CVSS: -EPSS: %CPEs: 6EXPL: 0CVE-2025-38151 – RDMA/cma: Fix hang when cma_netevent_callback fails to queue_work
https://notcve.org/view.php?id=CVE-2025-38151
03 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: RDMA/cma: Fix hang when cma_netevent_callback fails to queue_work The cited commit fixed a crash when cma_netevent_callback was called for a cma_id while work on that id from a previous call had not yet started. The work item was re-initialized in the second call, which corrupted the work item currently in the work queue. However, it left a problem when queue_work fails (because the item is still pending in the work queue from a previous ca... • https://git.kernel.org/stable/c/51003b2c872c63d28bcf5fbcc52cf7b05615f7b7 •
CVSS: -EPSS: %CPEs: 4EXPL: 0CVE-2025-38149 – net: phy: clear phydev->devlink when the link is deleted
https://notcve.org/view.php?id=CVE-2025-38149
03 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: net: phy: clear phydev->devlink when the link is deleted There is a potential crash issue when disabling and re-enabling the network port. When disabling the network port, phy_detach() calls device_link_del() to remove the device link, but it does not clear phydev->devlink, so phydev->devlink is not a NULL pointer. Then the network port is re-enabled, but if phy_attach_direct() fails before calling device_link_add(), the code jumps to the "... • https://git.kernel.org/stable/c/bc66fa87d4fda9053a8145e5718fc278c2b88253 •
CVSS: -EPSS: %CPEs: 5EXPL: 0CVE-2025-38148 – net: phy: mscc: Fix memory leak when using one step timestamping
https://notcve.org/view.php?id=CVE-2025-38148
03 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: net: phy: mscc: Fix memory leak when using one step timestamping Fix memory leak when running one-step timestamping. When running one-step sync timestamping, the HW is configured to insert the TX time into the frame, so there is no reason to keep the skb anymore. As in this case the HW will never generate an interrupt to say that the frame was timestamped, then the frame will never released. Fix this by freeing the frame in case of one-step... • https://git.kernel.org/stable/c/7d272e63e0979d38a6256108adbe462d621c26c5 •
CVSS: -EPSS: %CPEs: 8EXPL: 0CVE-2025-38147 – calipso: Don't call calipso functions for AF_INET sk.
https://notcve.org/view.php?id=CVE-2025-38147
03 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: calipso: Don't call calipso functions for AF_INET sk. syzkaller reported a null-ptr-deref in txopt_get(). [0] The offset 0x70 was of struct ipv6_txoptions in struct ipv6_pinfo, so struct ipv6_pinfo was NULL there. However, this never happens for IPv6 sockets as inet_sk(sk)->pinet6 is always set in inet6_create(), meaning the socket was not IPv6 one. The root cause is missing validation in netlbl_conn_setattr(). netlbl_conn_setattr() switche... • https://git.kernel.org/stable/c/ceba1832b1b2da0149c51de62a847c00bca1677a •
CVSS: -EPSS: %CPEs: 7EXPL: 0CVE-2025-38146 – net: openvswitch: Fix the dead loop of MPLS parse
https://notcve.org/view.php?id=CVE-2025-38146
03 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: Fix the dead loop of MPLS parse The unexpected MPLS packet may not end with the bottom label stack. When there are many stacks, The label count value has wrapped around. A dead loop occurs, soft lockup/CPU stuck finally. stack backtrace: UBSAN: array-index-out-of-bounds in /build/linux-0Pa0xK/linux-5.15.0/net/openvswitch/flow.c:662:26 index -1 is out of range for type '__be32 [3]' CPU: 34 PID: 0 Comm: swapper/34 Kdump: loa... • https://git.kernel.org/stable/c/fbdcdd78da7c95f1b970d371e1b23cbd3aa990f3 •
CVSS: -EPSS: %CPEs: 8EXPL: 0CVE-2025-38145 – soc: aspeed: Add NULL check in aspeed_lpc_enable_snoop()
https://notcve.org/view.php?id=CVE-2025-38145
03 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: soc: aspeed: Add NULL check in aspeed_lpc_enable_snoop() devm_kasprintf() returns NULL when memory allocation fails. Currently, aspeed_lpc_enable_snoop() does not check for this case, which results in a NULL pointer dereference. Add NULL check after devm_kasprintf() to prevent this issue. [arj: Fix Fixes: tag to use subject from 3772e5da4454] • https://git.kernel.org/stable/c/3772e5da445420543b25825ac2b5971f3743f6e8 •
CVSS: -EPSS: %CPEs: 7EXPL: 0CVE-2025-38143 – backlight: pm8941: Add NULL check in wled_configure()
https://notcve.org/view.php?id=CVE-2025-38143
03 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: backlight: pm8941: Add NULL check in wled_configure() devm_kasprintf() returns NULL when memory allocation fails. Currently, wled_configure() does not check for this case, which results in a NULL pointer dereference. Add NULL check after devm_kasprintf() to prevent this issue. • https://git.kernel.org/stable/c/f86b77583d88c8402e8d89a339d96f847318f8a8 •
CVSS: -EPSS: %CPEs: 5EXPL: 0CVE-2025-38142 – hwmon: (asus-ec-sensors) check sensor index in read_string()
https://notcve.org/view.php?id=CVE-2025-38142
03 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: hwmon: (asus-ec-sensors) check sensor index in read_string() Prevent a potential invalid memory access when the requested sensor is not found. find_ec_sensor_index() may return a negative value (e.g. -ENOENT), but its result was used without checking, which could lead to undefined behavior when passed to get_sensor_info(). Add a proper check to return -EINVAL if sensor_index is negative. Found by Linux Verification Center (linuxtesting.org)... • https://git.kernel.org/stable/c/d0ddfd241e5719d696bc0b081e260db69d368668 •
CVSS: -EPSS: %CPEs: 3EXPL: 0CVE-2025-38141 – dm: fix dm_blk_report_zones
https://notcve.org/view.php?id=CVE-2025-38141
03 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: dm: fix dm_blk_report_zones If dm_get_live_table() returned NULL, dm_put_live_table() was never called. Also, it is possible that md->zone_revalidate_map will change while calling this function. Only read it once, so that we are always using the same value. Otherwise we might miss a call to dm_put_live_table(). Finally, while md->zone_revalidate_map is set and a process is calling blk_revalidate_disk_zones() to set up the zone append emulat... • https://git.kernel.org/stable/c/f211268ed1f9bdf48f06a3ead5f5d88437450579 •
CVSS: -EPSS: %CPEs: 2EXPL: 0CVE-2025-38140 – dm: limit swapping tables for devices with zone write plugs
https://notcve.org/view.php?id=CVE-2025-38140
03 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: dm: limit swapping tables for devices with zone write plugs dm_revalidate_zones() only allowed new or previously unzoned devices to call blk_revalidate_disk_zones(). If the device was already zoned, disk->nr_zones would always equal md->nr_zones, so dm_revalidate_zones() returned without doing any work. This would make the zoned settings for the device not match the new table. If the device had zone write plug resources, it could run into e... • https://git.kernel.org/stable/c/bb37d77239af25cde59693dbe3fac04dd17d7b29 •