linux kernel

The Linux kernel patch tracked as CVE-2022-48716 fixes a subtle but real bug in the ASoC codec driver for Qualcomm’s WCD938x family: mixer controls were using a channel id where a port id was required, allowing out-of-bounds access of an internal port_map array and risking corruption of the...

The Linux kernel received a targeted stability fix that addresses a NULL-pointer crash in the Renesas USBHS driver (tracked as CVE‑2025‑21917): maintainers now flush the delayed notify_hotplug work to ensure the hotplug worker cannot run against torn-down driver resources, preventing a...

The Linux kernel vulnerability tracked as CVE-2025-22104 — described upstream as “ibmvnic: Use kernel helpers for hex dumps” — is a local, out‑of‑bounds read bug in the IBM virtual network driver. Vendors and kernel maintainers fixed it by replacing ad‑hoc, unsafe hex‑printing logic with the...

A critical race-condition bug in the Linux kernel’s MD (Multiple Devices) subsystem — tracked as CVE-2025-22126 — was fixed upstream after researchers identified a use‑after‑free (UAF) that can occur when the kernel iterates the global list of md devices. The fix addresses a subtle iterator /...

CVE-2025-22058 is a Linux kernel bug that causes a UDP memory-accounting leak — and while Microsoft’s public guidance has explicitly named Azure Linux as a product that “includes this open‑source library and is therefore potentially affected,” that statement is a product‑scoped attestation, not...

A subtle but consequential Linux-kernel fix landed upstream this spring: CVE-2025-22010 closes a soft‑lockup hazard in the RDMA hns driver that could let a large memory‑region registration (MR) stall CPU cores for tens of seconds, producing real-world denial‑of‑service symptoms on RDMA‑enabled...

A newly disclosed Linux-kernel vulnerability, tracked as CVE‑2025‑21999, patches a use‑after‑free (UAF) race in the proc filesystem: a race between module removal (rmmod) and inode creation in proc_get_inode() could let the kernel dereference a freed module pointer and crash or corrupt kernel...

A small, surgical change to the Linux kernel’s iBFT iSCSI sysfs exporter has been recorded as CVE-2025-21993: a fix that prevents a UBSAN (Undefined Behavior Sanitizer) shift-out-of-bounds warning in the function that exposes iBFT NIC attributes to userspace. While the patch is tiny — a single...

A subtle bounds-checking bug in the Linux kernel’s AMD microcode loader has quietly become a high-priority fix for distributors and administrators: CVE‑2025‑21991 corrects an out‑of‑bounds access in arch/x86’s AMD microcode path that can corrupt memory when microcode is flashed on systems with...

A subtle locking change in the Linux kernel’s MHI PCI host driver — tracked as CVE-2025-21951 — patched a deadlock that could cause a full loss of availability during device recovery or system power-management transitions, and operators should treat it as a real operational risk for systems that...

A newly disclosed Linux-kernel vulnerability in the Bluetooth L2CAP implementation — tracked as CVE-2025-21969 — is a slab use-after-free in l2cap_send_cmd that can trigger kernel memory corruption and sustained denial-of-service, and it has been fixed upstream by synchronizing the HCI receive...

A NULL-pointer bug in the Linux HID appleir driver has been assigned CVE-2025-21948 and patched by kernel maintainers after Syzkaller surfaced a crash path that can be triggered by malformed HID reports; the issue can produce a local denial-of-service (availability) condition and has already...

A subtle null‑check omission in the Linux kernel’s AMD display driver has been cataloged as CVE‑2025‑21941 and patched upstream; the bug is a local null‑pointer dereference in drm/amd/display’s resource_build_scaling_params that can crash the kernel and produce a denial‑of‑service condition on...

A newly disclosed Linux-kernel vulnerability in the Steam HID driver (tracked as CVE‑2025‑21923) can cause a use‑after‑free during device detachment — a memory‑safety bug that has been fixed upstream but still demands immediate attention from operators who run kernels in the affected release...

The RapidIO networking patch recorded as CVE-2025-21934 fixes a small but consequential memory-management mistake in the Linux kernel that, under certain failure conditions, could leave a RapidIO port structure pointing at freed memory — a classic use-after-free that translates into a...

The Linux kernel has received a small but important correction tracked as CVE-2025-21922: a KMSAN-detected uninitialized-value issue in the PPP driver that can be triggered by crafted BPF (Berkeley Packet Filter) socket filters. While the immediate technical problem is a two‑byte header that the...

The Linux kernel scheduler received a surgical but important fix in early April 2025 that closes a subtle pointer-conversion bug in the fair scheduler’s leaf-list handling — a defect tracked as CVE-2025-21919 that can produce memory corruption and unpredictable system behavior if left unpatched...

A subtle mistake in the Linux USB driver stack has been quietly corrected — and the fix exposes a classic kernel problem: an erroneous decrement of a platform device reference count in the DesignWare Core USB3 (dwc3) ST driver that can lead to use‑after‑free and service loss. The vulnerability...

The Linux kernel bug tracked as CVE-2024-45009 is a medium‑severity defect in the kernel’s Multipath TCP (MPTCP) path manager that can lead to incorrect counter handling during subflow removal. Microsoft’s public advisory language names Azure Linux as a product that “includes this open‑source...

A subtle null-pointer bug in the Linux kernel's DRM MSM/DPU display driver — tracked as CVE-2024-45015 — has been fixed upstream, and Microsoft’s public mapping currently lists Azure Linux as the only Microsoft product they have attested to include the affected open‑source component. That narrow...