CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38540 – HID: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras
https://notcve.org/view.php?id=CVE-2025-38540
16 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: HID: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras The Chicony Electronics HP 5MP Cameras (USB ID 04F2:B824 & 04F2:B82C) report a HID sensor interface that is not actually implemented. Attempting to access this non-functional sensor via iio_info causes system hangs as runtime PM tries to wake up an unresponsive sensor. Add these 2 devices to the HID ignore list since the sensor interface is non-functional by design and should n... • https://git.kernel.org/stable/c/35f1a5360ac68d9629abbb3930a0a07901cba296 •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2025-38539 – tracing: Add down_write(trace_event_sem) when adding trace event
https://notcve.org/view.php?id=CVE-2025-38539
16 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: tracing: Add down_write(trace_event_sem) when adding trace event When a module is loaded, it adds trace events defined by the module. It may also need to modify the modules trace printk formats to replace enum names with their values. If two modules are loaded at the same time, the adding of the event to the ftrace_events list can corrupt the walking of the list in the code that is modifying the printk format strings and crash the kernel. T... • https://git.kernel.org/stable/c/110bf2b764eb6026b868d84499263cb24b1bcc8d •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2025-38538 – dmaengine: nbpfaxi: Fix memory corruption in probe()
https://notcve.org/view.php?id=CVE-2025-38538
16 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: dmaengine: nbpfaxi: Fix memory corruption in probe() The nbpf->chan[] array is allocated earlier in the nbpf_probe() function and it has "num_channels" elements. These three loops iterate one element farther than they should and corrupt memory. The changes to the second loop are more involved. In this case, we're copying data from the irqbuf[] array into the nbpf->chan[] array. If the data in irqbuf[i] is the error IRQ then we skip it, so t... • https://git.kernel.org/stable/c/b45b262cefd5b8eb2ba88d20e5bd295881293894 •
CVSS: 6.3EPSS: 0%CPEs: 4EXPL: 0CVE-2025-38537 – net: phy: Don't register LEDs for genphy
https://notcve.org/view.php?id=CVE-2025-38537
16 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: net: phy: Don't register LEDs for genphy If a PHY has no driver, the genphy driver is probed/removed directly in phy_attach/detach. If the PHY's ofnode has an "leds" subnode, then the LEDs will be (un)registered when probing/removing the genphy driver. This could occur if the leds are for a non-generic driver that isn't loaded for whatever reason. Synchronously removing the PHY device in phy_detach leads to the following deadlock: rtnl_lock... • https://git.kernel.org/stable/c/01e5b728e9e43ae444e0369695a5f72209906464 •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2025-38535 – phy: tegra: xusb: Fix unbalanced regulator disable in UTMI PHY mode
https://notcve.org/view.php?id=CVE-2025-38535
16 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: phy: tegra: xusb: Fix unbalanced regulator disable in UTMI PHY mode When transitioning from USB_ROLE_DEVICE to USB_ROLE_NONE, the code assumed that the regulator should be disabled. However, if the regulator is marked as always-on, regulator_is_enabled() continues to return true, leading to an incorrect attempt to disable a regulator which is not enabled. This can result in warnings such as: [ 250.155624] WARNING: CPU: 1 PID: 7326 at driver... • https://git.kernel.org/stable/c/49d46e3c7e597e8b00c6fc16e6fd7a92044f4371 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-38533 – net: libwx: fix the using of Rx buffer DMA
https://notcve.org/view.php?id=CVE-2025-38533
16 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: net: libwx: fix the using of Rx buffer DMA The wx_rx_buffer structure contained two DMA address fields: 'dma' and 'page_dma'. However, only 'page_dma' was actually initialized and used to program the Rx descriptor. But 'dma' was uninitialized and used in some paths. This could lead to undefined behavior, including DMA errors or use-after-free, if the uninitialized 'dma' was used. Althrough such error has not yet occurred, it is worth fixing... • https://git.kernel.org/stable/c/3c47e8ae113a68da47987750d9896e325d0aeedd •
CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2025-38532 – net: libwx: properly reset Rx ring descriptor
https://notcve.org/view.php?id=CVE-2025-38532
16 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: net: libwx: properly reset Rx ring descriptor When device reset is triggered by feature changes such as toggling Rx VLAN offload, wx->do_reset() is called to reinitialize Rx rings. The hardware descriptor ring may retain stale values from previous sessions. And only set the length to 0 in rx_desc[0] would result in building malformed SKBs. Fix it to ensure a clean slate after device reset. [ 549.186435] [ C16] ------------[ cut here ]------... • https://git.kernel.org/stable/c/3c47e8ae113a68da47987750d9896e325d0aeedd •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-38531 – iio: common: st_sensors: Fix use of uninitialize device structs
https://notcve.org/view.php?id=CVE-2025-38531
16 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: iio: common: st_sensors: Fix use of uninitialize device structs Throughout the various probe functions &indio_dev->dev is used before it is initialized. This caused a kernel panic in st_sensors_power_enable() when the call to devm_regulator_bulk_get_enable() fails and then calls dev_err_probe() with the uninitialized device. This seems to only cause a panic with dev_err_probe(), dev_err(), dev_warn() and dev_info() don't seem to cause a pan... • https://git.kernel.org/stable/c/610615c9668037e3eca11132063b93b2d945af13 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-38530 – comedi: pcl812: Fix bit shift out of bounds
https://notcve.org/view.php?id=CVE-2025-38530
16 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: comedi: pcl812: Fix bit shift out of bounds When checking for a supported IRQ number, the following test is used: if ((1 << it->options[1]) & board->irq_bits) { However, `it->options[i]` is an unchecked `int` value from userspace, so the shift amount could be negative or out of bounds. Fix the test by requiring `it->options[1]` to be within bounds before proceeding with the original test. Valid `it->options[1]` values that select the IRQ wi... • https://git.kernel.org/stable/c/fcdb427bc7cf5e9e5d7280cf09c08dec49b49432 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-38529 – comedi: aio_iiro_16: Fix bit shift out of bounds
https://notcve.org/view.php?id=CVE-2025-38529
16 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: comedi: aio_iiro_16: Fix bit shift out of bounds When checking for a supported IRQ number, the following test is used: if ((1 << it->options[1]) & 0xdcfc) { However, `it->options[i]` is an unchecked `int` value from userspace, so the shift amount could be negative or out of bounds. Fix the test by requiring `it->options[1]` to be within bounds before proceeding with the original test. Valid `it->options[1]` values that select the IRQ will b... • https://git.kernel.org/stable/c/ad7a370c8be47247f68f7187cc82f4f25a347116 •