Debian Security Vulnerabilities (CVEs)

This CVE describes a buffer overflow vulnerability in matplotlib that could allow attackers to execute arbitrary code or cause denial of service. It a...

A race condition in the Linux kernel's PRIO queuing discipline allows an attacker to cause a parent qdisc's packet queue length counter to underflow. ...

This CVE describes a use-after-free vulnerability in the Linux kernel's PCM OSS audio subsystem. The vulnerability allows concurrent access to freed m...

This CVE describes a double-free vulnerability in the Linux kernel's crypto subsystem, specifically in the algif_hash socket interface. When accept() ...

A divide-by-zero vulnerability in the Linux kernel's libnvdimm driver occurs when a faulty CXL memory device reports a zero LSA size, causing a kernel...

This CVE describes a race condition vulnerability in the Linux kernel's vhost-scsi subsystem where the vhost thread may access freed memory when QEMU ...

A Linux kernel vulnerability in the device mapper (dm) subsystem causes unnecessary I/O throttling for flush operations, potentially degrading system ...

This CVE describes a file size truncation vulnerability in the Linux kernel's orangefs filesystem module. On 32-bit systems, files larger than 4GiB ma...

A Linux kernel vulnerability in the rseq (restartable sequences) subsystem allows local attackers to cause a segmentation fault (crash) when registeri...

A buffer overflow vulnerability exists in the Linux kernel's LZO compression implementation. Attackers can exploit this to write beyond allocated memo...

This CVE-2025-38061 is a buffer overflow vulnerability in the Linux kernel's pktgen packet generator module. It allows local users to potentially read...

A use-after-free vulnerability in the Linux kernel's CIFS client implementation allows an attacker to trigger memory corruption during concurrent dire...

This CVE describes a data race condition in the Linux kernel's VXLAN implementation where concurrent access to FDB (Forwarding Database) entry fields ...

This CVE addresses a missing DMA mask configuration in the Linux kernel's ARM Firmware Framework for Armv8-A (FFA) driver, which causes kernel warning...

This CVE describes a reference count leak vulnerability in the Linux kernel's padata subsystem. When queue_work() fails to queue a work item because i...

A NULL pointer dereference vulnerability in the Linux kernel's NVMe over TCP (nvmet-tcp) subsystem can cause kernel crashes when TCP connections aren'...

A use-after-free vulnerability in the Linux kernel's RDMA over Converged Ethernet (RoCE) implementation allows reading freed memory when creating comp...

A memory corruption vulnerability in the Linux kernel's max20086 regulator driver allows invalid memory access when device probing fails. This affects...

A memory leak vulnerability in the Linux kernel's dmaengine idxd driver occurs when error handling fails to free allocated memory during device initia...

This CVE describes a race condition in the Linux kernel's mt76 WiFi driver where NAPI (New API for network processing) isn't properly disabled during ...

A NULL pointer dereference vulnerability exists in the Linux kernel's HID uclogic driver when memory allocation fails. This could cause kernel crashes...

A race condition vulnerability in the Linux kernel's CAN broadcast manager (BCM) allows concurrent access to shared data structures from user space an...

This CVE describes a use-after-free vulnerability in the Linux kernel's CAN (Controller Area Network) subsystem. When procfs content is generated for ...

A use-after-free vulnerability in the Linux kernel's HFSC scheduler allows local attackers to cause denial of service or potentially execute arbitrary...

A race condition in the Linux kernel's HFSC (Hierarchical Fair Service Curve) queuing discipline can cause inconsistent queue accounting when packets ...

A log injection vulnerability in Django allows attackers to manipulate HTTP response logging by sending crafted URLs. This could corrupt log files or ...

An integer underflow vulnerability in catdoc's OLE Document DIFAT parser allows heap-based memory corruption when processing specially crafted files. ...

This vulnerability in systemd-coredump allows attackers to exploit a race condition to access privileged process coredumps. By forcing a SUID process ...

This vulnerability in the Linux kernel's Open vSwitch module involves unsafe Netlink attribute parsing in the output_userspace() function. Attackers c...

A NULL pointer dereference vulnerability in the Linux kernel's UCSI DisplayPort driver could cause kernel crashes or system instability when USB-C dev...

A NULL pointer dereference vulnerability in the Linux kernel's network scheduler (net_sched) occurs when reducing a qdisc's limit via the ->change() o...

A stack-based buffer overflow vulnerability in GStreamer's H265 codec parser allows remote attackers to execute arbitrary code by sending specially cr...

This CVE describes a memory leak vulnerability in the Linux kernel's qibfs filesystem driver. When the kernel fails to allocate an inode during filesy...

A race condition vulnerability in the Linux kernel's USB WDM driver allows opening a character device while its URBs are still poisoned, potentially l...

A memory leak vulnerability in the Linux kernel's PHY LED trigger code can cause out-of-memory conditions during network restarts. This affects Linux ...

A double free vulnerability in the Linux kernel's parisc architecture causes applications to crash when handling SIGFPE signals. This occurs due to im...

This CVE describes a buffer overflow vulnerability in the Linux kernel's ASoC (Audio System on Chip) driver for Qualcomm sc7280 LPASS (Low Power Audio...

This CVE describes a deadlock vulnerability in the Linux kernel's UCSI DisplayPort driver. When a USB Type-C device with DisplayPort alternate mode is...

A race condition vulnerability in the Linux kernel's ST LSM6DSX IMU driver could cause a system lockup when reading tagged FIFO data. This affects sys...

A Linux kernel vulnerability in the bpf_redirect_peer function fails to properly scrub packet metadata when redirecting packets between network namesp...

This CVE describes an uninitialized memory vulnerability in the Linux kernel's IPVS (IP Virtual Server) subsystem. The flaw occurs when the do_output_...

This CVE addresses a vulnerability in the Linux kernel's BPF subsystem on ARM64 architecture where Branch History Buffer (BHB) mitigations were incorr...

This CVE addresses a speculative execution vulnerability in the Linux kernel's classic BPF (cBPF) implementation on ARM64 systems. A malicious BPF pro...

A vulnerability in the Linux kernel's tracing subsystem allows reading freed memory when trace events use specific format specifiers. This could lead ...

A denial-of-service vulnerability in the Linux kernel's ftrace subsystem where processing a large number of traceable functions can cause a softlockup...

A Linux kernel vulnerability in KVM's handling of PEBS (Precise Event Based Sampling) performance monitoring allows a guest VM to crash when PEBS is u...

A buffer overflow vulnerability exists in the Linux kernel's AMD IOMMU driver when parsing ACPI HID/UID strings. This allows local attackers to potent...

A missing sentinel entry in ARM64 Spectre-BHB workaround arrays in the Linux kernel causes a kernel panic during boot when UBSAN (Undefined Behavior S...

A Linux kernel Btrfs filesystem vulnerability causes metadata corruption when using subpage support with specific page/node/sector size combinations. ...