CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38180 – net: atm: fix /proc/net/atm/lec handling
https://notcve.org/view.php?id=CVE-2025-38180
04 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: net: atm: fix /proc/net/atm/lec handling /proc/net/atm/lec must ensure safety against dev_lec[] changes. It appears it had dev_put() calls without prior dev_hold(), leading to imbalance and UAF. In the Linux kernel, the following vulnerability has been resolved: net: atm: fix /proc/net/atm/lec handling /proc/net/atm/lec must ensure safety against dev_lec[] changes. It appears it had dev_put() calls without prior dev_hold(), leading to imbal... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-38179 – smb: client: fix max_sge overflow in smb_extract_folioq_to_rdma()
https://notcve.org/view.php?id=CVE-2025-38179
04 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: smb: client: fix max_sge overflow in smb_extract_folioq_to_rdma() This fixes the following problem: [ 749.901015] [ T8673] run fstests cifs/001 at 2025-06-17 09:40:30 [ 750.346409] [ T9870] ================================================================== [ 750.346814] [ T9870] BUG: KASAN: slab-out-of-bounds in smb_set_sge+0x2cc/0x3b0 [cifs] [ 750.347330] [ T9870] Write of size 8 at addr ffff888011082890 by task xfs_io/9870 [ 750.347705] [... • https://git.kernel.org/stable/c/c45ebd636c32d33c75e51ce977520ff146bd41a1 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-38177 – sch_hfsc: make hfsc_qlen_notify() idempotent
https://notcve.org/view.php?id=CVE-2025-38177
04 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: sch_hfsc: make hfsc_qlen_notify() idempotent hfsc_qlen_notify() is not idempotent either and not friendly to its callers, like fq_codel_dequeue(). Let's make it idempotent to ease qdisc_tree_reduce_backlog() callers' life: 1. update_vf() decreases cl->cl_nactive, so we can check whether it is non-zero before calling it. 2. eltree_remove() always removes RB node cl->el_node, but we can use RB_EMPTY_NODE() + RB_CLEAR_NODE() to make it safe. I... • https://git.kernel.org/stable/c/0475c85426b18eccdcb7f9fb58d8f8e9c6c58c87 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2025-38174 – thunderbolt: Do not double dequeue a configuration request
https://notcve.org/view.php?id=CVE-2025-38174
04 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Do not double dequeue a configuration request Some of our devices crash in tb_cfg_request_dequeue(): general protection fault, probably for non-canonical address 0xdead000000000122 CPU: 6 PID: 91007 Comm: kworker/6:2 Tainted: G U W 6.6.65 RIP: 0010:tb_cfg_request_dequeue+0x2d/0xa0 Call Trace:
CVSS: 8.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38173 – crypto: marvell/cesa - Handle zero-length skcipher requests
https://notcve.org/view.php?id=CVE-2025-38173
03 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: crypto: marvell/cesa - Handle zero-length skcipher requests Do not access random memory for zero-length skcipher requests. Just return 0. In the Linux kernel, the following vulnerability has been resolved: crypto: marvell/cesa - Handle zero-length skcipher requests Do not access random memory for zero-length skcipher requests. Just return 0. • https://git.kernel.org/stable/c/f63601fd616ab370774fa00ea10bcaaa9e48e84c •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-38172 – erofs: avoid using multiple devices with different type
https://notcve.org/view.php?id=CVE-2025-38172
03 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: erofs: avoid using multiple devices with different type For multiple devices, both primary and extra devices should be the same type. `erofs_init_device` has already guaranteed that if the primary is a file-backed device, extra devices should also be regular files. However, if the primary is a block device while the extra device is a file-backed device, `erofs_init_device` will get an ENOTBLK, which is not treated as an error in `erofs_fc_g... • https://git.kernel.org/stable/c/fb176750266a3d7f42ebdcf28e8ba40350b27847 •
CVSS: 4.7EPSS: 0%CPEs: 5EXPL: 0CVE-2025-38170 – arm64/fpsimd: Discard stale CPU state when handling SME traps
https://notcve.org/view.php?id=CVE-2025-38170
03 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: arm64/fpsimd: Discard stale CPU state when handling SME traps The logic for handling SME traps manipulates saved FPSIMD/SVE/SME state incorrectly, and a race with preemption can result in a task having TIF_SME set and TIF_FOREIGN_FPSTATE clear even though the live CPU state is stale (e.g. with SME traps enabled). This can result in warnings from do_sme_acc() where SME traps are not expected while TIF_SME is set: | /* With TIF_SME userspace ... • https://git.kernel.org/stable/c/8bd7f91c03d886f41d35f6108078d20be5a4a1bd •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2025-38169 – arm64/fpsimd: Avoid clobbering kernel FPSIMD state with SMSTOP
https://notcve.org/view.php?id=CVE-2025-38169
03 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: arm64/fpsimd: Avoid clobbering kernel FPSIMD state with SMSTOP On system with SME, a thread's kernel FPSIMD state may be erroneously clobbered during a context switch immediately after that state is restored. Systems without SME are unaffected. If the CPU happens to be in streaming SVE mode before a context switch to a thread with kernel FPSIMD state, fpsimd_thread_switch() will restore the kernel FPSIMD state using fpsimd_load_kernel_state... • https://git.kernel.org/stable/c/e92bee9f861b466c676f0200be3e46af7bc4ac6b •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-38168 – perf: arm-ni: Unregister PMUs on probe failure
https://notcve.org/view.php?id=CVE-2025-38168
03 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: perf: arm-ni: Unregister PMUs on probe failure When a resource allocation fails in one clock domain of an NI device, we need to properly roll back all previously registered perf PMUs in other clock domains of the same device. Otherwise, it can lead to kernel panics. Calling arm_ni_init+0x0/0xff8 [arm_ni] @ 2374 arm-ni ARMHCB70:00: Failed to request PMU region 0x1f3c13000 arm-ni ARMHCB70:00: probe with driver arm-ni failed with error -16 lis... • https://git.kernel.org/stable/c/4d5a7680f2b4d0c2955e1d9f9a594b050d637436 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2025-38167 – fs/ntfs3: handle hdr_first_de() return value
https://notcve.org/view.php?id=CVE-2025-38167
03 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: handle hdr_first_de() return value The hdr_first_de() function returns a pointer to a struct NTFS_DE. This pointer may be NULL. To handle the NULL error effectively, it is important to implement an error handler. This will help manage potential errors consistently. Additionally, error handling for the return value already exists at other points where this function is called. • https://git.kernel.org/stable/c/82cae269cfa953032fbb8980a7d554d60fb00b17 •