CVSS: -EPSS: %CPEs: 6EXPL: 0CVE-2025-38583 – clk: xilinx: vcu: unregister pll_post only if registered correctly
https://notcve.org/view.php?id=CVE-2025-38583
19 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: clk: xilinx: vcu: unregister pll_post only if registered correctly If registration of pll_post is failed, it will be set to NULL or ERR, unregistering same will fail with following call trace: Unable to handle kernel NULL pointer dereference at virtual address 008 pc : clk_hw_unregister+0xc/0x20 lr : clk_hw_unregister_fixed_factor+0x18/0x30 sp : ffff800011923850 ... Call trace: clk_hw_unregister+0xc/0x20 clk_hw_unregister_fixed_factor+0x18/... • https://git.kernel.org/stable/c/4472e1849db7f719bbf625890096e0269b5849fe •
CVSS: -EPSS: %CPEs: 8EXPL: 0CVE-2025-38582 – RDMA/hns: Fix double destruction of rsv_qp
https://notcve.org/view.php?id=CVE-2025-38582
19 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix double destruction of rsv_qp rsv_qp may be double destroyed in error flow, first in free_mr_init(), and then in hns_roce_exit(). Fix it by moving the free_mr_init() call into hns_roce_v2_init(). list_del corruption, ffff589732eb9b50->next is LIST_POISON1 (dead000000000100) WARNING: CPU: 8 PID: 1047115 at lib/list_debug.c:53 __list_del_entry_valid+0x148/0x240 ... Call trace: __list_del_entry_valid+0x148/0x240 hns_roce_qp_remove... • https://git.kernel.org/stable/c/fd8489294dd2beefb70f12ec4f6132aeec61a4d0 •
CVSS: -EPSS: %CPEs: 6EXPL: 0CVE-2025-38581 – crypto: ccp - Fix crash when rebind ccp device for ccp.ko
https://notcve.org/view.php?id=CVE-2025-38581
19 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: crypto: ccp - Fix crash when rebind ccp device for ccp.ko When CONFIG_CRYPTO_DEV_CCP_DEBUGFS is enabled, rebinding the ccp device causes the following crash: $ echo '0000:0a:00.2' > /sys/bus/pci/drivers/ccp/unbind $ echo '0000:0a:00.2' > /sys/bus/pci/drivers/ccp/bind [ 204.976930] BUG: kernel NULL pointer dereference, address: 0000000000000098 [ 204.978026] #PF: supervisor write access in kernel mode [ 204.979126] #PF: error_code(0x0002) - ... • https://git.kernel.org/stable/c/3cdbe346ed3f380eae1cb3e9febfe703e7d8a7b0 •
CVSS: -EPSS: %CPEs: 6EXPL: 0CVE-2025-38579 – f2fs: fix KMSAN uninit-value in extent_info usage
https://notcve.org/view.php?id=CVE-2025-38579
19 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix KMSAN uninit-value in extent_info usage KMSAN reported a use of uninitialized value in `__is_extent_mergeable()` and `__is_back_mergeable()` via the read extent tree path. The root cause is that `get_read_extent_info()` only initializes three fields (`fofs`, `blk`, `len`) of `struct extent_info`, leaving the remaining fields uninitialized. This leads to undefined behavior when those fields are accessed later, especially during ext... • https://git.kernel.org/stable/c/94afd6d6e5253179c9b891d02081cc8355a11768 •
CVSS: -EPSS: %CPEs: 6EXPL: 0CVE-2025-38578 – f2fs: fix to avoid UAF in f2fs_sync_inode_meta()
https://notcve.org/view.php?id=CVE-2025-38578
19 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid UAF in f2fs_sync_inode_meta() syzbot reported an UAF issue as below: [1] [2] [1] https://syzkaller.appspot.com/text?tag=CrashReport&x=16594c60580000 ================================================================== BUG: KASAN: use-after-free in __list_del_entry_valid+0xa6/0x130 lib/list_debug.c:62 Read of size 8 at addr ffff888100567dc8 by task kworker/u4:0/8 CPU: 1 PID: 8 Comm: kworker/u4:0 Tainted: G W 6.1.129-syzkalle... • https://git.kernel.org/stable/c/0f18b462b2e5aff64b8638e8a47284b907351ef3 •
