CVSS: -EPSS: %CPEs: 4EXPL: 0CVE-2025-38045 – wifi: iwlwifi: fix debug actions order
https://notcve.org/view.php?id=CVE-2025-38045
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: fix debug actions order The order of actions taken for debug was implemented incorrectly. Now we implemented the dump split and do the FW reset only in the middle of the dump (rather than the FW killing itself on error.) As a result, some of the actions taken when applying the config will now crash the device, so we need to fix the order. • https://git.kernel.org/stable/c/2b790fe67ed483d86c1aeb8be6735bf792caa7e5 •
CVSS: -EPSS: %CPEs: 8EXPL: 0CVE-2025-38044 – media: cx231xx: set device_caps for 417
https://notcve.org/view.php?id=CVE-2025-38044
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: media: cx231xx: set device_caps for 417 The video_device for the MPEG encoder did not set device_caps. Add this, otherwise the video device can't be registered (you get a WARN_ON instead). Not seen before since currently 417 support is disabled, but I found this while experimenting with it. • https://git.kernel.org/stable/c/2ad41beb7df3bd63b209842d16765ec59dafe6e4 •
CVSS: -EPSS: %CPEs: 6EXPL: 0CVE-2025-38043 – firmware: arm_ffa: Set dma_mask for ffa devices
https://notcve.org/view.php?id=CVE-2025-38043
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: firmware: arm_ffa: Set dma_mask for ffa devices Set dma_mask for FFA devices, otherwise DMA allocation using the device pointer lead to following warning: WARNING: CPU: 1 PID: 1 at kernel/dma/mapping.c:597 dma_alloc_attrs+0xe0/0x124 • https://git.kernel.org/stable/c/97bab02f0b64ba6bcdf6a8fae561db07f509aee9 •
CVSS: -EPSS: %CPEs: 2EXPL: 0CVE-2025-38042 – dmaengine: ti: k3-udma-glue: Drop skip_fdq argument from k3_udma_glue_reset_rx_chn
https://notcve.org/view.php?id=CVE-2025-38042
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: k3-udma-glue: Drop skip_fdq argument from k3_udma_glue_reset_rx_chn The user of k3_udma_glue_reset_rx_chn() e.g. ti_am65_cpsw_nuss can run on multiple platforms having different DMA architectures. On some platforms there can be one FDQ for all flows in the RX channel while for others there is a separate FDQ for each flow in the RX channel. So far we have been relying on the skip_fdq argument of k3_udma_glue_reset_rx_chn(). In... • https://git.kernel.org/stable/c/d0dd9d133ef8fdc894e0be9aa27dc49ef5f813cb •
CVSS: -EPSS: %CPEs: 2EXPL: 0CVE-2025-38041 – clk: sunxi-ng: h616: Reparent GPU clock during frequency changes
https://notcve.org/view.php?id=CVE-2025-38041
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: clk: sunxi-ng: h616: Reparent GPU clock during frequency changes The H616 manual does not state that the GPU PLL supports dynamic frequency configuration, so we must take extra care when changing the frequency. Currently any attempt to do device DVFS on the GPU lead to panfrost various ooops, and GPU hangs. The manual describes the algorithm for changing the PLL frequency, which the CPU PLL notifier code already support, so we reuse that to... • https://git.kernel.org/stable/c/1439673b78185eaaa5fae444b3a9d58c434ee78e •
CVSS: -EPSS: %CPEs: 5EXPL: 0CVE-2025-38040 – serial: mctrl_gpio: split disable_ms into sync and no_sync APIs
https://notcve.org/view.php?id=CVE-2025-38040
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: serial: mctrl_gpio: split disable_ms into sync and no_sync APIs The following splat has been observed on a SAMA5D27 platform using atmel_serial: BUG: sleeping function called from invalid context at kernel/irq/manage.c:738 in_atomic(): 1, irqs_disabled(): 128, non_block: 0, pid: 27, name: kworker/u5:0 preempt_count: 1, expected: 0 INFO: lockdep is turned off. irq event stamp: 0 hardirqs last enabled at (0): [<00000000>] 0x0 hardirqs last di... • https://git.kernel.org/stable/c/68435c1fa3db696db4f480385db9e50e26691d0d •
CVSS: -EPSS: %CPEs: 4EXPL: 0CVE-2025-38039 – net/mlx5e: Avoid WARN_ON when configuring MQPRIO with HTB offload enabled
https://notcve.org/view.php?id=CVE-2025-38039
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Avoid WARN_ON when configuring MQPRIO with HTB offload enabled When attempting to enable MQPRIO while HTB offload is already configured, the driver currently returns `-EINVAL` and triggers a `WARN_ON`, leading to an unnecessary call trace. Update the code to handle this case more gracefully by returning `-EOPNOTSUPP` instead, while also providing a helpful user message. • https://git.kernel.org/stable/c/090c0ba179eaf7b670e720aa054533756a43d565 •
CVSS: -EPSS: %CPEs: 3EXPL: 0CVE-2025-38038 – cpufreq: amd-pstate: Remove unnecessary driver_lock in set_boost
https://notcve.org/view.php?id=CVE-2025-38038
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: cpufreq: amd-pstate: Remove unnecessary driver_lock in set_boost set_boost is a per-policy function call, hence a driver wide lock is unnecessary. Also this mutex_acquire can collide with the mutex_acquire from the mode-switch path in status_store(), which can lead to a deadlock. So, remove it. • https://git.kernel.org/stable/c/61e931ee145eeab8196e585ff4334870b130b744 •
CVSS: -EPSS: %CPEs: 8EXPL: 0CVE-2025-38037 – vxlan: Annotate FDB data races
https://notcve.org/view.php?id=CVE-2025-38037
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: vxlan: Annotate FDB data races The 'used' and 'updated' fields in the FDB entry structure can be accessed concurrently by multiple threads, leading to reports such as [1]. Can be reproduced using [2]. Suppress these reports by annotating these accesses using READ_ONCE() / WRITE_ONCE(). [1] BUG: KCSAN: data-race in vxlan_xmit / vxlan_xmit write to 0xffff942604d263a8 of 8 bytes by task 286 on cpu 0: vxlan_xmit+0xb29/0x2380 dev_hard_start_xmit... • https://git.kernel.org/stable/c/02a33b1035a307453a1da6ce0a1bf3676be287d7 •
CVSS: -EPSS: %CPEs: 2EXPL: 0CVE-2025-38036 – drm/xe/vf: Perform early GT MMIO initialization to read GMDID
https://notcve.org/view.php?id=CVE-2025-38036
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/xe/vf: Perform early GT MMIO initialization to read GMDID VFs need to communicate with the GuC to obtain the GMDID value and existing GuC functions used for that assume that the GT has it's MMIO members already setup. However, due to recent refactoring the gt->mmio is initialized later, and any attempt by the VF to use xe_mmio_read|write() from GuC functions will lead to NPD crash due to unset MMIO register address: [] xe 0000:00:02.1: ... • https://git.kernel.org/stable/c/ef6e950aea76a5009ccc79ebfa955ecc66cd85a2 •