CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2025-38716 – hfs: fix general protection fault in hfs_find_init()
https://notcve.org/view.php?id=CVE-2025-38716
04 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: hfs: fix general protection fault in hfs_find_init() The hfs_find_init() method can trigger the crash if tree pointer is NULL: [ 45.746290][ T9787] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000008: 0000 [#1] SMP KAI [ 45.747287][ T9787] KASAN: null-ptr-deref in range [0x0000000000000040-0x0000000000000047] [ 45.748716][ T9787] CPU: 2 UID: 0 PID: 9787 Comm: repro Not tainted 6.16.0-rc3 #10 PREEMPT(full) [... • https://git.kernel.org/stable/c/434a964daa14b9db083ce20404a4a2add54d037a •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2025-38715 – hfs: fix slab-out-of-bounds in hfs_bnode_read()
https://notcve.org/view.php?id=CVE-2025-38715
04 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: hfs: fix slab-out-of-bounds in hfs_bnode_read() This patch introduces is_bnode_offset_valid() method that checks the requested offset value. Also, it introduces check_and_correct_requested_length() method that checks and correct the requested length (if it is necessary). These methods are used in hfs_bnode_read(), hfs_bnode_write(), hfs_bnode_clear(), hfs_bnode_copy(), and hfs_bnode_move() with the goal to prevent the access out of allocate... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2025-38714 – hfsplus: fix slab-out-of-bounds in hfsplus_bnode_read()
https://notcve.org/view.php?id=CVE-2025-38714
04 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix slab-out-of-bounds in hfsplus_bnode_read() The hfsplus_bnode_read() method can trigger the issue: [ 174.852007][ T9784] ================================================================== [ 174.852709][ T9784] BUG: KASAN: slab-out-of-bounds in hfsplus_bnode_read+0x2f4/0x360 [ 174.853412][ T9784] Read of size 8 at addr ffff88810b5fc6c0 by task repro/9784 [ 174.854059][ T9784] [ 174.854272][ T9784] CPU: 1 UID: 0 PID: 9784 Comm: re... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2025-38713 – hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc()
https://notcve.org/view.php?id=CVE-2025-38713
04 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() The hfsplus_readdir() method is capable to crash by calling hfsplus_uni2asc(): [ 667.121659][ T9805] ================================================================== [ 667.122651][ T9805] BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0x902/0xa10 [ 667.123627][ T9805] Read of size 2 at addr ffff88802592f40c by task repro/9805 [ 667.124578][ T9805] [ 667.124876][ T9805] CPU: 3 UI... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2025-38712 – hfsplus: don't use BUG_ON() in hfsplus_create_attributes_file()
https://notcve.org/view.php?id=CVE-2025-38712
04 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: hfsplus: don't use BUG_ON() in hfsplus_create_attributes_file() When the volume header contains erroneous values that do not reflect the actual state of the filesystem, hfsplus_fill_super() assumes that the attributes file is not yet created, which later results in hitting BUG_ON() when hfsplus_create_attributes_file() is called. Replace this BUG_ON() with -EIO error with a message to suggest running fsck tool. In the Linux kernel, the foll... • https://git.kernel.org/stable/c/95e0d7dbb9b28ab0dfad7c7316066b05e1f1d4cd •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2025-38711 – smb/server: avoid deadlock when linking with ReplaceIfExists
https://notcve.org/view.php?id=CVE-2025-38711
04 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: smb/server: avoid deadlock when linking with ReplaceIfExists If smb2_create_link() is called with ReplaceIfExists set and the name does exist then a deadlock will happen. ksmbd_vfs_kern_path_locked() will return with success and the parent directory will be locked. ksmbd_vfs_remove_file() will then remove the file. ksmbd_vfs_link() will then be called while the parent is still locked. It will try to lock the same parent and will deadlock. T... • https://git.kernel.org/stable/c/0626e6641f6b467447c81dd7678a69c66f7746cf •
CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2025-38710 – gfs2: Validate i_depth for exhash directories
https://notcve.org/view.php?id=CVE-2025-38710
04 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: gfs2: Validate i_depth for exhash directories A fuzzer test introduced corruption that ends up with a depth of 0 in dir_e_read(), causing an undefined shift by 32 at: index = hash >> (32 - dip->i_depth); As calculated in an open-coded way in dir_make_exhash(), the minimum depth for an exhash directory is ilog2(sdp->sd_hash_ptrs) and 0 is invalid as sdp->sd_hash_ptrs is fixed as sdp->bsize / 16 at mount time. So we can avoid the undefined be... • https://git.kernel.org/stable/c/9a0045088d888c9c539c8c626a366cb52c0fbdab •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-38709 – loop: Avoid updating block size under exclusive owner
https://notcve.org/view.php?id=CVE-2025-38709
04 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: loop: Avoid updating block size under exclusive owner Syzbot came up with a reproducer where a loop device block size is changed underneath a mounted filesystem. This causes a mismatch between the block device block size and the block size stored in the superblock causing confusion in various places such as fs/buffer.c. The particular issue triggered by syzbot was a warning in __getblk_slow() due to requested buffer size not matching block ... • https://git.kernel.org/stable/c/89e4fdecb51cf5535867026274bc97de9480ade5 •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2025-38708 – drbd: add missing kref_get in handle_write_conflicts
https://notcve.org/view.php?id=CVE-2025-38708
04 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: drbd: add missing kref_get in handle_write_conflicts With `two-primaries` enabled, DRBD tries to detect "concurrent" writes and handle write conflicts, so that even if you write to the same sector simultaneously on both nodes, they end up with the identical data once the writes are completed. In handling "superseeded" writes, we forgot a kref_get, resulting in a premature drbd_destroy_device and use after free, and further to kernel crashes... • https://git.kernel.org/stable/c/668700b40a7c8727bbd2b3fd4fd22e0ce3f1aeb6 •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2025-38707 – fs/ntfs3: Add sanity check for file name
https://notcve.org/view.php?id=CVE-2025-38707
04 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Add sanity check for file name The length of the file name should be smaller than the directory entry size. It was discovered that improper initialization of CPU cache memory could allow a local attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity. Oleksii Oleksenko, Cedric Fournet, Jana Hofmann, Boris Köpf, Stavros Volos, and Flavien Solt discovered that some AMD processors may all... • https://git.kernel.org/stable/c/4534a70b7056fd4b9a1c6db5a4ce3c98546b291e •