CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38328 – jffs2: check jffs2_prealloc_raw_node_refs() result in few other places
https://notcve.org/view.php?id=CVE-2025-38328
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: jffs2: check jffs2_prealloc_raw_node_refs() result in few other places Fuzzing hit another invalid pointer dereference due to the lack of checking whether jffs2_prealloc_raw_node_refs() completed successfully. Subsequent logic implies that the node refs have been allocated. Handle that. The code is ready for propagating the error upwards. KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f] CPU: 1 PID: 5835 Comm: syz-execu... • https://git.kernel.org/stable/c/2f785402f39b96a077b6e62bf26164bfb8e0c980 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38326 – aoe: clean device rq_list in aoedev_downdev()
https://notcve.org/view.php?id=CVE-2025-38326
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: aoe: clean device rq_list in aoedev_downdev() An aoe device's rq_list contains accepted block requests that are waiting to be transmitted to the aoe target. This queue was added as part of the conversion to blk_mq. However, the queue was not cleaned out when an aoe device is downed which caused blk_mq_freeze_queue() to sleep indefinitely waiting for those requests to complete, causing a hang. This fix cleans out the queue before calling blk... • https://git.kernel.org/stable/c/3582dd291788e9441c3ba9047e55089edb98da5c •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-38325 – ksmbd: add free_transport ops in ksmbd connection
https://notcve.org/view.php?id=CVE-2025-38325
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: add free_transport ops in ksmbd connection free_transport function for tcp connection can be called from smbdirect. It will cause kernel oops. This patch add free_transport ops in ksmbd connection, and add each free_transports for tcp and smbdirect. In the Linux kernel, the following vulnerability has been resolved: ksmbd: add free_transport ops in ksmbd connection free_transport function for tcp connection can be called from smbdire... • https://git.kernel.org/stable/c/1aec4d14cf81b7b3e7b69eb1cfa94144eed7138e •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38324 – mpls: Use rcu_dereference_rtnl() in mpls_route_input_rcu().
https://notcve.org/view.php?id=CVE-2025-38324
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: mpls: Use rcu_dereference_rtnl() in mpls_route_input_rcu(). As syzbot reported [0], mpls_route_input_rcu() can be called from mpls_getroute(), where is under RTNL. net->mpls.platform_label is only updated under RTNL. Let's use rcu_dereference_rtnl() in mpls_route_input_rcu() to silence the splat. [0]: WARNING: suspicious RCU usage 6.15.0-rc7-syzkaller-00082-g5cdb2c77c4c3 #0 Not tainted ---------------------------- net/mpls/af_mpls.c:84 susp... • https://git.kernel.org/stable/c/0189197f441602acdca3f97750d392a895b778fd •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38323 – net: atm: add lec_mutex
https://notcve.org/view.php?id=CVE-2025-38323
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: net: atm: add lec_mutex syzbot found its way in net/atm/lec.c, and found an error path in lecd_attach() could leave a dangling pointer in dev_lec[]. Add a mutex to protect dev_lecp[] uses from lecd_attach(), lec_vcc_attach() and lec_mcast_attach(). Following patch will use this mutex for /proc/net/atm/lec. BUG: KASAN: slab-use-after-free in lecd_attach net/atm/lec.c:751 [inline] BUG: KASAN: slab-use-after-free in lane_ioctl+0x2224/0x23e0 ne... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2025-38322 – perf/x86/intel: Fix crash in icl_update_topdown_event()
https://notcve.org/view.php?id=CVE-2025-38322
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel: Fix crash in icl_update_topdown_event() The perf_fuzzer found a hard-lockup crash on a RaptorLake machine: Oops: general protection fault, maybe for address 0xffff89aeceab400: 0000 CPU: 23 UID: 0 PID: 0 Comm: swapper/23 Tainted: [W]=WARN Hardware name: Dell Inc. Precision 9660/0VJ762 RIP: 0010:native_read_pmc+0x7/0x40 Code: cc e8 8d a9 01 00 48 89 03 5b cd cc cc cc cc 0f 1f ... RSP: 000:fffb03100273de8 EFLAGS: 00010046 .... ... • https://git.kernel.org/stable/c/f9bdf1f953392c9edd69a7f884f78c0390127029 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-38321 – smb: Log an error when close_all_cached_dirs fails
https://notcve.org/view.php?id=CVE-2025-38321
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: smb: Log an error when close_all_cached_dirs fails Under low-memory conditions, close_all_cached_dirs() can't move the dentries to a separate list to dput() them once the locks are dropped. This will result in a "Dentry still in use" error, so add an error message that makes it clear this is what happened: [ 495.281119] CIFS: VFS: \\otters.example.com\share Out of memory while dropping dentries [ 495.281595] ------------[ cut here ]--------... • https://git.kernel.org/stable/c/b8ced2b9a23a1a2c1e0ed8d0d02512e51bdf38da •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38320 – arm64/ptrace: Fix stack-out-of-bounds read in regs_get_kernel_stack_nth()
https://notcve.org/view.php?id=CVE-2025-38320
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: arm64/ptrace: Fix stack-out-of-bounds read in regs_get_kernel_stack_nth() KASAN reports a stack-out-of-bounds read in regs_get_kernel_stack_nth(). Call Trace: [ 97.283505] BUG: KASAN: stack-out-of-bounds in regs_get_kernel_stack_nth+0xa8/0xc8 [ 97.284677] Read of size 8 at addr ffff800089277c10 by task 1.sh/2550 [ 97.285732] [ 97.286067] CPU: 7 PID: 2550 Comm: 1.sh Not tainted 6.6.0+ #11 [ 97.287032] Hardware name: linux,dummy-virt (DT) [ 9... • https://git.kernel.org/stable/c/0a8ea52c3eb157dd65e224fc95b7c9c99fcba9f7 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2025-38319 – drm/amd/pp: Fix potential NULL pointer dereference in atomctrl_initialize_mc_reg_table
https://notcve.org/view.php?id=CVE-2025-38319
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/pp: Fix potential NULL pointer dereference in atomctrl_initialize_mc_reg_table The function atomctrl_initialize_mc_reg_table() and atomctrl_initialize_mc_reg_table_v2_2() does not check the return value of smu_atom_get_data_table(). If smu_atom_get_data_table() fails to retrieve vram_info, it returns NULL which is later dereferenced. In the Linux kernel, the following vulnerability has been resolved: drm/amd/pp: Fix potential NULL p... • https://git.kernel.org/stable/c/b3892e2bb519fe18225d0628f0dd255761f16502 •
CVSS: 6.4EPSS: 0%CPEs: 3EXPL: 0CVE-2025-38318 – perf: arm-ni: Fix missing platform_set_drvdata()
https://notcve.org/view.php?id=CVE-2025-38318
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: perf: arm-ni: Fix missing platform_set_drvdata() Add missing platform_set_drvdata in arm_ni_probe(), otherwise calling platform_get_drvdata() in remove returns NULL. In the Linux kernel, the following vulnerability has been resolved: perf: arm-ni: Fix missing platform_set_drvdata() Add missing platform_set_drvdata in arm_ni_probe(), otherwise calling platform_get_drvdata() in remove returns NULL. • https://git.kernel.org/stable/c/4d5a7680f2b4d0c2955e1d9f9a594b050d637436 •