CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38445 – md/raid1: Fix stack memory use after return in raid1_reshape
https://notcve.org/view.php?id=CVE-2025-38445
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: md/raid1: Fix stack memory use after return in raid1_reshape In the raid1_reshape function, newpool is allocated on the stack and assigned to conf->r1bio_pool. This results in conf->r1bio_pool.wait.head pointing to a stack address. Accessing this address later can lead to a kernel panic. Example access path: raid1_reshape() { // newpool is on the stack mempool_t newpool, oldpool; // initialize newpool.wait.head to stack address mempool_init... • https://git.kernel.org/stable/c/afeee514ce7f4cab605beedd03be71ebaf0c5fc8 •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2025-38444 – raid10: cleanup memleak at raid10_make_request
https://notcve.org/view.php?id=CVE-2025-38444
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: raid10: cleanup memleak at raid10_make_request If raid10_read_request or raid10_write_request registers a new request and the REQ_NOWAIT flag is set, the code does not free the malloc from the mempool. unreferenced object 0xffff8884802c3200 (size 192): comm "fio", pid 9197, jiffies 4298078271 hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 88 41 02 00 00 00 00 00 .........A...... 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ............. • https://git.kernel.org/stable/c/39db562b3fedb93978a7e42dd216b306740959f8 •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2025-38443 – nbd: fix uaf in nbd_genl_connect() error path
https://notcve.org/view.php?id=CVE-2025-38443
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: nbd: fix uaf in nbd_genl_connect() error path There is a use-after-free issue in nbd: block nbd6: Receive control failed (result -104) block nbd6: shutting down sockets ================================================================== BUG: KASAN: slab-use-after-free in recv_work+0x694/0xa80 drivers/block/nbd.c:1022 Write of size 4 at addr ffff8880295de478 by task kworker/u33:0/67 CPU: 2 UID: 0 PID: 67 Comm: kworker/u33:0 Not tainted 6.15.0... • https://git.kernel.org/stable/c/6497ef8df568afbf5f3e38825a4590ff41611a54 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2025-38441 – netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto()
https://notcve.org/view.php?id=CVE-2025-38441
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto() syzbot found a potential access to uninit-value in nf_flow_pppoe_proto() Blamed commit forgot the Ethernet header. BUG: KMSAN: uninit-value in nf_flow_offload_inet_hook+0x7e4/0x940 net/netfilter/nf_flow_table_inet.c:27 nf_flow_offload_inet_hook+0x7e4/0x940 net/netfilter/nf_flow_table_inet.c:27 nf_hook_entry_hookfn include/linux/netfilter.h:157 [inline] nf_hook_slow+0... • https://git.kernel.org/stable/c/d06977b9a4109f8738bb276125eb6a0b772bc433 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2025-38440 – net/mlx5e: Fix race between DIM disable and net_dim()
https://notcve.org/view.php?id=CVE-2025-38440
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix race between DIM disable and net_dim() There's a race between disabling DIM and NAPI callbacks using the dim pointer on the RQ or SQ. If NAPI checks the DIM state bit and sees it still set, it assumes `rq->dim` or `sq->dim` is valid. But if DIM gets disabled right after that check, the pointer might already be set to NULL, leading to a NULL pointer dereference in net_dim(). Fix this by calling `synchronize_net()` before freei... • https://git.kernel.org/stable/c/445a25f6e1a2f6a132b06af6ede4f3c9b5f9af68 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38439 – bnxt_en: Set DMA unmap len correctly for XDP_REDIRECT
https://notcve.org/view.php?id=CVE-2025-38439
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Set DMA unmap len correctly for XDP_REDIRECT When transmitting an XDP_REDIRECT packet, call dma_unmap_len_set() with the proper length instead of 0. This bug triggers this warning on a system with IOMMU enabled: WARNING: CPU: 36 PID: 0 at drivers/iommu/dma-iommu.c:842 __iommu_dma_unmap+0x159/0x170 RIP: 0010:__iommu_dma_unmap+0x159/0x170 Code: a8 00 00 00 00 48 c7 45 b0 00 00 00 00 48 c7 45 c8 00 00 00 00 48 c7 45 a0 ff ff ff ff 4c ... • https://git.kernel.org/stable/c/f18c2b77b2e4eec2313d519ba125bd6a069513cf •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2025-38438 – ASoC: SOF: Intel: hda: Use devm_kstrdup() to avoid memleak.
https://notcve.org/view.php?id=CVE-2025-38438
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Intel: hda: Use devm_kstrdup() to avoid memleak. sof_pdata->tplg_filename can have address allocated by kstrdup() and can be overwritten. Memory leak was detected with kmemleak: unreferenced object 0xffff88812391ff60 (size 16): comm "kworker/4:1", pid 161, jiffies 4294802931 hex dump (first 16 bytes): 73 6f 66 2d 68 64 61 2d 67 65 6e 65 72 69 63 00 sof-hda-generic. backtrace (crc 4bf1675c): __kmalloc_node_track_caller_noprof+0x49... • https://git.kernel.org/stable/c/68397fda2caa90e99a7c0bcb2cf604e42ef3b91f •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2025-38437 – ksmbd: fix potential use-after-free in oplock/lease break ack
https://notcve.org/view.php?id=CVE-2025-38437
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix potential use-after-free in oplock/lease break ack If ksmbd_iov_pin_rsp return error, use-after-free can happen by accessing opinfo->state and opinfo_put and ksmbd_fd_put could called twice. • https://git.kernel.org/stable/c/e38ec88a2b42c494601b1213816d75f0b54d9bf0 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2025-38436 – drm/scheduler: signal scheduled fence when kill job
https://notcve.org/view.php?id=CVE-2025-38436
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/scheduler: signal scheduled fence when kill job When an entity from application B is killed, drm_sched_entity_kill() removes all jobs belonging to that entity through drm_sched_entity_kill_jobs_work(). If application A's job depends on a scheduled fence from application B's job, and that fence is not properly signaled during the killing process, application A's dependency cannot be cleared. This leads to application A hanging indefinite... • https://git.kernel.org/stable/c/c5734f9bab6f0d40577ad0633af4090a5fda2407 •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2025-38434 – Revert "riscv: Define TASK_SIZE_MAX for __access_ok()"
https://notcve.org/view.php?id=CVE-2025-38434
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: Revert "riscv: Define TASK_SIZE_MAX for __access_ok()" This reverts commit ad5643cf2f69 ("riscv: Define TASK_SIZE_MAX for __access_ok()"). This commit changes TASK_SIZE_MAX to be LONG_MAX to optimize access_ok(), because the previous TASK_SIZE_MAX (default to TASK_SIZE) requires some computation. The reasoning was that all user addresses are less than LONG_MAX, and all kernel addresses are greater than LONG_MAX. Therefore access_ok() can fi... • https://git.kernel.org/stable/c/ad5643cf2f699989daa85d909403febd6712fccb •