by not validating setsockopt user input by the Bluetooth: RFCOMM module. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.

This CVE pertains to a vulnerability in the Linux kernel's Bluetooth subsystem, specifically within the SCO (Synchronous Connection-Oriented) protocol. The issue arises from the sco_sock_setsockopt() function, which copies data without properly validating the length of user input. This oversight can lead to a slab-out-of-bounds read, potentially causing system instability or crashes.

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix memory leak in hci_req_sync_complete().

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: HCI: Fix potential null-ptr-deref.

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: msft: fix slab-use-after-free in msft_do_close().

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix slab-use-after-free in l2cap_connect().

Linux Kernel is vulnerable to a denial of service, caused by missing firmware sanity checks. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix div-by-zero in l2cap_le_flowctl_init().

In the Linux kernel, the following vulnerability has been resolved: sock_map: avoid race between sock_map_close and sk_psock_put.

In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list.

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix too early release of tcx_entry.

In the Linux kernel, the following vulnerability has been resolved: bluetooth/l2cap: sync sock recv cb and release.

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Ignore too large handle values in BIG.

In the Linux kernel, the following vulnerability has been resolved: gpio: pca953x: fix pca953x_irq_bus_sync_unlock race.

In the Linux kernel, the following vulnerability has been resolved: ASoC: TAS2781: Fix tasdev_load_calibrated_data().

Linux Kernel is vulnerable to a denial of service, caused by a resource exhaustion in ice/ice_ethtool_fdir.c. By sending a specially crafted request, a local attacker could exploit this vulnerability to cause a denial of service.

In the Linux kernel, the following vulnerability has been resolved: block: fix deadlock between sd_remove & sd_release.

In the Linux kernel, the following vulnerability has been resolved: PCI/DPC: Fix use-after-free on concurrent DPC and hot-removal.

Linux Kernel is vulnerable to a denial of service, caused by a flaw related to the first directory block is a hole. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.

Linux Kernel is vulnerable to a denial of service, caused by not checking dot and dotdot of dx_root before making dir indexed. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.

Linux Kernel is vulnerable to a denial of service, caused by improper initialization in i_uid/i_gid. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.

In the Linux kernel, the following vulnerability has been resolved: exfat: fix potential deadlock on __exfat_get_dentry_set.

In the Linux kernel, the following vulnerability has been resolved: mm/mglru: fix div-by-zero in vmpressure_calc_level().

Linux Kernel is vulnerable to a denial of service, caused by a flaw in flow_dissector.c. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.

Linux Kernel is vulnerable to a denial of service, caused by a flaw in dm-raid.c. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix a possible null pointer dereference.

In the Linux kernel, the following vulnerability has been resolved: PCI: keystone: Fix NULL pointer dereference in case of DT error in ks_pcie_setup_rc_app_regs().

In the Linux kernel, the following vulnerability has been resolved: ext4: fix infinite loop when replaying fast_commit.

In the Linux kernel, the following vulnerability has been resolved: xdp: fix invalid wait context of page_pool_destroy().

In the Linux kernel, the following vulnerability has been resolved: lib: objagg: Fix general protection fault.

In the Linux kernel, the following vulnerability has been resolved: cgroup/cpuset: Prevent UAF in proc_cpuset_show().

In the Linux kernel, the following vulnerability has been resolved: vhost/vsock: always initialize seqpacket_allow.

In the Linux kernel, the following vulnerability has been resolved: exec: Fix ToCToU between perm check and set-uid/gid usage.

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Add error handling to pair_device().

Linux Kernel is vulnerable to a denial of service, caused by a Null pointer dereference in ext4_force_shutdown of 'ext4: sanity'. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.

In the Linux kernel, the following vulnerability has been resolved: bpf: add missing check_func_arg_reg_off() to prevent out-of-bounds memory accesses.

In the Linux kernel, the following vulnerability has been resolved: md/raid5: avoid BUG_ON() while continue reshape after reassembling.

In the Linux kernel, the following vulnerability has been resolved: gpio: prevent potential speculation leaks in gpio_device_get_desc().

In the Linux kernel, the following vulnerability has been resolved: idpf: fix UAFs when destroying the queues.

In the Linux kernel, the following vulnerability has been resolved: net: bridge: mcast: wait for previous gc cycles when removing port.

A vulnerability in the Linux kernel's driver core related to uevent_show() and driver detach has been identified. The issue involved a race condition where uevent_show() attempted to dereference dev->driver->name, leading to a potential deadlock due to improper locking. While this could cause system instability, an attacker would need the ability to manipulate device attributes and timing precisely, making exploitation impractical.

In the Linux kernel, the following vulnerability has been resolved: sched/smt: Fix unbalance sched_smt_present dec/inc.

