kernel patch

A recently assigned CVE exposes a subtle but important weakness in the Linux kernel’s support for the legacy Boot File System (BFS): malformed on-disk inode mode data can cause the kernel to reconstruct incorrect file types when loading BFS inodes, and a corrective patch has been published that...

A serious kernel-level bug has been recorded as CVE-2025-68198: a defect in Linux’s crashkernel handling that can leave invalid crashkernel resource objects and, under repeated shrink operations, produce a kernel NULL-pointer dereference and panic — in short, a reproducible availability hazard...

CVE‑2025‑40342 is a kernel-level race and lifecycle bug in the Linux nvme‑fc (NVMe over Fibre Channel) driver that can let an asynchronous workqueue handler run against freed state during controller/association teardown, producing kernel list corruption and an immediate host crash (kernel...

Microsoft’s advisory listing for CVE-2025-64673 identifies an Elevation of Privilege flaw in the Windows Storage Virtualization Service Provider (VSP) driver, but public technical detail is limited and the vendor’s entry omits low-level exploit mechanics — leaving defenders to act on...

A newly cataloged Windows kernel vulnerability, tracked as CVE-2025-62458, is a heap-based buffer overflow in the Win32k graphics subsystem (GRFX) that allows an authenticated local user to escalate privileges to higher system levels; Microsoft’s Security Update Guide lists the entry for the CVE...

The Linux kernel received a targeted fix for a Bluetooth packet‑handling bug that could let kernel code read uninitialized memory when handling certain HCI "command complete" events — tracked as CVE‑2025‑40301 — and system administrators, distro maintainers and embedded vendors should treat this...

A recently assigned CVE—CVE-2025-40303—targets a corner case in the Linux kernel’s Btrfs implementation that can cause metadata writeback to proceed on a filesystem that has already been marked “in error,” leading to queueing of new work on workqueues that have been stopped and, in certain RAID...

The Linux kernel recently closed a small but consequential race condition in the Bluetooth USB driver that caused a KASAN-detected slab use-after-free (UAF) in btusb_disconnect, and operators should treat the fix as an urgent kernel‑level stability patch for systems that load the btusb module...

A newly assigned Linux-kernel vulnerability, CVE-2025-40281, fixes a potential shift-out-of-bounds in the SCTP transport code — a rare but real correctness bug discovered by syzbot that could cause kernel instability when unexpectedly large sysctl parameters are processed by...

The Linux kernel has a newly published security advisory — CVE-2025-40273 — describing a flaw in the NFS server (nfsd) state-management code: a copynotify stateid can remain referenced when its parent open state is freed, leading to list corruption and a kernel OOPS when laundromat later...

A newly recorded Linux-kernel vulnerability, tracked as CVE-2025-40202, fixes a fragile implementation in the IPMI user-message accounting that could lead to improper counting and a use‑after‑free; maintainers reworked the receive-side allocation and reference‑counting so user‑message limits are...

A kernel null‑pointer check that was missing in the Linux PID namespace handling has been fixed upstream after being cataloged as CVE‑2025‑40178 — the flaw can cause a kernel NULL pointer dereference in pid_nr_ns when task_active_pid_ns(current) returns NULL, producing an OOPS or panic and an...

The Linux kernel has received a targeted corrective patch for a resource-consumption weakness in the ext4 filesystem — tracked as CVE‑2025‑40179 — that limits the size of orphan files during replay and changes how block-descriptor arrays are allocated to avoid large-order memory allocations...

A subtle race in Btrfs ordered-extent accounting can lead to a kernel panic: CVE-2024-58089 fixes a double‑accounting race in btrfs_run_delalloc_range that, when triggered on systems where block size (4K) is smaller than page size (64K) — commonly on certain aarch64 configurations — can...

The Linux kernel received a targeted fix for a stability bug in the Mellanox/MLX5 Ethernet driver (mlx5e) that could cause a NULL-pointer oops and memory leaks during device probe and resume sequences — tracked as CVE‑2024‑38608 — and operators should treat this as an availability-first...

The Linux kernel patch for CVE-2024-49940 closes a subtle lifecycle race in the L2TP session/tunnel code that could otherwise lead to a tunnel refcount underflow and attendant kernel instability or denial-of-service; vendors have backported the fix into stable kernels and distributions, and...

Microsoft’s public advisory for CVE-2025-38361 notes that Azure Linux includes the open‑source library that contains the bug, but that statement is a product‑scoped attestation—not an iron‑clad guarantee that no other Microsoft product ships the same vulnerable code. The Linux kernel fix for...

Microsoft’s wording is precise but incomplete: for CVE‑2025‑22026 the company has publicly attested that Azure Linux includes the affected upstream component and is therefore potentially affected, but that attestation is a product‑level inventory statement — not proof that no other Microsoft...

A use-after-free bug in the Btrfs filesystem implementation has been patched in the Linux kernel under CVE-2024-50217, a high-severity flaw that can be triggered by a local attacker mounting specially crafted images and that can cause a sustained or persistent denial-of-service by corrupting...

A small, defensive upstream patch in the Linux kernel closed CVE-2024-50277 — a device-mapper (dm) crash that occurs when blk_alloc_disk fails and leaves md->disk set to an error pointer that is later dereferenced during device cleanup. The flaw is not a remote, privilege-escalation exploit; it...