CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2025-38223 – ceph: avoid kernel BUG for encrypted inode with unaligned file size
https://notcve.org/view.php?id=CVE-2025-38223
04 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: ceph: avoid kernel BUG for encrypted inode with unaligned file size The generic/397 test hits a BUG_ON for the case of encrypted inode with unaligned file size (for example, 33K or 1K): [ 877.737811] run fstests generic/397 at 2025-01-03 12:34:40 [ 877.875761] libceph: mon0 (2)127.0.0.1:40674 session established [ 877.876130] libceph: client4614 fsid 19b90bca-f1ae-47a6-93dd-0b03ee637949 [ 877.991965] libceph: mon0 (2)127.0.0.1:40674 session... • https://git.kernel.org/stable/c/ee4cdf7ba857a894ad1650d6ab77669cbbfa329e •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38222 – ext4: inline: fix len overflow in ext4_prepare_inline_data
https://notcve.org/view.php?id=CVE-2025-38222
04 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: inline: fix len overflow in ext4_prepare_inline_data When running the following code on an ext4 filesystem with inline_data feature enabled, it will lead to the bug below. fd = open("file1", O_RDWR | O_CREAT | O_TRUNC, 0666); ftruncate(fd, 30); pwrite(fd, "a", 1, (1UL << 40) + 5UL); That happens because write_begin will succeed as when ext4_generic_write_inline_data calls ext4_prepare_inline_data, pos + len will be truncated, leading ... • https://git.kernel.org/stable/c/f19d5870cbf72d4cb2a8e1f749dff97af99b071e •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-38220 – ext4: only dirty folios when data journaling regular files
https://notcve.org/view.php?id=CVE-2025-38220
04 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: only dirty folios when data journaling regular files fstest generic/388 occasionally reproduces a crash that looks as follows: BUG: kernel NULL pointer dereference, address: 0000000000000000 ... Call Trace:
CVSS: 5.0EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38219 – f2fs: prevent kernel warning due to negative i_nlink from corrupted image
https://notcve.org/view.php?id=CVE-2025-38219
04 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: f2fs: prevent kernel warning due to negative i_nlink from corrupted image WARNING: CPU: 1 PID: 9426 at fs/inode.c:417 drop_nlink+0xac/0xd0 home/cc/linux/fs/inode.c:417 Modules linked in: CPU: 1 UID: 0 PID: 9426 Comm: syz-executor568 Not tainted 6.14.0-12627-g94d471a4f428 #2 PREEMPT(full) Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014 RIP: 0010:drop_nlink+0xac/0xd0 home/cc/linux/fs/inode.c:417 Code: ... • https://git.kernel.org/stable/c/d9a55869d8237e677ddaa18b0f58586364cfbc1c •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2025-38218 – f2fs: fix to do sanity check on sit_bitmap_size
https://notcve.org/view.php?id=CVE-2025-38218
04 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on sit_bitmap_size w/ below testcase, resize will generate a corrupted image which contains inconsistent metadata, so when mounting such image, it will trigger kernel panic: touch img truncate -s $((512*1024*1024*1024)) img mkfs.f2fs -f img $((256*1024*1024)) resize.f2fs -s -i img -t $((1024*1024*1024)) mount img /mnt/f2fs ------------[ cut here ]------------ kernel BUG at fs/f2fs/segment.h:863! Oops: invalid op... • https://git.kernel.org/stable/c/82f51bff393e4c12cf4de553120ca831cfa4ef19 •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2025-38217 – hwmon: (ftsteutates) Fix TOCTOU race in fts_read()
https://notcve.org/view.php?id=CVE-2025-38217
04 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: hwmon: (ftsteutates) Fix TOCTOU race in fts_read() In the fts_read() function, when handling hwmon_pwm_auto_channels_temp, the code accesses the shared variable data->fan_source[channel] twice without holding any locks. It is first checked against FTS_FAN_SOURCE_INVALID, and if the check passes, it is read again when used as an argument to the BIT() macro. This creates a Time-of-Check to Time-of-Use (TOCTOU) race condition. Another thread e... • https://git.kernel.org/stable/c/1c5759d8ce054961b454af69568a41e7e3210ee1 •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2025-38216 – iommu/vt-d: Restore context entry setup order for aliased devices
https://notcve.org/view.php?id=CVE-2025-38216
04 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Restore context entry setup order for aliased devices Commit 2031c469f816 ("iommu/vt-d: Add support for static identity domain") changed the context entry setup during domain attachment from a set-and-check policy to a clear-and-reset approach. This inadvertently introduced a regression affecting PCI aliased devices behind PCIe-to-PCI bridges. Specifically, keyboard and touchpad stopped working on several Apple Macbooks with bel... • https://git.kernel.org/stable/c/2031c469f8161abe74189cb74f50da224f340b71 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-38215 – fbdev: Fix do_register_framebuffer to prevent null-ptr-deref in fb_videomode_to_var
https://notcve.org/view.php?id=CVE-2025-38215
04 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: fbdev: Fix do_register_framebuffer to prevent null-ptr-deref in fb_videomode_to_var If fb_add_videomode() in do_register_framebuffer() fails to allocate memory for fb_videomode, it will later lead to a null-ptr dereference in fb_videomode_to_var(), as the fb_info is registered while not having the mode in modelist that is expected to be there, i.e. the one that is described in fb_info->var. ==================================================... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38214 – fbdev: Fix fb_set_var to prevent null-ptr-deref in fb_videomode_to_var
https://notcve.org/view.php?id=CVE-2025-38214
04 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: fbdev: Fix fb_set_var to prevent null-ptr-deref in fb_videomode_to_var If fb_add_videomode() in fb_set_var() fails to allocate memory for fb_videomode, later it may lead to a null-ptr dereference in fb_videomode_to_var(), as the fb_info is registered while not having the mode in modelist that is expected to be there, i.e. the one that is described in fb_info->var. ================================================================ general prot... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38213 – vgacon: Add check for vc_origin address range in vgacon_scroll()
https://notcve.org/view.php?id=CVE-2025-38213
04 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: vgacon: Add check for vc_origin address range in vgacon_scroll() Our in-house Syzkaller reported the following BUG (twice), which we believed was the same issue with [1]: ================================================================== BUG: KASAN: slab-out-of-bounds in vcs_scr_readw+0xc2/0xd0 drivers/tty/vt/vt.c:4740 Read of size 2 at addr ffff88800f5bef60 by task syz.7.2620/12393 ... Call Trace: