CVSS: -EPSS: %CPEs: 3EXPL: 0CVE-2025-38162 – netfilter: nft_set_pipapo: prevent overflow in lookup table allocation
https://notcve.org/view.php?id=CVE-2025-38162
03 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo: prevent overflow in lookup table allocation When calculating the lookup table size, ensure the following multiplication does not overflow: - desc->field_len[] maximum value is U8_MAX multiplied by NFT_PIPAPO_GROUPS_PER_BYTE(f) that can be 2, worst case. - NFT_PIPAPO_BUCKETS(f->bb) is 2^8, worst case. - sizeof(unsigned long), from sizeof(*f->lt), lt in struct nft_pipapo_field. Then, use check_mul_overflow() to mult... • https://git.kernel.org/stable/c/3c4287f62044a90e73a561aa05fc46e62da173da •
CVSS: -EPSS: %CPEs: 7EXPL: 0CVE-2025-38161 – RDMA/mlx5: Fix error flow upon firmware failure for RQ destruction
https://notcve.org/view.php?id=CVE-2025-38161
03 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix error flow upon firmware failure for RQ destruction Upon RQ destruction if the firmware command fails which is the last resource to be destroyed some SW resources were already cleaned regardless of the failure. Now properly rollback the object to its original state upon such failure. In order to avoid a use-after free in case someone tries to destroy the object again, which results in the following kernel trace: refcount_t: u... • https://git.kernel.org/stable/c/e2013b212f9f201c71fc5826ce41f39ebece0852 •
CVSS: -EPSS: %CPEs: 7EXPL: 0CVE-2025-38160 – clk: bcm: rpi: Add NULL check in raspberrypi_clk_register()
https://notcve.org/view.php?id=CVE-2025-38160
03 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: clk: bcm: rpi: Add NULL check in raspberrypi_clk_register() devm_kasprintf() returns NULL when memory allocation fails. Currently, raspberrypi_clk_register() does not check for this case, which results in a NULL pointer dereference. Add NULL check after devm_kasprintf() to prevent this issue. • https://git.kernel.org/stable/c/93d2725affd65686792f4b57e49ef660f3c8c0f9 •
CVSS: -EPSS: %CPEs: 6EXPL: 0CVE-2025-38159 – wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds
https://notcve.org/view.php?id=CVE-2025-38159
03 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds Set the size to 6 instead of 2, since 'para' array is passed to 'rtw_fw_bt_wifi_control(rtwdev, para[0], ¶[1])', which reads 5 bytes: void rtw_fw_bt_wifi_control(struct rtw_dev *rtwdev, u8 op_code, u8 *data) { ... SET_BT_WIFI_CONTROL_DATA1(h2c_pkt, *data); SET_BT_WIFI_CONTROL_DATA2(h2c_pkt, *(data + 1)); ... SET_BT_WIFI_CONTROL_DATA5(h2c_pkt, *(data + 4)); Detected u... • https://git.kernel.org/stable/c/4136214f7c46839c15f0f177fe1d5052302c0205 •
CVSS: -EPSS: %CPEs: 5EXPL: 0CVE-2025-38158 – hisi_acc_vfio_pci: fix XQE dma address error
https://notcve.org/view.php?id=CVE-2025-38158
03 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: hisi_acc_vfio_pci: fix XQE dma address error The dma addresses of EQE and AEQE are wrong after migration and results in guest kernel-mode encryption services failure. Comparing the definition of hardware registers, we found that there was an error when the data read from the register was combined into an address. Therefore, the address combination sequence needs to be corrected. Even after fixing the above problem, we still have an issue wh... • https://git.kernel.org/stable/c/b0eed085903e7758532696d64397901a75bba8ba •
CVSS: -EPSS: %CPEs: 8EXPL: 0CVE-2025-38157 – wifi: ath9k_htc: Abort software beacon handling if disabled
https://notcve.org/view.php?id=CVE-2025-38157
03 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k_htc: Abort software beacon handling if disabled A malicious USB device can send a WMI_SWBA_EVENTID event from an ath9k_htc-managed device before beaconing has been enabled. This causes a device-by-zero error in the driver, leading to either a crash or an out of bounds read. Prevent this by aborting the handling in ath9k_htc_swba() if beacons are not enabled. • https://git.kernel.org/stable/c/832f6a18fc2aead14954c081ece03b7a5b425f81 •
CVSS: -EPSS: %CPEs: 3EXPL: 0CVE-2025-38156 – wifi: mt76: mt7996: Fix null-ptr-deref in mt7996_mmio_wed_init()
https://notcve.org/view.php?id=CVE-2025-38156
03 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7996: Fix null-ptr-deref in mt7996_mmio_wed_init() devm_ioremap() returns NULL on error. Currently, mt7996_mmio_wed_init() does not check for this case, which results in a NULL pointer dereference. Prevent null pointer dereference in mt7996_mmio_wed_init() • https://git.kernel.org/stable/c/83eafc9251d6d30574b629ac637c56d168fcbdd9 •
CVSS: -EPSS: %CPEs: 4EXPL: 0CVE-2025-38155 – wifi: mt76: mt7915: Fix null-ptr-deref in mt7915_mmio_wed_init()
https://notcve.org/view.php?id=CVE-2025-38155
03 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7915: Fix null-ptr-deref in mt7915_mmio_wed_init() devm_ioremap() returns NULL on error. Currently, mt7915_mmio_wed_init() does not check for this case, which results in a NULL pointer dereference. Prevent null pointer dereference in mt7915_mmio_wed_init(). • https://git.kernel.org/stable/c/4f831d18d12da80cec0bebe5b8ca8702a528195a •
CVSS: -EPSS: %CPEs: 7EXPL: 0CVE-2025-38154 – bpf, sockmap: Avoid using sk_socket after free when sending
https://notcve.org/view.php?id=CVE-2025-38154
03 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Avoid using sk_socket after free when sending The sk->sk_socket is not locked or referenced in backlog thread, and during the call to skb_send_sock(), there is a race condition with the release of sk_socket. All types of sockets(tcp/udp/unix/vsock) will be affected. Race conditions: ''' CPU0 CPU1 backlog::skb_send_sock sendmsg_unlocked sock_sendmsg sock_sendmsg_nosec close(fd): ... ops->release() -> sock_map_close() sk_socket-... • https://git.kernel.org/stable/c/4959ffc65a0e94f8acaac20deac49f89e6ded52d •
CVSS: -EPSS: %CPEs: 8EXPL: 0CVE-2025-38153 – net: usb: aqc111: fix error handling of usbnet read calls
https://notcve.org/view.php?id=CVE-2025-38153
03 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: net: usb: aqc111: fix error handling of usbnet read calls Syzkaller, courtesy of syzbot, identified an error (see report [1]) in aqc111 driver, caused by incomplete sanitation of usb read calls' results. This problem is quite similar to the one fixed in commit 920a9fa27e78 ("net: asix: add proper error handling of usb read errors"). For instance, usbnet_read_cmd() may read fewer than 'size' bytes, even if the caller expected the full amount... • https://git.kernel.org/stable/c/df2d59a2ab6c9ceac2c4104272fce03493b8f62f •