CVSS: 6.4EPSS: 0%CPEs: 3EXPL: 0CVE-2025-38318 – perf: arm-ni: Fix missing platform_set_drvdata()
https://notcve.org/view.php?id=CVE-2025-38318
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: perf: arm-ni: Fix missing platform_set_drvdata() Add missing platform_set_drvdata in arm_ni_probe(), otherwise calling platform_get_drvdata() in remove returns NULL. In the Linux kernel, the following vulnerability has been resolved: perf: arm-ni: Fix missing platform_set_drvdata() Add missing platform_set_drvdata in arm_ni_probe(), otherwise calling platform_get_drvdata() in remove returns NULL. • https://git.kernel.org/stable/c/4d5a7680f2b4d0c2955e1d9f9a594b050d637436 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-38317 – wifi: ath12k: Fix buffer overflow in debugfs
https://notcve.org/view.php?id=CVE-2025-38317
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Fix buffer overflow in debugfs If the user tries to write more than 32 bytes then it results in memory corruption. Fortunately, this is debugfs so it's limited to root users. In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Fix buffer overflow in debugfs If the user tries to write more than 32 bytes then it results in memory corruption. Fortunately, this is debugfs so it's limited to root users... • https://git.kernel.org/stable/c/3f73c24f28b317f22df7870c25ff82f1d625c6c2 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-38316 – wifi: mt76: mt7996: avoid NULL pointer dereference in mt7996_set_monitor()
https://notcve.org/view.php?id=CVE-2025-38316
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7996: avoid NULL pointer dereference in mt7996_set_monitor() The function mt7996_set_monitor() dereferences phy before the NULL sanity check. Fix this to avoid NULL pointer dereference by moving the dereference after the check. In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7996: avoid NULL pointer dereference in mt7996_set_monitor() The function mt7996_set_monitor() dereferences phy before t... • https://git.kernel.org/stable/c/69d54ce7491d046eaae05de7fb2493319a481991 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-38315 – Bluetooth: btintel: Check dsbr size from EFI variable
https://notcve.org/view.php?id=CVE-2025-38315
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btintel: Check dsbr size from EFI variable Since the size of struct btintel_dsbr is already known, we can just start there instead of querying the EFI variable size. If the final result doesn't match what we expect also fail. This fixes a stack buffer overflow when the EFI variable is larger than struct btintel_dsbr. In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btintel: Check dsbr size from EFI v... • https://git.kernel.org/stable/c/eb9e749c0182affafadfbe5ded4503c4b5a9b57c •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2025-38314 – virtio-pci: Fix result size returned for the admin command completion
https://notcve.org/view.php?id=CVE-2025-38314
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: virtio-pci: Fix result size returned for the admin command completion The result size returned by virtio_pci_admin_dev_parts_get() is 8 bytes larger than the actual result data size. This occurs because the result_sg_size field of the command is filled with the result length from virtqueue_get_buf(), which includes both the data size and an additional 8 bytes of status. This oversized result size causes two issues: 1. The state transferred ... • https://git.kernel.org/stable/c/704806ca400e5daa86c110f14bfdda9d28203bb7 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38313 – bus: fsl-mc: fix double-free on mc_dev
https://notcve.org/view.php?id=CVE-2025-38313
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: bus: fsl-mc: fix double-free on mc_dev The blamed commit tried to simplify how the deallocations are done but, in the process, introduced a double-free on the mc_dev variable. In case the MC device is a DPRC, a new mc_bus is allocated and the mc_dev variable is just a reference to one of its fields. In this circumstance, on the error path only the mc_bus should be freed. This commit introduces back the following checkpatch warning which is ... • https://git.kernel.org/stable/c/a042fbed02904493ae6df26ec836045f5a7d3ce2 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38312 – fbdev: core: fbcvt: avoid division by 0 in fb_cvt_hperiod()
https://notcve.org/view.php?id=CVE-2025-38312
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: fbdev: core: fbcvt: avoid division by 0 in fb_cvt_hperiod() In fb_find_mode_cvt(), iff mode->refresh somehow happens to be 0x80000000, cvt.f_refresh will become 0 when multiplying it by 2 due to overflow. It's then passed to fb_cvt_hperiod(), where it's used as a divider -- division by 0 will result in kernel oops. Add a sanity check for cvt.f_refresh to avoid such overflow... Found by Linux Verification Center (linuxtesting.org) with the S... • https://git.kernel.org/stable/c/96fe6a2109db29cd15b90a093c16e6cb4b19371a •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-38311 – iavf: get rid of the crit lock
https://notcve.org/view.php?id=CVE-2025-38311
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: iavf: get rid of the crit lock Get rid of the crit lock. That frees us from the error prone logic of try_locks. Thanks to netdev_lock() by Jakub it is now easy, and in most cases we were protected by it already - replace crit lock by netdev lock when it was not the case. Lockdep reports that we should cancel the work under crit_lock [splat1], and that was the scheme we have mostly followed since [1] by Slawomir. But when that is done we sti... • https://git.kernel.org/stable/c/d1639a17319ba78a018280cd2df6577a7e5d9fab •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2025-38310 – seg6: Fix validation of nexthop addresses
https://notcve.org/view.php?id=CVE-2025-38310
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: seg6: Fix validation of nexthop addresses The kernel currently validates that the length of the provided nexthop address does not exceed the specified length. This can lead to the kernel reading uninitialized memory if user space provided a shorter length than the specified one. Fix by validating that the provided length exactly matches the specified one. In the Linux kernel, the following vulnerability has been resolved: seg6: Fix validati... • https://git.kernel.org/stable/c/d1df6fd8a1d22d37cffa0075ab8ad423ce656777 •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2025-38309 – drm/xe/vm: move xe_svm_init() earlier
https://notcve.org/view.php?id=CVE-2025-38309
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/xe/vm: move xe_svm_init() earlier In xe_vm_close_and_put() we need to be able to call xe_svm_fini(), however during vm creation we can call this on the error path, before having actually initialised the svm state, leading to various splats followed by a fatal NPD. (cherry picked from commit 4f296d77cf49fcb5f90b4674123ad7f3a0676165) In the Linux kernel, the following vulnerability has been resolved: drm/xe/vm: move xe_svm_init() earlier ... • https://git.kernel.org/stable/c/6fd979c2f33150e8261d87d2946f94f66f22ddaa •