CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2025-38699 – scsi: bfa: Double-free fix
https://notcve.org/view.php?id=CVE-2025-38699
04 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: bfa: Double-free fix When the bfad_im_probe() function fails during initialization, the memory pointed to by bfad->im is freed without setting bfad->im to NULL. Subsequently, during driver uninstallation, when the state machine enters the bfad_sm_stopping state and calls the bfad_im_probe_undo() function, it attempts to free the memory pointed to by bfad->im again, thereby triggering a double-free vulnerability. Set bfad->im to NULL i... • https://git.kernel.org/stable/c/684c92bb08a25ed3c0356bc7eb532ed5b19588dd •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2025-38698 – jfs: Regular file corruption check
https://notcve.org/view.php?id=CVE-2025-38698
04 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: jfs: Regular file corruption check The reproducer builds a corrupted file on disk with a negative i_size value. Add a check when opening this file to avoid subsequent operation failures. In the Linux kernel, the following vulnerability has been resolved: jfs: Regular file corruption check The reproducer builds a corrupted file on disk with a negative i_size value. Add a check when opening this file to avoid subsequent operation failures. Je... • https://git.kernel.org/stable/c/9f896c3d0192241d6438be6963682ace8203f502 •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2025-38697 – jfs: upper bound check of tree index in dbAllocAG
https://notcve.org/view.php?id=CVE-2025-38697
04 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: jfs: upper bound check of tree index in dbAllocAG When computing the tree index in dbAllocAG, we never check if we are out of bounds realative to the size of the stree. This could happen in a scenario where the filesystem metadata are corrupted. In the Linux kernel, the following vulnerability has been resolved: jfs: upper bound check of tree index in dbAllocAG When computing the tree index in dbAllocAG, we never check if we are out of boun... • https://git.kernel.org/stable/c/5bdb9553fb134fd52ec208a8b378120670f6e784 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2025-38696 – MIPS: Don't crash in stack_top() for tasks without ABI or vDSO
https://notcve.org/view.php?id=CVE-2025-38696
04 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: MIPS: Don't crash in stack_top() for tasks without ABI or vDSO Not all tasks have an ABI associated or vDSO mapped, for example kthreads never do. If such a task ever ends up calling stack_top(), it will derefence the NULL ABI pointer and crash. This can for example happen when using kunit: mips_stack_top+0x28/0xc0 arch_pick_mmap_layout+0x190/0x220 kunit_vm_mmap_init+0xf8/0x138 __kunit_add_resource+0x40/0xa8 kunit_vm_mmap+0x88/0xd8 usercopy... • https://git.kernel.org/stable/c/ab18e48a503230d675e824a0d68a108bdff42503 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2025-38695 – scsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport structure
https://notcve.org/view.php?id=CVE-2025-38695
04 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport structure If a call to lpfc_sli4_read_rev() from lpfc_sli4_hba_setup() fails, the resultant cleanup routine lpfc_sli4_vport_delete_fcp_xri_aborted() may occur before sli4_hba.hdwqs are allocated. This may result in a null pointer dereference when attempting to take the abts_io_buf_list_lock for the first hardware queue. Fix by adding a null ptr check on phba->sli4_hba.hdwq and ... • https://git.kernel.org/stable/c/6711ce7e9de4eb1a541ef30638df1294ea4267f8 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2025-38694 – media: dvb-frontends: dib7090p: fix null-ptr-deref in dib7090p_rw_on_apb()
https://notcve.org/view.php?id=CVE-2025-38694
04 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: media: dvb-frontends: dib7090p: fix null-ptr-deref in dib7090p_rw_on_apb() In dib7090p_rw_on_apb, msg is controlled by user. When msg[0].buf is null and msg[0].len is zero, former checks on msg[0].buf would be passed. If accessing msg[0].buf[2] without sanity check, null pointer deref would happen. We add check on msg[0].len to prevent crash. Similar issue occurs when access msg[1].buf[0] and msg[1].buf[1]. • https://git.kernel.org/stable/c/bc07cae4f36bb18d5b6a9ed835c1278ca44ec82e •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2025-38693 – media: dvb-frontends: w7090p: fix null-ptr-deref in w7090p_tuner_write_serpar and w7090p_tuner_read_serpar
https://notcve.org/view.php?id=CVE-2025-38693
04 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: media: dvb-frontends: w7090p: fix null-ptr-deref in w7090p_tuner_write_serpar and w7090p_tuner_read_serpar In w7090p_tuner_write_serpar, msg is controlled by user. When msg[0].buf is null and msg[0].len is zero, former checks on msg[0].buf would be passed. If accessing msg[0].buf[2] without sanity check, null pointer deref would happen. We add check on msg[0].len to prevent crash. Similar commit: commit 0ed554fd769a ("media: dvb-usb: az6027... • https://git.kernel.org/stable/c/7a41ecfc3415ebe3b4c44f96b3337691dcf431a3 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-38692 – exfat: add cluster chain loop check for dir
https://notcve.org/view.php?id=CVE-2025-38692
04 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: exfat: add cluster chain loop check for dir An infinite loop may occur if the following conditions occur due to file system corruption. (1) Condition for exfat_count_dir_entries() to loop infinitely. - The cluster chain includes a loop. - There is no UNUSED entry in the cluster chain. (2) Condition for exfat_create_upcase_table() to loop infinitely. - The cluster chain of the root directory includes a loop. - There are no UNUSED entry and u... • https://git.kernel.org/stable/c/1acf1a564b6034b5af1e7fb23cb98cb3bb4f6003 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2025-38691 – pNFS: Fix uninited ptr deref in block/scsi layout
https://notcve.org/view.php?id=CVE-2025-38691
04 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: pNFS: Fix uninited ptr deref in block/scsi layout The error occurs on the third attempt to encode extents. When function ext_tree_prepare_commit() reallocates a larger buffer to retry encoding extents, the "layoutupdate_pages" page array is initialized only after the retry loop. But ext_tree_free_commitdata() is called on every iteration and tries to put pages in the array, thus dereferencing uninitialized pointers. An additional problem is... • https://git.kernel.org/stable/c/579b85f893d9885162e1cabf99a4a088916e143e •
CVSS: 6.3EPSS: 0%CPEs: 9EXPL: 0CVE-2025-38687 – comedi: fix race between polling and detaching
https://notcve.org/view.php?id=CVE-2025-38687
04 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: comedi: fix race between polling and detaching syzbot reports a use-after-free in comedi in the below link, which is due to comedi gladly removing the allocated async area even though poll requests are still active on the wait_queue_head inside of it. This can cause a use-after-free when the poll entries are later triggered or removed, as the memory for the wait_queue_head has been freed. We need to check there are no tasks queued on any of... • https://git.kernel.org/stable/c/2f3fdcd7ce935f6f2899ceab57dc8fe5286db3e1 •