CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2025-38583 – clk: xilinx: vcu: unregister pll_post only if registered correctly
https://notcve.org/view.php?id=CVE-2025-38583
19 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: clk: xilinx: vcu: unregister pll_post only if registered correctly If registration of pll_post is failed, it will be set to NULL or ERR, unregistering same will fail with following call trace: Unable to handle kernel NULL pointer dereference at virtual address 008 pc : clk_hw_unregister+0xc/0x20 lr : clk_hw_unregister_fixed_factor+0x18/0x30 sp : ffff800011923850 ... Call trace: clk_hw_unregister+0xc/0x20 clk_hw_unregister_fixed_factor+0x18/... • https://git.kernel.org/stable/c/4472e1849db7f719bbf625890096e0269b5849fe •
CVSS: 7.2EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38582 – RDMA/hns: Fix double destruction of rsv_qp
https://notcve.org/view.php?id=CVE-2025-38582
19 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix double destruction of rsv_qp rsv_qp may be double destroyed in error flow, first in free_mr_init(), and then in hns_roce_exit(). Fix it by moving the free_mr_init() call into hns_roce_v2_init(). list_del corruption, ffff589732eb9b50->next is LIST_POISON1 (dead000000000100) WARNING: CPU: 8 PID: 1047115 at lib/list_debug.c:53 __list_del_entry_valid+0x148/0x240 ... Call trace: __list_del_entry_valid+0x148/0x240 hns_roce_qp_remove... • https://git.kernel.org/stable/c/fd8489294dd2beefb70f12ec4f6132aeec61a4d0 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2025-38581 – crypto: ccp - Fix crash when rebind ccp device for ccp.ko
https://notcve.org/view.php?id=CVE-2025-38581
19 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: crypto: ccp - Fix crash when rebind ccp device for ccp.ko When CONFIG_CRYPTO_DEV_CCP_DEBUGFS is enabled, rebinding the ccp device causes the following crash: $ echo '0000:0a:00.2' > /sys/bus/pci/drivers/ccp/unbind $ echo '0000:0a:00.2' > /sys/bus/pci/drivers/ccp/bind [ 204.976930] BUG: kernel NULL pointer dereference, address: 0000000000000098 [ 204.978026] #PF: supervisor write access in kernel mode [ 204.979126] #PF: error_code(0x0002) - ... • https://git.kernel.org/stable/c/3cdbe346ed3f380eae1cb3e9febfe703e7d8a7b0 •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2025-38579 – f2fs: fix KMSAN uninit-value in extent_info usage
https://notcve.org/view.php?id=CVE-2025-38579
19 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix KMSAN uninit-value in extent_info usage KMSAN reported a use of uninitialized value in `__is_extent_mergeable()` and `__is_back_mergeable()` via the read extent tree path. The root cause is that `get_read_extent_info()` only initializes three fields (`fofs`, `blk`, `len`) of `struct extent_info`, leaving the remaining fields uninitialized. This leads to undefined behavior when those fields are accessed later, especially during ext... • https://git.kernel.org/stable/c/94afd6d6e5253179c9b891d02081cc8355a11768 •
CVSS: 7.3EPSS: 0%CPEs: 6EXPL: 0CVE-2025-38578 – f2fs: fix to avoid UAF in f2fs_sync_inode_meta()
https://notcve.org/view.php?id=CVE-2025-38578
19 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid UAF in f2fs_sync_inode_meta() syzbot reported an UAF issue as below: [1] [2] [1] https://syzkaller.appspot.com/text?tag=CrashReport&x=16594c60580000 ================================================================== BUG: KASAN: use-after-free in __list_del_entry_valid+0xa6/0x130 lib/list_debug.c:62 Read of size 8 at addr ffff888100567dc8 by task kworker/u4:0/8 CPU: 1 PID: 8 Comm: kworker/u4:0 Tainted: G W 6.1.129-syzkalle... • https://git.kernel.org/stable/c/0f18b462b2e5aff64b8638e8a47284b907351ef3 •
CVSS: 6.6EPSS: 0%CPEs: 6EXPL: 0CVE-2025-38577 – f2fs: fix to avoid panic in f2fs_evict_inode
https://notcve.org/view.php?id=CVE-2025-38577
19 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid panic in f2fs_evict_inode As syzbot [1] reported as below: R10: 0000000000000100 R11: 0000000000000206 R12: 00007ffe17473450 R13: 00007f28b1c10854 R14: 000000000000dae5 R15: 00007ffe17474520 ---[ end trace 0000000000000000 ]--- ================================================================== BUG: KASAN: use-after-free in __list_del_entry_valid+0xa6/0x130 lib/list_debug.c:62 Read of size 8 at addr ffff88812d96227... • https://git.kernel.org/stable/c/0f18b462b2e5aff64b8638e8a47284b907351ef3 •
CVSS: 6.3EPSS: 0%CPEs: 6EXPL: 0CVE-2025-38576 – powerpc/eeh: Make EEH driver device hotplug safe
https://notcve.org/view.php?id=CVE-2025-38576
19 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: powerpc/eeh: Make EEH driver device hotplug safe Multiple race conditions existed between the PCIe hotplug driver and the EEH driver, leading to a variety of kernel oopses of the same general nature:
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2025-38574 – pptp: ensure minimal skb length in pptp_xmit()
https://notcve.org/view.php?id=CVE-2025-38574
19 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: pptp: ensure minimal skb length in pptp_xmit() Commit aabc6596ffb3 ("net: ppp: Add bound checking for skb data on ppp_sync_txmung") fixed ppp_sync_txmunge() We need a similar fix in pptp_xmit(), otherwise we might read uninit data as reported by syzbot. BUG: KMSAN: uninit-value in pptp_xmit+0xc34/0x2720 drivers/net/ppp/pptp.c:193 pptp_xmit+0xc34/0x2720 drivers/net/ppp/pptp.c:193 ppp_channel_bridge_input drivers/net/ppp/ppp_generic.c:2290 [i... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2025-38573 – spi: cs42l43: Property entry should be a null-terminated array
https://notcve.org/view.php?id=CVE-2025-38573
19 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: spi: cs42l43: Property entry should be a null-terminated array The software node does not specify a count of property entries, so the array must be null-terminated. When unterminated, this can lead to a fault in the downstream cs35l56 amplifier driver, because the node parse walks off the end of the array into unknown memory. In the Linux kernel, the following vulnerability has been resolved: spi: cs42l43: Property entry should be a null-te... • https://git.kernel.org/stable/c/0ca645ab5b1528666f6662a0e620140355b5aea3 •
CVSS: 6.8EPSS: 0%CPEs: 6EXPL: 0CVE-2025-38572 – ipv6: reject malicious packets in ipv6_gso_segment()
https://notcve.org/view.php?id=CVE-2025-38572
19 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: ipv6: reject malicious packets in ipv6_gso_segment() syzbot was able to craft a packet with very long IPv6 extension headers leading to an overflow of skb->transport_header. This 16bit field has a limited range. Add skb_reset_transport_header_careful() helper and use it from ipv6_gso_segment() WARNING: CPU: 0 PID: 5871 at ./include/linux/skbuff.h:3032 skb_reset_transport_header include/linux/skbuff.h:3032 [inline] WARNING: CPU: 0 PID: 5871 ... • https://git.kernel.org/stable/c/d1da932ed4ecad2a14cbcc01ed589d617d0f0f09 •