In the Linux kernel, the following vulnerability has been resolved: idpf: fix memory leaks and crashes while performing a soft reset.

In the Linux kernel, the following vulnerability has been resolved: cgroup/cpuset: fix panic caused by partcmd_update.

In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent UAF in ip6_send_skb().

In the Linux kernel, the following vulnerability has been resolved: fs/netfs/fscache_cookie: add missing "n_accesses" check.

In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: only decrement add_addr_accepted for MPJ req.

In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: only mark 'subflow' endp as available.

In the Linux kernel, the following vulnerability has been resolved: netem: fix return value if duplicate enqueue fails.

In the Linux kernel, the following vulnerability has been resolved: mm/vmalloc: fix page mapping if vm_area_alloc_pages() with high order fallback to order 0.

In the Linux kernel, the following vulnerability has been resolved: scsi: aacraid: Fix double-free on probe failure.

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: core: Prevent USB core invalid event buffer address access.

In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: fix ID 0 endp usage after multiple re-creations.

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix mc_data out-of-bounds read warning.

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix ucode out-of-bounds read warning.

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number.

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix out-of-bounds write warning.

In the Linux kernel, the following vulnerability has been resolved: of/irq: Prevent device address out-of-bounds read in interrupt map walk.

In the Linux kernel, the following vulnerability has been resolved: Input: uinput - reject requests with unreasonable number of slots.

In the Linux kernel, the following vulnerability has been resolved: HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup.

In the Linux kernel, the following vulnerability has been resolved: PCI: Add missing bridge lock to pci_bus_lock().

In the Linux kernel, the following vulnerability has been resolved: bpf: Remove tst_run from lwt_seg6local_prog_ops.

A vulnerability in the Linux kernel's hwmon subsystem (w83627ehf driver) has been identified, where writing large negative values (e.g., -9223372036854775808) to limit attributes caused an underflow due to improper ordering of operations in DIV_ROUND_CLOSEST(). An attacker with write access to these attributes could potentially trigger unexpected behavior or system instability.

A buffer underrun vulnerability was found in the Linux kernel. DIV_ROUND_CLOSEST() after kstrtol() results in an underflow if a large negative number, such as -9223372036854775808, is provided by the user, resulting in loss of availability of the system.

In the Linux kernel, the following vulnerability has been resolved: hwmon: (adc128d818) Fix underflows seen when writing limit attributes.

In the Linux kernel, the following vulnerability has been resolved: pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv.

In the Linux kernel, the following vulnerability has been resolved: tcp_bpf: fix return value of tcp_bpf_sendmsg().

In the Linux kernel, the following vulnerability has been resolved: fscache: delete fscache_cookie_lru_timer when fscache exits to avoid UAF.

In the Linux kernel, the following vulnerability has been resolved: userfaultfd: fix checks for huge PMDs.

In the Linux kernel, the following vulnerability has been resolved: sch/netem: fix use after free in netem_dequeue.

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix the waring dereferencing hive.

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix the warning division or modulo by zero.

In the Linux kernel, the following vulnerability has been resolved: drm/amd/amdgpu: Check tbo resource pointer.

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: the warning dereferencing obj for nbio_v7_4.

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/vcn: remove irq disabling in vcn 5 suspend.

In the Linux kernel, the following vulnerability has been resolved: arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry.

In the Linux kernel, the following vulnerability has been resolved: sched: sch_cake: fix bulk flow accounting logic for host fairness.

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix smatch static checker warning.

A performance issue in the Linux Kernel's workqueue subsystem can cause hard lockups on high-CPU systems during operations like CPU hotplugging. The issue arises from contention when multiple CPUs update the global wq_watchdog_touched variable, leading to degraded performance and lockups in workqueue management routines.

In the Linux kernel, the following vulnerability has been resolved: spi: nxp-fspi: fix the KASAN report out-of-bounds bug.

In the Linux kernel, the following vulnerability has been resolved: x86/hyperv: fix kexec crash due to VP assist page corruption.

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Correct the defined value for AMDGPU_DMUB_NOTIFICATION_MAX.

In the Linux kernel, the following vulnerability has been resolved: pinmux: Use sequential access to access desc->pinmux data.

In the Linux kernel, the following vulnerability has been resolved: fsnotify: clear PARENT_WATCHED flags lazily.

In the Linux kernel, the following vulnerability has been resolved: lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc().

In the Linux kernel, the following vulnerability has been resolved: icmp: change the order of rate limits.

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put().

In the Linux kernel, the following vulnerability has been resolved: vdpa/mlx5: Fix invalid mr resource destroy.

In the Linux kernel, the following vulnerability has been resolved: nfsd: return -EINVAL when namelen is 0.

In the Linux kernel, the following vulnerability has been resolved: ext4: check stripe size compatibility on remount as well.

