CVSS: -EPSS: %CPEs: 3EXPL: 0CVE-2025-38060 – bpf: copy_verifier_state() should copy 'loop_entry' field
https://notcve.org/view.php?id=CVE-2025-38060
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: copy_verifier_state() should copy 'loop_entry' field The bpf_verifier_state.loop_entry state should be copied by copy_verifier_state(). Otherwise, .loop_entry values from unrelated states would poison env->cur_state. Additionally, env->stack should not contain any states with .loop_entry != NULL. The states in env->stack are yet to be verified, while .loop_entry is set for states that reached an equivalent state. This means that env->c... • https://git.kernel.org/stable/c/46ba5757a7a4714e7d3f68cfe118208822cb3d78 •
CVSS: -EPSS: %CPEs: 4EXPL: 0CVE-2025-38059 – btrfs: avoid NULL pointer dereference if no valid csum tree
https://notcve.org/view.php?id=CVE-2025-38059
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: avoid NULL pointer dereference if no valid csum tree [BUG] When trying read-only scrub on a btrfs with rescue=idatacsums mount option, it will crash with the following call trace: BUG: kernel NULL pointer dereference, address: 0000000000000208 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page CPU: 1 UID: 0 PID: 835 Comm: btrfs Tainted: G O 6.15.0-rc3-custom+ #236 PREEMPT(full) Hardware name: QEMU S... • https://git.kernel.org/stable/c/50d0de59f66cbe6d597481e099bf1c70fd07e0a9 •
CVSS: -EPSS: %CPEs: 8EXPL: 0CVE-2025-38058 – __legitimize_mnt(): check for MNT_SYNC_UMOUNT should be under mount_lock
https://notcve.org/view.php?id=CVE-2025-38058
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: __legitimize_mnt(): check for MNT_SYNC_UMOUNT should be under mount_lock ... or we risk stealing final mntput from sync umount - raising mnt_count after umount(2) has verified that victim is not busy, but before it has set MNT_SYNC_UMOUNT; in that case __legitimize_mnt() doesn't see that it's safe to quietly undo mnt_count increment and leaves dropping the reference to caller, where it'll be a full-blown mntput(). Check under mount_lock is ... • https://git.kernel.org/stable/c/628fb00195ce21a90cf9e4e3d105cd9e58f77b40 •
CVSS: -EPSS: %CPEs: 9EXPL: 0CVE-2025-38051 – smb: client: Fix use-after-free in cifs_fill_dirent
https://notcve.org/view.php?id=CVE-2025-38051
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: smb: client: Fix use-after-free in cifs_fill_dirent There is a race condition in the readdir concurrency process, which may access the rsp buffer after it has been released, triggering the following KASAN warning. ================================================================== BUG: KASAN: slab-use-after-free in cifs_fill_dirent+0xb03/0xb60 [cifs] Read of size 4 at addr ffff8880099b819c by task a.out/342975 CPU: 2 UID: 0 PID: 342975 Comm:... • https://git.kernel.org/stable/c/a364bc0b37f14ffd66c1f982af42990a9d77fa43 •
CVSS: -EPSS: %CPEs: 6EXPL: 0CVE-2025-38048 – virtio_ring: Fix data race by tagging event_triggered as racy for KCSAN
https://notcve.org/view.php?id=CVE-2025-38048
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: virtio_ring: Fix data race by tagging event_triggered as racy for KCSAN syzbot reports a data-race when accessing the event_triggered, here is the simplified stack when the issue occurred: ================================================================== BUG: KCSAN: data-race in virtqueue_disable_cb / virtqueue_enable_cb_delayed write to 0xffff8881025bc452 of 1 bytes by task 3288 on cpu 0: virtqueue_enable_cb_delayed+0x42/0x3c0 drivers/vir... • https://git.kernel.org/stable/c/02d2d6caee3abc9335cfca35f8eb4492173ae6f2 •
CVSS: -EPSS: %CPEs: 3EXPL: 0CVE-2025-38047 – x86/fred: Fix system hang during S4 resume with FRED enabled
https://notcve.org/view.php?id=CVE-2025-38047
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: x86/fred: Fix system hang during S4 resume with FRED enabled Upon a wakeup from S4, the restore kernel starts and initializes the FRED MSRs as needed from its perspective. It then loads a hibernation image, including the image kernel, and attempts to load image pages directly into their original page frames used before hibernation unless those frames are currently in use. Once all pages are moved to their original locations, it jumps to a "... • https://git.kernel.org/stable/c/c42f740a07eea4807e98d2d8febc549c957a7b49 •
CVSS: -EPSS: %CPEs: 8EXPL: 0CVE-2025-38046 – xen: Add support for XenServer 6.1 platform device
https://notcve.org/view.php?id=CVE-2025-38046
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: xen: Add support for XenServer 6.1 platform device On XenServer on Windows machine a platform device with ID 2 instead of 1 is used. This device is mainly identical to device 1 but due to some Windows update behaviour it was decided to use a device with a different ID. This causes compatibility issues with Linux which expects, if Xen is detected, to find a Xen platform device (5853:0001) otherwise code will crash due to some missing initial... • https://git.kernel.org/stable/c/baedd1ef924d2b04d6223e0e1633e2d84fee6763 •
CVSS: -EPSS: %CPEs: 4EXPL: 0CVE-2025-38045 – wifi: iwlwifi: fix debug actions order
https://notcve.org/view.php?id=CVE-2025-38045
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: fix debug actions order The order of actions taken for debug was implemented incorrectly. Now we implemented the dump split and do the FW reset only in the middle of the dump (rather than the FW killing itself on error.) As a result, some of the actions taken when applying the config will now crash the device, so we need to fix the order. • https://git.kernel.org/stable/c/2b790fe67ed483d86c1aeb8be6735bf792caa7e5 •
CVSS: -EPSS: %CPEs: 8EXPL: 0CVE-2025-38044 – media: cx231xx: set device_caps for 417
https://notcve.org/view.php?id=CVE-2025-38044
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: media: cx231xx: set device_caps for 417 The video_device for the MPEG encoder did not set device_caps. Add this, otherwise the video device can't be registered (you get a WARN_ON instead). Not seen before since currently 417 support is disabled, but I found this while experimenting with it. • https://git.kernel.org/stable/c/2ad41beb7df3bd63b209842d16765ec59dafe6e4 •
CVSS: -EPSS: %CPEs: 6EXPL: 0CVE-2025-38043 – firmware: arm_ffa: Set dma_mask for ffa devices
https://notcve.org/view.php?id=CVE-2025-38043
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: firmware: arm_ffa: Set dma_mask for ffa devices Set dma_mask for FFA devices, otherwise DMA allocation using the device pointer lead to following warning: WARNING: CPU: 1 PID: 1 at kernel/dma/mapping.c:597 dma_alloc_attrs+0xe0/0x124 • https://git.kernel.org/stable/c/97bab02f0b64ba6bcdf6a8fae561db07f509aee9 •