CVSS: -EPSS: %CPEs: 8EXPL: 0CVE-2025-38061 – net: pktgen: fix access outside of user given buffer in pktgen_thread_write()
https://notcve.org/view.php?id=CVE-2025-38061
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: net: pktgen: fix access outside of user given buffer in pktgen_thread_write() Honour the user given buffer size for the strn_len() calls (otherwise strn_len() will access memory outside of the user given buffer). • https://git.kernel.org/stable/c/a3d89f1cfe1e6d4bb164db2595511fd33db21900 •
CVSS: -EPSS: %CPEs: 3EXPL: 0CVE-2025-38060 – bpf: copy_verifier_state() should copy 'loop_entry' field
https://notcve.org/view.php?id=CVE-2025-38060
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: copy_verifier_state() should copy 'loop_entry' field The bpf_verifier_state.loop_entry state should be copied by copy_verifier_state(). Otherwise, .loop_entry values from unrelated states would poison env->cur_state. Additionally, env->stack should not contain any states with .loop_entry != NULL. The states in env->stack are yet to be verified, while .loop_entry is set for states that reached an equivalent state. This means that env->c... • https://git.kernel.org/stable/c/46ba5757a7a4714e7d3f68cfe118208822cb3d78 •
CVSS: -EPSS: %CPEs: 4EXPL: 0CVE-2025-38059 – btrfs: avoid NULL pointer dereference if no valid csum tree
https://notcve.org/view.php?id=CVE-2025-38059
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: avoid NULL pointer dereference if no valid csum tree [BUG] When trying read-only scrub on a btrfs with rescue=idatacsums mount option, it will crash with the following call trace: BUG: kernel NULL pointer dereference, address: 0000000000000208 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page CPU: 1 UID: 0 PID: 835 Comm: btrfs Tainted: G O 6.15.0-rc3-custom+ #236 PREEMPT(full) Hardware name: QEMU S... • https://git.kernel.org/stable/c/50d0de59f66cbe6d597481e099bf1c70fd07e0a9 •
CVSS: -EPSS: %CPEs: 8EXPL: 0CVE-2025-38058 – __legitimize_mnt(): check for MNT_SYNC_UMOUNT should be under mount_lock
https://notcve.org/view.php?id=CVE-2025-38058
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: __legitimize_mnt(): check for MNT_SYNC_UMOUNT should be under mount_lock ... or we risk stealing final mntput from sync umount - raising mnt_count after umount(2) has verified that victim is not busy, but before it has set MNT_SYNC_UMOUNT; in that case __legitimize_mnt() doesn't see that it's safe to quietly undo mnt_count increment and leaves dropping the reference to caller, where it'll be a full-blown mntput(). Check under mount_lock is ... • https://git.kernel.org/stable/c/628fb00195ce21a90cf9e4e3d105cd9e58f77b40 •
CVSS: -EPSS: %CPEs: 3EXPL: 0CVE-2025-38057 – espintcp: fix skb leaks
https://notcve.org/view.php?id=CVE-2025-38057
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: espintcp: fix skb leaks A few error paths are missing a kfree_skb. • https://git.kernel.org/stable/c/e27cca96cd68fa2c6814c90f9a1cfd36bb68c593 •
CVSS: -EPSS: %CPEs: 7EXPL: 0CVE-2025-38052 – net/tipc: fix slab-use-after-free Read in tipc_aead_encrypt_done
https://notcve.org/view.php?id=CVE-2025-38052
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: net/tipc: fix slab-use-after-free Read in tipc_aead_encrypt_done Syzbot reported a slab-use-after-free with the following call trace: ================================================================== BUG: KASAN: slab-use-after-free in tipc_aead_encrypt_done+0x4bd/0x510 net/tipc/crypto.c:840 Read of size 8 at addr ffff88807a733000 by task kworker/1:0/25 Call Trace: kasan_report+0xd9/0x110 mm/kasan/report.c:601 tipc_aead_encrypt_done+0x4bd/0... • https://git.kernel.org/stable/c/fc1b6d6de2208774efd2a20bf0daddb02d18b1e0 •
CVSS: -EPSS: %CPEs: 9EXPL: 0CVE-2025-38051 – smb: client: Fix use-after-free in cifs_fill_dirent
https://notcve.org/view.php?id=CVE-2025-38051
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: smb: client: Fix use-after-free in cifs_fill_dirent There is a race condition in the readdir concurrency process, which may access the rsp buffer after it has been released, triggering the following KASAN warning. ================================================================== BUG: KASAN: slab-use-after-free in cifs_fill_dirent+0xb03/0xb60 [cifs] Read of size 4 at addr ffff8880099b819c by task a.out/342975 CPU: 2 UID: 0 PID: 342975 Comm:... • https://git.kernel.org/stable/c/a364bc0b37f14ffd66c1f982af42990a9d77fa43 •
CVSS: -EPSS: %CPEs: 6EXPL: 0CVE-2025-38048 – virtio_ring: Fix data race by tagging event_triggered as racy for KCSAN
https://notcve.org/view.php?id=CVE-2025-38048
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: virtio_ring: Fix data race by tagging event_triggered as racy for KCSAN syzbot reports a data-race when accessing the event_triggered, here is the simplified stack when the issue occurred: ================================================================== BUG: KCSAN: data-race in virtqueue_disable_cb / virtqueue_enable_cb_delayed write to 0xffff8881025bc452 of 1 bytes by task 3288 on cpu 0: virtqueue_enable_cb_delayed+0x42/0x3c0 drivers/vir... • https://git.kernel.org/stable/c/02d2d6caee3abc9335cfca35f8eb4492173ae6f2 •
CVSS: -EPSS: %CPEs: 3EXPL: 0CVE-2025-38047 – x86/fred: Fix system hang during S4 resume with FRED enabled
https://notcve.org/view.php?id=CVE-2025-38047
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: x86/fred: Fix system hang during S4 resume with FRED enabled Upon a wakeup from S4, the restore kernel starts and initializes the FRED MSRs as needed from its perspective. It then loads a hibernation image, including the image kernel, and attempts to load image pages directly into their original page frames used before hibernation unless those frames are currently in use. Once all pages are moved to their original locations, it jumps to a "... • https://git.kernel.org/stable/c/c42f740a07eea4807e98d2d8febc549c957a7b49 •
CVSS: -EPSS: %CPEs: 8EXPL: 0CVE-2025-38046 – xen: Add support for XenServer 6.1 platform device
https://notcve.org/view.php?id=CVE-2025-38046
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: xen: Add support for XenServer 6.1 platform device On XenServer on Windows machine a platform device with ID 2 instead of 1 is used. This device is mainly identical to device 1 but due to some Windows update behaviour it was decided to use a device with a different ID. This causes compatibility issues with Linux which expects, if Xen is detected, to find a Xen platform device (5853:0001) otherwise code will crash due to some missing initial... • https://git.kernel.org/stable/c/baedd1ef924d2b04d6223e0e1633e2d84fee6763 •