CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-38225 – media: imx-jpeg: Cleanup after an allocation error
https://notcve.org/view.php?id=CVE-2025-38225
04 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: media: imx-jpeg: Cleanup after an allocation error When allocation failures are not cleaned up by the driver, further allocation errors will be false-positives, which will cause buffers to remain uninitialized and cause NULL pointer dereferences. Ensure proper cleanup of failed allocations to prevent these issues. In the Linux kernel, the following vulnerability has been resolved: media: imx-jpeg: Cleanup after an allocation error When allo... • https://git.kernel.org/stable/c/2db16c6ed72ce644d5639b3ed15e5817442db4ba •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2025-38224 – can: kvaser_pciefd: refine error prone echo_skb_max handling logic
https://notcve.org/view.php?id=CVE-2025-38224
04 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: can: kvaser_pciefd: refine error prone echo_skb_max handling logic echo_skb_max should define the supported upper limit of echo_skb[] allocated inside the netdevice's priv. The corresponding size value provided by this driver to alloc_candev() is KVASER_PCIEFD_CAN_TX_MAX_COUNT which is 17. But later echo_skb_max is rounded up to the nearest power of two (for the max case, that would be 32) and the tx/ack indices calculated further during tx... • https://git.kernel.org/stable/c/352fbde14177d608a54120b6ff559ce5b3cf6238 •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2025-38223 – ceph: avoid kernel BUG for encrypted inode with unaligned file size
https://notcve.org/view.php?id=CVE-2025-38223
04 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: ceph: avoid kernel BUG for encrypted inode with unaligned file size The generic/397 test hits a BUG_ON for the case of encrypted inode with unaligned file size (for example, 33K or 1K): [ 877.737811] run fstests generic/397 at 2025-01-03 12:34:40 [ 877.875761] libceph: mon0 (2)127.0.0.1:40674 session established [ 877.876130] libceph: client4614 fsid 19b90bca-f1ae-47a6-93dd-0b03ee637949 [ 877.991965] libceph: mon0 (2)127.0.0.1:40674 session... • https://git.kernel.org/stable/c/ee4cdf7ba857a894ad1650d6ab77669cbbfa329e •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38222 – ext4: inline: fix len overflow in ext4_prepare_inline_data
https://notcve.org/view.php?id=CVE-2025-38222
04 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: inline: fix len overflow in ext4_prepare_inline_data When running the following code on an ext4 filesystem with inline_data feature enabled, it will lead to the bug below. fd = open("file1", O_RDWR | O_CREAT | O_TRUNC, 0666); ftruncate(fd, 30); pwrite(fd, "a", 1, (1UL << 40) + 5UL); That happens because write_begin will succeed as when ext4_generic_write_inline_data calls ext4_prepare_inline_data, pos + len will be truncated, leading ... • https://git.kernel.org/stable/c/f19d5870cbf72d4cb2a8e1f749dff97af99b071e •
CVSS: 5.6EPSS: 0%CPEs: 2EXPL: 0CVE-2025-38221 – ext4: fix out of bounds punch offset
https://notcve.org/view.php?id=CVE-2025-38221
04 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: fix out of bounds punch offset Punching a hole with a start offset that exceeds max_end is not permitted and will result in a negative length in the truncate_inode_partial_folio() function while truncating the page cache, potentially leading to undesirable consequences. A simple reproducer: truncate -s 9895604649994 /mnt/foo xfs_io -c "pwrite 8796093022208 4096" /mnt/foo xfs_io -c "fpunch 8796093022213 25769803777" /mnt/foo kernel BUG... • https://git.kernel.org/stable/c/982bf37da09d078570650b691d9084f43805a5de •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-38220 – ext4: only dirty folios when data journaling regular files
https://notcve.org/view.php?id=CVE-2025-38220
04 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: only dirty folios when data journaling regular files fstest generic/388 occasionally reproduces a crash that looks as follows: BUG: kernel NULL pointer dereference, address: 0000000000000000 ... Call Trace:
CVSS: 5.0EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38219 – f2fs: prevent kernel warning due to negative i_nlink from corrupted image
https://notcve.org/view.php?id=CVE-2025-38219
04 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: f2fs: prevent kernel warning due to negative i_nlink from corrupted image WARNING: CPU: 1 PID: 9426 at fs/inode.c:417 drop_nlink+0xac/0xd0 home/cc/linux/fs/inode.c:417 Modules linked in: CPU: 1 UID: 0 PID: 9426 Comm: syz-executor568 Not tainted 6.14.0-12627-g94d471a4f428 #2 PREEMPT(full) Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014 RIP: 0010:drop_nlink+0xac/0xd0 home/cc/linux/fs/inode.c:417 Code: ... • https://git.kernel.org/stable/c/d9a55869d8237e677ddaa18b0f58586364cfbc1c •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2025-38218 – f2fs: fix to do sanity check on sit_bitmap_size
https://notcve.org/view.php?id=CVE-2025-38218
04 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on sit_bitmap_size w/ below testcase, resize will generate a corrupted image which contains inconsistent metadata, so when mounting such image, it will trigger kernel panic: touch img truncate -s $((512*1024*1024*1024)) img mkfs.f2fs -f img $((256*1024*1024)) resize.f2fs -s -i img -t $((1024*1024*1024)) mount img /mnt/f2fs ------------[ cut here ]------------ kernel BUG at fs/f2fs/segment.h:863! Oops: invalid op... • https://git.kernel.org/stable/c/82f51bff393e4c12cf4de553120ca831cfa4ef19 •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2025-38217 – hwmon: (ftsteutates) Fix TOCTOU race in fts_read()
https://notcve.org/view.php?id=CVE-2025-38217
04 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: hwmon: (ftsteutates) Fix TOCTOU race in fts_read() In the fts_read() function, when handling hwmon_pwm_auto_channels_temp, the code accesses the shared variable data->fan_source[channel] twice without holding any locks. It is first checked against FTS_FAN_SOURCE_INVALID, and if the check passes, it is read again when used as an argument to the BIT() macro. This creates a Time-of-Check to Time-of-Use (TOCTOU) race condition. Another thread e... • https://git.kernel.org/stable/c/1c5759d8ce054961b454af69568a41e7e3210ee1 •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2025-38216 – iommu/vt-d: Restore context entry setup order for aliased devices
https://notcve.org/view.php?id=CVE-2025-38216
04 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Restore context entry setup order for aliased devices Commit 2031c469f816 ("iommu/vt-d: Add support for static identity domain") changed the context entry setup during domain attachment from a set-and-check policy to a clear-and-reset approach. This inadvertently introduced a regression affecting PCI aliased devices behind PCIe-to-PCI bridges. Specifically, keyboard and touchpad stopped working on several Apple Macbooks with bel... • https://git.kernel.org/stable/c/2031c469f8161abe74189cb74f50da224f340b71 •