USN-7392-1

Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2024-23848)

Attila Szász discovered that the HFS+ file system implementation in the Linux Kernel contained a heap overflow vulnerability. An attacker could use a specially crafted file system image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2025-0927)

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems:

• PowerPC architecture;
• S390 architecture;
• SuperH RISC architecture;
• User-Mode Linux (UML);
• x86 architecture;
• Cryptographic API;
• Virtio block driver;
• Data acquisition framework and drivers;
• Hardware crypto device drivers;
• DMA engine subsystem;
• EDAC drivers;
• ARM SCPI message protocol;
• GPIO subsystem;
• GPU drivers;
• HID subsystem;
• Microsoft Hyper-V drivers;
• I3C subsystem;
• IIO ADC drivers;
• IIO subsystem;
• InfiniBand drivers;
• LED subsystem;
• Multiple devices driver;
• Media drivers;
• Multifunction device drivers;
• MMC subsystem;
• MTD block device drivers;
• Network drivers;
• Mellanox network drivers;
• NVME drivers;
• PCI subsystem;
• Pin controllers subsystem;
• x86 platform drivers;
• Real Time Clock drivers;
• SCSI subsystem;
• SuperH / SH-Mobile drivers;
• QCOM SoC drivers;
• SPI subsystem;
• USB Gadget drivers;
• USB Serial drivers;
• USB Type-C Port Controller Manager driver;
• VFIO drivers;
• Framebuffer layer;
• Xen hypervisor drivers;
• BTRFS file system;
• Ext4 file system;
• F2FS file system;
• GFS2 file system;
• File systems infrastructure;
• JFFS2 file system;
• JFS file system;
• Network file...