security patch

The Linux kernel now tracks CVE-2025-40289 — a deterministic crash in the AMDGPU DRM driver where VRAM sysfs attributes remain visible on GPUs that have no dedicated VRAM (APUs/integrated GPUs), and reading those attributes can cause a kernel crash; upstream stable commits have been merged to...

A new Linux kernel vulnerability tracked as CVE-2025-40287 has been disclosed and fixed: an exFAT driver bug where the code failed to validate a dentry's stream size properly, allowing a crafted filesystem entry to trigger an infinite loop and hang the kernel. The flaw arises because the exFAT...

The Apache HTTP Server project has published a security fix for CVE-2025-65082, a CGI environment variable override that affects Apache httpd 2.4.0 through 2.4.65 and is resolved in Apache httpd 2.4.66; administrators running CGI or mod_cgi/mod_cgid setups should prioritize upgrading and...

KubeVirt contains a logic flaw in its hostDisk handling that can allow a VM to cause the node to read or be forced to write arbitrary host files — a high-severity host-file access bug tracked as CVE-2025-64324 and patched in the 1.6.1 and 1.7.0 releases. Background / Overview KubeVirt is an...

The Linux kernel received a targeted, low‑risk patch that closes a null‑pointer dereference in the SCTP receive/state‑machine code — tracked as CVE‑2025‑40187 — a defect that could trigger kernel oopses or host reboots when specially sequenced AUTH/INIT state transitions leave an internal event...

A small, surgical kernel fix landed in November that closes a subtle but real crash risk in the Linux mount subsystem: CVE‑2025‑40195 addresses a NULL‑pointer handling error where mnt_ns_release can be invoked with a NULL argument from the listmount cleanup path. The change is small — a...

A critical bug in the Linux kernel's media subsystem — tracked as CVE-2025-40207 — has been fixed after researchers discovered that the v4l2-subdev helper macro v4l2_subdev_call_state_try failed to handle allocation errors correctly, creating a crash path when the kernel attempted to use an...

A recently disclosed Linux kernel vulnerability, tracked as CVE-2025-40158, affects the IPv6 transmit path: a race-condition/RCU misuse in the ip6_output / ip6_finish_output2 code that can lead to a possible use‑after‑free (UAF) when the kernel reads the destination device pointer; the upstream...

The Linux kernel received a targeted fix in November 2025 for a subtle but potentially dangerous memory-handling bug in its TLS decryption path: when asynchronous TLS decryption attempts fail to create a safe clone of incoming packet memory (via tls_strp_msg_hold), the kernel must wait for...

A subtle change in the Linux kernel networking stack — switching get_netdev_for_sock to use __sk_dst_get and dst_dev_rcu — was published as CVE-2025-40149 and patches were merged upstream to remove a potential use‑after‑free (UAF) when callers accessed a transient device pointer outside an RCU...

The Linux kernel disclosure tracked as CVE-2024-49945 fixes a subtle but meaningful resource-management bug in the Network Controller Sideband Interface (NCSI) driver: the kernel was freeing an NCSI device structure while a scheduled work item could still run against it, creating a classic...

The Linux kernel vulnerability CVE-2024-1151 is a stack‑overflow defect in the Open vSwitch (OVS) kernel module that can be triggered by recursive action operations and yields a reliable denial‑of‑service (DoS) — an attacker who can reach the OVS control path can cause the kernel to crash or the...

A small but consequential defensive change landed in the Linux kernel’s AMD DRM display stack to eliminate a reliable kernel crash primitive: the patch adds a null check for pipe_ctx->plane_state inside dcn20_program_pipe, preventing a NULL-pointer dereference that could produce a driver oops...

A small, surgical change to the AMD display driver in the Linux kernel patched a deterministic NULL-pointer dereference that could crash systems when specific display code paths were exercised, and the fix — while tiny in code — is operationally significant because it removes a reliable...

The Linux kernel fix for CVE-2025-21786 corrects a subtle but dangerous ordering error in the workqueue cleanup path that created a use-after-free window: the patch moves the code that drops the workqueue pool reference (pwq) so it happens only after the rescuer thread has been detached from the...

A subtle NULL-pointer bug in the Linux ACPI code — tracked as CVE-2024-56782 — has been patched upstream but remains a live operational concern for many deployments because it can trigger kernel crashes and sustained denial-of-service conditions when certain local device paths are exercised...

A carefully placed mutex change in the Qualcomm MSM display driver (drm/msm/dpu) fixed a subtle — but high-impact — race that could let unprivileged code crash the kernel by toggling vblank handling from multiple threads, and the fix should be treated as a high-priority kernel update for any...

The Linux kernel has closed a small but consequential memory‑safety gap in the HFS driver: CVE‑2025‑40243 fixes a KMSAN‑reported uninitialized‑value read in hfs_find_set_zero_bits by ensuring the HFS volume bitmap is allocated zeroed (kzalloc) instead of with kmalloc, removing a source of...

A recently disclosed Linux kernel vulnerability, tracked as CVE‑2025‑40251, stems from a small but consequential oversight in devlink’s rate node teardown logic: the function devl_rate_nodes_destroy failed to clear the devlink_rate->parent pointer after decrementing the parent's reference count...

A newly disclosed Linux kernel vulnerability, tracked as CVE-2025-40219, fixes a long-standing race and locking gap in the kernel’s PCI I/O virtualization (PCI/IOV) SR-IOV code: enabling and disabling SR-IOV did not take the global PCI “rescan‑remove” serialization lock, allowing concurrent...