CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38323 – net: atm: add lec_mutex
https://notcve.org/view.php?id=CVE-2025-38323
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: net: atm: add lec_mutex syzbot found its way in net/atm/lec.c, and found an error path in lecd_attach() could leave a dangling pointer in dev_lec[]. Add a mutex to protect dev_lecp[] uses from lecd_attach(), lec_vcc_attach() and lec_mcast_attach(). Following patch will use this mutex for /proc/net/atm/lec. BUG: KASAN: slab-use-after-free in lecd_attach net/atm/lec.c:751 [inline] BUG: KASAN: slab-use-after-free in lane_ioctl+0x2224/0x23e0 ne... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2025-38322 – perf/x86/intel: Fix crash in icl_update_topdown_event()
https://notcve.org/view.php?id=CVE-2025-38322
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel: Fix crash in icl_update_topdown_event() The perf_fuzzer found a hard-lockup crash on a RaptorLake machine: Oops: general protection fault, maybe for address 0xffff89aeceab400: 0000 CPU: 23 UID: 0 PID: 0 Comm: swapper/23 Tainted: [W]=WARN Hardware name: Dell Inc. Precision 9660/0VJ762 RIP: 0010:native_read_pmc+0x7/0x40 Code: cc e8 8d a9 01 00 48 89 03 5b cd cc cc cc cc 0f 1f ... RSP: 000:fffb03100273de8 EFLAGS: 00010046 .... ... • https://git.kernel.org/stable/c/f9bdf1f953392c9edd69a7f884f78c0390127029 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-38321 – smb: Log an error when close_all_cached_dirs fails
https://notcve.org/view.php?id=CVE-2025-38321
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: smb: Log an error when close_all_cached_dirs fails Under low-memory conditions, close_all_cached_dirs() can't move the dentries to a separate list to dput() them once the locks are dropped. This will result in a "Dentry still in use" error, so add an error message that makes it clear this is what happened: [ 495.281119] CIFS: VFS: \\otters.example.com\share Out of memory while dropping dentries [ 495.281595] ------------[ cut here ]--------... • https://git.kernel.org/stable/c/b8ced2b9a23a1a2c1e0ed8d0d02512e51bdf38da •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38320 – arm64/ptrace: Fix stack-out-of-bounds read in regs_get_kernel_stack_nth()
https://notcve.org/view.php?id=CVE-2025-38320
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: arm64/ptrace: Fix stack-out-of-bounds read in regs_get_kernel_stack_nth() KASAN reports a stack-out-of-bounds read in regs_get_kernel_stack_nth(). Call Trace: [ 97.283505] BUG: KASAN: stack-out-of-bounds in regs_get_kernel_stack_nth+0xa8/0xc8 [ 97.284677] Read of size 8 at addr ffff800089277c10 by task 1.sh/2550 [ 97.285732] [ 97.286067] CPU: 7 PID: 2550 Comm: 1.sh Not tainted 6.6.0+ #11 [ 97.287032] Hardware name: linux,dummy-virt (DT) [ 9... • https://git.kernel.org/stable/c/0a8ea52c3eb157dd65e224fc95b7c9c99fcba9f7 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2025-38319 – drm/amd/pp: Fix potential NULL pointer dereference in atomctrl_initialize_mc_reg_table
https://notcve.org/view.php?id=CVE-2025-38319
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/pp: Fix potential NULL pointer dereference in atomctrl_initialize_mc_reg_table The function atomctrl_initialize_mc_reg_table() and atomctrl_initialize_mc_reg_table_v2_2() does not check the return value of smu_atom_get_data_table(). If smu_atom_get_data_table() fails to retrieve vram_info, it returns NULL which is later dereferenced. In the Linux kernel, the following vulnerability has been resolved: drm/amd/pp: Fix potential NULL p... • https://git.kernel.org/stable/c/b3892e2bb519fe18225d0628f0dd255761f16502 •
CVSS: 6.4EPSS: 0%CPEs: 3EXPL: 0CVE-2025-38318 – perf: arm-ni: Fix missing platform_set_drvdata()
https://notcve.org/view.php?id=CVE-2025-38318
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: perf: arm-ni: Fix missing platform_set_drvdata() Add missing platform_set_drvdata in arm_ni_probe(), otherwise calling platform_get_drvdata() in remove returns NULL. In the Linux kernel, the following vulnerability has been resolved: perf: arm-ni: Fix missing platform_set_drvdata() Add missing platform_set_drvdata in arm_ni_probe(), otherwise calling platform_get_drvdata() in remove returns NULL. • https://git.kernel.org/stable/c/4d5a7680f2b4d0c2955e1d9f9a594b050d637436 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-38317 – wifi: ath12k: Fix buffer overflow in debugfs
https://notcve.org/view.php?id=CVE-2025-38317
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Fix buffer overflow in debugfs If the user tries to write more than 32 bytes then it results in memory corruption. Fortunately, this is debugfs so it's limited to root users. In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Fix buffer overflow in debugfs If the user tries to write more than 32 bytes then it results in memory corruption. Fortunately, this is debugfs so it's limited to root users... • https://git.kernel.org/stable/c/3f73c24f28b317f22df7870c25ff82f1d625c6c2 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-38315 – Bluetooth: btintel: Check dsbr size from EFI variable
https://notcve.org/view.php?id=CVE-2025-38315
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btintel: Check dsbr size from EFI variable Since the size of struct btintel_dsbr is already known, we can just start there instead of querying the EFI variable size. If the final result doesn't match what we expect also fail. This fixes a stack buffer overflow when the EFI variable is larger than struct btintel_dsbr. In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btintel: Check dsbr size from EFI v... • https://git.kernel.org/stable/c/eb9e749c0182affafadfbe5ded4503c4b5a9b57c •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38313 – bus: fsl-mc: fix double-free on mc_dev
https://notcve.org/view.php?id=CVE-2025-38313
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: bus: fsl-mc: fix double-free on mc_dev The blamed commit tried to simplify how the deallocations are done but, in the process, introduced a double-free on the mc_dev variable. In case the MC device is a DPRC, a new mc_bus is allocated and the mc_dev variable is just a reference to one of its fields. In this circumstance, on the error path only the mc_bus should be freed. This commit introduces back the following checkpatch warning which is ... • https://git.kernel.org/stable/c/a042fbed02904493ae6df26ec836045f5a7d3ce2 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38312 – fbdev: core: fbcvt: avoid division by 0 in fb_cvt_hperiod()
https://notcve.org/view.php?id=CVE-2025-38312
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: fbdev: core: fbcvt: avoid division by 0 in fb_cvt_hperiod() In fb_find_mode_cvt(), iff mode->refresh somehow happens to be 0x80000000, cvt.f_refresh will become 0 when multiplying it by 2 due to overflow. It's then passed to fb_cvt_hperiod(), where it's used as a divider -- division by 0 will result in kernel oops. Add a sanity check for cvt.f_refresh to avoid such overflow... Found by Linux Verification Center (linuxtesting.org) with the S... • https://git.kernel.org/stable/c/96fe6a2109db29cd15b90a093c16e6cb4b19371a •