CVSS: -EPSS: %CPEs: 8EXPL: 0CVE-2025-38147 – calipso: Don't call calipso functions for AF_INET sk.
https://notcve.org/view.php?id=CVE-2025-38147
03 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: calipso: Don't call calipso functions for AF_INET sk. syzkaller reported a null-ptr-deref in txopt_get(). [0] The offset 0x70 was of struct ipv6_txoptions in struct ipv6_pinfo, so struct ipv6_pinfo was NULL there. However, this never happens for IPv6 sockets as inet_sk(sk)->pinet6 is always set in inet6_create(), meaning the socket was not IPv6 one. The root cause is missing validation in netlbl_conn_setattr(). netlbl_conn_setattr() switche... • https://git.kernel.org/stable/c/ceba1832b1b2da0149c51de62a847c00bca1677a •
CVSS: -EPSS: %CPEs: 7EXPL: 0CVE-2025-38146 – net: openvswitch: Fix the dead loop of MPLS parse
https://notcve.org/view.php?id=CVE-2025-38146
03 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: Fix the dead loop of MPLS parse The unexpected MPLS packet may not end with the bottom label stack. When there are many stacks, The label count value has wrapped around. A dead loop occurs, soft lockup/CPU stuck finally. stack backtrace: UBSAN: array-index-out-of-bounds in /build/linux-0Pa0xK/linux-5.15.0/net/openvswitch/flow.c:662:26 index -1 is out of range for type '__be32 [3]' CPU: 34 PID: 0 Comm: swapper/34 Kdump: loa... • https://git.kernel.org/stable/c/fbdcdd78da7c95f1b970d371e1b23cbd3aa990f3 •
CVSS: -EPSS: %CPEs: 8EXPL: 0CVE-2025-38145 – soc: aspeed: Add NULL check in aspeed_lpc_enable_snoop()
https://notcve.org/view.php?id=CVE-2025-38145
03 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: soc: aspeed: Add NULL check in aspeed_lpc_enable_snoop() devm_kasprintf() returns NULL when memory allocation fails. Currently, aspeed_lpc_enable_snoop() does not check for this case, which results in a NULL pointer dereference. Add NULL check after devm_kasprintf() to prevent this issue. [arj: Fix Fixes: tag to use subject from 3772e5da4454] • https://git.kernel.org/stable/c/3772e5da445420543b25825ac2b5971f3743f6e8 •
CVSS: -EPSS: %CPEs: 7EXPL: 0CVE-2025-38143 – backlight: pm8941: Add NULL check in wled_configure()
https://notcve.org/view.php?id=CVE-2025-38143
03 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: backlight: pm8941: Add NULL check in wled_configure() devm_kasprintf() returns NULL when memory allocation fails. Currently, wled_configure() does not check for this case, which results in a NULL pointer dereference. Add NULL check after devm_kasprintf() to prevent this issue. • https://git.kernel.org/stable/c/f86b77583d88c8402e8d89a339d96f847318f8a8 •
CVSS: -EPSS: %CPEs: 7EXPL: 0CVE-2025-38138 – dmaengine: ti: Add NULL check in udma_probe()
https://notcve.org/view.php?id=CVE-2025-38138
03 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: Add NULL check in udma_probe() devm_kasprintf() returns NULL when memory allocation fails. Currently, udma_probe() does not check for this case, which results in a NULL pointer dereference. Add NULL check after devm_kasprintf() to prevent this issue. • https://git.kernel.org/stable/c/25dcb5dd7b7ce5587c1df18f584ff78f51a68a94 •
CVSS: -EPSS: %CPEs: 8EXPL: 0CVE-2025-38136 – usb: renesas_usbhs: Reorder clock handling and power management in probe
https://notcve.org/view.php?id=CVE-2025-38136
03 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: renesas_usbhs: Reorder clock handling and power management in probe Reorder the initialization sequence in `usbhs_probe()` to enable runtime PM before accessing registers, preventing potential crashes due to uninitialized clocks. Currently, in the probe path, registers are accessed before enabling the clocks, leading to a synchronous external abort on the RZ/V2H SoC. The problematic call flow is as follows: usbhs_probe() usbhs_sys_cloc... • https://git.kernel.org/stable/c/f1407d5c66240b33d11a7f1a41d55ccf6a9d7647 •
CVSS: -EPSS: %CPEs: 8EXPL: 0CVE-2025-38135 – serial: Fix potential null-ptr-deref in mlb_usio_probe()
https://notcve.org/view.php?id=CVE-2025-38135
03 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: serial: Fix potential null-ptr-deref in mlb_usio_probe() devm_ioremap() can return NULL on error. Currently, mlb_usio_probe() does not check for this case, which could result in a NULL pointer dereference. Add NULL check after devm_ioremap() to prevent this issue. • https://git.kernel.org/stable/c/ba44dc04300441b47618f9933bf36e75a280e5fe •
CVSS: -EPSS: %CPEs: 3EXPL: 0CVE-2025-38129 – page_pool: Fix use-after-free in page_pool_recycle_in_ring
https://notcve.org/view.php?id=CVE-2025-38129
03 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: page_pool: Fix use-after-free in page_pool_recycle_in_ring syzbot reported a uaf in page_pool_recycle_in_ring: BUG: KASAN: slab-use-after-free in lock_release+0x151/0xa30 kernel/locking/lockdep.c:5862 Read of size 8 at addr ffff8880286045a0 by task syz.0.284/6943 CPU: 0 UID: 0 PID: 6943 Comm: syz.0.284 Not tainted 6.13.0-rc3-syzkaller-gdfa94ce54f41 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 ... • https://git.kernel.org/stable/c/ff7d6b27f894f1469dc51ccb828b7363ccd9799f •
CVSS: -EPSS: %CPEs: 4EXPL: 0CVE-2025-38127 – ice: fix Tx scheduler error handling in XDP callback
https://notcve.org/view.php?id=CVE-2025-38127
03 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: ice: fix Tx scheduler error handling in XDP callback When the XDP program is loaded, the XDP callback adds new Tx queues. This means that the callback must update the Tx scheduler with the new queue number. In the event of a Tx scheduler failure, the XDP callback should also fail and roll back any changes previously made for XDP preparation. The previous implementation had a bug that not all changes made by the XDP callback were rolled back... • https://git.kernel.org/stable/c/efc2214b6047b6f5b4ca53151eba62521b9452d6 •
CVSS: -EPSS: %CPEs: 5EXPL: 0CVE-2025-38126 – net: stmmac: make sure that ptp_rate is not 0 before configuring timestamping
https://notcve.org/view.php?id=CVE-2025-38126
03 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: net: stmmac: make sure that ptp_rate is not 0 before configuring timestamping The stmmac platform drivers that do not open-code the clk_ptp_rate value after having retrieved the default one from the device-tree can end up with 0 in clk_ptp_rate (as clk_get_rate can return 0). It will eventually propagate up to PTP initialization when bringing up the interface, leading to a divide by 0: Division by zero in kernel. CPU: 1 UID: 0 PID: 1 Comm: ... • https://git.kernel.org/stable/c/19d857c9038e5c07db8f8cc02b5ad0cd0098714f •