CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38516 – pinctrl: qcom: msm: mark certain pins as invalid for interrupts
https://notcve.org/view.php?id=CVE-2025-38516
16 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: pinctrl: qcom: msm: mark certain pins as invalid for interrupts On some platforms, the UFS-reset pin has no interrupt logic in TLMM but is nevertheless registered as a GPIO in the kernel. This enables the user-space to trigger a BUG() in the pinctrl-msm driver by running, for example: `gpiomon -c 0 113` on RB2. The exact culprit is requesting pins whose intr_detection_width setting is not 1 or 2 for interrupts. This hits a BUG() in msm_gpio... • https://git.kernel.org/stable/c/f365be0925729508fd8e62f8bdb504ef896cb6e0 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38514 – rxrpc: Fix oops due to non-existence of prealloc backlog struct
https://notcve.org/view.php?id=CVE-2025-38514
16 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix oops due to non-existence of prealloc backlog struct If an AF_RXRPC service socket is opened and bound, but calls are preallocated, then rxrpc_alloc_incoming_call() will oops because the rxrpc_backlog struct doesn't get allocated until the first preallocation is made. Fix this by returning NULL from rxrpc_alloc_incoming_call() if there is no backlog struct. This will cause the incoming call to be aborted. In the Linux kernel, the... • https://git.kernel.org/stable/c/bf0ca6a1bc4fb904b598137c6718785a107e3adf •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38513 – wifi: zd1211rw: Fix potential NULL pointer dereference in zd_mac_tx_to_dev()
https://notcve.org/view.php?id=CVE-2025-38513
16 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: zd1211rw: Fix potential NULL pointer dereference in zd_mac_tx_to_dev() There is a potential NULL pointer dereference in zd_mac_tx_to_dev(). For example, the following is possible: T0 T1 zd_mac_tx_to_dev() /* len == skb_queue_len(q) */ while (len > ZD_MAC_MAX_ACK_WAITERS) { filter_ack() spin_lock_irqsave(&q->lock, flags); /* position == skb_queue_len(q) */ for (i=1; i
CVSS: 5.7EPSS: 0%CPEs: 5EXPL: 0CVE-2025-38512 – wifi: prevent A-MSDU attacks in mesh networks
https://notcve.org/view.php?id=CVE-2025-38512
16 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: prevent A-MSDU attacks in mesh networks This patch is a mitigation to prevent the A-MSDU spoofing vulnerability for mesh networks. The initial update to the IEEE 802.11 standard, in response to the FragAttacks, missed this case (CVE-2025-27558). It can be considered a variant of CVE-2020-24588 but for mesh networks. This patch tries to detect if a standard MSDU was turned into an A-MSDU by an adversary. This is done by parsing a recei... • https://git.kernel.org/stable/c/e2c8a3c0388aef6bfc4aabfba07bc7dff16eea80 •
CVSS: 5.0EPSS: 0%CPEs: 5EXPL: 0CVE-2025-38503 – btrfs: fix assertion when building free space tree
https://notcve.org/view.php?id=CVE-2025-38503
16 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: fix assertion when building free space tree When building the free space tree with the block group tree feature enabled, we can hit an assertion failure like this: BTRFS info (device loop0 state M): rebuilding free space tree assertion failed: ret == 0, in fs/btrfs/free-space-tree.c:1102 ------------[ cut here ]------------ kernel BUG at fs/btrfs/free-space-tree.c:1102! Internal error: Oops - BUG: 00000000f2000800 [#1] SMP Modules li... • https://git.kernel.org/stable/c/7c77df23324f60bcff0ea44392e2c82e9486640c •
CVSS: 5.7EPSS: 0%CPEs: 2EXPL: 0CVE-2024-58238 – Bluetooth: btnxpuart: Resolve TX timeout error in power save stress test
https://notcve.org/view.php?id=CVE-2024-58238
09 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btnxpuart: Resolve TX timeout error in power save stress test This fixes the tx timeout issue seen while running a stress test on btnxpuart for couple of hours, such that the interval between two HCI commands coincide with the power save timeout value of 2 seconds. Test procedure using bash script:
CVSS: 5.6EPSS: 0%CPEs: 1EXPL: 0CVE-2022-50233 – Bluetooth: eir: Fix using strlen with hdev->{dev_name,short_name}
https://notcve.org/view.php?id=CVE-2022-50233
09 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: eir: Fix using strlen with hdev->{dev_name,short_name} Both dev_name and short_name are not guaranteed to be NULL terminated so this instead use strnlen and then attempt to determine if the resulting string needs to be truncated or not. In the Linux kernel, the following vulnerability has been resolved: Bluetooth: eir: Fix using strlen with hdev->{dev_name,short_name} Both dev_name and short_name are not guaranteed to be NULL ter... • https://git.kernel.org/stable/c/dd7b8cdde098cf9f7c8de409b5b7bbb98f97be80 •
CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38498 – do_change_type(): refuse to operate on unmounted/not ours mounts
https://notcve.org/view.php?id=CVE-2025-38498
30 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: do_change_type(): refuse to operate on unmounted/not ours mounts Ensure that propagation settings can only be changed for mounts located in the caller's mount namespace. This change aligns permission checking with the rest of mount(2). En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: do_change_type(): se niega a operar en montajes no montados o que no son nuestros. Garantiza que la configuración de propagación solo se pued... • https://git.kernel.org/stable/c/07b20889e3052c7e77d6a6a54e7e83446eb1ba84 •
CVSS: 6.6EPSS: 0%CPEs: 5EXPL: 0CVE-2025-38497 – usb: gadget: configfs: Fix OOB read on empty string write
https://notcve.org/view.php?id=CVE-2025-38497
28 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: gadget: configfs: Fix OOB read on empty string write When writing an empty string to either 'qw_sign' or 'landingPage' sysfs attributes, the store functions attempt to access page[l - 1] before validating that the length 'l' is greater than zero. This patch fixes the vulnerability by adding a check at the beginning of os_desc_qw_sign_store() and webusb_landingPage_store() to handle the zero-length input case gracefully by returning imm... • https://git.kernel.org/stable/c/2798111f8e504ac747cce911226135d50b8de468 •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2025-38495 – HID: core: ensure the allocated report buffer can contain the reserved report ID
https://notcve.org/view.php?id=CVE-2025-38495
28 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: HID: core: ensure the allocated report buffer can contain the reserved report ID When the report ID is not used, the low level transport drivers expect the first byte to be 0. However, currently the allocated buffer not account for that extra byte, meaning that instead of having 8 guaranteed bytes for implement to be working, we only have 7. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: HID: núcleo: garantizar que el bú... • https://git.kernel.org/stable/c/d3ed1d84a84538a39b3eb2055d6a97a936c108f2 •