Main Vulnerability Database SB2025052403

SB2025052403 - Debian update for linux

Published: May 24, 2025 Updated: November 14, 2025

Security Bulletin ID SB2025052403

Severity

High

Patch available

YES

Number of vulnerabilities 55

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 55 secuirty vulnerabilities.

1) Memory leak (CVE-ID: CVE-2024-26618)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the fpsimd_release_task() function in arch/arm64/kernel/fpsimd.c. A local user can perform a denial of service (DoS) attack.

2) Resource management error (CVE-ID: CVE-2024-26783)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the numamigrate_isolate_page() function in mm/migrate.c. A local user can perform a denial of service (DoS) attack.

3) Buffer overflow (CVE-ID: CVE-2024-26807)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the cqspi_remove(), cqspi_suspend() and cqspi_resume() functions in drivers/spi/spi-cadence-quadspi.c. A local user can escalate privileges on the system.

4) Resource management error (CVE-ID: CVE-2024-28956)

The vulnerability allows a malicious guest to escalate privileges on the system.

The vulnerability exists due to an error in the hardware support for prediction-domain isolation dubbed "Indirect Target Selection". A malicious guest can infer the contents of arbitrary host memory, including memory assigned to other guests.

5) NULL pointer dereference (CVE-ID: CVE-2024-35790)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the hpd_show(), dp_altmode_probe(), dp_altmode_remove() and module_typec_altmode_driver() functions in drivers/usb/typec/altmodes/displayport.c. A local user can perform a denial of service (DoS) attack.

6) Use of uninitialized resource (CVE-ID: CVE-2024-36903)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the __ip6_make_skb() function in net/ipv6/ip6_output.c. A local user can perform a denial of service (DoS) attack.

7) Use of uninitialized resource (CVE-ID: CVE-2024-36927)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the raw_sendmsg() function in net/ipv4/raw.c, within the __ip_make_skb() function in net/ipv4/ip_output.c. A local user can perform a denial of service (DoS) attack.

8) Resource management error (CVE-ID: CVE-2024-43840)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the prepare_trampoline() function in arch/arm64/net/bpf_jit_comp.c. A local user can perform a denial of service (DoS) attack.

9) Incorrect calculation (CVE-ID: CVE-2024-46751)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the btrfs_item_ptr() and spin_lock() functions in fs/btrfs/extent-tree.c. A local user can perform a denial of service (DoS) attack.

10) Integer underflow (CVE-ID: CVE-2024-53203)

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer underflow within the ucsi_ccg_sync_control() function in drivers/usb/typec/ucsi/ucsi_ccg.c. A local user can execute arbitrary code.

11) NULL pointer dereference (CVE-ID: CVE-2024-53209)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the bnxt_set_rx_skb_mode() and bnxt_change_mtu() functions in drivers/net/ethernet/broadcom/bnxt/bnxt.c. A local user can perform a denial of service (DoS) attack.

12) Out-of-bounds read (CVE-ID: CVE-2024-57945)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the EXPORT_SYMBOL(), setup_bootmem() and setup_vm() functions in arch/riscv/mm/init.c. A local user can perform a denial of service (DoS) attack.

13) Resource management error (CVE-ID: CVE-2025-21645)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the amd_pmc_suspend_handler() function in drivers/platform/x86/amd/pmc/pmc.c. A local user can perform a denial of service (DoS) attack.

14) Infinite loop (CVE-ID: CVE-2025-21839)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the vcpu_enter_guest() function in arch/x86/kvm/x86.c, within the vmx_sync_dirty_debug_regs() and vmx_vcpu_run() functions in arch/x86/kvm/vmx/vmx.c, within the new_asid() and svm_vcpu_run() functions in arch/x86/kvm/svm/svm.c. A local user can perform a denial of service (DoS) attack.

15) Improper locking (CVE-ID: CVE-2025-21931)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the do_migrate_range() function in mm/memory_hotplug.c. A local user can perform a denial of service (DoS) attack.

16) NULL pointer dereference (CVE-ID: CVE-2025-22062)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the proc_sctp_do_auth() and proc_sctp_do_udp_port() functions in net/sctp/sysctl.c. A local user can perform a denial of service (DoS) attack.

17) Double free (CVE-ID: CVE-2025-37819)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the gicv2m_of_init() function in drivers/irqchip/irq-gic-v2m.c. A local user can perform a denial of service (DoS) attack.

