CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38428 – Input: ims-pcu - check record size in ims_pcu_flash_firmware()
https://notcve.org/view.php?id=CVE-2025-38428
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: Input: ims-pcu - check record size in ims_pcu_flash_firmware() The "len" variable comes from the firmware and we generally do trust firmware, but it's always better to double check. If the "len" is too large it could result in memory corruption when we do "memcpy(fragment->data, rec->data, len);" • https://git.kernel.org/stable/c/628329d52474323938a03826941e166bc7c8eff4 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2025-38425 – i2c: tegra: check msg length in SMBUS block read
https://notcve.org/view.php?id=CVE-2025-38425
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: i2c: tegra: check msg length in SMBUS block read For SMBUS block read, do not continue to read if the message length passed from the device is '0' or greater than the maximum allowed bytes. • https://git.kernel.org/stable/c/c39d1a9ae4ad66afcecab124d7789722bfe909fa •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38424 – perf: Fix sample vs do_exit()
https://notcve.org/view.php?id=CVE-2025-38424
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: perf: Fix sample vs do_exit() Baisheng Gao reported an ARM64 crash, which Mark decoded as being a synchronous external abort -- most likely due to trying to access MMIO in bad ways. The crash further shows perf trying to do a user stack sample while in exit_mmap()'s tlb_finish_mmu() -- i.e. while tearing down the address space it is trying to access. It turns out that we stop perf after we tear down the userspace mm; a receipie for disaster... • https://git.kernel.org/stable/c/c5ebcedb566ef17bda7b02686e0d658a7bb42ee7 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38420 – wifi: carl9170: do not ping device which has failed to load firmware
https://notcve.org/view.php?id=CVE-2025-38420
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: carl9170: do not ping device which has failed to load firmware Syzkaller reports [1, 2] crashes caused by an attempts to ping the device which has failed to load firmware. Since such a device doesn't pass 'ieee80211_register_hw()', an internal workqueue managed by 'ieee80211_queue_work()' is not yet created and an attempt to queue work on it causes null-ptr-deref. [1] https://syzkaller.appspot.com/bug?extid=9a4aec827829942045ff [2] ht... • https://git.kernel.org/stable/c/e4a668c59080f862af3ecc28b359533027cbe434 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38415 – Squashfs: check return result of sb_min_blocksize
https://notcve.org/view.php?id=CVE-2025-38415
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: Squashfs: check return result of sb_min_blocksize Syzkaller reports an "UBSAN: shift-out-of-bounds in squashfs_bio_read" bug. Syzkaller forks multiple processes which after mounting the Squashfs filesystem, issues an ioctl("/dev/loop0", LOOP_SET_BLOCK_SIZE, 0x8000). Now if this ioctl occurs at the same time another process is in the process of mounting a Squashfs filesystem on /dev/loop0, the failure occurs. When this happens the following ... • https://git.kernel.org/stable/c/0aa666190509ffab81c202c5095a166be23961ac •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38406 – wifi: ath6kl: remove WARN on bad firmware input
https://notcve.org/view.php?id=CVE-2025-38406
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath6kl: remove WARN on bad firmware input If the firmware gives bad input, that's nothing to do with the driver's stack at this point etc., so the WARN_ON() doesn't add any value. Additionally, this is one of the top syzbot reports now. Just print a message, and as an added bonus, print the sizes too. • https://git.kernel.org/stable/c/7a2afdc5af3b82b601f6a2f0d1c90d5f0bc27aeb •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38403 – vsock/vmci: Clear the vmci transport packet properly when initializing it
https://notcve.org/view.php?id=CVE-2025-38403
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: vsock/vmci: Clear the vmci transport packet properly when initializing it In vmci_transport_packet_init memset the vmci_transport_packet before populating the fields to avoid any uninitialised data being left in the structure. • https://git.kernel.org/stable/c/d021c344051af91f42c5ba9fdedc176740cbd238 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2025-38399 – scsi: target: Fix NULL pointer dereference in core_scsi3_decode_spec_i_port()
https://notcve.org/view.php?id=CVE-2025-38399
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: target: Fix NULL pointer dereference in core_scsi3_decode_spec_i_port() The function core_scsi3_decode_spec_i_port(), in its error code path, unconditionally calls core_scsi3_lunacl_undepend_item() passing the dest_se_deve pointer, which may be NULL. This can lead to a NULL pointer dereference if dest_se_deve remains unset. SPC-3 PR SPEC_I_PT: Unable to locate dest_tpg Unable to handle kernel paging request at virtual address dfff8000... • https://git.kernel.org/stable/c/70ddb8133fdb512d4b1f2b4fd1c9e518514f182c •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38386 – ACPICA: Refuse to evaluate a method if arguments are missing
https://notcve.org/view.php?id=CVE-2025-38386
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: ACPICA: Refuse to evaluate a method if arguments are missing As reported in [1], a platform firmware update that increased the number of method parameters and forgot to update a least one of its callers, caused ACPICA to crash due to use-after-free. Since this a result of a clear AML issue that arguably cannot be fixed up by the interpreter (it cannot produce missing data out of thin air), address it by making ACPICA refuse to evaluate a me... • https://git.kernel.org/stable/c/b49d224d1830c46e20adce2a239c454cdab426f1 •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2025-38384 – mtd: spinand: fix memory leak of ECC engine conf
https://notcve.org/view.php?id=CVE-2025-38384
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: mtd: spinand: fix memory leak of ECC engine conf Memory allocated for the ECC engine conf is not released during spinand cleanup. Below kmemleak trace is seen for this memory leak: unreferenced object 0xffffff80064f00e0 (size 8): comm "swapper/0", pid 1, jiffies 4294937458 hex dump (first 8 bytes): 00 00 00 00 00 00 00 00 ........ backtrace (crc 0): kmemleak_alloc+0x30/0x40 __kmalloc_cache_noprof+0x208/0x3c0 spinand_ondie_ecc_init_ctx+0x114... • https://git.kernel.org/stable/c/68d3417305ee100dcad90fd6e5846b22497aa394 •