
CVE-2025-38634 – power: supply: cpcap-charger: Fix null check for power_supply_get_by_name
https://notcve.org/view.php?id=CVE-2025-38634
22 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: power: supply: cpcap-charger: Fix null check for power_supply_get_by_name In the cpcap_usb_detect() function, the power_supply_get_by_name() function may return `NULL` instead of an error pointer. To prevent potential null pointer dereferences, Added a null check. In the Linux kernel, the following vulnerability has been resolved: power: supply: cpcap-charger: Fix null check for power_supply_get_by_name In the cpcap_usb_detect() function, t... • https://git.kernel.org/stable/c/eab4e6d953c1059a30ac0f15826abc7dd2374d3c •

CVE-2025-38630 – fbdev: imxfb: Check fb_add_videomode to prevent null-ptr-deref
https://notcve.org/view.php?id=CVE-2025-38630
22 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: fbdev: imxfb: Check fb_add_videomode to prevent null-ptr-deref fb_add_videomode() can fail with -ENOMEM when its internal kmalloc() cannot allocate a struct fb_modelist. If that happens, the modelist stays empty but the driver continues to register. Add a check for its return value to prevent poteintial null-ptr-deref, which is similar to the commit 17186f1f90d3 ("fbdev: Fix do_register_framebuffer to prevent null-ptr-deref in fb_videomode_... • https://git.kernel.org/stable/c/1b6c79361ba5ce30b40f0f7d6fc2421dc5fcbe0c •

CVE-2025-38627 – f2fs: compress: fix UAF of f2fs_inode_info in f2fs_free_dic
https://notcve.org/view.php?id=CVE-2025-38627
22 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: f2fs: compress: fix UAF of f2fs_inode_info in f2fs_free_dic The decompress_io_ctx may be released asynchronously after I/O completion. If this file is deleted immediately after read, and the kworker of processing post_read_wq has not been executed yet due to high workloads, It is possible that the inode(f2fs_inode_info) is evicted and freed before it is used f2fs_free_dic. The UAF case as below: Thread A Thread B - f2fs_decompress_end_io - ... • https://git.kernel.org/stable/c/bff139b49d9f70c1ac5384aac94554846aa834de •

CVE-2025-38626 – f2fs: fix to trigger foreground gc during f2fs_map_blocks() in lfs mode
https://notcve.org/view.php?id=CVE-2025-38626
22 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to trigger foreground gc during f2fs_map_blocks() in lfs mode w/ "mode=lfs" mount option, generic/299 will cause system panic as below: ------------[ cut here ]------------ kernel BUG at fs/f2fs/segment.c:2835! Call Trace:

CVE-2025-38624 – PCI: pnv_php: Clean up allocated IRQs on unplug
https://notcve.org/view.php?id=CVE-2025-38624
22 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: PCI: pnv_php: Clean up allocated IRQs on unplug When the root of a nested PCIe bridge configuration is unplugged, the pnv_php driver leaked the allocated IRQ resources for the child bridges' hotplug event notifications, resulting in a panic. Fix this by walking all child buses and deallocating all its IRQ resources before calling pci_hp_remove_devices(). Also modify the lifetime of the workqueue at struct pnv_php_slot::wq so that it is only... • https://git.kernel.org/stable/c/398170b7fd0e0db2f8096df5206c75e5ff41415a •

CVE-2025-38623 – PCI: pnv_php: Fix surprise plug detection and recovery
https://notcve.org/view.php?id=CVE-2025-38623
22 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: PCI: pnv_php: Fix surprise plug detection and recovery The existing PowerNV hotplug code did not handle surprise plug events correctly, leading to a complete failure of the hotplug system after device removal and a required reboot to detect new devices. This comes down to two issues: 1) When a device is surprise removed, often the bridge upstream port will cause a PE freeze on the PHB. If this freeze is not cleared, the MSI interrupts from ... • https://git.kernel.org/stable/c/473999ba937eac9776be791deed7c84a21d7880b •

CVE-2025-38622 – net: drop UFO packets in udp_rcv_segment()
https://notcve.org/view.php?id=CVE-2025-38622
22 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: net: drop UFO packets in udp_rcv_segment() When sending a packet with virtio_net_hdr to tun device, if the gso_type in virtio_net_hdr is SKB_GSO_UDP and the gso_size is less than udphdr size, below crash may happen. ------------[ cut here ]------------ kernel BUG at net/core/skbuff.c:4572! Oops: invalid opcode: 0000 [#1] SMP NOPTI CPU: 0 UID: 0 PID: 62 Comm: mytest Not tainted 6.16.0-rc7 #203 PREEMPT(voluntary) Hardware name: QEMU Standard ... • https://git.kernel.org/stable/c/cf329aa42b6659204fee865bbce0ea20462552eb •

CVE-2025-38618 – vsock: Do not allow binding to VMADDR_PORT_ANY
https://notcve.org/view.php?id=CVE-2025-38618
22 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: vsock: Do not allow binding to VMADDR_PORT_ANY It is possible for a vsock to autobind to VMADDR_PORT_ANY. This can cause a use-after-free when a connection is made to the bound socket. The socket returned by accept() also has port VMADDR_PORT_ANY but is not on the list of unbound sockets. Binding it will result in an extra refcount decrement similar to the one fixed in fcdd2242c023 (vsock: Keep the binding until socket destruction). Modify ... • https://git.kernel.org/stable/c/d021c344051af91f42c5ba9fdedc176740cbd238 •

CVE-2025-38617 – net/packet: fix a race in packet_set_ring() and packet_notifier()
https://notcve.org/view.php?id=CVE-2025-38617
22 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: net/packet: fix a race in packet_set_ring() and packet_notifier() When packet_set_ring() releases po->bind_lock, another thread can run packet_notifier() and process an NETDEV_UP event. This race and the fix are both similar to that of commit 15fe076edea7 ("net/packet: fix a race in packet_bind() and packet_notifier()"). There too the packet_notifier NETDEV_UP event managed to run while a po->bind_lock critical section had to be temporarily... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •

CVE-2025-38616 – tls: handle data disappearing from under the TLS ULP
https://notcve.org/view.php?id=CVE-2025-38616
22 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: tls: handle data disappearing from under the TLS ULP TLS expects that it owns the receive queue of the TCP socket. This cannot be guaranteed in case the reader of the TCP socket entered before the TLS ULP was installed, or uses some non-standard read API (eg. zerocopy ones). Replace the WARN_ON() and a buggy early exit (which leaves anchor pointing to a freed skb) with real error handling. Wipe the parsing state and tell the reader to retry... • https://git.kernel.org/stable/c/84c61fe1a75b4255df1e1e7c054c9e6d048da417 •