CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2025-38298 – EDAC/skx_common: Fix general protection fault
https://notcve.org/view.php?id=CVE-2025-38298
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: EDAC/skx_common: Fix general protection fault After loading i10nm_edac (which automatically loads skx_edac_common), if unload only i10nm_edac, then reload it and perform error injection testing, a general protection fault may occur: mce: [Hardware Error]: Machine check events logged Oops: general protection fault ... ... Workqueue: events mce_gen_pool_process RIP: 0010:string+0x53/0xe0 ... Call Trace:
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2025-38293 – wifi: ath11k: fix node corruption in ar->arvifs list
https://notcve.org/view.php?id=CVE-2025-38293
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fix node corruption in ar->arvifs list In current WLAN recovery code flow, ath11k_core_halt() only reinitializes the "arvifs" list head. This will cause the list node immediately following the list head to become an invalid list node. Because the prev of that node still points to the list head "arvifs", but the next of the list head "arvifs" no longer points to that list node. When a WLAN recovery occurs during the execution o... • https://git.kernel.org/stable/c/d5c65159f2895379e11ca13f62feabe93278985d •
CVSS: 8.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38286 – pinctrl: at91: Fix possible out-of-boundary access
https://notcve.org/view.php?id=CVE-2025-38286
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: pinctrl: at91: Fix possible out-of-boundary access at91_gpio_probe() doesn't check that given OF alias is not available or something went wrong when trying to get it. This might have consequences when accessing gpio_chips array with that value as an index. Note, that BUG() can be compiled out and hence won't actually perform the required checks. In the Linux kernel, the following vulnerability has been resolved: pinctrl: at91: Fix possible ... • https://git.kernel.org/stable/c/6732ae5cb47c4f9a72727585956f2a5e069d1637 •
CVSS: 7.1EPSS: 0%CPEs: 10EXPL: 0CVE-2025-38285 – bpf: Fix WARN() in get_bpf_raw_tp_regs
https://notcve.org/view.php?id=CVE-2025-38285
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: Fix WARN() in get_bpf_raw_tp_regs syzkaller reported an issue: WARNING: CPU: 3 PID: 5971 at kernel/trace/bpf_trace.c:1861 get_bpf_raw_tp_regs+0xa4/0x100 kernel/trace/bpf_trace.c:1861 Modules linked in: CPU: 3 UID: 0 PID: 5971 Comm: syz-executor205 Not tainted 6.15.0-rc5-syzkaller-00038-g707df3375124 #0 PREEMPT(full) Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 RIP: 0010:get_bpf_raw_... • https://git.kernel.org/stable/c/9594dc3c7e71b9f52bee1d7852eb3d4e3aea9e99 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38280 – bpf: Avoid __bpf_prog_ret0_warn when jit fails
https://notcve.org/view.php?id=CVE-2025-38280
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: Avoid __bpf_prog_ret0_warn when jit fails syzkaller reported an issue: WARNING: CPU: 3 PID: 217 at kernel/bpf/core.c:2357 __bpf_prog_ret0_warn+0xa/0x20 kernel/bpf/core.c:2357 Modules linked in: CPU: 3 UID: 0 PID: 217 Comm: kworker/u32:6 Not tainted 6.15.0-rc4-syzkaller-00040-g8bac8898fe39 RIP: 0010:__bpf_prog_ret0_warn+0xa/0x20 kernel/bpf/core.c:2357 Call Trace:
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2025-38275 – phy: qcom-qmp-usb: Fix an NULL vs IS_ERR() bug
https://notcve.org/view.php?id=CVE-2025-38275
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: phy: qcom-qmp-usb: Fix an NULL vs IS_ERR() bug The qmp_usb_iomap() helper function currently returns the raw result of devm_ioremap() for non-exclusive mappings. Since devm_ioremap() may return a NULL pointer and the caller only checks error pointers with IS_ERR(), NULL could bypass the check and lead to an invalid dereference. Fix the issue by checking if devm_ioremap() returns NULL. When it does, qmp_usb_iomap() now returns an error point... • https://git.kernel.org/stable/c/a5d6b1ac56cbd6b5850a3a54e35f1cb71e8e8cdd •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38273 – net: tipc: fix refcount warning in tipc_aead_encrypt
https://notcve.org/view.php?id=CVE-2025-38273
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: net: tipc: fix refcount warning in tipc_aead_encrypt syzbot reported a refcount warning [1] caused by calling get_net() on a network namespace that is being destroyed (refcount=0). This happens when a TIPC discovery timer fires during network namespace cleanup. The recently added get_net() call in commit e279024617134 ("net/tipc: fix slab-use-after-free Read in tipc_aead_encrypt_done") attempts to hold a reference to the network namespace. ... • https://git.kernel.org/stable/c/d42ed4de6aba232d946d20653a70f79158a6535b •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-38272 – net: dsa: b53: do not enable EEE on bcm63xx
https://notcve.org/view.php?id=CVE-2025-38272
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: net: dsa: b53: do not enable EEE on bcm63xx BCM63xx internal switches do not support EEE, but provide multiple RGMII ports where external PHYs may be connected. If one of these PHYs are EEE capable, we may try to enable EEE for the MACs, which then hangs the system on access of the (non-existent) EEE registers. Fix this by checking if the switch actually supports EEE before attempting to configure it. In the Linux kernel, the following vuln... • https://git.kernel.org/stable/c/22256b0afb12333571ad11799fa68fd27e4f4e80 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-38269 – btrfs: exit after state insertion failure at btrfs_convert_extent_bit()
https://notcve.org/view.php?id=CVE-2025-38269
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: exit after state insertion failure at btrfs_convert_extent_bit() If insert_state() state failed it returns an error pointer and we call extent_io_tree_panic() which will trigger a BUG() call. However if CONFIG_BUG is disabled, which is an uncommon and exotic scenario, then we fallthrough and call cache_state() which will dereference the error pointer, resulting in an invalid memory access. So jump to the 'out' label after calling ext... • https://git.kernel.org/stable/c/58c50f45e1821a04d61b62514f9bd34afe67c622 •
CVSS: 8.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-38264 – nvme-tcp: sanitize request list handling
https://notcve.org/view.php?id=CVE-2025-38264
09 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: sanitize request list handling Validate the request in nvme_tcp_handle_r2t() to ensure it's not part of any list, otherwise a malicious R2T PDU might inject a loop in request list processing. In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: sanitize request list handling Validate the request in nvme_tcp_handle_r2t() to ensure it's not part of any list, otherwise a malicious R2T PDU might inject a loop ... • https://git.kernel.org/stable/c/78a4adcd3fedb0728436e8094848ebf4c6bae006 •