CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38457 – net/sched: Abort __tc_modify_qdisc if parent class does not exist
https://notcve.org/view.php?id=CVE-2025-38457
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: net/sched: Abort __tc_modify_qdisc if parent class does not exist Lion's patch [1] revealed an ancient bug in the qdisc API. Whenever a user creates/modifies a qdisc specifying as a parent another qdisc, the qdisc API will, during grafting, detect that the user is not trying to attach to a class and reject. However grafting is performed after qdisc_create (and thus the qdiscs' init callback) is executed. In qdiscs that eventually call qdisc... • https://git.kernel.org/stable/c/5e50da01d0ce7ef0ba3ed6cfabd62f327da0aca6 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2025-38456 – ipmi:msghandler: Fix potential memory corruption in ipmi_create_user()
https://notcve.org/view.php?id=CVE-2025-38456
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: ipmi:msghandler: Fix potential memory corruption in ipmi_create_user() The "intf" list iterator is an invalid pointer if the correct "intf->intf_num" is not found. Calling atomic_dec(&intf->nr_users) on and invalid pointer will lead to memory corruption. We don't really need to call atomic_dec() if we haven't called atomic_add_return() so update the if (intf->in_shutdown) path as well. • https://git.kernel.org/stable/c/8e76741c3d8b20dfa2d6c30fa10ff927cfd93d82 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2025-38455 – KVM: SVM: Reject SEV{-ES} intra host migration if vCPU creation is in-flight
https://notcve.org/view.php?id=CVE-2025-38455
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Reject SEV{-ES} intra host migration if vCPU creation is in-flight Reject migration of SEV{-ES} state if either the source or destination VM is actively creating a vCPU, i.e. if kvm_vm_ioctl_create_vcpu() is in the section between incrementing created_vcpus and online_vcpus. The bulk of vCPU creation runs _outside_ of kvm->lock to allow creating multiple vCPUs in parallel, and so sev_info.es_active can get toggled from false=>true... • https://git.kernel.org/stable/c/b56639318bb2be66aceba92836279714488709b4 •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2025-38453 – io_uring/msg_ring: ensure io_kiocb freeing is deferred for RCU
https://notcve.org/view.php?id=CVE-2025-38453
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: io_uring/msg_ring: ensure io_kiocb freeing is deferred for RCU syzbot reports that defer/local task_work adding via msg_ring can hit a request that has been freed: CPU: 1 UID: 0 PID: 19356 Comm: iou-wrk-19354 Not tainted 6.16.0-rc4-syzkaller-00108-g17bbde2e1716 #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 Call Trace:
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2025-38452 – net: ethernet: rtsn: Fix a null pointer dereference in rtsn_probe()
https://notcve.org/view.php?id=CVE-2025-38452
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: net: ethernet: rtsn: Fix a null pointer dereference in rtsn_probe() Add check for the return value of rcar_gen4_ptp_alloc() to prevent potential null pointer dereference. • https://git.kernel.org/stable/c/b0d3969d2b4db82602492cad576b8de494a12ddf •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2025-38451 – md/md-bitmap: fix GPF in bitmap_get_stats()
https://notcve.org/view.php?id=CVE-2025-38451
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: md/md-bitmap: fix GPF in bitmap_get_stats() The commit message of commit 6ec1f0239485 ("md/md-bitmap: fix stats collection for external bitmaps") states: Remove the external bitmap check as the statistics should be available regardless of bitmap storage location. Return -EINVAL only for invalid bitmap with no storage (neither in superblock nor in external file). But, the code does not adhere to the above, as it does only check for a valid s... • https://git.kernel.org/stable/c/065f4b1cd41d03702426af44193894b925607073 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2025-38450 – wifi: mt76: mt7925: prevent NULL pointer dereference in mt7925_sta_set_decap_offload()
https://notcve.org/view.php?id=CVE-2025-38450
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7925: prevent NULL pointer dereference in mt7925_sta_set_decap_offload() Add a NULL check for msta->vif before accessing its members to prevent a kernel panic in AP mode deployment. This also fix the issue reported in [1]. The crash occurs when this function is triggered before the station is fully initialized. The call trace shows a page fault at mt7925_sta_set_decap_offload() due to accessing resources when msta->vif is NULL... • https://git.kernel.org/stable/c/b859ad65309a5f1654e8b284de582831fc88e2d8 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2025-38449 – drm/gem: Acquire references on GEM handles for framebuffers
https://notcve.org/view.php?id=CVE-2025-38449
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/gem: Acquire references on GEM handles for framebuffers A GEM handle can be released while the GEM buffer object is attached to a DRM framebuffer. This leads to the release of the dma-buf backing the buffer object, if any. [1] Trying to use the framebuffer in further mode-setting operations leads to a segmentation fault. Most easily happens with driver that use shadow planes for vmap-ing the dma-buf during a page flip. An example is sho... • https://git.kernel.org/stable/c/cb4c956a15f8b7f870649454771fc3761f504b5f •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38448 – usb: gadget: u_serial: Fix race condition in TTY wakeup
https://notcve.org/view.php?id=CVE-2025-38448
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: gadget: u_serial: Fix race condition in TTY wakeup A race condition occurs when gs_start_io() calls either gs_start_rx() or gs_start_tx(), as those functions briefly drop the port_lock for usb_ep_queue(). This allows gs_close() and gserial_disconnect() to clear port.tty and port_usb, respectively. Use the null-safe TTY Port helper function to wake up TTY. Example CPU1: CPU2: gserial_connect() // lock gs_close() // await lock gs_start_r... • https://git.kernel.org/stable/c/35f95fd7f234d2b58803bab6f6ebd6bb988050a2 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2025-38446 – clk: imx: Fix an out-of-bounds access in dispmix_csr_clk_dev_data
https://notcve.org/view.php?id=CVE-2025-38446
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: clk: imx: Fix an out-of-bounds access in dispmix_csr_clk_dev_data When num_parents is 4, __clk_register() occurs an out-of-bounds when accessing parent_names member. Use ARRAY_SIZE() instead of hardcode number here. BUG: KASAN: global-out-of-bounds in __clk_register+0x1844/0x20d8 Read of size 8 at addr ffff800086988e78 by task kworker/u24:3/59 Hardware name: NXP i.MX95 19X19 board (DT) Workqueue: events_unbound deferred_probe_work_func Call... • https://git.kernel.org/stable/c/5224b189462ff70df328f173b71acfd925092c3c •