CVSS: 5.5EPSS: %CPEs: 6EXPL: 0CVE-2025-38639 – netfilter: xt_nfacct: don't assume acct name is null-terminated
https://notcve.org/view.php?id=CVE-2025-38639
22 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: netfilter: xt_nfacct: don't assume acct name is null-terminated BUG: KASAN: slab-out-of-bounds in .. lib/vsprintf.c:721 Read of size 1 at addr ffff88801eac95c8 by task syz-executor183/5851 [..] string+0x231/0x2b0 lib/vsprintf.c:721 vsnprintf+0x739/0xf00 lib/vsprintf.c:2874 [..] nfacct_mt_checkentry+0xd2/0xe0 net/netfilter/xt_nfacct.c:41 xt_check_match+0x3d1/0xab0 net/netfilter/x_tables.c:523 nfnl_acct_find_get() handles non-null input, but ... • https://git.kernel.org/stable/c/ceb98d03eac5704820f2ac1f370c9ff385e3a9f5 •
CVSS: 7.1EPSS: %CPEs: 2EXPL: 0CVE-2025-38636 – rv: Use strings in da monitors tracepoints
https://notcve.org/view.php?id=CVE-2025-38636
22 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: rv: Use strings in da monitors tracepoints Using DA monitors tracepoints with KASAN enabled triggers the following warning: BUG: KASAN: global-out-of-bounds in do_trace_event_raw_event_event_da_monitor+0xd6/0x1a0 Read of size 32 at addr ffffffffaada8980 by task ... Call Trace:
CVSS: 5.5EPSS: %CPEs: 6EXPL: 0CVE-2025-38635 – clk: davinci: Add NULL check in davinci_lpsc_clk_register()
https://notcve.org/view.php?id=CVE-2025-38635
22 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: clk: davinci: Add NULL check in davinci_lpsc_clk_register() devm_kasprintf() returns NULL when memory allocation fails. Currently, davinci_lpsc_clk_register() does not check for this case, which results in a NULL pointer dereference. Add NULL check after devm_kasprintf() to prevent this issue and ensuring no resources are left allocated. In the Linux kernel, the following vulnerability has been resolved: clk: davinci: Add NULL check in davi... • https://git.kernel.org/stable/c/c6ed4d734bc7f731709dab0ffd69eed499dd5277 •
CVSS: 5.5EPSS: %CPEs: 6EXPL: 0CVE-2025-38634 – power: supply: cpcap-charger: Fix null check for power_supply_get_by_name
https://notcve.org/view.php?id=CVE-2025-38634
22 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: power: supply: cpcap-charger: Fix null check for power_supply_get_by_name In the cpcap_usb_detect() function, the power_supply_get_by_name() function may return `NULL` instead of an error pointer. To prevent potential null pointer dereferences, Added a null check. In the Linux kernel, the following vulnerability has been resolved: power: supply: cpcap-charger: Fix null check for power_supply_get_by_name In the cpcap_usb_detect() function, t... • https://git.kernel.org/stable/c/eab4e6d953c1059a30ac0f15826abc7dd2374d3c •
CVSS: 5.5EPSS: %CPEs: 5EXPL: 0CVE-2025-38632 – pinmux: fix race causing mux_owner NULL with active mux_usecount
https://notcve.org/view.php?id=CVE-2025-38632
22 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: pinmux: fix race causing mux_owner NULL with active mux_usecount commit 5a3e85c3c397 ("pinmux: Use sequential access to access desc->pinmux data") tried to address the issue when two client of the same gpio calls pinctrl_select_state() for the same functionality, was resulting in NULL pointer issue while accessing desc->mux_owner. However, issue was not completely fixed due to the way it was handled and it can still result in the same NULL ... • https://git.kernel.org/stable/c/2da32aed4a97ca1d70fb8b77926f72f30ce5fb4b •
CVSS: 5.5EPSS: %CPEs: 4EXPL: 0CVE-2025-38631 – clk: imx95-blk-ctl: Fix synchronous abort
https://notcve.org/view.php?id=CVE-2025-38631
22 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: clk: imx95-blk-ctl: Fix synchronous abort When enabling runtime PM for clock suppliers that also belong to a power domain, the following crash is thrown: error: synchronous external abort: 0000000096000010 [#1] PREEMPT SMP Workqueue: events_unbound deferred_probe_work_func pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : clk_mux_get_parent+0x60/0x90 lr : clk_core_reparent_orphans_nolock+0x58/0xd8 Call trace: clk_mux_get_... • https://git.kernel.org/stable/c/5224b189462ff70df328f173b71acfd925092c3c •
CVSS: 5.5EPSS: %CPEs: 6EXPL: 0CVE-2025-38630 – fbdev: imxfb: Check fb_add_videomode to prevent null-ptr-deref
https://notcve.org/view.php?id=CVE-2025-38630
22 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: fbdev: imxfb: Check fb_add_videomode to prevent null-ptr-deref fb_add_videomode() can fail with -ENOMEM when its internal kmalloc() cannot allocate a struct fb_modelist. If that happens, the modelist stays empty but the driver continues to register. Add a check for its return value to prevent poteintial null-ptr-deref, which is similar to the commit 17186f1f90d3 ("fbdev: Fix do_register_framebuffer to prevent null-ptr-deref in fb_videomode_... • https://git.kernel.org/stable/c/1b6c79361ba5ce30b40f0f7d6fc2421dc5fcbe0c •
CVSS: 6.6EPSS: %CPEs: 4EXPL: 0CVE-2025-38628 – vdpa/mlx5: Fix release of uninitialized resources on error path
https://notcve.org/view.php?id=CVE-2025-38628
22 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: vdpa/mlx5: Fix release of uninitialized resources on error path The commit in the fixes tag made sure that mlx5_vdpa_free() is the single entrypoint for removing the vdpa device resources added in mlx5_vdpa_dev_add(), even in the cleanup path of mlx5_vdpa_dev_add(). This means that all functions from mlx5_vdpa_free() should be able to handle uninitialized resources. This was not the case though: mlx5_vdpa_destroy_mr_resources() and mlx5_cmd... • https://git.kernel.org/stable/c/83e445e64f48bdae3f25013e788fcf592f142576 •
CVSS: 7.1EPSS: %CPEs: 2EXPL: 0CVE-2025-38627 – f2fs: compress: fix UAF of f2fs_inode_info in f2fs_free_dic
https://notcve.org/view.php?id=CVE-2025-38627
22 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: f2fs: compress: fix UAF of f2fs_inode_info in f2fs_free_dic The decompress_io_ctx may be released asynchronously after I/O completion. If this file is deleted immediately after read, and the kworker of processing post_read_wq has not been executed yet due to high workloads, It is possible that the inode(f2fs_inode_info) is evicted and freed before it is used f2fs_free_dic. The UAF case as below: Thread A Thread B - f2fs_decompress_end_io - ... • https://git.kernel.org/stable/c/bff139b49d9f70c1ac5384aac94554846aa834de •
CVSS: 5.5EPSS: %CPEs: 5EXPL: 0CVE-2025-38626 – f2fs: fix to trigger foreground gc during f2fs_map_blocks() in lfs mode
https://notcve.org/view.php?id=CVE-2025-38626
22 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to trigger foreground gc during f2fs_map_blocks() in lfs mode w/ "mode=lfs" mount option, generic/299 will cause system panic as below: ------------[ cut here ]------------ kernel BUG at fs/f2fs/segment.c:2835! Call Trace: