CVSS: 5.5EPSS: %CPEs: 5EXPL: 0CVE-2025-38665 – can: netlink: can_changelink(): fix NULL pointer deref of struct can_priv::do_set_mode
https://notcve.org/view.php?id=CVE-2025-38665
22 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: can: netlink: can_changelink(): fix NULL pointer deref of struct can_priv::do_set_mode Andrei Lalaev reported a NULL pointer deref when a CAN device is restarted from Bus Off and the driver does not implement the struct can_priv::do_set_mode callback. There are 2 code path that call struct can_priv::do_set_mode: - directly by a manual restart from the user space, via can_changelink() - delayed automatic restart after bus off (deactivated by... • https://git.kernel.org/stable/c/39549eef3587f1c1e8c65c88a2400d10fd30ea17 •
CVSS: 5.5EPSS: %CPEs: 5EXPL: 0CVE-2025-38664 – ice: Fix a null pointer dereference in ice_copy_and_init_pkg()
https://notcve.org/view.php?id=CVE-2025-38664
22 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: ice: Fix a null pointer dereference in ice_copy_and_init_pkg() Add check for the return value of devm_kmemdup() to prevent potential null pointer dereference. In the Linux kernel, the following vulnerability has been resolved: ice: Fix a null pointer dereference in ice_copy_and_init_pkg() Add check for the return value of devm_kmemdup() to prevent potential null pointer dereference. • https://git.kernel.org/stable/c/c7648810961682b9388be2dd041df06915647445 •
CVSS: 7.8EPSS: %CPEs: 5EXPL: 0CVE-2025-38663 – nilfs2: reject invalid file types when reading inodes
https://notcve.org/view.php?id=CVE-2025-38663
22 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: nilfs2: reject invalid file types when reading inodes To prevent inodes with invalid file types from tripping through the vfs and causing malfunctions or assertion failures, add a missing sanity check when reading an inode from a block device. If the file type is not valid, treat it as a filesystem error. In the Linux kernel, the following vulnerability has been resolved: nilfs2: reject invalid file types when reading inodes To prevent inod... • https://git.kernel.org/stable/c/05fe58fdc10df9ebea04c0eaed57adc47af5c184 •
CVSS: 7.8EPSS: %CPEs: 3EXPL: 0CVE-2025-38662 – ASoC: mediatek: mt8365-dai-i2s: pass correct size to mt8365_dai_set_priv
https://notcve.org/view.php?id=CVE-2025-38662
22 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: mt8365-dai-i2s: pass correct size to mt8365_dai_set_priv Given mt8365_dai_set_priv allocate priv_size space to copy priv_data which means we should pass mt8365_i2s_priv[i] or "struct mtk_afe_i2s_priv" instead of afe_priv which has the size of "struct mt8365_afe_private". Otherwise the KASAN complains about. [ 59.389765] BUG: KASAN: global-out-of-bounds in mt8365_dai_set_priv+0xc8/0x168 [snd_soc_mt8365_pcm] ... [ 59.394789] C... • https://git.kernel.org/stable/c/402bbb13a195caa83b3279ebecdabfb11ddee084 •
CVSS: 7.1EPSS: %CPEs: 2EXPL: 0CVE-2025-38661 – platform/x86: alienware-wmi-wmax: Fix `dmi_system_id` array
https://notcve.org/view.php?id=CVE-2025-38661
22 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: platform/x86: alienware-wmi-wmax: Fix `dmi_system_id` array Add missing empty member to `awcc_dmi_table`. • https://git.kernel.org/stable/c/6d7f1b1a5db61c4d654c84e17392916c4ef8ae6f •
CVSS: 7.1EPSS: %CPEs: 4EXPL: 0CVE-2025-38660 – [ceph] parse_longname(): strrchr() expects NUL-terminated string
https://notcve.org/view.php?id=CVE-2025-38660
22 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: [ceph] parse_longname(): strrchr() expects NUL-terminated string ... and parse_longname() is not guaranteed that. That's the reason why it uses kmemdup_nul() to build the argument for kstrtou64(); the problem is, kstrtou64() is not the only thing that need it. Just get a NUL-terminated copy of the entire thing and be done with that... In the Linux kernel, the following vulnerability has been resolved: [ceph] parse_longname(): strrchr() expe... • https://git.kernel.org/stable/c/dd66df0053ef84add5e684df517aa9b498342381 •
CVSS: 5.5EPSS: %CPEs: 5EXPL: 0CVE-2025-38659 – gfs2: No more self recovery
https://notcve.org/view.php?id=CVE-2025-38659
22 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: gfs2: No more self recovery When a node withdraws and it turns out that it is the only node that has the filesystem mounted, gfs2 currently tries to replay the local journal to bring the filesystem back into a consistent state. Not only is that a very bad idea, it has also never worked because gfs2_recover_func() will refuse to do anything during a withdraw. However, before even getting to this point, gfs2_recover_func() dereferences sdp->s... • https://git.kernel.org/stable/c/601ef0d52e9617588fcff3df26953592f2eb44ac •
CVSS: 10.0EPSS: %CPEs: 2EXPL: 0CVE-2025-38658 – nvmet: pci-epf: Do not complete commands twice if nvmet_req_init() fails
https://notcve.org/view.php?id=CVE-2025-38658
22 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: nvmet: pci-epf: Do not complete commands twice if nvmet_req_init() fails Have nvmet_req_init() and req->execute() complete failed commands. Description of the problem: nvmet_req_init() calls __nvmet_req_complete() internally upon failure, e.g., unsupported opcode, which calls the "queue_response" callback, this results in nvmet_pci_epf_queue_response() being called, which will call nvmet_pci_epf_complete_iod() if data_len is 0 or if dma_dir... • https://git.kernel.org/stable/c/0faa0fe6f90ea59b10d1b0f15ce0eb0c18eff186 •
CVSS: 7.8EPSS: %CPEs: 3EXPL: 0CVE-2025-38656 – wifi: iwlwifi: Fix error code in iwl_op_mode_dvm_start()
https://notcve.org/view.php?id=CVE-2025-38656
22 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: Fix error code in iwl_op_mode_dvm_start() Preserve the error code if iwl_setup_deferred_work() fails. The current code returns ERR_PTR(0) (which is NULL) on this path. I believe the missing error code potentially leads to a use after free involving debugfs. In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: Fix error code in iwl_op_mode_dvm_start() Preserve the error code if iwl_setup_deferred_... • https://git.kernel.org/stable/c/6663c52608d8d8727bf1911e6d9218069ba1c85e •
CVSS: 7.8EPSS: %CPEs: 3EXPL: 0CVE-2025-38655 – pinctrl: canaan: k230: add NULL check in DT parse
https://notcve.org/view.php?id=CVE-2025-38655
22 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: pinctrl: canaan: k230: add NULL check in DT parse Add a NULL check for the return value of of_get_property() when retrieving the "pinmux" property in the group parser. This avoids a potential NULL pointer dereference if the property is missing from the device tree node. Also fix a typo ("sintenel") in the device ID match table comment, correcting it to "sentinel". In the Linux kernel, the following vulnerability has been resolved: pinctrl: ... • https://git.kernel.org/stable/c/545887eab6f6776a7477fe7e83860eab57138b03 •