In the Linux kernel, the following vulnerability has been resolved: bpf, lsm: Add check for BPF LSM return value.

In the Linux kernel, the following vulnerability has been resolved: block: fix potential invalid pointer dereference in blk_add_partition.

In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix possible UAF for bfqq->bic with merge chain.

In the Linux kernel, the following vulnerability has been resolved: sock_map: Add a cond_resched() in sock_hash_free().

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: use two-phase skb reclamation in ieee80211_do_stop().

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7915: fix oops on non-dbdc mt7986.

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: always wait for both firmware loading attempts.

In the Linux kernel, the following vulnerability has been resolved: iommufd: Protect against overflow of ALIGN() during iova allocation.

In the Linux kernel, the following vulnerability has been resolved: nfsd: call cache_put if xdr_reserve_space returns NULL.

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: don't use rate mask for offchannel TX either.

In the Linux kernel, the following vulnerability has been resolved: padata: use integer wrap around to prevent deadlock on seq_nr overflow.

In the Linux kernel, the following vulnerability has been resolved: mm: call the security_mmap_file() LSM hook in remap_file_pages().

In the Linux kernel, the following vulnerability has been resolved: vhost_vdpa: assign irq bypass producer token correctly.

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: check return value of ieee80211_probereq_get() for RNR.

Linux Kernel is vulnerable to a denial of service, caused by a flaw in nvme-rdma.

In the Linux kernel, the following vulnerability has been resolved: tpm: Clean up TPM space after command failure.

In the Linux kernel, the following vulnerability has been resolved: x86/sgx: Fix deadlock in SGX NUMA node search.

In the Linux kernel, the following vulnerability has been resolved: ACPI: sysfs: validate return type of _STR method.

In the Linux kernel, the following vulnerability has been resolved: powercap: intel_rapl: Fix off by one in get_rpi().

In the Linux kernel, the following vulnerability has been resolved: cachefiles: fix dentry leak in cachefiles_open_file().

In the Linux kernel, the following vulnerability has been resolved: nfsd: map the EBADMSG to nfserr_io to avoid warning.

In the Linux kernel, the following vulnerability has been resolved: resource: fix region_intersects() vs add_memory_driver_managed().

In the Linux kernel, the following vulnerability has been resolved: ext4: update orig_path in ext4_find_extent().

In the Linux kernel, the following vulnerability has been resolved: ext4: fix double brelse() the buffer of the extents path.

In the Linux kernel, the following vulnerability has been resolved: ext4: aovid use-after-free in ext4_ext_insert_extent().

In the Linux kernel, the following vulnerability has been resolved: ext4: fix slab-use-after-free in ext4_split_extent_at().

In the Linux kernel, the following vulnerability has been resolved: mm, slub: avoid zeroing kmalloc redzone.

In the Linux kernel, the following vulnerability has been resolved: platform/x86: ISST: Fix the KASAN report slab-out-of-bounds bug.

In the Linux kernel, the following vulnerability has been resolved: ext4: avoid use-after-free in ext4_ext_show_leaf().

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: add list empty check to avoid null pointer issue.

In the Linux kernel, the following vulnerability has been resolved: x86/ioapic: Handle allocation failures gracefully.

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: avoid reading out of bounds when loading TX power FW elements.

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: avoid NULL pointer dereference.

In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fix array out-of-bound access in SoC stats.

In the Linux kernel, the following vulnerability has been resolved: blk_iocost: fix more out of bound shifts.

In the Linux kernel, the following vulnerability has been resolved: fs/inode: Prevent dump_mapping() accessing invalid dentry.d_name.name.

In the Linux kernel, the following vulnerability has been resolved: ACPI: PAD: fix crash in exit_round_robin().

In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: Set correct chandef when starting CAC.

In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k_htc: Use __skb_set_length() for resetting urb before resubmit.

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: avoid to add interface to list twice when SER.

In the Linux kernel, the following vulnerability has been resolved: ppp: do not assume bh is held in ppp_channel_bridge_input().

In the Linux kernel, the following vulnerability has been resolved: net: add more sanity checks to qdisc_pkt_len_init().

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix uaf in l2cap_connect.

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix possible crash on mgmt_index_removed.

In the Linux kernel, the following vulnerability has been resolved: static_call: Replace pointless WARN_ON() in static_call_module_notify().

In the Linux kernel, the following vulnerability has been resolved: jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error.

In the Linux kernel, the following vulnerability has been resolved: ext4: fix timer use-after-free on failed mount.

In the Linux kernel, the following vulnerability has been resolved: ACPICA: check null return of ACPI_ALLOCATE_ZEROED() in acpi_db_convert_to_package().

In the Linux kernel, the following vulnerability has been resolved: ext4: no need to continue when the number of entries is 1.

