CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2025-38635 – clk: davinci: Add NULL check in davinci_lpsc_clk_register()
https://notcve.org/view.php?id=CVE-2025-38635
22 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: clk: davinci: Add NULL check in davinci_lpsc_clk_register() devm_kasprintf() returns NULL when memory allocation fails. Currently, davinci_lpsc_clk_register() does not check for this case, which results in a NULL pointer dereference. Add NULL check after devm_kasprintf() to prevent this issue and ensuring no resources are left allocated. In the Linux kernel, the following vulnerability has been resolved: clk: davinci: Add NULL check in davi... • https://git.kernel.org/stable/c/c6ed4d734bc7f731709dab0ffd69eed499dd5277 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2025-38630 – fbdev: imxfb: Check fb_add_videomode to prevent null-ptr-deref
https://notcve.org/view.php?id=CVE-2025-38630
22 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: fbdev: imxfb: Check fb_add_videomode to prevent null-ptr-deref fb_add_videomode() can fail with -ENOMEM when its internal kmalloc() cannot allocate a struct fb_modelist. If that happens, the modelist stays empty but the driver continues to register. Add a check for its return value to prevent poteintial null-ptr-deref, which is similar to the commit 17186f1f90d3 ("fbdev: Fix do_register_framebuffer to prevent null-ptr-deref in fb_videomode_... • https://git.kernel.org/stable/c/1b6c79361ba5ce30b40f0f7d6fc2421dc5fcbe0c •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-38626 – f2fs: fix to trigger foreground gc during f2fs_map_blocks() in lfs mode
https://notcve.org/view.php?id=CVE-2025-38626
22 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to trigger foreground gc during f2fs_map_blocks() in lfs mode w/ "mode=lfs" mount option, generic/299 will cause system panic as below: ------------[ cut here ]------------ kernel BUG at fs/f2fs/segment.c:2835! Call Trace:
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2025-38624 – PCI: pnv_php: Clean up allocated IRQs on unplug
https://notcve.org/view.php?id=CVE-2025-38624
22 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: PCI: pnv_php: Clean up allocated IRQs on unplug When the root of a nested PCIe bridge configuration is unplugged, the pnv_php driver leaked the allocated IRQ resources for the child bridges' hotplug event notifications, resulting in a panic. Fix this by walking all child buses and deallocating all its IRQ resources before calling pci_hp_remove_devices(). Also modify the lifetime of the workqueue at struct pnv_php_slot::wq so that it is only... • https://git.kernel.org/stable/c/398170b7fd0e0db2f8096df5206c75e5ff41415a •
CVSS: 6.6EPSS: 0%CPEs: 6EXPL: 0CVE-2025-38623 – PCI: pnv_php: Fix surprise plug detection and recovery
https://notcve.org/view.php?id=CVE-2025-38623
22 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: PCI: pnv_php: Fix surprise plug detection and recovery The existing PowerNV hotplug code did not handle surprise plug events correctly, leading to a complete failure of the hotplug system after device removal and a required reboot to detect new devices. This comes down to two issues: 1) When a device is surprise removed, often the bridge upstream port will cause a PE freeze on the PHB. If this freeze is not cleared, the MSI interrupts from ... • https://git.kernel.org/stable/c/473999ba937eac9776be791deed7c84a21d7880b •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2025-38622 – net: drop UFO packets in udp_rcv_segment()
https://notcve.org/view.php?id=CVE-2025-38622
22 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: net: drop UFO packets in udp_rcv_segment() When sending a packet with virtio_net_hdr to tun device, if the gso_type in virtio_net_hdr is SKB_GSO_UDP and the gso_size is less than udphdr size, below crash may happen. ------------[ cut here ]------------ kernel BUG at net/core/skbuff.c:4572! Oops: invalid opcode: 0000 [#1] SMP NOPTI CPU: 0 UID: 0 PID: 62 Comm: mytest Not tainted 6.16.0-rc7 #203 PREEMPT(voluntary) Hardware name: QEMU Standard ... • https://git.kernel.org/stable/c/cf329aa42b6659204fee865bbce0ea20462552eb •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2025-38618 – vsock: Do not allow binding to VMADDR_PORT_ANY
https://notcve.org/view.php?id=CVE-2025-38618
22 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: vsock: Do not allow binding to VMADDR_PORT_ANY It is possible for a vsock to autobind to VMADDR_PORT_ANY. This can cause a use-after-free when a connection is made to the bound socket. The socket returned by accept() also has port VMADDR_PORT_ANY but is not on the list of unbound sockets. Binding it will result in an extra refcount decrement similar to the one fixed in fcdd2242c023 (vsock: Keep the binding until socket destruction). Modify ... • https://git.kernel.org/stable/c/d021c344051af91f42c5ba9fdedc176740cbd238 •
CVSS: 6.9EPSS: 0%CPEs: 6EXPL: 0CVE-2025-38617 – net/packet: fix a race in packet_set_ring() and packet_notifier()
https://notcve.org/view.php?id=CVE-2025-38617
22 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: net/packet: fix a race in packet_set_ring() and packet_notifier() When packet_set_ring() releases po->bind_lock, another thread can run packet_notifier() and process an NETDEV_UP event. This race and the fix are both similar to that of commit 15fe076edea7 ("net/packet: fix a race in packet_bind() and packet_notifier()"). There too the packet_notifier NETDEV_UP event managed to run while a po->bind_lock critical section had to be temporarily... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 6.2EPSS: 0%CPEs: 9EXPL: 0CVE-2025-38614 – eventpoll: Fix semi-unbounded recursion
https://notcve.org/view.php?id=CVE-2025-38614
19 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: eventpoll: Fix semi-unbounded recursion Ensure that epoll instances can never form a graph deeper than EP_MAX_NESTS+1 links. Currently, ep_loop_check_proc() ensures that the graph is loop-free and does some recursion depth checks, but those recursion depth checks don't limit the depth of the resulting tree for two reasons: - They don't look upwards in the tree. - If there are multiple downwards paths of different lengths, only one of the pa... • https://git.kernel.org/stable/c/22bacca48a1755f79b7e0f192ddb9fbb7fc6e64e •
CVSS: 5.6EPSS: 0%CPEs: 6EXPL: 0CVE-2025-38612 – staging: fbtft: fix potential memory leak in fbtft_framebuffer_alloc()
https://notcve.org/view.php?id=CVE-2025-38612
19 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: staging: fbtft: fix potential memory leak in fbtft_framebuffer_alloc() In the error paths after fb_info structure is successfully allocated, the memory allocated in fb_deferred_io_init() for info->pagerefs is not freed. Fix that by adding the cleanup function on the error path. In the Linux kernel, the following vulnerability has been resolved: staging: fbtft: fix potential memory leak in fbtft_framebuffer_alloc() In the error paths after f... • https://git.kernel.org/stable/c/c296d5f9957c03994a699d6739c27d4581a9f6c7 •