CVSS: -EPSS: %CPEs: 2EXPL: 0CVE-2025-38070 – ASoC: sma1307: Add NULL check in sma1307_setting_loaded()
https://notcve.org/view.php?id=CVE-2025-38070
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: ASoC: sma1307: Add NULL check in sma1307_setting_loaded() All varibale allocated by kzalloc and devm_kzalloc could be NULL. Multiple pointer checks and their cleanup are added. This issue is found by our static analysis tool • https://git.kernel.org/stable/c/f8434b8ba437d3f6cbcd9ffe8405bd16ed28fc5c •
CVSS: -EPSS: %CPEs: 3EXPL: 0CVE-2025-38069 – PCI: endpoint: pci-epf-test: Fix double free that causes kernel to oops
https://notcve.org/view.php?id=CVE-2025-38069
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: pci-epf-test: Fix double free that causes kernel to oops Fix a kernel oops found while testing the stm32_pcie Endpoint driver with handling of PERST# deassertion: During EP initialization, pci_epf_test_alloc_space() allocates all BARs, which are further freed if epc_set_bar() fails (for instance, due to no free inbound window). However, when pci_epc_set_bar() fails, the error path: pci_epc_set_bar() -> pci_epf_free_space() do... • https://git.kernel.org/stable/c/fe2329eff5bee461ebcafadb6ca1df0cbf5945fd •
CVSS: -EPSS: %CPEs: 6EXPL: 0CVE-2025-38068 – crypto: lzo - Fix compression buffer overrun
https://notcve.org/view.php?id=CVE-2025-38068
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: crypto: lzo - Fix compression buffer overrun Unlike the decompression code, the compression code in LZO never checked for output overruns. It instead assumes that the caller always provides enough buffer space, disregarding the buffer length provided by the caller. Add a safe compression interface that checks for the end of buffer before each write. Use the safe interface in crypto/lzo. • https://git.kernel.org/stable/c/4b173bb2c4665c23f8fcf5241c7b06dfa6b5b111 •
CVSS: -EPSS: %CPEs: 2EXPL: 0CVE-2025-38067 – rseq: Fix segfault on registration when rseq_cs is non-zero
https://notcve.org/view.php?id=CVE-2025-38067
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: rseq: Fix segfault on registration when rseq_cs is non-zero The rseq_cs field is documented as being set to 0 by user-space prior to registration, however this is not currently enforced by the kernel. This can result in a segfault on return to user-space if the value stored in the rseq_cs field doesn't point to a valid struct rseq_cs. The correct solution to this would be to fail the rseq registration when the rseq_cs field is non-zero. How... • https://git.kernel.org/stable/c/2df285dab00fa03a3ef939b6cb0d0d0aeb0791db •
CVSS: -EPSS: %CPEs: 8EXPL: 0CVE-2025-38066 – dm cache: prevent BUG_ON by blocking retries on failed device resumes
https://notcve.org/view.php?id=CVE-2025-38066
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: dm cache: prevent BUG_ON by blocking retries on failed device resumes A cache device failing to resume due to mapping errors should not be retried, as the failure leaves a partially initialized policy object. Repeating the resume operation risks triggering BUG_ON when reloading cache mappings into the incomplete policy object. Reproduce steps: 1. create a cache metadata consisting of 512 or more cache blocks, with some mappings stored in th... • https://git.kernel.org/stable/c/c614584c2a66b538f469089ac089457a34590c14 •
CVSS: -EPSS: %CPEs: 8EXPL: 0CVE-2025-38065 – orangefs: Do not truncate file size
https://notcve.org/view.php?id=CVE-2025-38065
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: orangefs: Do not truncate file size 'len' is used to store the result of i_size_read(), so making 'len' a size_t results in truncation to 4GiB on 32-bit systems. • https://git.kernel.org/stable/c/ceaf195ed285b77791e29016ee6344b3ded609b3 •
CVSS: -EPSS: %CPEs: 2EXPL: 0CVE-2025-38064 – virtio: break and reset virtio devices on device_shutdown()
https://notcve.org/view.php?id=CVE-2025-38064
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: virtio: break and reset virtio devices on device_shutdown() Hongyu reported a hang on kexec in a VM. QEMU reported invalid memory accesses during the hang. Invalid read at addr 0x102877002, size 2, region '(null)', reason: rejected Invalid write at addr 0x102877A44, size 2, region '(null)', reason: rejected ... It was traced down to virtio-console. Kexec works fine if virtio-console is not in use. • https://git.kernel.org/stable/c/aee42f3d57bfa37b2716df4584edeecf63b9df4c •
CVSS: -EPSS: %CPEs: 5EXPL: 0CVE-2025-38063 – dm: fix unconditional IO throttle caused by REQ_PREFLUSH
https://notcve.org/view.php?id=CVE-2025-38063
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: dm: fix unconditional IO throttle caused by REQ_PREFLUSH When a bio with REQ_PREFLUSH is submitted to dm, __send_empty_flush() generates a flush_bio with REQ_OP_WRITE | REQ_PREFLUSH | REQ_SYNC, which causes the flush_bio to be throttled by wbt_wait(). An example from v5.4, similar problem also exists in upstream: crash> bt 2091206 PID: 2091206 TASK: ffff2050df92a300 CPU: 109 COMMAND: "kworker/u260:0" #0 [ffff800084a2f7f0] __switch_to at fff... • https://git.kernel.org/stable/c/95d08924335f3b6f4ea0b92ebfe4fe0731c502d9 •
CVSS: -EPSS: %CPEs: 5EXPL: 0CVE-2025-38062 – genirq/msi: Store the IOMMU IOVA directly in msi_desc instead of iommu_cookie
https://notcve.org/view.php?id=CVE-2025-38062
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: genirq/msi: Store the IOMMU IOVA directly in msi_desc instead of iommu_cookie The IOMMU translation for MSI message addresses has been a 2-step process, separated in time: 1) iommu_dma_prepare_msi(): A cookie pointer containing the IOVA address is stored in the MSI descriptor when an MSI interrupt is allocated. 2) iommu_dma_compose_msi_msg(): this cookie pointer is used to compute a translated message address. This has an inherent lifetime ... • https://git.kernel.org/stable/c/e4d3763223c7b72ded53425207075e7453b4e3d5 •
CVSS: -EPSS: %CPEs: 8EXPL: 0CVE-2025-38061 – net: pktgen: fix access outside of user given buffer in pktgen_thread_write()
https://notcve.org/view.php?id=CVE-2025-38061
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: net: pktgen: fix access outside of user given buffer in pktgen_thread_write() Honour the user given buffer size for the strn_len() calls (otherwise strn_len() will access memory outside of the user given buffer). • https://git.kernel.org/stable/c/a3d89f1cfe1e6d4bb164db2595511fd33db21900 •