CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38180 – net: atm: fix /proc/net/atm/lec handling
https://notcve.org/view.php?id=CVE-2025-38180
04 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: net: atm: fix /proc/net/atm/lec handling /proc/net/atm/lec must ensure safety against dev_lec[] changes. It appears it had dev_put() calls without prior dev_hold(), leading to imbalance and UAF. In the Linux kernel, the following vulnerability has been resolved: net: atm: fix /proc/net/atm/lec handling /proc/net/atm/lec must ensure safety against dev_lec[] changes. It appears it had dev_put() calls without prior dev_hold(), leading to imbal... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 4.7EPSS: 0%CPEs: 4EXPL: 0CVE-2025-38105 – ALSA: usb-audio: Kill timer properly at removal
https://notcve.org/view.php?id=CVE-2025-38105
03 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Kill timer properly at removal The USB-audio MIDI code initializes the timer, but in a rare case, the driver might be freed without the disconnect call. This leaves the timer in an active state while the assigned object is released via snd_usbmidi_free(), which ends up with a kernel warning when the debug configuration is enabled, as spotted by fuzzer. For avoiding the problem, put timer_shutdown_sync() at snd_usbmidi_free(... • https://git.kernel.org/stable/c/c88469704d63787e8d44ca5ea1c1bd0adc29572d •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 2CVE-2025-38085 – mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race
https://notcve.org/view.php?id=CVE-2025-38085
28 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race huge_pmd_unshare() drops a reference on a page table that may have previously been shared across processes, potentially turning it into a normal page table used in another process in which unrelated VMAs can afterwards be installed. If this happens in the middle of a concurrent gup_fast(), gup_fast() could end up walking the page tables of another process. While I don't see any way in whic... • https://packetstorm.news/files/id/207451 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.2EPSS: 0%CPEs: 7EXPL: 2CVE-2025-38084 – mm/hugetlb: unshare page tables during VMA split, not before
https://notcve.org/view.php?id=CVE-2025-38084
28 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: unshare page tables during VMA split, not before Currently, __split_vma() triggers hugetlb page table unsharing through vm_ops->may_split(). This happens before the VMA lock and rmap locks are taken - which is too early, it allows racing VMA-locked page faults in our process and racing rmap walks from other processes to cause page tables to be shared again before we actually perform the split. Fix it by explicitly calling into t... • https://packetstorm.news/files/id/207451 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50205 – ext2: Add more validity checks for inode counts
https://notcve.org/view.php?id=CVE-2022-50205
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: ext2: Add more validity checks for inode counts Add checks verifying number of inodes stored in the superblock matches the number computed from number of inodes per group. Also verify we have at least one block worth of inodes per group. This prevents crashes on corrupted filesystems. In the Linux kernel, the following vulnerability has been resolved: ext2: Add more validity checks for inode counts Add checks verifying number of inodes stor... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50126 – jbd2: fix assertion 'jh->b_frozen_data == NULL' failure when journal aborted
https://notcve.org/view.php?id=CVE-2022-50126
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: jbd2: fix assertion 'jh->b_frozen_data == NULL' failure when journal aborted Following process will fail assertion 'jh->b_frozen_data == NULL' in jbd2_journal_dirty_metadata(): jbd2_journal_commit_transaction unlink(dir/a) jh->b_transaction = trans1 jh->b_jlist = BJ_Metadata journal->j_running_transaction = NULL trans1->t_state = T_COMMIT unlink(dir/b) handle->h_trans = trans2 do_get_write_access jh->b_modified = 0 jh->b_frozen_data = froze... • https://git.kernel.org/stable/c/470decc613ab2048b619a01028072d932d9086ee • CWE-617: Reachable Assertion •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50105 – powerpc/spufs: Fix refcount leak in spufs_init_isolated_loader
https://notcve.org/view.php?id=CVE-2022-50105
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: powerpc/spufs: Fix refcount leak in spufs_init_isolated_loader of_find_node_by_path() returns remote device nodepointer with refcount incremented, we should use of_node_put() on it when done. Add missing of_node_put() to avoid refcount leak. In the Linux kernel, the following vulnerability has been resolved: powerpc/spufs: Fix refcount leak in spufs_init_isolated_loader of_find_node_by_path() returns remote device nodepointer with refcount ... • https://git.kernel.org/stable/c/0afacde3df4c9980f505d9afd7cb0058389732ca •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50028 – gadgetfs: ep_io - wait until IRQ finishes
https://notcve.org/view.php?id=CVE-2022-50028
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: gadgetfs: ep_io - wait until IRQ finishes after usb_ep_queue() if wait_for_completion_interruptible() is interrupted we need to wait until IRQ gets finished. Otherwise complete() from epio_complete() can corrupt stack. A flaw was found in the gadgetfs module in the Linux kernel. If the wait_for_completion_interruptible() function is interrupted, the driver does not wait for the interrupt to finish, causing stack corruption and resulting in ... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 • CWE-121: Stack-based Buffer Overflow •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50007 – xfrm: fix refcount leak in __xfrm_policy_check()
https://notcve.org/view.php?id=CVE-2022-50007
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: xfrm: fix refcount leak in __xfrm_policy_check() The issue happens on an error path in __xfrm_policy_check(). When the fetching process of the object `pols[1]` fails, the function simply returns 0, forgetting to decrement the reference count of `pols[0]`, which is incremented earlier by either xfrm_sk_policy_lookup() or xfrm_policy_lookup(). This may result in memory leaks. Fix it by decreasing the reference count of `pols[0]` in that path.... • https://git.kernel.org/stable/c/134b0fc544ba062498451611cb6f3e4454221b3d • CWE-911: Improper Update of Reference Count •
CVSS: 5.8EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49993 – loop: Check for overflow while configuring loop
https://notcve.org/view.php?id=CVE-2022-49993
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: loop: Check for overflow while configuring loop The userspace can configure a loop using an ioctl call, wherein a configuration of type loop_config is passed (see lo_ioctl()'s case on line 1550 of drivers/block/loop.c). This proceeds to call loop_configure() which in turn calls loop_set_status_from_info() (see line 1050 of loop.c), passing &config->info which is of type loop_info64*. This function then sets the appropriate values, like the ... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 • CWE-681: Incorrect Conversion between Numeric Types •