In the Linux kernel, the following vulnerability has been resolved: ext4: filesystems without casefold feature cannot be mounted with siphash.

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Increase array size of dummy_boolean.

In the Linux kernel, the following vulnerability has been resolved: r8169: add tally counter fields added with RTL8125.

In the Linux kernel, the following vulnerability has been resolved: NFSD: Limit the number of concurrent async COPY operations.

In the Linux kernel, the following vulnerability has been resolved: uprobes: fix kernel info leak via "[uprobes]" vma.

In the Linux kernel, the following vulnerability has been resolved: net: stmmac: Fix zero-division error when disabling tc cbs.

In the Linux kernel, the following vulnerability has been resolved: ext4: drop ppath from ext4_ext_replay_update_ex() to avoid double-free.

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: amdkfd_free_gtt_mem clear the correct pointer.

A vulnerability has been identified in the Linux kernel's IOMMU (iommu/vt-d) subsystem, where calling qi_submit_sync() with zero invalidation descriptors could lead to a soft lockup due to misinterpreted descriptor statuses. An attacker with control over IOMMU operations could potentially trigger a deadlock, causing system instability.

In the Linux kernel, the following vulnerability has been resolved: block: fix integer overflow in BLKSECDISCARD.

A string buffer over-run was found in the Linux kernel. Copying media_name and if_name to name_parts may overwrite the destination, resulting in a software crash.

In the Linux kernel, the following vulnerability has been resolved: afs: Fix the setting of the server responding flag.

In the Linux kernel, the following vulnerability has been resolved: static_call: Handle module init failure correctly in static_call_del_module().

In the Linux kernel, the following vulnerability has been resolved: ext4: fix i_data_sem unlock order in ext4_ind_migrate().

In the Linux kernel, the following vulnerability has been resolved: wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_cmd_802_11_scan_ext().

In the Linux kernel, the following vulnerability has been resolved: cpufreq: amd-pstate: add check for cpufreq_cpu_get's return value.

In the Linux kernel, the following vulnerability has been resolved: exfat: fix memory leak in exfat_load_bitmap().

In the Linux kernel, the following vulnerability has been resolved: ext4: fix access to uninitialised lock in fc replay path.

In the Linux kernel, the following vulnerability has been resolved: ext4: dax: fix overflowing extents beyond inode size when partially writing.

A vulnerability has been identified in the Linux kernel's networking (net: napi) subsystem, where an integer overflow in napi_defer_hard_irqs allowed writing values exceeding S32_MAX, causing unintended negative values. This could lead to unexpected behavior in NAPI IRQ deferral, potentially impacting network performance. An attacker with sysfs write access could exploit this to manipulate IRQ handling inconsistently.

In the Linux kernel, the following vulnerability has been resolved: kthread: unpark only parked kthread.

In the Linux kernel, the following vulnerability has been resolved: device-dax: correct pgoff align in dax_set_mapping().

In the Linux kernel, the following vulnerability has been resolved: net: phy: Remove LED entry from LEDs list on unregister.

In the Linux kernel, the following vulnerability has been resolved: net: Fix an unsafe loop on the list.

In the Linux kernel, the following vulnerability has been resolved: thermal: core: Free tzp copy along with the thermal zone.

In the Linux kernel, the following vulnerability has been resolved: thermal: core: Reference count the zone in thermal_zone_get_by_id().

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_conn: Fix UAF in hci_enhanced_setup_sync.

In the Linux kernel, the following vulnerability has been resolved: slip: make slhc_remember() more robust against malicious packets.

In the Linux kernel, the following vulnerability has been resolved: ppp: fix ppp_async_encode() illegal access.

In the Linux kernel, the following vulnerability has been resolved: netfilter: xtables: avoid NFPROTO_UNSPEC where needed.

In the Linux kernel, the following vulnerability has been resolved: net/sched: accept TCA_STAB only for root qdisc.

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: RFCOMM: FIX possible deadlock in rfcomm_sk_state_change.

In the Linux kernel, the following vulnerability has been resolved: NFSv4: Prevent NULL-pointer dereference in nfs42_complete_copies().

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix UAF in async decryption.

In the Linux kernel, the following vulnerability has been resolved: driver core: bus: Fix double free in driver API bus_register().

In the Linux kernel, the following vulnerability has been resolved: usb: typec: tipd: Free IRQ only if it was requested before.

In the Linux kernel, the following vulnerability has been resolved: serial: protect uart_port_dtr_rts() in uart_shutdown() too.

In the Linux kernel, the following vulnerability has been resolved: zram: free secondary algorithms names.

In the Linux kernel, the following vulnerability has been resolved: uprobe: avoid out-of-bounds memory access of fetching args.

In the Linux kernel, the following vulnerability has been resolved: tty: n_gsm: Fix use-after-free in gsm_cleanup_mux.

