Chenyuan Yang discovered that the CEC driver driver in the Linux kernel
contained a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2024-23848)
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- PowerPC architecture;
- S390 architecture;
- SuperH RISC architecture;
- User-Mode Linux (UML);
- x86 architecture;
- Cryptographic API;
- Virtio block driver;
- Data acquisition framework and drivers;
- Hardware crypto device drivers;
- DMA engine subsystem;
- EDAC drivers;
- ARM SCPI message protocol;
- GPIO subsystem;
- GPU drivers;
- HID subsystem;
- Microsoft Hyper-V drivers;
- I3C subsystem;
- IIO ADC drivers;
- IIO subsystem;
- InfiniBand drivers;
- LED subsystem;
- Multiple devices driver;
- Media drivers;
- Multifunction device drivers;
- MMC subsystem;
- MTD block device drivers;
- Network drivers;
- Mellanox network drivers;
- NVME drivers;
- PCI subsystem;
- Pin controllers subsystem;
- x86 platform drivers;
- Real Time Clock drivers;
- SCSI subsystem;
- SuperH / SH-Mobile drivers;
- QCOM SoC drivers;
- SPI subsystem;
- USB Gadget drivers;
- USB Serial drivers;
- USB Type-C Port Controller Manager driver;
- VFIO drivers;
- Framebuffer layer;
- Xen hypervisor drivers;
- File systems infrastructure;
- BTRFS file system;
- Ext4 file system;
- F2FS file system;
- GFS2 file system;
- JFFS2 file system;
- JFS file system;
- Network file...