18) Use-after-free (CVE-ID: CVE-2025-37890)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the hfsc_enqueue() function in net/sched/sch_hfsc.c. A local user can escalate privileges on the system.

19) Improper locking (CVE-ID: CVE-2025-37897)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the plfxlc_mac_init_hw() function in drivers/net/wireless/purelifi/plfxlc/mac.c. A local user can perform a denial of service (DoS) attack.

20) Input validation error (CVE-ID: CVE-2025-37901)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the qcom_mpm_alloc() function in drivers/irqchip/irq-qcom-mpm.c. A local user can perform a denial of service (DoS) attack.

21) Improper error handling (CVE-ID: CVE-2025-37902)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the realloc_argv() function in drivers/md/dm-table.c. A local user can perform a denial of service (DoS) attack.

22) Use-after-free (CVE-ID: CVE-2025-37903)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the hdcp_update_display(), hdcp_remove_display(), hdcp_reset_display() and update_config() functions in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_hdcp.c. A local user can escalate privileges on the system.

23) Memory leak (CVE-ID: CVE-2025-37905)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the scmi_child_dev_find() function in drivers/firmware/arm_scmi/bus.c. A local user can perform a denial of service (DoS) attack.

24) Memory leak (CVE-ID: CVE-2025-37909)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the lan743x_tx_frame_add_lso(), lan743x_tx_frame_add_fragment() and lan743x_tx_frame_end() functions in drivers/net/ethernet/microchip/lan743x_main.c. A local user can perform a denial of service (DoS) attack.

25) Out-of-bounds read (CVE-ID: CVE-2025-37911)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the bnxt_hwrm_dbg_dma_data() function in drivers/net/ethernet/broadcom/bnxt/bnxt_coredump.c. A local user can perform a denial of service (DoS) attack.

26) NULL pointer dereference (CVE-ID: CVE-2025-37912)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ice_vc_add_fdir_fltr() function in drivers/net/ethernet/intel/ice/ice_virtchnl_fdir.c. A local user can perform a denial of service (DoS) attack.

27) Use-after-free (CVE-ID: CVE-2025-37913)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the cl_is_active() and qfq_enqueue() functions in net/sched/sch_qfq.c. A local user can escalate privileges on the system.

28) Use-after-free (CVE-ID: CVE-2025-37914)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the cl_is_active() and ets_qdisc_enqueue() functions in net/sched/sch_ets.c. A local user can escalate privileges on the system.

29) Use-after-free (CVE-ID: CVE-2025-37915)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the cl_is_active() and drr_enqueue() functions in net/sched/sch_drr.c. A local user can escalate privileges on the system.

30) Improper locking (CVE-ID: CVE-2025-37917)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the mtk_star_tx_poll() and mtk_star_rx_poll() functions in drivers/net/ethernet/mediatek/mtk_star_emac.c. A local user can perform a denial of service (DoS) attack.

31) Improper locking (CVE-ID: CVE-2025-37921)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the vxlan_vni_delete_group() function in drivers/net/vxlan/vxlan_vnifilter.c. A local user can perform a denial of service (DoS) attack.

32) Buffer overflow (CVE-ID: CVE-2025-37923)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the tracing_splice_read_pipe() function in kernel/trace/trace.c. A local user can perform a denial of service (DoS) attack.

33) Use-after-free (CVE-ID: CVE-2025-37924)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the krb5_authenticate() function in fs/smb/server/smb2pdu.c, within the ksmbd_krb5_authenticate() function in fs/smb/server/auth.c. A local user can escalate privileges on the system.

34) Buffer overflow (CVE-ID: CVE-2025-37927)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the drivers/iommu/amd/init.c. A local user can escalate privileges on the system.

35) Improper error handling (CVE-ID: CVE-2025-37928)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the __scan() function in drivers/md/dm-bufio.c. A local user can perform a denial of service (DoS) attack.

36) Improper error handling (CVE-ID: CVE-2025-37929)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the spectre_bhb_loop_affected() function in arch/arm64/kernel/proton-pack.c. A local user can perform a denial of service (DoS) attack.

37) Resource management error (CVE-ID: CVE-2025-37930)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the nouveau_fence_context_kill() function in drivers/gpu/drm/nouveau/nouveau_fence.c. A local user can perform a denial of service (DoS) attack.

38) Resource management error (CVE-ID: CVE-2025-37932)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the htb_qlen_notify() function in net/sched/sch_htb.c. A local user can perform a denial of service (DoS) attack.