In the Linux kernel, the following vulnerability has been resolved: parport: Proper fix for array out-of-bounds access.

In the Linux kernel, the following vulnerability has been resolved: xhci: tegra: fix checked USB2 port number.

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ISO: Fix multiple init when debugfs is disabled.

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Call iso_exit() on module unload.

In the Linux kernel, the following vulnerability has been resolved: blk-mq: setup queue ->tag_set before initializing hctx.

In the Linux kernel, the following vulnerability has been resolved: blk-rq-qos: fix crash on rq_qos_wait vs. rq_qos_wake_function race.

In the Linux kernel, the following vulnerability has been resolved: thermal: intel: int340x: processor: Fix warning during module unload.

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix incorrect pci_for_each_dma_alias() for non-PCI devices.

In the Linux kernel, the following vulnerability has been resolved: x86: fix user address masking non-canonical speculation issue.

In the Linux kernel, the following vulnerability has been resolved: nfsd: fix race between laundromat and free_stateid.

In the Linux kernel, the following vulnerability has been resolved: platform/x86/intel/pmc: Fix pmc_core_iounmap to call iounmap for valid addresses.

In the Linux kernel, the following vulnerability has been resolved: md/raid10: fix null ptr dereference in raid10_size().

In the Linux kernel, the following vulnerability has been resolved: drm/amd: Guard against bad data for ATIF ACPI method.

In the Linux kernel, the following vulnerability has been resolved: smb: client: Handle kstrdup failures for passwords.

In the Linux kernel, the following vulnerability has been resolved: nfsd: cancel nfsd_shrinker_work using sync mode in nfs4_state_shutdown_net.

In the Linux kernel, the following vulnerability has been resolved: net: sched: use RCU read-side critical section in taprio_dump().

In the Linux kernel, the following vulnerability has been resolved: net: sched: fix use-after-free in taprio_change().

In the Linux kernel, the following vulnerability has been resolved: net: wwan: fix global oob in wwan_rtnl_policy.

In the Linux kernel, the following vulnerability has been resolved: netfilter: bpf: must hold reference on net namespace.

In the Linux kernel, the following vulnerability has been resolved: ACPI: PRM: Find EFI_MEMORY_RUNTIME block for PRM handler and context.

In the Linux kernel, the following vulnerability has been resolved: udf: fix uninit-value use in udf_get_fileshortad.

In the Linux kernel, the following vulnerability has been resolved: usb: typec: altmode should keep reference to parent.

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix OOBs when building SMB2_IOCTL request.

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix possible double free in smb2_set_ea().

In the Linux kernel, the following vulnerability has been resolved: scsi: target: core: Fix null-ptr-deref in target_alloc_device().

In the Linux kernel, the following vulnerability has been resolved: bpf: devmap: provide rxq after redirect.

In the Linux kernel, the following vulnerability has been resolved: bpf: Make sure internal and UAPI bpf_redirect flags don't overlap.

In the Linux kernel, the following vulnerability has been resolved: vsock: Update rx_bytes on read_skb().

In the Linux kernel, the following vulnerability has been resolved: secretmem: disable memfd_secret() if arch cannot set direct map.

In the Linux kernel, the following vulnerability has been resolved: net: explicitly clear the sk pointer, when pf->create fails.

In the Linux kernel, the following vulnerability has been resolved: HID: amd_sfh: Switch to device-managed dmam_alloc_coherent().

In the Linux kernel, the following vulnerability has been resolved: ext4: don't set SB_RDONLY after filesystem errors.

In the Linux kernel, the following vulnerability has been resolved: pinctrl: intel: platform: fix error path in device_for_each_child_node().

Linux Kernel is vulnerable to a denial of service, caused by a flaw in mm/swapfile. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.

Linux Kernel is vulnerable to a denial of service, caused by a flaw in maple_tree. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.

In the Linux kernel, the following vulnerability has been resolved: drm/radeon: Fix encoder->possible_clones.

In the Linux kernel, the following vulnerability has been resolved: nvmet-auth: assign dh_key to NULL after kfree_sensitive.

In the Linux kernel, the following vulnerability has been resolved: xfs: fix finding a last resort AG in xfs_filestream_pick_ag.

A vulnerability in the Linux kernel's memory management (mm/page_alloc) has been identified, where GFP_ATOMIC order-0 allocations could fail under memory pressure, despite available highatomic reserves. This issue caused packet loss in high-performance networking environments, as observed on Cloudflare's fleet. An attacker could theoretically exploit this by inducing high memory contention, potentially impacting real-time operations. However, since the fix ensures proper fallback behavior without introducing a security risk, the issue has been rejected as a CVE.

