CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2025-38263 – bcache: fix NULL pointer in cache_set_flush()
https://notcve.org/view.php?id=CVE-2025-38263
09 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: bcache: fix NULL pointer in cache_set_flush() 1. LINE#1794 - LINE#1887 is some codes about function of bch_cache_set_alloc(). 2. LINE#2078 - LINE#2142 is some codes about function of register_cache_set(). 3. register_cache_set() will call bch_cache_set_alloc() in LINE#2098. 1794 struct cache_set *bch_cache_set_alloc(struct cache_sb *sb) 1795 { ... 1860 if (!(c->devices = kcalloc(c->nr_uuids, sizeof(void *), GFP_KERNEL)) || 1861 mempool_init... • https://git.kernel.org/stable/c/1f25f2d3fa29325320c19a30abf787e0bd5fc91b •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2025-38262 – tty: serial: uartlite: register uart driver in init
https://notcve.org/view.php?id=CVE-2025-38262
09 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: tty: serial: uartlite: register uart driver in init When two instances of uart devices are probing, a concurrency race can occur. If one thread calls uart_register_driver function, which first allocates and assigns memory to 'uart_state' member of uart_driver structure, the other instance can bypass uart driver registration and call ulite_assign. This calls uart_add_one_port, which expects the uart driver to be fully initialized. This leads... • https://git.kernel.org/stable/c/9c905fdbba68a6d73d39a6b7de9b9f0d6c46df87 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-38261 – riscv: save the SR_SUM status over switches
https://notcve.org/view.php?id=CVE-2025-38261
09 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: riscv: save the SR_SUM status over switches When threads/tasks are switched we need to ensure the old execution's SR_SUM state is saved and the new thread has the old SR_SUM state restored. The issue was seen under heavy load especially with the syz-stress tool running, with crashes as follows in schedule_tail: Unable to handle kernel access to user memory without uaccess routines at virtual address 000000002749f0d0 Oops [#1] Modules linked... • https://git.kernel.org/stable/c/69ea599a8dab93a620c92c255be4239a06290a77 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2025-38245 – atm: Release atm_dev_mutex after removing procfs in atm_dev_deregister().
https://notcve.org/view.php?id=CVE-2025-38245
09 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: atm: Release atm_dev_mutex after removing procfs in atm_dev_deregister(). syzbot reported a warning below during atm_dev_register(). [0] Before creating a new device and procfs/sysfs for it, atm_dev_register() looks up a duplicated device by __atm_dev_lookup(). These operations are done under atm_dev_mutex. However, when removing a device in atm_dev_deregister(), it releases the mutex just after removing the device from the list that __atm_... • https://git.kernel.org/stable/c/64bf69ddff7637b7ed7acf9b2a823cc0ee519439 •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2025-38237 – media: platform: exynos4-is: Add hardware sync wait to fimc_is_hw_change_mode()
https://notcve.org/view.php?id=CVE-2025-38237
08 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: media: platform: exynos4-is: Add hardware sync wait to fimc_is_hw_change_mode() In fimc_is_hw_change_mode(), the function changes camera modes without waiting for hardware completion, risking corrupted data or system hangs if subsequent operations proceed before the hardware is ready. Add fimc_is_hw_wait_intmsr0_intmsd0() after mode configuration, ensuring hardware state synchronization and stable interrupt handling. In the Linux kernel, th... • https://git.kernel.org/stable/c/b0d92b94278561f43057003a73a17ce13b7c1a1a •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-38234 – sched/rt: Fix race in push_rt_task
https://notcve.org/view.php?id=CVE-2025-38234
04 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: sched/rt: Fix race in push_rt_task Overview ======== When a CPU chooses to call push_rt_task and picks a task to push to another CPU's runqueue then it will call find_lock_lowest_rq method which would take a double lock on both CPUs' runqueues. If one of the locks aren't readily available, it may lead to dropping the current runqueue lock and reacquiring both the locks at once. During this window it is possible that the task is already migr... • https://git.kernel.org/stable/c/07ecabfbca64f4f0b6071cf96e49d162fa9d138d •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-38232 – NFSD: fix race between nfsd registration and exports_proc
https://notcve.org/view.php?id=CVE-2025-38232
04 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: NFSD: fix race between nfsd registration and exports_proc As of now nfsd calls create_proc_exports_entry() at start of init_nfsd and cleanup by remove_proc_entry() at last of exit_nfsd. Which causes kernel OOPs if there is race between below 2 operations: (i) exportfs -r (ii) mount -t nfsd none /proc/fs/nfsd for 5.4 kernel ARM64: CPU 1: el1_irq+0xbc/0x180 arch_counter_get_cntvct+0x14/0x18 running_clock+0xc/0x18 preempt_count_add+0x88/0x110 ... • https://git.kernel.org/stable/c/2029ca75cdfa6a25716a5a76b751486cce7e3822 •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2025-38230 – jfs: validate AG parameters in dbMount() to prevent crashes
https://notcve.org/view.php?id=CVE-2025-38230
04 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: jfs: validate AG parameters in dbMount() to prevent crashes Validate db_agheight, db_agwidth, and db_agstart in dbMount to catch corrupted metadata early and avoid undefined behavior in dbAllocAG. Limits are derived from L2LPERCTL, LPERCTL/MAXAG, and CTLTREESIZE: - agheight: 0 to L2LPERCTL/2 (0 to 5) ensures shift (L2LPERCTL - 2*agheight) >= 0. - agwidth: 1 to min(LPERCTL/MAXAG, 2^(L2LPERCTL - 2*agheight)) ensures agperlev >= 1. - Ranges: 1... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 6.6EPSS: 0%CPEs: 7EXPL: 0CVE-2025-38229 – media: cxusb: no longer judge rbuf when the write fails
https://notcve.org/view.php?id=CVE-2025-38229
04 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: media: cxusb: no longer judge rbuf when the write fails syzbot reported a uninit-value in cxusb_i2c_xfer. [1] Only when the write operation of usb_bulk_msg() in dvb_usb_generic_rw() succeeds and rlen is greater than 0, the read operation of usb_bulk_msg() will be executed to read rlen bytes of data from the dvb device into the rbuf. In this case, although rlen is 1, the write operation failed which resulted in the dvb read operation not bei... • https://git.kernel.org/stable/c/22c6d93a73105fddd58796d7cb10f5f90ee2a338 •
CVSS: 5.0EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38219 – f2fs: prevent kernel warning due to negative i_nlink from corrupted image
https://notcve.org/view.php?id=CVE-2025-38219
04 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: f2fs: prevent kernel warning due to negative i_nlink from corrupted image WARNING: CPU: 1 PID: 9426 at fs/inode.c:417 drop_nlink+0xac/0xd0 home/cc/linux/fs/inode.c:417 Modules linked in: CPU: 1 UID: 0 PID: 9426 Comm: syz-executor568 Not tainted 6.14.0-12627-g94d471a4f428 #2 PREEMPT(full) Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014 RIP: 0010:drop_nlink+0xac/0xd0 home/cc/linux/fs/inode.c:417 Code: ... • https://git.kernel.org/stable/c/d9a55869d8237e677ddaa18b0f58586364cfbc1c •