7.1
CVE-2025-38292 - wifi: ath12k: fix invalid access to memory
In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix invalid access to memory In ath12k_dp_rx_msdu_coalesce(), rxcb is fetched from skb and boolean is_continuation is part of rxcb. Currently, after freeing the skb, the rxcb->is_continuation accessed again which isβ¦
8.8
CVE-2025-28244 -
Insecure Permissions vulnerability in the Local Storage in Alteryx Server 2023.1.1.460 allows remote attackers to obtain valid user session tokens from localStorage, leading to account takeover
5.5
CVE-2025-38305 - ptp: remove ptp->n_vclocks check logic in ptp_vclock_in_use()
In the Linux kernel, the following vulnerability has been resolved: ptp: remove ptp->n_vclocks check logic in ptp_vclock_in_use() There is no disagreement that we should check both ptp->is_virtual_clock and ptp->n_vclocks to check if the ptp virtual clock is in use. However, when we acquire ptp-β¦
7.5
CVE-2025-7424 - Libxslt: type confusion in xmlnode.psvi between stylesheet and source nodes
A flaw was found in the libxslt library. The same memory field, psvi, is used for both stylesheet and input data, which can lead to type confusion during XML transformations. This vulnerability allows an attacker to crash the application or corrupt memory. In some cases, it may lead to denial of seβ¦
5.5
CVE-2025-38315 - Bluetooth: btintel: Check dsbr size from EFI variable
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btintel: Check dsbr size from EFI variable Since the size of struct btintel_dsbr is already known, we can just start there instead of querying the EFI variable size. If the final result doesn't match what we expect alsβ¦
5.5
CVE-2025-38297 - PM: EM: Fix potential division-by-zero error in em_compute_costs()
In the Linux kernel, the following vulnerability has been resolved: PM: EM: Fix potential division-by-zero error in em_compute_costs() When the device is of a non-CPU type, table[i].performance won't be initialized in the previous em_init_performance(), resulting in division by zero when calculatβ¦
5.5
CVE-2025-38266 - pinctrl: mediatek: eint: Fix invalid pointer dereference for v1 platforms
In the Linux kernel, the following vulnerability has been resolved: pinctrl: mediatek: eint: Fix invalid pointer dereference for v1 platforms Commit 3ef9f710efcb ("pinctrl: mediatek: Add EINT support for multiple addresses") introduced an access to the 'soc' field of struct mtk_pinctrl in mtk_einβ¦
7.8
CVE-2025-38298 - EDAC/skx_common: Fix general protection fault
In the Linux kernel, the following vulnerability has been resolved: EDAC/skx_common: Fix general protection fault After loading i10nm_edac (which automatically loads skx_edac_common), if unload only i10nm_edac, then reload it and perform error injection testing, a general protection fault may occβ¦
7.8
CVE-2025-38323 - net: atm: add lec_mutex
In the Linux kernel, the following vulnerability has been resolved: net: atm: add lec_mutex syzbot found its way in net/atm/lec.c, and found an error path in lecd_attach() could leave a dangling pointer in dev_lec[]. Add a mutex to protect dev_lecp[] uses from lecd_attach(), lec_vcc_attach() andβ¦
7.8
CVE-2025-38280 - bpf: Avoid __bpf_prog_ret0_warn when jit fails
In the Linux kernel, the following vulnerability has been resolved: bpf: Avoid __bpf_prog_ret0_warn when jit fails syzkaller reported an issue: WARNING: CPU: 3 PID: 217 at kernel/bpf/core.c:2357 __bpf_prog_ret0_warn+0xa/0x20 kernel/bpf/core.c:2357 Modules linked in: CPU: 3 UID: 0 PID: 217 Comm: β¦