A vulnerability was identified in the Linux kernel’s shmem subsystem, where a data race in shmem_getattr() could cause inconsistent inode timestamps due to concurrent access by generic_fillattr() and operations like shmem_unlink() or shmem_mknod(). This issue, detected by Kernel Concurrency Sanitizer (KCSAN), could lead to unexpected behavior when retrieving file attributes. An attacker could potentially exploit this by triggering rapid file operations to induce race conditions, causing unpredictable system responses.

In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: clear wdev->cqm_config pointer on free.

In the Linux kernel, the following vulnerability has been resolved: wifi: ath10k: Fix memory leak in management tx.

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: do not pass a stopped vif to the driver in .get_txpower.

In the Linux kernel, the following vulnerability has been resolved: macsec: Fix use-after-free while sending the offloading packet.

In the Linux kernel, the following vulnerability has been resolved: signal: restore the override_rlimit logic.

In the Linux kernel, the following vulnerability has been resolved: filemap: Fix bounds checking in filemap_read().

In the Linux kernel, the following vulnerability has been resolved: dm cache: fix potential out-of-bounds access on the first resume.

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: add missing size check in amdgpu_debugfs_gprwave_read().

In the Linux kernel, the following vulnerability has been resolved: sctp: properly validate chunk size in sctp_sf_ootb().

In the Linux kernel, the following vulnerability has been resolved: ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_find().

In the Linux kernel, the following vulnerability has been resolved: ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_init_flow().

In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_api: fix xa_insert() error path in tcf_block_get_ext().

In the Linux kernel, the following vulnerability has been resolved: mptcp: init: protect sched with rcu_read_lock.

In the Linux kernel, the following vulnerability has been resolved: drm/i915/hdcp: Add encoder check in hdcp2_get_capability.

In the Linux kernel, the following vulnerability has been resolved: drm/i915/hdcp: Add encoder check in intel_hdcp_get_capability.

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: fix 6 GHz scan construction.

In the Linux kernel, the following vulnerability has been resolved: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT.

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: Fix response handling in iwl_mvm_send_recovery_cmd().

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: prevent NULL pointer dereference if ATIF is not supported.

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: fix fault at system suspend if device was already runtime suspended.

In the Linux kernel, the following vulnerability has been resolved: platform/x86/amd/pmc: Detect when STB is not available.

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: don't leak a link on AP removal.

In the Linux kernel, the following vulnerability has been resolved: virtio_net: Add hash_key_length check.

In the Linux kernel, the following vulnerability has been resolved: tpm: Lock TPM chip in tpm_pm_suspend() first.

In the Linux kernel, the following vulnerability has been resolved: bpf: Add sk_is_inet and IS_ICSK check in tls_sw_has_ctx_tx/rx.

In the Linux kernel, the following vulnerability has been resolved: nvme-multipath: defer partition scanning.

In the Linux kernel, the following vulnerability has been resolved: smb: client: Fix use-after-free of network namespace.

In the Linux kernel, the following vulnerability has been resolved: mm: resolve faulty mmap_region() error path behaviour.

In the Linux kernel, the following vulnerability has been resolved: mm: krealloc: Fix MTE false alarm in __do_krealloc.

In the Linux kernel, the following vulnerability has been resolved: hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer.

In the Linux kernel, the following vulnerability has been resolved: mm: page_alloc: move mlocked flag clearance into free_pages_prepare().

In the Linux kernel, the following vulnerability has been resolved: vp_vdpa: fix id_table array not null terminated error.

In the Linux kernel, the following vulnerability has been resolved: virtio/vsock: Improve MSG_ZEROCOPY error handling.

In the Linux kernel, the following vulnerability has been resolved: vsock: Fix sk_error_queue memory leak.

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: CT: Fix null-ptr-deref in add rule err flow.

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: fs, lock FTE when checking if active.

In the Linux kernel, the following vulnerability has been resolved: mptcp: error out earlier on disconnect.

In the Linux kernel, the following vulnerability has been resolved: net: fix data-races around sk->sk_forward_alloc.

In the Linux kernel, the following vulnerability has been resolved: pmdomain: imx93-blk-ctrl: correct remove path.

In the Linux kernel, the following vulnerability has been resolved: mm: revert "mm: shmem: fix data-race in shmem_getattr()".

In the Linux kernel, the following vulnerability has been resolved: initramfs: avoid filename buffer overrun.

In the Linux kernel, the following vulnerability has been resolved: NFSD: Prevent a potential integer overflow.

In the Linux kernel, the following vulnerability has been resolved: PCI: tegra194: Move controller cleanups to pex_ep_event_pex_rst_deassert().

In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service().

In the Linux kernel, the following vulnerability has been resolved: rcu/kvfree: Fix data-race in __mod_timer / kvfree_call_rcu.

In the Linux kernel, the following vulnerability has been resolved: EDAC/bluefield: Fix potential integer overflow.