39) Resource management error (CVE-ID: CVE-2025-37936)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the intel_guest_get_msrs() function in arch/x86/events/intel/core.c. A local user can perform a denial of service (DoS) attack.

40) Out-of-bounds read (CVE-ID: CVE-2025-37947)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the ksmbd_vfs_stream_write() function in fs/smb/server/vfs.c. A local user can perform a denial of service (DoS) attack.

41) Input validation error (CVE-ID: CVE-2025-37948)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the pr_fmt(), build_plt(), build_epilogue() and bpf_int_jit_compile() functions in arch/arm64/net/bpf_jit_comp.c, within the this_cpu_set_vectors() function in arch/arm64/kernel/proton-pack.c. A local user can perform a denial of service (DoS) attack.

42) Improper locking (CVE-ID: CVE-2025-37949)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the xs_suspend_exit(), xs_send(), xs_wait_for_reply(), xenbus_dev_request_and_reply() and xs_talkv() functions in drivers/xen/xenbus/xenbus_xs.c, within the xenbus_dev_queue_reply() function in drivers/xen/xenbus/xenbus_dev_frontend.c, within the process_msg() and process_writes() functions in drivers/xen/xenbus/xenbus_comms.c. A local user can perform a denial of service (DoS) attack.

43) Memory leak (CVE-ID: CVE-2025-37951)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the v3d_gpu_reset_for_timeout(), v3d_cl_job_timedout() and v3d_csd_job_timedout() functions in drivers/gpu/drm/v3d/v3d_sched.c. A local user can perform a denial of service (DoS) attack.

44) NULL pointer dereference (CVE-ID: CVE-2025-37953)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the htb_add_to_wait_tree(), htb_activate(), htb_qlen_notify(), htb_delete() and htb_change_class() functions in net/sched/sch_htb.c. A local user can perform a denial of service (DoS) attack.

45) Input validation error (CVE-ID: CVE-2025-37959)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the skb_do_redirect() function in net/core/filter.c. A local user can perform a denial of service (DoS) attack.

46) Use of uninitialized resource (CVE-ID: CVE-2025-37961)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the __mtu_check_toobig_v6(), do_output_route4() and __ip_vs_get_out_rt() functions in net/netfilter/ipvs/ip_vs_xmit.c. A local user can perform a denial of service (DoS) attack.

47) Memory leak (CVE-ID: CVE-2025-37962)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the parse_lease_state() function in fs/smb/server/oplock.c. A local user can perform a denial of service (DoS) attack.

48) Input validation error (CVE-ID: CVE-2025-37963)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the build_bhb_mitigation() function in arch/arm64/net/bpf_jit_comp.c. A local user can perform a denial of service (DoS) attack.

49) Resource management error (CVE-ID: CVE-2025-37964)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the switch_mm_irqs_off() and should_flush_tlb() functions in arch/x86/mm/tlb.c. A local user can perform a denial of service (DoS) attack.

50) Improper locking (CVE-ID: CVE-2025-37967)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ucsi_set_drvdata() function in drivers/usb/typec/ucsi/ucsi.c, within the ucsi_displayport_enter(), ucsi_displayport_exit() and ucsi_displayport_vdm() functions in drivers/usb/typec/ucsi/displayport.c. A local user can perform a denial of service (DoS) attack.

51) Infinite loop (CVE-ID: CVE-2025-37969)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the st_lsm6dsx_read_tagged_fifo() function in drivers/iio/imu/st_lsm6dsx/st_lsm6dsx_buffer.c. A local user can perform a denial of service (DoS) attack.

52) Improper locking (CVE-ID: CVE-2025-37970)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the st_lsm6dsx_read_fifo() function in drivers/iio/imu/st_lsm6dsx/st_lsm6dsx_buffer.c. A local user can perform a denial of service (DoS) attack.

53) NULL pointer dereference (CVE-ID: CVE-2025-37972)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the mtk_pmic_keys_lp_reset_setup() function in drivers/input/keyboard/mtk-pmic-keys.c. A local user can perform a denial of service (DoS) attack.

54) Improper error handling (CVE-ID: CVE-2025-37990)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the brcmf_usb_dl_writeimage() function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/usb.c. A local user can perform a denial of service (DoS) attack.

55) Improper error handling (CVE-ID: CVE-2025-37991)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the handle_fpe() function in arch/parisc/math-emu/driver.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

https://lists.debian.org/debian-security-announce/2025/msg00088.html

SB2025052403 - Debian update for linux

Breakdown by Severity

Description

Remediation

References

Please verify you're human