CVSS: -EPSS: %CPEs: 6EXPL: 0CVE-2025-38577 – f2fs: fix to avoid panic in f2fs_evict_inode
https://notcve.org/view.php?id=CVE-2025-38577
19 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid panic in f2fs_evict_inode As syzbot [1] reported as below: R10: 0000000000000100 R11: 0000000000000206 R12: 00007ffe17473450 R13: 00007f28b1c10854 R14: 000000000000dae5 R15: 00007ffe17474520 ---[ end trace 0000000000000000 ]--- ================================================================== BUG: KASAN: use-after-free in __list_del_entry_valid+0xa6/0x130 lib/list_debug.c:62 Read of size 8 at addr ffff88812d96227... • https://git.kernel.org/stable/c/0f18b462b2e5aff64b8638e8a47284b907351ef3 •
CVSS: -EPSS: %CPEs: 6EXPL: 0CVE-2025-38576 – powerpc/eeh: Make EEH driver device hotplug safe
https://notcve.org/view.php?id=CVE-2025-38576
19 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: powerpc/eeh: Make EEH driver device hotplug safe Multiple race conditions existed between the PCIe hotplug driver and the EEH driver, leading to a variety of kernel oopses of the same general nature:
CVSS: -EPSS: %CPEs: 6EXPL: 0CVE-2025-38574 – pptp: ensure minimal skb length in pptp_xmit()
https://notcve.org/view.php?id=CVE-2025-38574
19 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: pptp: ensure minimal skb length in pptp_xmit() Commit aabc6596ffb3 ("net: ppp: Add bound checking for skb data on ppp_sync_txmung") fixed ppp_sync_txmunge() We need a similar fix in pptp_xmit(), otherwise we might read uninit data as reported by syzbot. BUG: KMSAN: uninit-value in pptp_xmit+0xc34/0x2720 drivers/net/ppp/pptp.c:193 pptp_xmit+0xc34/0x2720 drivers/net/ppp/pptp.c:193 ppp_channel_bridge_input drivers/net/ppp/ppp_generic.c:2290 [i... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: -EPSS: %CPEs: 6EXPL: 0CVE-2025-38572 – ipv6: reject malicious packets in ipv6_gso_segment()
https://notcve.org/view.php?id=CVE-2025-38572
19 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: ipv6: reject malicious packets in ipv6_gso_segment() syzbot was able to craft a packet with very long IPv6 extension headers leading to an overflow of skb->transport_header. This 16bit field has a limited range. Add skb_reset_transport_header_careful() helper and use it from ipv6_gso_segment() WARNING: CPU: 0 PID: 5871 at ./include/linux/skbuff.h:3032 skb_reset_transport_header include/linux/skbuff.h:3032 [inline] WARNING: CPU: 0 PID: 5871 ... • https://git.kernel.org/stable/c/d1da932ed4ecad2a14cbcc01ed589d617d0f0f09 •
CVSS: -EPSS: %CPEs: 5EXPL: 0CVE-2025-38571 – sunrpc: fix client side handling of tls alerts
https://notcve.org/view.php?id=CVE-2025-38571
19 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix client side handling of tls alerts A security exploit was discovered in NFS over TLS in tls_alert_recv due to its assumption that there is valid data in the msghdr's iterator's kvec. Instead, this patch proposes the rework how control messages are setup and used by sock_recvmsg(). If no control message structure is setup, kTLS layer will read and process TLS data record types. As soon as it encounters a TLS control message, it w... • https://git.kernel.org/stable/c/dea034b963c8901bdcc3d3880c04f0d75c95112f •