CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-38248 – bridge: mcast: Fix use-after-free during router port configuration
https://notcve.org/view.php?id=CVE-2025-38248
09 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: bridge: mcast: Fix use-after-free during router port configuration The bridge maintains a global list of ports behind which a multicast router resides. The list is consulted during forwarding to ensure multicast packets are forwarded to these ports even if the ports are not member in the matching MDB entry. When per-VLAN multicast snooping is enabled, the per-port multicast context is disabled on each port and the port is removed from the g... • https://git.kernel.org/stable/c/2796d846d74a18cc6563e96eff8bf28c5e06f912 •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2025-38247 – userns and mnt_idmap leak in open_tree_attr(2)
https://notcve.org/view.php?id=CVE-2025-38247
09 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: userns and mnt_idmap leak in open_tree_attr(2) Once want_mount_setattr() has returned a positive, it does require finish_mount_kattr() to release ->mnt_userns. Failing do_mount_setattr() does not change that. As the result, we can end up leaking userns and possibly mnt_idmap as well. In the Linux kernel, the following vulnerability has been resolved: userns and mnt_idmap leak in open_tree_attr(2) Once want_mount_setattr() has returned a pos... • https://git.kernel.org/stable/c/c4a16820d90199409c9bf01c4f794e1e9e8d8fd8 •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2025-38246 – bnxt: properly flush XDP redirect lists
https://notcve.org/view.php?id=CVE-2025-38246
09 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: bnxt: properly flush XDP redirect lists We encountered following crash when testing a XDP_REDIRECT feature in production: [56251.579676] list_add corruption. next->prev should be prev (ffff93120dd40f30), but was ffffb301ef3a6740. (next=ffff93120dd 40f30). [56251.601413] ------------[ cut here ]------------ [56251.611357] kernel BUG at lib/list_debug.c:29! [56251.621082] Oops: invalid opcode: 0000 [#1] PREEMPT SMP NOPTI [56251.632073] CPU: 1... • https://git.kernel.org/stable/c/a7559bc8c17c3f9a91dcbeefe8642ba757fd09e8 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2025-38245 – atm: Release atm_dev_mutex after removing procfs in atm_dev_deregister().
https://notcve.org/view.php?id=CVE-2025-38245
09 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: atm: Release atm_dev_mutex after removing procfs in atm_dev_deregister(). syzbot reported a warning below during atm_dev_register(). [0] Before creating a new device and procfs/sysfs for it, atm_dev_register() looks up a duplicated device by __atm_dev_lookup(). These operations are done under atm_dev_mutex. However, when removing a device in atm_dev_deregister(), it releases the mutex just after removing the device from the list that __atm_... • https://git.kernel.org/stable/c/64bf69ddff7637b7ed7acf9b2a823cc0ee519439 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-38244 – smb: client: fix potential deadlock when reconnecting channels
https://notcve.org/view.php?id=CVE-2025-38244
09 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential deadlock when reconnecting channels Fix cifs_signal_cifsd_for_reconnect() to take the correct lock order and prevent the following deadlock from happening ====================================================== WARNING: possible circular locking dependency detected 6.16.0-rc3-build2+ #1301 Tainted: G S W ------------------------------------------------------ cifsd/6055 is trying to acquire lock: ffff88810ad56038 (&... • https://git.kernel.org/stable/c/d7d7a66aacd6fd8ca57baf08a7bac5421282f6f8 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-38243 – btrfs: fix invalid inode pointer dereferences during log replay
https://notcve.org/view.php?id=CVE-2025-38243
09 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: fix invalid inode pointer dereferences during log replay In a few places where we call read_one_inode(), if we get a NULL pointer we end up jumping into an error path, or fallthrough in case of __add_inode_ref(), where we then do something like this: iput(&inode->vfs_inode); which results in an invalid inode pointer that triggers an invalid memory access, resulting in a crash. Fix this by making sure we don't do such dereferences. In... • https://git.kernel.org/stable/c/b4c50cbb01a1b6901d2b94469636dd80fa93de81 •
CVSS: 6.3EPSS: 0%CPEs: 3EXPL: 0CVE-2025-38242 – mm: userfaultfd: fix race of userfaultfd_move and swap cache
https://notcve.org/view.php?id=CVE-2025-38242
09 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: mm: userfaultfd: fix race of userfaultfd_move and swap cache This commit fixes two kinds of races, they may have different results: Barry reported a BUG_ON in commit c50f8e6053b0, we may see the same BUG_ON if the filemap lookup returned NULL and folio is added to swap cache after that. If another kind of race is triggered (folio changed after lookup) we may see RSS counter is corrupted: [ 406.893936] BUG: Bad rss-counter state mm:ffff0000c... • https://git.kernel.org/stable/c/adef440691bab824e39c1b17382322d195e1fab0 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-38241 – mm/shmem, swap: fix softlockup with mTHP swapin
https://notcve.org/view.php?id=CVE-2025-38241
09 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: mm/shmem, swap: fix softlockup with mTHP swapin Following softlockup can be easily reproduced on my test machine with: echo always > /sys/kernel/mm/transparent_hugepage/hugepages-64kB/enabled swapon /dev/zram0 # zram0 is a 48G swap device mkdir -p /sys/fs/cgroup/memory/test echo 1G > /sys/fs/cgroup/test/memory.max echo $BASHPID > /sys/fs/cgroup/test/cgroup.procs while true; do dd if=/dev/zero of=/tmp/test.img bs=1M count=5120 cat /tmp/test.... • https://git.kernel.org/stable/c/1dd44c0af4fa1e80a4e82faa10cbf5d22da40362 •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2025-38239 – scsi: megaraid_sas: Fix invalid node index
https://notcve.org/view.php?id=CVE-2025-38239
09 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: megaraid_sas: Fix invalid node index On a system with DRAM interleave enabled, out-of-bound access is detected: megaraid_sas 0000:3f:00.0: requested/available msix 128/128 poll_queue 0 ------------[ cut here ]------------ UBSAN: array-index-out-of-bounds in ./arch/x86/include/asm/topology.h:72:28 index -1 is out of range for type 'cpumask *[1024]' dump_stack_lvl+0x5d/0x80 ubsan_epilogue+0x5/0x2b __ubsan_handle_out_of_bounds.cold+0x46/... • https://git.kernel.org/stable/c/8049da6f3943d0ac51931b8064b2e4769a69a967 •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-38238 – scsi: fnic: Fix crash in fnic_wq_cmpl_handler when FDMI times out
https://notcve.org/view.php?id=CVE-2025-38238
09 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: fnic: Fix crash in fnic_wq_cmpl_handler when FDMI times out When both the RHBA and RPA FDMI requests time out, fnic reuses a frame to send ABTS for each of them. On send completion, this causes an attempt to free the same frame twice that leads to a crash. Fix crash by allocating separate frames for RHBA and RPA, and modify ABTS logic accordingly. Tested by checking MDS for FDMI information. Tested by using instrumented driver to: - D... • https://git.kernel.org/stable/c/09c1e6ab4ab2a107d96f119950dc330e446dc2b0 •