Michael Randrianantenaina discovered that the Bluetooth driver in the Linux
Kernel contained an improper access control vulnerability. A nearby
attacker could use this to connect a rougue device and possibly execute
arbitrary code. (CVE-2024-8805)
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM32 architecture;
- ARM64 architecture;
- x86 architecture;
- Block layer subsystem;
- Cryptographic API;
- ACPI drivers;
- Drivers core;
- ATA over ethernet (AOE) driver;
- Network block device driver;
- Ublk userspace block driver;
- Compressed RAM block device driver;
- TPM device driver;
- CPU frequency scaling framework;
- Hardware crypto device drivers;
- DAX dirext access to differentiated memory framework;
- ARM SCMI message protocol;
- EFI core;
- GPU drivers;
- HID subsystem;
- I2C subsystem;
- I3C subsystem;
- IIO subsystem;
- InfiniBand drivers;
- Input Device core drivers;
- IOMMU subsystem;
- IRQ chip drivers;
- Mailbox framework;
- Media drivers;
- Ethernet bonding driver;
- Network drivers;
- Mellanox network drivers;
- STMicroelectronics network drivers;
- NTB driver;
- Virtio pmem driver;
- Parport drivers;
- PCI subsystem;
- Alibaba DDR Sub-System Driveway PMU driver;
- Pin controllers subsystem;
- x86 platform drivers;
- Powercap sysfs driver;
- Remote Processor subsystem;
- SCSI subsystem;
- SuperH / SH-Mobile drivers;
- Direct Digital Synthesis drivers;
- Thermal drivers;
- TTY drivers;
- UFS subsystem;
- USB Device Class...