CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-38059 – btrfs: avoid NULL pointer dereference if no valid csum tree
https://notcve.org/view.php?id=CVE-2025-38059
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: avoid NULL pointer dereference if no valid csum tree [BUG] When trying read-only scrub on a btrfs with rescue=idatacsums mount option, it will crash with the following call trace: BUG: kernel NULL pointer dereference, address: 0000000000000208 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page CPU: 1 UID: 0 PID: 835 Comm: btrfs Tainted: G O 6.15.0-rc3-custom+ #236 PREEMPT(full) Hardware name: QEMU S... • https://git.kernel.org/stable/c/50d0de59f66cbe6d597481e099bf1c70fd07e0a9 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38058 – __legitimize_mnt(): check for MNT_SYNC_UMOUNT should be under mount_lock
https://notcve.org/view.php?id=CVE-2025-38058
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: __legitimize_mnt(): check for MNT_SYNC_UMOUNT should be under mount_lock ... or we risk stealing final mntput from sync umount - raising mnt_count after umount(2) has verified that victim is not busy, but before it has set MNT_SYNC_UMOUNT; in that case __legitimize_mnt() doesn't see that it's safe to quietly undo mnt_count increment and leaves dropping the reference to caller, where it'll be a full-blown mntput(). Check under mount_lock is ... • https://git.kernel.org/stable/c/628fb00195ce21a90cf9e4e3d105cd9e58f77b40 •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2025-38051 – smb: client: Fix use-after-free in cifs_fill_dirent
https://notcve.org/view.php?id=CVE-2025-38051
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: smb: client: Fix use-after-free in cifs_fill_dirent There is a race condition in the readdir concurrency process, which may access the rsp buffer after it has been released, triggering the following KASAN warning. ================================================================== BUG: KASAN: slab-use-after-free in cifs_fill_dirent+0xb03/0xb60 [cifs] Read of size 4 at addr ffff8880099b819c by task a.out/342975 CPU: 2 UID: 0 PID: 342975 Comm:... • https://git.kernel.org/stable/c/a364bc0b37f14ffd66c1f982af42990a9d77fa43 •
CVSS: 4.7EPSS: 0%CPEs: 6EXPL: 0CVE-2025-38048 – virtio_ring: Fix data race by tagging event_triggered as racy for KCSAN
https://notcve.org/view.php?id=CVE-2025-38048
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: virtio_ring: Fix data race by tagging event_triggered as racy for KCSAN syzbot reports a data-race when accessing the event_triggered, here is the simplified stack when the issue occurred: ================================================================== BUG: KCSAN: data-race in virtqueue_disable_cb / virtqueue_enable_cb_delayed write to 0xffff8881025bc452 of 1 bytes by task 3288 on cpu 0: virtqueue_enable_cb_delayed+0x42/0x3c0 drivers/vir... • https://git.kernel.org/stable/c/02d2d6caee3abc9335cfca35f8eb4492173ae6f2 •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2025-38047 – x86/fred: Fix system hang during S4 resume with FRED enabled
https://notcve.org/view.php?id=CVE-2025-38047
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: x86/fred: Fix system hang during S4 resume with FRED enabled Upon a wakeup from S4, the restore kernel starts and initializes the FRED MSRs as needed from its perspective. It then loads a hibernation image, including the image kernel, and attempts to load image pages directly into their original page frames used before hibernation unless those frames are currently in use. Once all pages are moved to their original locations, it jumps to a "... • https://git.kernel.org/stable/c/c42f740a07eea4807e98d2d8febc549c957a7b49 •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2025-38045 – wifi: iwlwifi: fix debug actions order
https://notcve.org/view.php?id=CVE-2025-38045
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: fix debug actions order The order of actions taken for debug was implemented incorrectly. Now we implemented the dump split and do the FW reset only in the middle of the dump (rather than the FW killing itself on error.) As a result, some of the actions taken when applying the config will now crash the device, so we need to fix the order. In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: fix d... • https://git.kernel.org/stable/c/2b790fe67ed483d86c1aeb8be6735bf792caa7e5 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38044 – media: cx231xx: set device_caps for 417
https://notcve.org/view.php?id=CVE-2025-38044
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: media: cx231xx: set device_caps for 417 The video_device for the MPEG encoder did not set device_caps. Add this, otherwise the video device can't be registered (you get a WARN_ON instead). Not seen before since currently 417 support is disabled, but I found this while experimenting with it. In the Linux kernel, the following vulnerability has been resolved: media: cx231xx: set device_caps for 417 The video_device for the MPEG encoder did no... • https://git.kernel.org/stable/c/2ad41beb7df3bd63b209842d16765ec59dafe6e4 •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2025-38041 – clk: sunxi-ng: h616: Reparent GPU clock during frequency changes
https://notcve.org/view.php?id=CVE-2025-38041
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: clk: sunxi-ng: h616: Reparent GPU clock during frequency changes The H616 manual does not state that the GPU PLL supports dynamic frequency configuration, so we must take extra care when changing the frequency. Currently any attempt to do device DVFS on the GPU lead to panfrost various ooops, and GPU hangs. The manual describes the algorithm for changing the PLL frequency, which the CPU PLL notifier code already support, so we reuse that to... • https://git.kernel.org/stable/c/1439673b78185eaaa5fae444b3a9d58c434ee78e •
CVSS: 7.3EPSS: 0%CPEs: 5EXPL: 0CVE-2025-38040 – serial: mctrl_gpio: split disable_ms into sync and no_sync APIs
https://notcve.org/view.php?id=CVE-2025-38040
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: serial: mctrl_gpio: split disable_ms into sync and no_sync APIs The following splat has been observed on a SAMA5D27 platform using atmel_serial: BUG: sleeping function called from invalid context at kernel/irq/manage.c:738 in_atomic(): 1, irqs_disabled(): 128, non_block: 0, pid: 27, name: kworker/u5:0 preempt_count: 1, expected: 0 INFO: lockdep is turned off. irq event stamp: 0 hardirqs last enabled at (0): [<00000000>] 0x0 hardirqs last di... • https://git.kernel.org/stable/c/68435c1fa3db696db4f480385db9e50e26691d0d •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-38039 – net/mlx5e: Avoid WARN_ON when configuring MQPRIO with HTB offload enabled
https://notcve.org/view.php?id=CVE-2025-38039
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Avoid WARN_ON when configuring MQPRIO with HTB offload enabled When attempting to enable MQPRIO while HTB offload is already configured, the driver currently returns `-EINVAL` and triggers a `WARN_ON`, leading to an unnecessary call trace. Update the code to handle this case more gracefully by returning `-EOPNOTSUPP` instead, while also providing a helpful user message. In the Linux kernel, the following vulnerability has been re... • https://git.kernel.org/stable/c/090c0ba179eaf7b670e720aa054533756a43d565 •