CVSS: -EPSS: %CPEs: 5EXPL: 0CVE-2025-38158 – hisi_acc_vfio_pci: fix XQE dma address error
https://notcve.org/view.php?id=CVE-2025-38158
03 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: hisi_acc_vfio_pci: fix XQE dma address error The dma addresses of EQE and AEQE are wrong after migration and results in guest kernel-mode encryption services failure. Comparing the definition of hardware registers, we found that there was an error when the data read from the register was combined into an address. Therefore, the address combination sequence needs to be corrected. Even after fixing the above problem, we still have an issue wh... • https://git.kernel.org/stable/c/b0eed085903e7758532696d64397901a75bba8ba •
CVSS: -EPSS: %CPEs: 8EXPL: 0CVE-2025-38157 – wifi: ath9k_htc: Abort software beacon handling if disabled
https://notcve.org/view.php?id=CVE-2025-38157
03 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k_htc: Abort software beacon handling if disabled A malicious USB device can send a WMI_SWBA_EVENTID event from an ath9k_htc-managed device before beaconing has been enabled. This causes a device-by-zero error in the driver, leading to either a crash or an out of bounds read. Prevent this by aborting the handling in ath9k_htc_swba() if beacons are not enabled. • https://git.kernel.org/stable/c/832f6a18fc2aead14954c081ece03b7a5b425f81 •
CVSS: -EPSS: %CPEs: 7EXPL: 0CVE-2025-38154 – bpf, sockmap: Avoid using sk_socket after free when sending
https://notcve.org/view.php?id=CVE-2025-38154
03 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Avoid using sk_socket after free when sending The sk->sk_socket is not locked or referenced in backlog thread, and during the call to skb_send_sock(), there is a race condition with the release of sk_socket. All types of sockets(tcp/udp/unix/vsock) will be affected. Race conditions: ''' CPU0 CPU1 backlog::skb_send_sock sendmsg_unlocked sock_sendmsg sock_sendmsg_nosec close(fd): ... ops->release() -> sock_map_close() sk_socket-... • https://git.kernel.org/stable/c/4959ffc65a0e94f8acaac20deac49f89e6ded52d •
CVSS: -EPSS: %CPEs: 8EXPL: 0CVE-2025-38153 – net: usb: aqc111: fix error handling of usbnet read calls
https://notcve.org/view.php?id=CVE-2025-38153
03 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: net: usb: aqc111: fix error handling of usbnet read calls Syzkaller, courtesy of syzbot, identified an error (see report [1]) in aqc111 driver, caused by incomplete sanitation of usb read calls' results. This problem is quite similar to the one fixed in commit 920a9fa27e78 ("net: asix: add proper error handling of usb read errors"). For instance, usbnet_read_cmd() may read fewer than 'size' bytes, even if the caller expected the full amount... • https://git.kernel.org/stable/c/df2d59a2ab6c9ceac2c4104272fce03493b8f62f •
CVSS: -EPSS: %CPEs: 5EXPL: 0CVE-2025-38148 – net: phy: mscc: Fix memory leak when using one step timestamping
https://notcve.org/view.php?id=CVE-2025-38148
03 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: net: phy: mscc: Fix memory leak when using one step timestamping Fix memory leak when running one-step timestamping. When running one-step sync timestamping, the HW is configured to insert the TX time into the frame, so there is no reason to keep the skb anymore. As in this case the HW will never generate an interrupt to say that the frame was timestamped, then the frame will never released. Fix this by freeing the frame in case of one-step... • https://git.kernel.org/stable/c/7d272e63e0979d38a6256108adbe462d621c26c5 •
CVSS: -EPSS: %CPEs: 8EXPL: 0CVE-2025-38147 – calipso: Don't call calipso functions for AF_INET sk.
https://notcve.org/view.php?id=CVE-2025-38147
03 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: calipso: Don't call calipso functions for AF_INET sk. syzkaller reported a null-ptr-deref in txopt_get(). [0] The offset 0x70 was of struct ipv6_txoptions in struct ipv6_pinfo, so struct ipv6_pinfo was NULL there. However, this never happens for IPv6 sockets as inet_sk(sk)->pinet6 is always set in inet6_create(), meaning the socket was not IPv6 one. The root cause is missing validation in netlbl_conn_setattr(). netlbl_conn_setattr() switche... • https://git.kernel.org/stable/c/ceba1832b1b2da0149c51de62a847c00bca1677a •
CVSS: -EPSS: %CPEs: 7EXPL: 0CVE-2025-38146 – net: openvswitch: Fix the dead loop of MPLS parse
https://notcve.org/view.php?id=CVE-2025-38146
03 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: Fix the dead loop of MPLS parse The unexpected MPLS packet may not end with the bottom label stack. When there are many stacks, The label count value has wrapped around. A dead loop occurs, soft lockup/CPU stuck finally. stack backtrace: UBSAN: array-index-out-of-bounds in /build/linux-0Pa0xK/linux-5.15.0/net/openvswitch/flow.c:662:26 index -1 is out of range for type '__be32 [3]' CPU: 34 PID: 0 Comm: swapper/34 Kdump: loa... • https://git.kernel.org/stable/c/fbdcdd78da7c95f1b970d371e1b23cbd3aa990f3 •
CVSS: -EPSS: %CPEs: 8EXPL: 0CVE-2025-38145 – soc: aspeed: Add NULL check in aspeed_lpc_enable_snoop()
https://notcve.org/view.php?id=CVE-2025-38145
03 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: soc: aspeed: Add NULL check in aspeed_lpc_enable_snoop() devm_kasprintf() returns NULL when memory allocation fails. Currently, aspeed_lpc_enable_snoop() does not check for this case, which results in a NULL pointer dereference. Add NULL check after devm_kasprintf() to prevent this issue. [arj: Fix Fixes: tag to use subject from 3772e5da4454] • https://git.kernel.org/stable/c/3772e5da445420543b25825ac2b5971f3743f6e8 •
CVSS: -EPSS: %CPEs: 7EXPL: 0CVE-2025-38143 – backlight: pm8941: Add NULL check in wled_configure()
https://notcve.org/view.php?id=CVE-2025-38143
03 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: backlight: pm8941: Add NULL check in wled_configure() devm_kasprintf() returns NULL when memory allocation fails. Currently, wled_configure() does not check for this case, which results in a NULL pointer dereference. Add NULL check after devm_kasprintf() to prevent this issue. • https://git.kernel.org/stable/c/f86b77583d88c8402e8d89a339d96f847318f8a8 •
CVSS: -EPSS: %CPEs: 5EXPL: 0CVE-2025-38142 – hwmon: (asus-ec-sensors) check sensor index in read_string()
https://notcve.org/view.php?id=CVE-2025-38142
03 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: hwmon: (asus-ec-sensors) check sensor index in read_string() Prevent a potential invalid memory access when the requested sensor is not found. find_ec_sensor_index() may return a negative value (e.g. -ENOENT), but its result was used without checking, which could lead to undefined behavior when passed to get_sensor_info(). Add a proper check to return -EINVAL if sensor_index is negative. Found by Linux Verification Center (linuxtesting.org)... • https://git.kernel.org/stable/c/d0ddfd241e5719d696bc0b081e260db69d368668 •