CVSS: -EPSS: %CPEs: 4EXPL: 0CVE-2025-38586 – bpf, arm64: Fix fp initialization for exception boundary
https://notcve.org/view.php?id=CVE-2025-38586
19 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf, arm64: Fix fp initialization for exception boundary In the ARM64 BPF JIT when prog->aux->exception_boundary is set for a BPF program, find_used_callee_regs() is not called because for a program acting as exception boundary, all callee saved registers are saved. find_used_callee_regs() sets `ctx->fp_used = true;` when it sees FP being used in any of the instructions. For programs acting as exception boundary, ctx->fp_used remains false ... • https://git.kernel.org/stable/c/5d4fa9ec5643a5c75d3c1e6abf50fb9284caf1ff •
CVSS: -EPSS: %CPEs: 4EXPL: 0CVE-2025-38585 – staging: media: atomisp: Fix stack buffer overflow in gmin_get_var_int()
https://notcve.org/view.php?id=CVE-2025-38585
19 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: staging: media: atomisp: Fix stack buffer overflow in gmin_get_var_int() When gmin_get_config_var() calls efi.get_variable() and the EFI variable is larger than the expected buffer size, two behaviors combine to create a stack buffer overflow: 1. gmin_get_config_var() does not return the proper error code when efi.get_variable() fails. It returns the stale 'ret' value from earlier operations instead of indicating the EFI failure. 2. When ef... • https://git.kernel.org/stable/c/38d4f74bc14847491d07bd745dc4a2c274f4987d •
CVSS: -EPSS: %CPEs: 3EXPL: 0CVE-2025-38584 – padata: Fix pd UAF once and for all
https://notcve.org/view.php?id=CVE-2025-38584
19 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: padata: Fix pd UAF once and for all There is a race condition/UAF in padata_reorder that goes back to the initial commit. A reference count is taken at the start of the process in padata_do_parallel, and released at the end in padata_serial_worker. This reference count is (and only is) required for padata_replace to function correctly. If padata_replace is never called then there is no issue. In the function padata_reorder which serves as t... • https://git.kernel.org/stable/c/16295bec6398a3eedc9377e1af6ff4c71b98c300 •
CVSS: -EPSS: %CPEs: 6EXPL: 0CVE-2025-38583 – clk: xilinx: vcu: unregister pll_post only if registered correctly
https://notcve.org/view.php?id=CVE-2025-38583
19 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: clk: xilinx: vcu: unregister pll_post only if registered correctly If registration of pll_post is failed, it will be set to NULL or ERR, unregistering same will fail with following call trace: Unable to handle kernel NULL pointer dereference at virtual address 008 pc : clk_hw_unregister+0xc/0x20 lr : clk_hw_unregister_fixed_factor+0x18/0x30 sp : ffff800011923850 ... Call trace: clk_hw_unregister+0xc/0x20 clk_hw_unregister_fixed_factor+0x18/... • https://git.kernel.org/stable/c/4472e1849db7f719bbf625890096e0269b5849fe •
CVSS: -EPSS: %CPEs: 8EXPL: 0CVE-2025-38582 – RDMA/hns: Fix double destruction of rsv_qp
https://notcve.org/view.php?id=CVE-2025-38582
19 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix double destruction of rsv_qp rsv_qp may be double destroyed in error flow, first in free_mr_init(), and then in hns_roce_exit(). Fix it by moving the free_mr_init() call into hns_roce_v2_init(). list_del corruption, ffff589732eb9b50->next is LIST_POISON1 (dead000000000100) WARNING: CPU: 8 PID: 1047115 at lib/list_debug.c:53 __list_del_entry_valid+0x148/0x240 ... Call trace: __list_del_entry_valid+0x148/0x240 hns_roce_qp_remove... • https://git.kernel.org/stable/c/fd8489294dd2beefb70f12ec4f6132aeec61a4d0 •
CVSS: -EPSS: %CPEs: 6EXPL: 0CVE-2025-38581 – crypto: ccp - Fix crash when rebind ccp device for ccp.ko
https://notcve.org/view.php?id=CVE-2025-38581
19 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: crypto: ccp - Fix crash when rebind ccp device for ccp.ko When CONFIG_CRYPTO_DEV_CCP_DEBUGFS is enabled, rebinding the ccp device causes the following crash: $ echo '0000:0a:00.2' > /sys/bus/pci/drivers/ccp/unbind $ echo '0000:0a:00.2' > /sys/bus/pci/drivers/ccp/bind [ 204.976930] BUG: kernel NULL pointer dereference, address: 0000000000000098 [ 204.978026] #PF: supervisor write access in kernel mode [ 204.979126] #PF: error_code(0x0002) - ... • https://git.kernel.org/stable/c/3cdbe346ed3f380eae1cb3e9febfe703e7d8a7b0 •
CVSS: -EPSS: %CPEs: 6EXPL: 0CVE-2025-38579 – f2fs: fix KMSAN uninit-value in extent_info usage
https://notcve.org/view.php?id=CVE-2025-38579
19 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix KMSAN uninit-value in extent_info usage KMSAN reported a use of uninitialized value in `__is_extent_mergeable()` and `__is_back_mergeable()` via the read extent tree path. The root cause is that `get_read_extent_info()` only initializes three fields (`fofs`, `blk`, `len`) of `struct extent_info`, leaving the remaining fields uninitialized. This leads to undefined behavior when those fields are accessed later, especially during ext... • https://git.kernel.org/stable/c/94afd6d6e5253179c9b891d02081cc8355a11768 •
CVSS: -EPSS: %CPEs: 6EXPL: 0CVE-2025-38578 – f2fs: fix to avoid UAF in f2fs_sync_inode_meta()
https://notcve.org/view.php?id=CVE-2025-38578
19 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid UAF in f2fs_sync_inode_meta() syzbot reported an UAF issue as below: [1] [2] [1] https://syzkaller.appspot.com/text?tag=CrashReport&x=16594c60580000 ================================================================== BUG: KASAN: use-after-free in __list_del_entry_valid+0xa6/0x130 lib/list_debug.c:62 Read of size 8 at addr ffff888100567dc8 by task kworker/u4:0/8 CPU: 1 PID: 8 Comm: kworker/u4:0 Tainted: G W 6.1.129-syzkalle... • https://git.kernel.org/stable/c/0f18b462b2e5aff64b8638e8a47284b907351ef3 •
CVSS: -EPSS: %CPEs: 6EXPL: 0CVE-2025-38577 – f2fs: fix to avoid panic in f2fs_evict_inode
https://notcve.org/view.php?id=CVE-2025-38577
19 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid panic in f2fs_evict_inode As syzbot [1] reported as below: R10: 0000000000000100 R11: 0000000000000206 R12: 00007ffe17473450 R13: 00007f28b1c10854 R14: 000000000000dae5 R15: 00007ffe17474520 ---[ end trace 0000000000000000 ]--- ================================================================== BUG: KASAN: use-after-free in __list_del_entry_valid+0xa6/0x130 lib/list_debug.c:62 Read of size 8 at addr ffff88812d96227... • https://git.kernel.org/stable/c/0f18b462b2e5aff64b8638e8a47284b907351ef3 •
CVSS: -EPSS: %CPEs: 6EXPL: 0CVE-2025-38576 – powerpc/eeh: Make EEH driver device hotplug safe
https://notcve.org/view.php?id=CVE-2025-38576
19 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: powerpc/eeh: Make EEH driver device hotplug safe Multiple race conditions existed between the PCIe hotplug driver and the EEH driver, leading to a variety of kernel oopses of the same general nature: