This page lists publicly disclosed CVE vulnerabilities affecting debian debian_linux (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2025-39752 | In the Linux kernel, the following vulnerability has been resolved: ARM: rockchip: fix kernel hang during smp initialization In order to bring up secondary CPUs main CPU write trampoline code to SRAM. The trampoline code is written while secondary CPUs are powered on (at least that true for RK3188 CPU). Sometimes that leads to kernel hang. Probably because secondary CPU execute trampoline code while kernel doesn't expect. The patch moves SRAM initialization step to the point where all seconda | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | 5.5 | 0.16% | 2025-09-11 | 2026-06-17 |
| CVE-2025-39749 | In the Linux kernel, the following vulnerability has been resolved: rcu: Protect ->defer_qs_iw_pending from data race On kernels built with CONFIG_IRQ_WORK=y, when rcu_read_unlock() is invoked within an interrupts-disabled region of code [1], it will invoke rcu_read_unlock_special(), which uses an irq-work handler to force the system to notice when the RCU read-side critical section actually ends. That end won't happen until interrupts are enabled at the soonest. In some kernels, such as thos | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | 7.0 | 0.16% | 2025-09-11 | 2026-06-17 |
| CVE-2025-39743 | In the Linux kernel, the following vulnerability has been resolved: jfs: truncate good inode pages when hard link is 0 The fileset value of the inode copy from the disk by the reproducer is AGGR_RESERVED_I. When executing evict, its hard link number is 0, so its inode pages are not truncated. This causes the bugon to be triggered when executing clear_inode() because nrpages is greater than 0. | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | 7.8 | 0.17% | 2025-09-11 | 2026-06-17 |
| CVE-2025-39742 | In the Linux kernel, the following vulnerability has been resolved: RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask() The function divides number of online CPUs by num_core_siblings, and later checks the divider by zero. This implies a possibility to get and divide-by-zero runtime error. Fix it by moving the check prior to division. This also helps to save one indentation level. | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | 5.5 | 0.16% | 2025-09-11 | 2026-06-17 |
| CVE-2025-39738 | In the Linux kernel, the following vulnerability has been resolved: btrfs: do not allow relocation of partially dropped subvolumes [BUG] There is an internal report that balance triggered transaction abort, with the following call trace: item 85 key (594509824 169 0) itemoff 12599 itemsize 33 extent refs 1 gen 197740 flags 2 ref#0: tree block backref root 7 item 86 key (594558976 169 0) itemoff 12566 itemsize 33 extent refs 1 gen 197522 flags 2 ref# | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | 7.8 | 0.16% | 2025-09-11 | 2026-06-17 |
| CVE-2025-39737 | In the Linux kernel, the following vulnerability has been resolved: mm/kmemleak: avoid soft lockup in __kmemleak_do_cleanup() A soft lockup warning was observed on a relative small system x86-64 system with 16 GB of memory when running a debug kernel with kmemleak enabled. watchdog: BUG: soft lockup - CPU#8 stuck for 33s! [kworker/8:1:134] The test system was running a workload with hot unplug happening in parallel. Then kemleak decided to disable itself due to its inability to allocate m | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | 5.5 | 0.16% | 2025-09-11 | 2026-06-17 |
| CVE-2025-39736 | In the Linux kernel, the following vulnerability has been resolved: mm/kmemleak: avoid deadlock by moving pr_warn() outside kmemleak_lock When netpoll is enabled, calling pr_warn_once() while holding kmemleak_lock in mem_pool_alloc() can cause a deadlock due to lock inversion with the netconsole subsystem. This occurs because pr_warn_once() may trigger netpoll, which eventually leads to __alloc_skb() and back into kmemleak code, attempting to reacquire kmemleak_lock. This is the path for the | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | 5.5 | 0.12% | 2025-09-11 | 2026-06-17 |
| CVE-2025-39734 | In the Linux kernel, the following vulnerability has been resolved: Revert "fs/ntfs3: Replace inode_trylock with inode_lock" This reverts commit 69505fe98f198ee813898cbcaf6770949636430b. Initially, conditional lock acquisition was removed to fix an xfstest bug that was observed during internal testing. The deadlock reported by syzbot is resolved by reintroducing conditional acquisition. The xfstest bug no longer occurs on kernel version 6.16-rc1 during internal testing. I assume that changes | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | 5.5 | 0.14% | 2025-09-07 | 2026-06-17 |
| CVE-2025-39731 | In the Linux kernel, the following vulnerability has been resolved: f2fs: vm_unmap_ram() may be called from an invalid context When testing F2FS with xfstests using UFS backed virtual disks the kernel complains sometimes that f2fs_release_decomp_mem() calls vm_unmap_ram() from an invalid context. Example trace from f2fs/007 test: f2fs/007 5s ... [12:59:38][ 8.902525] run fstests f2fs/007 [ 11.468026] BUG: sleeping function called from invalid context at mm/vmalloc.c:2978 [ 11.471849] | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | 5.5 | 0.14% | 2025-09-07 | 2026-06-17 |
| CVE-2025-39730 | In the Linux kernel, the following vulnerability has been resolved: NFS: Fix filehandle bounds checking in nfs_fh_to_dentry() The function needs to check the minimal filehandle length before it can access the embedded filehandle. | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | 7.8 | 0.18% | 2025-09-07 | 2026-06-17 |