In the Linux kernel, the following vulnerability has been resolved: net: sched: fix ordering of qlen adjustment.

In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix bfqq uaf in bfq_limit_depth().

In the Linux kernel, the following vulnerability has been resolved: NFSv4.0: Fix a use-after-free problem in the asynchronous open().

In the Linux kernel, the following vulnerability has been resolved: SUNRPC: make sure cache entry active before cache_show.

A deadlock condition exists in the Linux kernel. During the probe of rtl8192cu, the driver ends-up performing an refuse read procedure and the read_efuse() function calls read_efuse_byte() based on the efuse size.

In the Linux kernel, the following vulnerability has been resolved: PCI: Fix use-after-free of slot->bus on hot remove.

In the Linux kernel, the following vulnerability has been resolved: usb: typec: fix potential array underflow in ucsi_ccg_sync_control().

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix slab-use-after-free Read in set_powered_sync.

In the Linux kernel, the following vulnerability has been resolved: net: usb: lan78xx: Fix double free issue with interrupt buffer allocation.

In the Linux kernel, the following vulnerability has been resolved: zram: fix NULL pointer in comp_algorithm_show().

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Move events notifier registration to be after device registration.

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: fix use-after-free in device_for_each_child().

In the Linux kernel, the following vulnerability has been resolved: nvmet: Don't overflow subsysnqn.

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: iso: Fix circular lock in iso_listen_bis.

A vulnerability was suspected in the Linux kernel's SMB client module related to TCP timers and potential deadlocks after module removal (rmmod cifs). The issue stemmed from incorrect manual manipulation of sk->sk_net_refcnt, which led to TCP timers not being properly cleared, causing lockdep warnings and deadlocks. However, this was an internal kernel misconfiguration affecting cleanup behavior rather than a security flaw exploitable by an attacker. Since no privilege escalation or data exposure was possible, this does not qualify as a security vulnerability.

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: coex: check NULL return of kmalloc in btc_fw_set_monreg().

In the Linux kernel, the following vulnerability has been resolved: udmabuf: change folios array from kmalloc to kvmalloc.

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix usage slab after free.

In the Linux kernel, the following vulnerability has been resolved: nfsd: make sure exp active before svc_export_show.

A vulnerability was found in the i3c_master_put_i3c_addrs() function in the Linux kernel's i3c driver. A memory management issue can occur due to a copy-paste error between "dyn_addr" and "init_dyn_addr", which leads to incorrect handling of memory, potentially causing resource mismanagement and instability within the system.

A use-after-free list corruption vulnerability was found in the Linux kernel. If an allocated object fails in alloc_consistency_checks, all objects of the slab will be marked as used and the slab will be removed from the partial list. When an object belonging to the slab gets freed later, the remove_full() function is called. Since the slab is neither on the partial list nor on the full list, it eventually leads to a list corruption.

In the Linux kernel, the following vulnerability has been resolved: ovl: Filter invalid inodes with missing lookup function.

A use-after-free vulnerability was found in the Linux kernel. The Bluetooth firmware isn't checked if skb contains an ACL header, otherwise the code may attempt to access some uninitialized or invalid memory past the valid skb->data.

A flaw was found in the Bluetooth subsystem of the Linux kernel, in the handling of delayed work within the hci_conn (Host Controller Interface connection) structure. The kernel used cancel_delayed_work_sync() when shutting down a connection, which cancels ongoing work but allows rescheduling. This could result in use-after-free conditions if the work is resubmitted after the associated object has been freed. Replacing it with disable_delayed_work_sync() prevents further scheduling, ensuring proper cleanup. A local attacker could potentially exploit this to trigger a use-after-free, leading to a denial of service or possible code execution.

In the Linux kernel, the following vulnerability has been resolved: net: inet6: do not leave a dangling sk pointer in inet6_create().

In the Linux kernel, the following vulnerability has been resolved: net: inet: do not leave a dangling sk pointer in inet_create().

In the Linux kernel, the following vulnerability has been resolved: net: ieee802154: do not leave a dangling sk pointer in ieee802154_create().

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: RFCOMM: avoid leaving dangling sk pointer in rfcomm_sock_alloc().

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create().

In the Linux kernel, the following vulnerability has been resolved: mm/mempolicy: fix migrate_to_node() assuming there is at least one VMA in a MM.

In the Linux kernel, the following vulnerability has been resolved: xsk: fix OOB map writes when deleting elements.

In the Linux kernel, the following vulnerability has been resolved: drm/dp_mst: Fix MST sideband message body length check.

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix use after free on unload.

In the Linux kernel, the following vulnerability has been resolved: scsi: sg: Fix slab-use-after-free read in sg_release().

