CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-38331 – net: ethernet: cortina: Use TOE/TSO on all TCP
https://notcve.org/view.php?id=CVE-2025-38331
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: net: ethernet: cortina: Use TOE/TSO on all TCP It is desireable to push the hardware accelerator to also process non-segmented TCP frames: we pass the skb->len to the "TOE/TSO" offloader and it will handle them. Without this quirk the driver becomes unstable and lock up and and crash. I do not know exactly why, but it is probably due to the TOE (TCP offload engine) feature that is coupled with the segmentation feature - it is not possible t... • https://git.kernel.org/stable/c/4d5ae32f5e1e13f7f36d6439ec3257993b9f5b88 •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2025-38330 – firmware: cs_dsp: Fix OOB memory read access in KUnit test (ctl cache)
https://notcve.org/view.php?id=CVE-2025-38330
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: firmware: cs_dsp: Fix OOB memory read access in KUnit test (ctl cache) KASAN reported out of bounds access - cs_dsp_ctl_cache_init_multiple_offsets(). The code uses mock_coeff_template.length_bytes (4 bytes) for register value allocations. But later, this length is set to 8 bytes which causes test code failures. As fix, just remove the lenght override, keeping the original value 4 for all operations. In the Linux kernel, the following vulne... • https://git.kernel.org/stable/c/9b33a4fc500cedc1adc9c0ee01e30ffd50e5887a •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2025-38329 – firmware: cs_dsp: Fix OOB memory read access in KUnit test (wmfw info)
https://notcve.org/view.php?id=CVE-2025-38329
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: firmware: cs_dsp: Fix OOB memory read access in KUnit test (wmfw info) KASAN reported out of bounds access - cs_dsp_mock_wmfw_add_info(), because the source string length was rounded up to the allocation size. In the Linux kernel, the following vulnerability has been resolved: firmware: cs_dsp: Fix OOB memory read access in KUnit test (wmfw info) KASAN reported out of bounds access - cs_dsp_mock_wmfw_add_info(), because the source string le... • https://git.kernel.org/stable/c/5cf1b7b471803f7cc654a29ee16cb085ad69c097 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38328 – jffs2: check jffs2_prealloc_raw_node_refs() result in few other places
https://notcve.org/view.php?id=CVE-2025-38328
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: jffs2: check jffs2_prealloc_raw_node_refs() result in few other places Fuzzing hit another invalid pointer dereference due to the lack of checking whether jffs2_prealloc_raw_node_refs() completed successfully. Subsequent logic implies that the node refs have been allocated. Handle that. The code is ready for propagating the error upwards. KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f] CPU: 1 PID: 5835 Comm: syz-execu... • https://git.kernel.org/stable/c/2f785402f39b96a077b6e62bf26164bfb8e0c980 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-38327 – fgraph: Do not enable function_graph tracer when setting funcgraph-args
https://notcve.org/view.php?id=CVE-2025-38327
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: fgraph: Do not enable function_graph tracer when setting funcgraph-args When setting the funcgraph-args option when function graph tracer is net enabled, it incorrectly enables it. Worse, it unregisters itself when it was never registered. Then when it gets enabled again, it will register itself a second time causing a WARNing. ~# echo 1 > /sys/kernel/tracing/options/funcgraph-args ~# head -20 /sys/kernel/tracing/trace # tracer: nop # # ent... • https://git.kernel.org/stable/c/c7a60a733c373eed0094774c141bf2934237e7ff •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38326 – aoe: clean device rq_list in aoedev_downdev()
https://notcve.org/view.php?id=CVE-2025-38326
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: aoe: clean device rq_list in aoedev_downdev() An aoe device's rq_list contains accepted block requests that are waiting to be transmitted to the aoe target. This queue was added as part of the conversion to blk_mq. However, the queue was not cleaned out when an aoe device is downed which caused blk_mq_freeze_queue() to sleep indefinitely waiting for those requests to complete, causing a hang. This fix cleans out the queue before calling blk... • https://git.kernel.org/stable/c/3582dd291788e9441c3ba9047e55089edb98da5c •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-38325 – ksmbd: add free_transport ops in ksmbd connection
https://notcve.org/view.php?id=CVE-2025-38325
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: add free_transport ops in ksmbd connection free_transport function for tcp connection can be called from smbdirect. It will cause kernel oops. This patch add free_transport ops in ksmbd connection, and add each free_transports for tcp and smbdirect. In the Linux kernel, the following vulnerability has been resolved: ksmbd: add free_transport ops in ksmbd connection free_transport function for tcp connection can be called from smbdire... • https://git.kernel.org/stable/c/1aec4d14cf81b7b3e7b69eb1cfa94144eed7138e •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38324 – mpls: Use rcu_dereference_rtnl() in mpls_route_input_rcu().
https://notcve.org/view.php?id=CVE-2025-38324
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: mpls: Use rcu_dereference_rtnl() in mpls_route_input_rcu(). As syzbot reported [0], mpls_route_input_rcu() can be called from mpls_getroute(), where is under RTNL. net->mpls.platform_label is only updated under RTNL. Let's use rcu_dereference_rtnl() in mpls_route_input_rcu() to silence the splat. [0]: WARNING: suspicious RCU usage 6.15.0-rc7-syzkaller-00082-g5cdb2c77c4c3 #0 Not tainted ---------------------------- net/mpls/af_mpls.c:84 susp... • https://git.kernel.org/stable/c/0189197f441602acdca3f97750d392a895b778fd •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38323 – net: atm: add lec_mutex
https://notcve.org/view.php?id=CVE-2025-38323
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: net: atm: add lec_mutex syzbot found its way in net/atm/lec.c, and found an error path in lecd_attach() could leave a dangling pointer in dev_lec[]. Add a mutex to protect dev_lecp[] uses from lecd_attach(), lec_vcc_attach() and lec_mcast_attach(). Following patch will use this mutex for /proc/net/atm/lec. BUG: KASAN: slab-use-after-free in lecd_attach net/atm/lec.c:751 [inline] BUG: KASAN: slab-use-after-free in lane_ioctl+0x2224/0x23e0 ne... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2025-38322 – perf/x86/intel: Fix crash in icl_update_topdown_event()
https://notcve.org/view.php?id=CVE-2025-38322
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel: Fix crash in icl_update_topdown_event() The perf_fuzzer found a hard-lockup crash on a RaptorLake machine: Oops: general protection fault, maybe for address 0xffff89aeceab400: 0000 CPU: 23 UID: 0 PID: 0 Comm: swapper/23 Tainted: [W]=WARN Hardware name: Dell Inc. Precision 9660/0VJ762 RIP: 0010:native_read_pmc+0x7/0x40 Code: cc e8 8d a9 01 00 48 89 03 5b cd cc cc cc cc 0f 1f ... RSP: 000:fffb03100273de8 EFLAGS: 00010046 .... ... • https://git.kernel.org/stable/c/f9bdf1f953392c9edd69a7f884f78c0390127029 •