| CVE-2025-39724 | In the Linux kernel, the following vulnerability has been resolved: serial: 8250: fix panic due to PSLVERR When the PSLVERR_RESP_EN parameter is set to 1, the device generates an error response if an attempt is made to read an empty RBR (Receive Buffer Register) while the FIFO is enabled. In serial8250_do_startup(), calling serial_port_out(port, UART_LCR, UART_LCR_WLEN8) triggers dw8250_check_lcr(), which invokes dw8250_force_idle() and serial8250_clear_and_reinit_fifos(). The latter function | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | 5.5 | 0.16% | 2025-09-05 | 2026-06-17 |
| CVE-2025-39719 | In the Linux kernel, the following vulnerability has been resolved: iio: imu: bno055: fix OOB access of hw_xlate array Fix a potential out-of-bounds array access of the hw_xlate array in bno055.c. In bno055_get_regmask(), hw_xlate was iterated over the length of the vals array instead of the length of the hw_xlate array. In the case of bno055_gyr_scale, the vals array is larger than the hw_xlate array, so this could result in an out-of-bounds access. In practice, this shouldn't happen though | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | 7.1 | 0.14% | 2025-09-05 | 2026-06-17 |
| CVE-2025-39718 | In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: Validate length in packet header before skb_put() When receiving a vsock packet in the guest, only the virtqueue buffer size is validated prior to virtio_vsock_skb_rx_put(). Unfortunately, virtio_vsock_skb_rx_put() uses the length from the packet header as the length argument to skb_put(), potentially resulting in SKB overflow if the host has gone wonky. Validate the length as advertised by the packet header bef | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | 5.5 | 0.14% | 2025-09-05 | 2026-06-17 |
| CVE-2025-39716 | In the Linux kernel, the following vulnerability has been resolved: parisc: Revise __get_user() to probe user read access Because of the way read access support is implemented, read access interruptions are only triggered at privilege levels 2 and 3. The kernel executes at privilege level 0, so __get_user() never triggers a read access interruption (code 26). Thus, it is currently possible for user code to access a read protected address via a system call. Fix this by probing read access righ | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | 5.5 | 0.14% | 2025-09-05 | 2026-06-17 |
| CVE-2025-39715 | In the Linux kernel, the following vulnerability has been resolved: parisc: Revise gateway LWS calls to probe user read access We use load and stbys,e instructions to trigger memory reference interruptions without writing to memory. Because of the way read access support is implemented, read access interruptions are only triggered at privilege levels 2 and 3. The kernel and gateway page execute at privilege level 0, so this code never triggers a read access interruption. Thus, it is currently | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | 5.5 | 0.14% | 2025-09-05 | 2026-06-17 |
| CVE-2025-39714 | In the Linux kernel, the following vulnerability has been resolved: media: usbtv: Lock resolution while streaming When an program is streaming (ffplay) and another program (qv4l2) changes the TV standard from NTSC to PAL, the kernel crashes due to trying to copy to unmapped memory. Changing from NTSC to PAL increases the resolution in the usbtv struct, but the video plane buffer isn't adjusted, so it overflows. [hverkuil: call vb2_is_busy instead of vb2_is_streaming] | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | 5.5 | 0.15% | 2025-09-05 | 2026-06-17 |
| CVE-2025-39713 | In the Linux kernel, the following vulnerability has been resolved: media: rainshadow-cec: fix TOCTOU race condition in rain_interrupt() In the interrupt handler rain_interrupt(), the buffer full check on rain->buf_len is performed before acquiring rain->buf_lock. This creates a Time-of-Check to Time-of-Use (TOCTOU) race condition, as rain->buf_len is concurrently accessed and modified in the work handler rain_irq_work_handler() under the same lock. Multiple interrupt invocations can race, wi | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | 4.7 | 0.12% | 2025-09-05 | 2026-06-17 |
| CVE-2025-39710 | In the Linux kernel, the following vulnerability has been resolved: media: venus: Add a check for packet size after reading from shared memory Add a check to ensure that the packet size does not exceed the number of available words after reading the packet header from shared memory. This ensures that the size provided by the firmware is safe to process and prevent potential out-of-bounds memory access. | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | 7.1 | 0.15% | 2025-09-05 | 2026-06-17 |
| CVE-2025-39709 | In the Linux kernel, the following vulnerability has been resolved: media: venus: protect against spurious interrupts during probe Make sure the interrupt handler is initialized before the interrupt is registered. If the IRQ is registered before hfi_create(), it's possible that an interrupt fires before the handler setup is complete, leading to a NULL dereference. This error condition has been observed during system boot on Rb3Gen2. | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | 5.5 | 0.15% | 2025-09-05 | 2026-06-17 |
| CVE-2025-39706 | In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Destroy KFD debugfs after destroy KFD wq Since KFD proc content was moved to kernel debugfs, we can't destroy KFD debugfs before kfd_process_destroy_wq. Move kfd_process_destroy_wq prior to kfd_debugfs_fini to fix a kernel NULL pointer problem. It happens when /sys/kernel/debug/kfd was already destroyed in kfd_debugfs_fini but kfd_process_destroy_wq calls kfd_debugfs_remove_process. This line debugfs_remove_rec | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | 5.5 | 0.14% | 2025-09-05 | 2026-06-17 |