CVSS: 5.6EPSS: %CPEs: 3EXPL: 0CVE-2025-38654 – pinctrl: canaan: k230: Fix order of DT parse and pinctrl register
https://notcve.org/view.php?id=CVE-2025-38654
22 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: pinctrl: canaan: k230: Fix order of DT parse and pinctrl register Move DT parse before pinctrl register. This ensures that device tree parsing is done before calling devm_pinctrl_register() to prevent using uninitialized pin resources. In the Linux kernel, the following vulnerability has been resolved: pinctrl: canaan: k230: Fix order of DT parse and pinctrl register Move DT parse before pinctrl register. This ensures that device tree parsi... • https://git.kernel.org/stable/c/545887eab6f6776a7477fe7e83860eab57138b03 •
CVSS: 5.5EPSS: %CPEs: 6EXPL: 0CVE-2025-38653 – proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al
https://notcve.org/view.php?id=CVE-2025-38653
22 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al Check pde->proc_ops->proc_lseek directly may cause UAF in rmmod scenario. It's a gap in proc_reg_open() after commit 654b33ada4ab("proc: fix UAF in proc_get_inode()"). Followed by AI Viro's suggestion, fix it in same manner. In the Linux kernel, the following vulnerability has been resolved: proc: use the same treatment to check proc_lseek as ones for proc_rea... • https://git.kernel.org/stable/c/3f61631d47f115b83c935d0039f95cb68b0c8ab7 •
CVSS: 5.5EPSS: %CPEs: 6EXPL: 0CVE-2025-38652 – f2fs: fix to avoid out-of-boundary access in devs.path
https://notcve.org/view.php?id=CVE-2025-38652
22 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid out-of-boundary access in devs.path - touch /mnt/f2fs/012345678901234567890123456789012345678901234567890123 - truncate -s $((1024*1024*1024)) \ /mnt/f2fs/012345678901234567890123456789012345678901234567890123 - touch /mnt/f2fs/file - truncate -s $((1024*1024*1024)) /mnt/f2fs/file - mkfs.f2fs /mnt/f2fs/012345678901234567890123456789012345678901234567890123 \ -c /mnt/f2fs/file - mount /mnt/f2fs/0123456789012345678901234567... • https://git.kernel.org/stable/c/3c62be17d4f562f43fe1d03b48194399caa35aa5 •
CVSS: 7.1EPSS: %CPEs: 3EXPL: 0CVE-2025-38651 – landlock: Fix warning from KUnit tests
https://notcve.org/view.php?id=CVE-2025-38651
22 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: landlock: Fix warning from KUnit tests get_id_range() expects a positive value as first argument but get_random_u8() can return 0. Fix this by clamping it. Validated by running the test in a for loop for 1000 times. Note that MAX() is wrong as it is only supposed to be used for constants, but max() is good here. [..] ok 9 test_range2_rand1 [..] ok 10 test_range2_rand2 [..] ok 11 test_range2_rand15 [..] ------------[ cut here ]------------ [... • https://git.kernel.org/stable/c/d9d2a68ed44bbae598a81cb95e0746fa6b13b57f •
CVSS: 5.6EPSS: %CPEs: 6EXPL: 0CVE-2025-38650 – hfsplus: remove mutex_lock check in hfsplus_free_extents
https://notcve.org/view.php?id=CVE-2025-38650
22 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: hfsplus: remove mutex_lock check in hfsplus_free_extents Syzbot reported an issue in hfsplus filesystem: ------------[ cut here ]------------ WARNING: CPU: 0 PID: 4400 at fs/hfsplus/extents.c:346 hfsplus_free_extents+0x700/0xad0 Call Trace:
CVSS: 5.5EPSS: %CPEs: 3EXPL: 0CVE-2025-38649 – arm64: dts: qcom: qcs615: fix a crash issue caused by infinite loop for Coresight
https://notcve.org/view.php?id=CVE-2025-38649
22 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: arm64: dts: qcom: qcs615: fix a crash issue caused by infinite loop for Coresight An infinite loop has been created by the Coresight devices. When only a source device is enabled, the coresight_find_activated_sysfs_sink function is recursively invoked in an attempt to locate an active sink device, ultimately leading to a stack overflow and system crash. Therefore, disable the replicator1 to break the infinite loop and prevent a potential st... • https://git.kernel.org/stable/c/bf469630552a3950d0370dd5fd1f9bf0145d09d5 •
CVSS: 5.5EPSS: %CPEs: 5EXPL: 0CVE-2025-38648 – spi: stm32: Check for cfg availability in stm32_spi_probe
https://notcve.org/view.php?id=CVE-2025-38648
22 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: spi: stm32: Check for cfg availability in stm32_spi_probe The stm32_spi_probe function now includes a check to ensure that the pointer returned by of_device_get_match_data is not NULL before accessing its members. This resolves a warning where a potential NULL pointer dereference could occur when accessing cfg->has_device_mode. Before accessing the 'has_device_mode' member, we verify that 'cfg' is not NULL. If 'cfg' is NULL, an error messag... • https://git.kernel.org/stable/c/fee681646fc831b154619ac0261afedcc7e671e7 •
CVSS: 5.5EPSS: %CPEs: 2EXPL: 0CVE-2025-38647 – wifi: rtw89: sar: drop lockdep assertion in rtw89_set_sar_from_acpi
https://notcve.org/view.php?id=CVE-2025-38647
22 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: sar: drop lockdep assertion in rtw89_set_sar_from_acpi The following assertion is triggered on the rtw89 driver startup. It looks meaningless to hold wiphy lock on the early init stage so drop the assertion. WARNING: CPU: 7 PID: 629 at drivers/net/wireless/realtek/rtw89/sar.c:502 rtw89_set_sar_from_acpi+0x365/0x4d0 [rtw89_core] CPU: 7 UID: 0 PID: 629 Comm: (udev-worker) Not tainted 6.15.0+ #29 PREEMPT(lazy) Hardware name: LENOV... • https://git.kernel.org/stable/c/88ca3107d2ce06448018e0571f7c0f1b40f57b55 •
CVSS: 7.8EPSS: %CPEs: 5EXPL: 0CVE-2025-38646 – wifi: rtw89: avoid NULL dereference when RX problematic packet on unsupported 6 GHz band
https://notcve.org/view.php?id=CVE-2025-38646
22 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: avoid NULL dereference when RX problematic packet on unsupported 6 GHz band With a quite rare chance, RX report might be problematic to make SW think a packet is received on 6 GHz band even if the chip does not support 6 GHz band actually. Since SW won't initialize stuffs for unsupported bands, NULL dereference will happen then in the sequence, rtw89_vif_rx_stats_iter() -> rtw89_core_cancel_6ghz_probe_tx(). So, add a check to a... • https://git.kernel.org/stable/c/c6aa9a9c47252ac7b07ed6d10459027e2f2a2de0 •
CVSS: 5.5EPSS: %CPEs: 6EXPL: 0CVE-2025-38645 – net/mlx5: Check device memory pointer before usage
https://notcve.org/view.php?id=CVE-2025-38645
22 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Check device memory pointer before usage Add a NULL check before accessing device memory to prevent a crash if dev->dm allocation in mlx5_init_once() fails. In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Check device memory pointer before usage Add a NULL check before accessing device memory to prevent a crash if dev->dm allocation in mlx5_init_once() fails. • https://git.kernel.org/stable/c/c9b9dcb430b3cd0ad2b04c360c4e528d73430481 •