CVSS: 5.5EPSS: %CPEs: 6EXPL: 0CVE-2025-38630 – fbdev: imxfb: Check fb_add_videomode to prevent null-ptr-deref
https://notcve.org/view.php?id=CVE-2025-38630
22 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: fbdev: imxfb: Check fb_add_videomode to prevent null-ptr-deref fb_add_videomode() can fail with -ENOMEM when its internal kmalloc() cannot allocate a struct fb_modelist. If that happens, the modelist stays empty but the driver continues to register. Add a check for its return value to prevent poteintial null-ptr-deref, which is similar to the commit 17186f1f90d3 ("fbdev: Fix do_register_framebuffer to prevent null-ptr-deref in fb_videomode_... • https://git.kernel.org/stable/c/1b6c79361ba5ce30b40f0f7d6fc2421dc5fcbe0c •
CVSS: 5.5EPSS: %CPEs: 5EXPL: 0CVE-2025-38626 – f2fs: fix to trigger foreground gc during f2fs_map_blocks() in lfs mode
https://notcve.org/view.php?id=CVE-2025-38626
22 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to trigger foreground gc during f2fs_map_blocks() in lfs mode w/ "mode=lfs" mount option, generic/299 will cause system panic as below: ------------[ cut here ]------------ kernel BUG at fs/f2fs/segment.c:2835! Call Trace:
CVSS: 5.5EPSS: %CPEs: 6EXPL: 0CVE-2025-38624 – PCI: pnv_php: Clean up allocated IRQs on unplug
https://notcve.org/view.php?id=CVE-2025-38624
22 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: PCI: pnv_php: Clean up allocated IRQs on unplug When the root of a nested PCIe bridge configuration is unplugged, the pnv_php driver leaked the allocated IRQ resources for the child bridges' hotplug event notifications, resulting in a panic. Fix this by walking all child buses and deallocating all its IRQ resources before calling pci_hp_remove_devices(). Also modify the lifetime of the workqueue at struct pnv_php_slot::wq so that it is only... • https://git.kernel.org/stable/c/398170b7fd0e0db2f8096df5206c75e5ff41415a •
CVSS: 6.6EPSS: %CPEs: 6EXPL: 0CVE-2025-38623 – PCI: pnv_php: Fix surprise plug detection and recovery
https://notcve.org/view.php?id=CVE-2025-38623
22 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: PCI: pnv_php: Fix surprise plug detection and recovery The existing PowerNV hotplug code did not handle surprise plug events correctly, leading to a complete failure of the hotplug system after device removal and a required reboot to detect new devices. This comes down to two issues: 1) When a device is surprise removed, often the bridge upstream port will cause a PE freeze on the PHB. If this freeze is not cleared, the MSI interrupts from ... • https://git.kernel.org/stable/c/473999ba937eac9776be791deed7c84a21d7880b •
CVSS: 7.1EPSS: %CPEs: 6EXPL: 0CVE-2025-38618 – vsock: Do not allow binding to VMADDR_PORT_ANY
https://notcve.org/view.php?id=CVE-2025-38618
22 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: vsock: Do not allow binding to VMADDR_PORT_ANY It is possible for a vsock to autobind to VMADDR_PORT_ANY. This can cause a use-after-free when a connection is made to the bound socket. The socket returned by accept() also has port VMADDR_PORT_ANY but is not on the list of unbound sockets. Binding it will result in an extra refcount decrement similar to the one fixed in fcdd2242c023 (vsock: Keep the binding until socket destruction). Modify ... • https://git.kernel.org/stable/c/d021c344051af91f42c5ba9fdedc176740cbd238 •
CVSS: 6.9EPSS: %CPEs: 6EXPL: 0CVE-2025-38617 – net/packet: fix a race in packet_set_ring() and packet_notifier()
https://notcve.org/view.php?id=CVE-2025-38617
22 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: net/packet: fix a race in packet_set_ring() and packet_notifier() When packet_set_ring() releases po->bind_lock, another thread can run packet_notifier() and process an NETDEV_UP event. This race and the fix are both similar to that of commit 15fe076edea7 ("net/packet: fix a race in packet_bind() and packet_notifier()"). There too the packet_notifier NETDEV_UP event managed to run while a po->bind_lock critical section had to be temporarily... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 6.2EPSS: 0%CPEs: 9EXPL: 0CVE-2025-38614 – eventpoll: Fix semi-unbounded recursion
https://notcve.org/view.php?id=CVE-2025-38614
19 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: eventpoll: Fix semi-unbounded recursion Ensure that epoll instances can never form a graph deeper than EP_MAX_NESTS+1 links. Currently, ep_loop_check_proc() ensures that the graph is loop-free and does some recursion depth checks, but those recursion depth checks don't limit the depth of the resulting tree for two reasons: - They don't look upwards in the tree. - If there are multiple downwards paths of different lengths, only one of the pa... • https://git.kernel.org/stable/c/22bacca48a1755f79b7e0f192ddb9fbb7fc6e64e •
CVSS: 5.6EPSS: 0%CPEs: 6EXPL: 0CVE-2025-38612 – staging: fbtft: fix potential memory leak in fbtft_framebuffer_alloc()
https://notcve.org/view.php?id=CVE-2025-38612
19 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: staging: fbtft: fix potential memory leak in fbtft_framebuffer_alloc() In the error paths after fb_info structure is successfully allocated, the memory allocated in fb_deferred_io_init() for info->pagerefs is not freed. Fix that by adding the cleanup function on the error path. In the Linux kernel, the following vulnerability has been resolved: staging: fbtft: fix potential memory leak in fbtft_framebuffer_alloc() In the error paths after f... • https://git.kernel.org/stable/c/c296d5f9957c03994a699d6739c27d4581a9f6c7 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2025-38611 – vmci: Prevent the dispatching of uninitialized payloads
https://notcve.org/view.php?id=CVE-2025-38611
19 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: vmci: Prevent the dispatching of uninitialized payloads The reproducer executes the host's unlocked_ioctl call in two different tasks. When init_context fails, the struct vmci_event_ctx is not fully initialized when executing vmci_datagram_dispatch() to send events to all vm contexts. This affects the datagram taken from the datagram queue of its context by another task, because the datagram payload is not initialized according to the size ... • https://git.kernel.org/stable/c/28d6692cd8fb2a900edba5e5983be4478756ef6f •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2025-38604 – wifi: rtl818x: Kill URBs before clearing tx status queue
https://notcve.org/view.php?id=CVE-2025-38604
19 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: rtl818x: Kill URBs before clearing tx status queue In rtl8187_stop() move the call of usb_kill_anchored_urbs() before clearing b_tx_status.queue. This change prevents callbacks from using already freed skb due to anchor was not killed before freeing such skb. BUG: kernel NULL pointer dereference, address: 0000000000000080 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: Oops: 0000... • https://git.kernel.org/stable/c/c1db52b9d27ee6e15a7136e67e4a21dc916cd07f •