CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-38014 – dmaengine: idxd: Refactor remove call with idxd_cleanup() helper
https://notcve.org/view.php?id=CVE-2025-38014
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Refactor remove call with idxd_cleanup() helper The idxd_cleanup() helper cleans up perfmon, interrupts, internals and so on. Refactor remove call with the idxd_cleanup() helper to avoid code duplication. Note, this also fixes the missing put_device() for idxd groups, enginces and wqs. In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Refactor remove call with idxd_cleanup() helper The idx... • https://git.kernel.org/stable/c/bfe1d56091c1a404b3d4ce7e9809d745fc4453bb •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-38011 – drm/amdgpu: csa unmap use uninterruptible lock
https://notcve.org/view.php?id=CVE-2025-38011
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: csa unmap use uninterruptible lock After process exit to unmap csa and free GPU vm, if signal is accepted and then waiting to take vm lock is interrupted and return, it causes memory leaking and below warning backtrace. Change to use uninterruptible wait lock fix the issue. WARNING: CPU: 69 PID: 167800 at amd/amdgpu/amdgpu_kms.c:1525 amdgpu_driver_postclose_kms+0x294/0x2a0 [amdgpu] Call Trace:
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2025-38009 – wifi: mt76: disable napi on driver removal
https://notcve.org/view.php?id=CVE-2025-38009
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: disable napi on driver removal A warning on driver removal started occurring after commit 9dd05df8403b ("net: warn if NAPI instance wasn't shut down"). Disable tx napi before deleting it in mt76_dma_cleanup(). WARNING: CPU: 4 PID: 18828 at net/core/dev.c:7288 __netif_napi_del_locked+0xf0/0x100 CPU: 4 UID: 0 PID: 18828 Comm: modprobe Not tainted 6.15.0-rc4 #4 PREEMPT(lazy) Hardware name: ASUS System Product Name/PRIME X670E-PRO W... • https://git.kernel.org/stable/c/2ac515a5d74f26963362d5da9589c67ca3663338 •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2025-38006 – net: mctp: Don't access ifa_index when missing
https://notcve.org/view.php?id=CVE-2025-38006
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: net: mctp: Don't access ifa_index when missing In mctp_dump_addrinfo, ifa_index can be used to filter interfaces, but only when the struct ifaddrmsg is provided. Otherwise it will be comparing to uninitialised memory - reproducible in the syzkaller case from dhcpd, or busybox "ip addr show". The kernel MCTP implementation has always filtered by ifa_index, so existing userspace programs expecting to dump MCTP addresses must already be passin... • https://git.kernel.org/stable/c/583be982d93479ea3d85091b0fd0b01201ede87d •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2025-38005 – dmaengine: ti: k3-udma: Add missing locking
https://notcve.org/view.php?id=CVE-2025-38005
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: k3-udma: Add missing locking Recent kernels complain about a missing lock in k3-udma.c when the lock validator is enabled: [ 4.128073] WARNING: CPU: 0 PID: 746 at drivers/dma/ti/../virt-dma.h:169 udma_start.isra.0+0x34/0x238 [ 4.137352] CPU: 0 UID: 0 PID: 746 Comm: kworker/0:3 Not tainted 6.12.9-arm64 #28 [ 4.144867] Hardware name: pp-v12 (DT) [ 4.148648] Workqueue: events udma_check_tx_completion [ 4.153841] pstate: 60000005... • https://git.kernel.org/stable/c/25dcb5dd7b7ce5587c1df18f584ff78f51a68a94 •
CVSS: 6.4EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38004 – can: bcm: add locking for bcm_op runtime updates
https://notcve.org/view.php?id=CVE-2025-38004
08 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: can: bcm: add locking for bcm_op runtime updates The CAN broadcast manager (CAN BCM) can send a sequence of CAN frames via hrtimer. The content and also the length of the sequence can be changed resp reduced at runtime where the 'currframe' counter is then set to zero. Although this appeared to be a safe operation the updates of 'currframe' can be triggered from user space and hrtimer context in bcm_can_tx(). Anderson Nascimento created a p... • https://git.kernel.org/stable/c/ffd980f976e7fd666c2e61bf8ab35107efd11828 •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2025-38003 – can: bcm: add missing rcu read protection for procfs content
https://notcve.org/view.php?id=CVE-2025-38003
08 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: can: bcm: add missing rcu read protection for procfs content When the procfs content is generated for a bcm_op which is in the process to be removed the procfs output might show unreliable data (UAF). As the removal of bcm_op's is already implemented with rcu handling this patch adds the missing rcu_read_lock() and makes sure the list entries are properly removed under rcu protection. En el kernel de Linux, se ha resuelto la siguiente vulne... • https://git.kernel.org/stable/c/5b48f5711f1c630841ab78dcc061de902f0e37bf •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2025-38001 – net_sched: hfsc: Address reentrant enqueue adding class to eltree twice
https://notcve.org/view.php?id=CVE-2025-38001
06 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice Savino says: "We are writing to report that this recent patch (141d34391abbb315d68556b7c67ad97885407547) [1] can be bypassed, and a UAF can still occur when HFSC is utilized with NETEM. The patch only checks the cl->cl_nactive field to determine whether it is the first insertion or not [2], but this field is only incremented by init_vf [3]. By using HFSC_RSC (which uses... • https://git.kernel.org/stable/c/37d9cf1a3ce35de3df6f7d209bfb1f50cf188cea •
CVSS: 6.4EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38000 – sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue()
https://notcve.org/view.php?id=CVE-2025-38000
06 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() When enqueuing the first packet to an HFSC class, hfsc_enqueue() calls the child qdisc's peek() operation before incrementing sch->q.qlen and sch->qstats.backlog. If the child qdisc uses qdisc_peek_dequeued(), this may trigger an immediate dequeue and potential packet drop. In such cases, qdisc_tree_reduce_backlog() is called, but the HFSC qdisc's qlen and backlog have not ... • https://git.kernel.org/stable/c/12d0ad3be9c3854e52ec74bb83bb6f43612827c7 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2025-37998 – openvswitch: Fix unsafe attribute parsing in output_userspace()
https://notcve.org/view.php?id=CVE-2025-37998
29 May 2025 — In the Linux kernel, the following vulnerability has been resolved: openvswitch: Fix unsafe attribute parsing in output_userspace() This patch replaces the manual Netlink attribute iteration in output_userspace() with nla_for_each_nested(), which ensures that only well-formed attributes are processed. In the Linux kernel, the following vulnerability has been resolved: openvswitch: Fix unsafe attribute parsing in output_userspace() This patch replaces the manual Netlink attribute iteration in output_userspac... • https://git.kernel.org/stable/c/ccb1352e76cff0524e7ccb2074826a092dd13016 •