CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2025-38384 – mtd: spinand: fix memory leak of ECC engine conf
https://notcve.org/view.php?id=CVE-2025-38384
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: mtd: spinand: fix memory leak of ECC engine conf Memory allocated for the ECC engine conf is not released during spinand cleanup. Below kmemleak trace is seen for this memory leak: unreferenced object 0xffffff80064f00e0 (size 8): comm "swapper/0", pid 1, jiffies 4294937458 hex dump (first 8 bytes): 00 00 00 00 00 00 00 00 ........ backtrace (crc 0): kmemleak_alloc+0x30/0x40 __kmalloc_cache_noprof+0x208/0x3c0 spinand_ondie_ecc_init_ctx+0x114... • https://git.kernel.org/stable/c/68d3417305ee100dcad90fd6e5846b22497aa394 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38377 – rose: fix dangling neighbour pointers in rose_rt_device_down()
https://notcve.org/view.php?id=CVE-2025-38377
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: rose: fix dangling neighbour pointers in rose_rt_device_down() There are two bugs in rose_rt_device_down() that can cause use-after-free: 1. The loop bound `t->count` is modified within the loop, which can cause the loop to terminate early and miss some entries. 2. When removing an entry from the neighbour array, the subsequent entries are moved up to fill the gap, but the loop index `i` is still incremented, causing the next entry to be sk... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2025-38369 – dmaengine: idxd: Check availability of workqueue allocated by idxd wq driver before using
https://notcve.org/view.php?id=CVE-2025-38369
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Check availability of workqueue allocated by idxd wq driver before using Running IDXD workloads in a container with the /dev directory mounted can trigger a call trace or even a kernel panic when the parent process of the container is terminated. This issue occurs because, under certain configurations, Docker does not properly propagate the mount replica back to the original mount point. In this case, when the user driver d... • https://git.kernel.org/stable/c/e0051a3daa8b2cb318b03b2f9317c3e40855847a •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2025-38368 – misc: tps6594-pfsm: Add NULL pointer check in tps6594_pfsm_probe()
https://notcve.org/view.php?id=CVE-2025-38368
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: misc: tps6594-pfsm: Add NULL pointer check in tps6594_pfsm_probe() The returned value, pfsm->miscdev.name, from devm_kasprintf() could be NULL. A pointer check is added to prevent potential NULL pointer dereference. This is similar to the fix in commit 3027e7b15b02 ("ice: Fix some null pointer dereference issues in ice_ptp.c"). This issue is found by our static analysis tool. • https://git.kernel.org/stable/c/a8d1b4f219e8833130927f19d1c8bfbf49215ce4 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2025-38361 – drm/amd/display: Check dce_hwseq before dereferencing it
https://notcve.org/view.php?id=CVE-2025-38361
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check dce_hwseq before dereferencing it [WHAT] hws was checked for null earlier in dce110_blank_stream, indicating hws can be null, and should be checked whenever it is used. (cherry picked from commit 79db43611ff61280b6de58ce1305e0b2ecf675ad) • https://git.kernel.org/stable/c/e881b82f5d3d8d54d168cd276169f0fee01bf0e7 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2025-38360 – drm/amd/display: Add more checks for DSC / HUBP ONO guarantees
https://notcve.org/view.php?id=CVE-2025-38360
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add more checks for DSC / HUBP ONO guarantees [WHY] For non-zero DSC instances it's possible that the HUBP domain required to drive it for sequential ONO ASICs isn't met, potentially causing the logic to the tile to enter an undefined state leading to a system hang. [HOW] Add more checks to ensure that the HUBP domain matching the DSC instance is appropriately powered. (cherry picked from commit da63df07112e5a9857a8d2aaa042... • https://git.kernel.org/stable/c/646442758910d13f9afc57f38bc0a537c3575390 •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2025-38359 – s390/mm: Fix in_atomic() handling in do_secure_storage_access()
https://notcve.org/view.php?id=CVE-2025-38359
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: s390/mm: Fix in_atomic() handling in do_secure_storage_access() Kernel user spaces accesses to not exported pages in atomic context incorrectly try to resolve the page fault. With debug options enabled call traces like this can be seen: BUG: sleeping function called from invalid context at kernel/locking/rwsem.c:1523 in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 419074, name: qemu-system-s39 preempt_count: 1, expected: 0 RCU nest d... • https://git.kernel.org/stable/c/d2e317dfd2d1fe416c77315d17c5d57dbe374915 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2025-38353 – drm/xe: Fix taking invalid lock on wedge
https://notcve.org/view.php?id=CVE-2025-38353
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix taking invalid lock on wedge If device wedges on e.g. GuC upload, the submission is not yet enabled and the state is not even initialized. Protect the wedge call so it does nothing in this case. It fixes the following splat: [] xe 0000:bf:00.0: [drm] device wedged, needs recovery [] ------------[ cut here ]------------ [] DEBUG_LOCKS_WARN_ON(lock->magic != lock) [] WARNING: CPU: 48 PID: 312 at kernel/locking/mutex.c:564 __mutex_... • https://git.kernel.org/stable/c/a6d81b2d7037ef36163ad16459ed3fd17cb1b596 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38348 – wifi: p54: prevent buffer-overflow in p54_rx_eeprom_readback()
https://notcve.org/view.php?id=CVE-2025-38348
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: p54: prevent buffer-overflow in p54_rx_eeprom_readback() Robert Morris reported: |If a malicious USB device pretends to be an Intersil p54 wifi |interface and generates an eeprom_readback message with a large |eeprom->v1.len, p54_rx_eeprom_readback() will copy data from the |message beyond the end of priv->eeprom. | |static void p54_rx_eeprom_readback(struct p54_common *priv, | struct sk_buff *skb) |{ | struct p54_hdr *hdr = (struct p... • https://git.kernel.org/stable/c/7cb770729ba895f73253dfcd46c3fcba45d896f9 •
CVSS: 6.6EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38345 – ACPICA: fix acpi operand cache leak in dswstate.c
https://notcve.org/view.php?id=CVE-2025-38345
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: ACPICA: fix acpi operand cache leak in dswstate.c ACPICA commit 987a3b5cf7175916e2a4b6ea5b8e70f830dfe732 I found an ACPI cache leak in ACPI early termination and boot continuing case. When early termination occurs due to malicious ACPI table, Linux kernel terminates ACPI function and continues to boot process. While kernel terminates ACPI function, kmem_cache_destroy() reports Acpi-Operand cache leak. Boot log of ACPI operand cache leak is ... • https://git.kernel.org/stable/c/4fa430a8bca708c7776f6b9d001257f48b19a5b7 •