In the Linux kernel, the following vulnerability has been resolved: tipc: Fix use-after-free of kernel socket in cleanup_bearer().

Linux Kernel is vulnerable to a denial of service, caused by a dst objects leak in ip6_negative_advice() when executed for an expired IPv6 route located in the exception table.

In the Linux kernel, the following vulnerability has been resolved: net: Fix icmp host relookup triggering ip_rt_bug.

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btmtk: avoid UAF in btmtk_process_coredump.

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: Fix using rcu_read_(un)lock while iterating.

In the Linux kernel, the following vulnerability has been resolved: wifi: nl80211: fix NL80211_ATTR_MLO_LINK_ID off-by-one.

In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix race between element replace and close().

In the Linux kernel, the following vulnerability has been resolved: drm/i915: Fix NULL pointer dereference in capture_engine.

In the Linux kernel, the following vulnerability has been resolved: sunrpc: clear XPRT_SOCK_UPD_TIMEOUT when reset transport.

In the Linux kernel, the following vulnerability has been resolved: brd: defer automatic disk creation until module initialization succeeds.

In the Linux kernel, the following vulnerability has been resolved: smb: Initialize cfid->tcon before performing network ops.

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btusb: mediatek: add intf release flow when usb disconnect.

In the Linux kernel, the following vulnerability has been resolved: PCI/MSI: Handle lack of irqdomain gracefully.

In the Linux kernel, the following vulnerability has been resolved: nfsd: fix nfs4_openowner leak when concurrent nfsd4_open occur.

In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_socket: remove WARN_ON_ONCE on maximum cgroup level.

In the Linux kernel, the following vulnerability has been resolved: drm/dp_mst: Ensure mst_primary pointer is valid in drm_dp_mst_handle_up_req().

A flaw was found in the PCI-imx6 module in the Linux kernel. The suspend/resume support is missing in the i.MX6QDL platforms, allowing certain drivers, such as ath10k and iwlwifi, to crash after resuming, causing a kernel hang and a denial of service.

In the Linux kernel, the following vulnerability has been resolved: virtio-net: fix overflow inside virtnet_rq_alloc.

Linux Kernel is vulnerable to a denial of service, caused by a flaw related to hci_get_route holds the device before returning in Bluetooth.

In the Linux kernel, the following vulnerability has been resolved: mm: vmscan: account for free pages to prevent infinite.

In the Linux kernel, the following vulnerability has been resolved: workqueue: Do not warn when cancelling WQ_MEM_RECLAIM work from !WQ_MEM_RECLAIM worker.

In the Linux kernel, the following vulnerability has been resolved: RDMA/uverbs: Prevent integer overflow issue.

A vulnerability was identified in the Linux kernel's Bluetooth: hci_core package, where a sleeping function (mutex_lock) was improperly invoked from an invalid context within the HCI event handling workqueue, potentially leading to kernel warnings or deadlocks. An attacker exploiting this flaw could trigger crafted Bluetooth events or malformed packets to indirectly cause system instability or denial of service through workqueue execution paths.

In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: clear link ID from bitmap during link delete after clean up.

In the Linux kernel, the following vulnerability has been resolved: dm array: fix releasing a faulty array block twice in dm_array_cursor_end.

In the Linux kernel, the following vulnerability has been resolved: selinux: ignore unknown extended permissions.

In the Linux kernel, the following vulnerability has been resolved: exfat: fix the infinite loop in exfat_readdir().

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: handle NULL sock pointer in l2cap_sock_alloc.

In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: tests: Fix potential NULL dereference in test_cfg80211_parse_colocated_ap().

In the Linux kernel, the following vulnerability has been resolved: vmxnet3: Fix packet corruption in vmxnet3_xdp_xmit_frame.

The Linux Kernel lockdown mode for kernel versions starting on 6.12 and above for Fedora Linux has the lockdown mode disabled without any warning. This may allow an attacker to gain access to sensitive information such kernel memory mappings, I/O ports, BPF and kprobes. Additionally unsigned modules can be loaded, leading to execution of untrusted code breaking breaking any Secure Boot protection. This vulnerability affects only Fedora Linux.

In the Linux kernel, the following vulnerability has been resolved: afs: Fix the maximum cell name length.

In the Linux kernel, the following vulnerability has been resolved: net: stmmac: dwmac-tegra: Read iommu stream id from device tree.

In the Linux kernel, the following vulnerability has been resolved: vsock: prevent null-ptr-deref in vsock_*[has_data|has_space].

In the Linux kernel, the following vulnerability has been resolved: pmdomain: imx8mp-blk-ctrl: add missing loop break condition.

In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: discard packets if the transport changes.

In the Linux kernel, the following vulnerability has been resolved: USB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb().

In the Linux kernel, the following vulnerability has been resolved: fs/proc: fix softlockup in __read_vmcore.