CVSS: 8.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-38204 – jfs: fix array-index-out-of-bounds read in add_missing_indices
https://notcve.org/view.php?id=CVE-2025-38204
04 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: jfs: fix array-index-out-of-bounds read in add_missing_indices stbl is s8 but it must contain offsets into slot which can go from 0 to 127. Added a bound check for that error and return -EIO if the check fails. Also make jfs_readdir return with error if add_missing_indices returns with an error. In the Linux kernel, the following vulnerability has been resolved: jfs: fix array-index-out-of-bounds read in add_missing_indices stbl is s8 but i... • https://git.kernel.org/stable/c/81af4b34fd72d390d7f237c6a545cc6d09707956 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-38203 – jfs: Fix null-ptr-deref in jfs_ioc_trim
https://notcve.org/view.php?id=CVE-2025-38203
04 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: jfs: Fix null-ptr-deref in jfs_ioc_trim [ Syzkaller Report ] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000087: 0000 [#1 KASAN: null-ptr-deref in range [0x0000000000000438-0x000000000000043f] CPU: 2 UID: 0 PID: 10614 Comm: syz-executor.0 Not tainted 6.13.0-rc6-gfbfd64d25c7a-dirty #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 Sched_ext: serialise (enabled+all), task: ru... • https://git.kernel.org/stable/c/0d50231d473f89024158dc62624930de45d13718 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-38202 – bpf: Check rcu_read_lock_trace_held() in bpf_map_lookup_percpu_elem()
https://notcve.org/view.php?id=CVE-2025-38202
04 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: Check rcu_read_lock_trace_held() in bpf_map_lookup_percpu_elem() bpf_map_lookup_percpu_elem() helper is also available for sleepable bpf program. When BPF JIT is disabled or under 32-bit host, bpf_map_lookup_percpu_elem() will not be inlined. Using it in a sleepable bpf program will trigger the warning in bpf_map_lookup_percpu_elem(), because the bpf program only holds rcu_read_lock_trace lock. Therefore, add the missed check. In the L... • https://git.kernel.org/stable/c/2f8c69a72e8ad87b36b8052f789da3cc2b2e186c •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-38201 – netfilter: nft_set_pipapo: clamp maximum map bucket size to INT_MAX
https://notcve.org/view.php?id=CVE-2025-38201
04 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo: clamp maximum map bucket size to INT_MAX Otherwise, it is possible to hit WARN_ON_ONCE in __kvmalloc_node_noprof() when resizing hashtable because __GFP_NOWARN is unset. Similar to: b541ba7d1f5a ("netfilter: conntrack: clamp maximum hashtable size to INT_MAX") In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo: clamp maximum map bucket size to INT_MAX Otherwise, it is pos... • https://git.kernel.org/stable/c/0ab3de047808f375a36cd345225572eb3366f3c6 •
CVSS: 8.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38200 – i40e: fix MMIO write access to an invalid page in i40e_clear_hw
https://notcve.org/view.php?id=CVE-2025-38200
04 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: i40e: fix MMIO write access to an invalid page in i40e_clear_hw When the device sends a specific input, an integer underflow can occur, leading to MMIO write access to an invalid page. Prevent the integer underflow by changing the type of related variables. In the Linux kernel, the following vulnerability has been resolved: i40e: fix MMIO write access to an invalid page in i40e_clear_hw When the device sends a specific input, an integer und... • https://git.kernel.org/stable/c/872607632c658d3739e4e7889e4f3c419ae2c193 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-38199 – wifi: ath12k: Fix memory leak due to multiple rx_stats allocation
https://notcve.org/view.php?id=CVE-2025-38199
04 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Fix memory leak due to multiple rx_stats allocation rx_stats for each arsta is allocated when adding a station. arsta->rx_stats will be freed when a station is removed. Redundant allocations are occurring when the same station is added multiple times. This causes ath12k_mac_station_add() to be called multiple times, and rx_stats is allocated each time. As a result there is memory leaks. Prevent multiple allocations of rx_stats... • https://git.kernel.org/stable/c/232f962ae5fca98912a719e64b4964a5aec7c99b •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2025-38198 – fbcon: Make sure modelist not set on unregistered console
https://notcve.org/view.php?id=CVE-2025-38198
04 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: fbcon: Make sure modelist not set on unregistered console It looks like attempting to write to the "store_modes" sysfs node will run afoul of unregistered consoles: UBSAN: array-index-out-of-bounds in drivers/video/fbdev/core/fbcon.c:122:28 index -1 is out of range for type 'fb_info *[32]' ... fbcon_info_from_console+0x192/0x1a0 drivers/video/fbdev/core/fbcon.c:122 fbcon_new_modelist+0xbf/0x2d0 drivers/video/fbdev/core/fbcon.c:3048 fb_new_m... • https://git.kernel.org/stable/c/b3237d451bf3a4490cb1a76f3b7c91d9888f1c4b •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2025-38197 – platform/x86: dell_rbu: Fix list usage
https://notcve.org/view.php?id=CVE-2025-38197
04 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell_rbu: Fix list usage Pass the correct list head to list_for_each_entry*() when looping through the packet list. Without this patch, reading the packet data via sysfs will show the data incorrectly (because it starts at the wrong packet), and clearing the packet list will result in a NULL pointer dereference. In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell_rbu: Fix list usage Pass the ... • https://git.kernel.org/stable/c/d19f359fbdc6b5d49e9b9a0db27a996b28a2ded3 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38194 – jffs2: check that raw node were preallocated before writing summary
https://notcve.org/view.php?id=CVE-2025-38194
04 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: jffs2: check that raw node were preallocated before writing summary Syzkaller detected a kernel bug in jffs2_link_node_ref, caused by fault injection in jffs2_prealloc_raw_node_refs. jffs2_sum_write_sumnode doesn't check return value of jffs2_prealloc_raw_node_refs and simply lets any error propagate into jffs2_sum_write_data, which eventually calls jffs2_link_node_ref in order to link the summary to an expectedly allocated node. kernel BUG... • https://git.kernel.org/stable/c/2f785402f39b96a077b6e62bf26164bfb8e0c980 •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2025-38193 – net_sched: sch_sfq: reject invalid perturb period
https://notcve.org/view.php?id=CVE-2025-38193
04 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: net_sched: sch_sfq: reject invalid perturb period Gerrard Tai reported that SFQ perturb_period has no range check yet, and this can be used to trigger a race condition fixed in a separate patch. We want to make sure ctl->perturb_period * HZ will not overflow and is positive. tc qd add dev lo root sfq perturb -10 # negative value : error Error: sch_sfq: invalid perturb period. tc qd add dev lo root sfq perturb 1000000000 # too big : error Er... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •