5.5
CVE-2024-58096 - wifi: ath11k: add srng->lock for ath11k_hal_srng_* in monitor mode
In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: add srng->lock for ath11k_hal_srng_* in monitor mode ath11k_hal_srng_* should be used with srng->lock to protect srng data. For ath11k_dp_rx_mon_dest_process() and ath11k_dp_full_mon_process_rx(), they use ath11k_hβ¦
7.8
CVE-2024-58093 - PCI/ASPM: Fix link state exit during switch upstream function removal
In the Linux kernel, the following vulnerability has been resolved: PCI/ASPM: Fix link state exit during switch upstream function removal Before 456d8aa37d0f ("PCI/ASPM: Disable ASPM on MFD function removal to avoid use-after-free"), we would free the ASPM link only after the last function on theβ¦
5.5
CVE-2025-22042 - ksmbd: add bounds check for create lease context
In the Linux kernel, the following vulnerability has been resolved: ksmbd: add bounds check for create lease context Add missing bounds check for create lease context.
5.5
CVE-2025-22124 - md/md-bitmap: fix wrong bitmap_limit for clustermd when write sb
In the Linux kernel, the following vulnerability has been resolved: md/md-bitmap: fix wrong bitmap_limit for clustermd when write sb In clustermd, separate write-intent-bitmaps are used for each cluster node: 0 4k 8k 12k -----------------β¦
7.1
CVE-2025-22107 - net: dsa: sja1105: fix kasan out-of-bounds warning in sja1105_table_delete_entry()
In the Linux kernel, the following vulnerability has been resolved: net: dsa: sja1105: fix kasan out-of-bounds warning in sja1105_table_delete_entry() There are actually 2 problems: - deleting the last element doesn't require the memmove of elements [i + 1, end) over it. Actually, element i+1 iβ¦
4.7
CVE-2025-22115 - btrfs: fix block group refcount race in btrfs_create_pending_block_groups()
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix block group refcount race in btrfs_create_pending_block_groups() Block group creation is done in two phases, which results in a slightly unintuitive property: a block group can be allocated/deallocated from after btrfsβ¦
5.5
CVE-2025-22061 - net: airoha: Fix qid report in airoha_tc_get_htb_get_leaf_queue()
In the Linux kernel, the following vulnerability has been resolved: net: airoha: Fix qid report in airoha_tc_get_htb_get_leaf_queue() Fix the following kernel warning deleting HTB offloaded leafs and/or root HTB qdisc in airoha_eth driver properly reporting qid in airoha_tc_get_htb_get_leaf_queueβ¦
7.1
CVE-2025-22039 - ksmbd: fix overflow in dacloffset bounds check
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix overflow in dacloffset bounds check The dacloffset field was originally typed as int and used in an unchecked addition, which could overflow and bypass the existing bounds check in both smb_check_perm_dacl() and smb_inβ¦
5.5
CVE-2025-22030 - mm: zswap: fix crypto_free_acomp() deadlock in zswap_cpu_comp_dead()
In the Linux kernel, the following vulnerability has been resolved: mm: zswap: fix crypto_free_acomp() deadlock in zswap_cpu_comp_dead() Currently, zswap_cpu_comp_dead() calls crypto_free_acomp() while holding the per-CPU acomp_ctx mutex. crypto_free_acomp() then holds scomp_lock (through cryptoβ¦
5.5
CVE-2025-22092 - PCI: Fix NULL dereference in SR-IOV VF creation error path
In the Linux kernel, the following vulnerability has been resolved: PCI: Fix NULL dereference in SR-IOV VF creation error path Clean up when virtfn setup fails to prevent NULL pointer dereference during device removal. The kernel oops below occurred due to incorrect error handling flow when pci_sβ¦