CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2025-38211 – RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction
https://notcve.org/view.php?id=CVE-2025-38211
04 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction The commit 59c68ac31e15 ("iw_cm: free cm_id resources on the last deref") simplified cm_id resource management by freeing cm_id once all references to the cm_id were removed. The references are removed either upon completion of iw_cm event handlers or when the application destroys the cm_id. This commit introduced the use-after-free condition where cm_id_private object co... • https://git.kernel.org/stable/c/59c68ac31e15ad09d2cb04734e3c8c544a95f8d4 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-38208 – smb: client: add NULL check in automount_fullpath
https://notcve.org/view.php?id=CVE-2025-38208
04 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: smb: client: add NULL check in automount_fullpath page is checked for null in __build_path_from_dentry_optional_prefix when tcon->origin_fullpath is not set. However, the check is missing when it is set. Add a check to prevent a potential NULL pointer dereference. In the Linux kernel, the following vulnerability has been resolved: smb: client: add NULL check in automount_fullpath page is checked for null in __build_path_from_dentry_optional... • https://git.kernel.org/stable/c/37166d63e42c34846a16001950ecec96229a8d17 •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2025-38207 – mm: fix uprobe pte be overwritten when expanding vma
https://notcve.org/view.php?id=CVE-2025-38207
04 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: mm: fix uprobe pte be overwritten when expanding vma Patch series "Fix uprobe pte be overwritten when expanding vma". This patch (of 4): We encountered a BUG alert triggered by Syzkaller as follows: BUG: Bad rss-counter state mm:00000000b4a60fca type:MM_ANONPAGES val:1 And we can reproduce it with the following steps: 1. register uprobe on file at zero offset 2. mmap the file at zero offset: addr1 = mmap(NULL, 2 * 4096, PROT_NONE, MAP_PRIVA... • https://git.kernel.org/stable/c/2b144498350860b6ee9dc57ff27a93ad488de5dc •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-38206 – exfat: fix double free in delayed_free
https://notcve.org/view.php?id=CVE-2025-38206
04 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: exfat: fix double free in delayed_free The double free could happen in the following path. exfat_create_upcase_table() exfat_create_upcase_table() : return error exfat_free_upcase_table() : free ->vol_utbl exfat_load_default_upcase_table : return error exfat_kill_sb() delayed_free() exfat_free_upcase_table() <--------- double free This patch set ->vol_util as NULL after freeing it. In the Linux kernel, the following vulnerability has been r... • https://git.kernel.org/stable/c/1acf1a564b6034b5af1e7fb23cb98cb3bb4f6003 •
CVSS: 8.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-38204 – jfs: fix array-index-out-of-bounds read in add_missing_indices
https://notcve.org/view.php?id=CVE-2025-38204
04 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: jfs: fix array-index-out-of-bounds read in add_missing_indices stbl is s8 but it must contain offsets into slot which can go from 0 to 127. Added a bound check for that error and return -EIO if the check fails. Also make jfs_readdir return with error if add_missing_indices returns with an error. In the Linux kernel, the following vulnerability has been resolved: jfs: fix array-index-out-of-bounds read in add_missing_indices stbl is s8 but i... • https://git.kernel.org/stable/c/81af4b34fd72d390d7f237c6a545cc6d09707956 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-38203 – jfs: Fix null-ptr-deref in jfs_ioc_trim
https://notcve.org/view.php?id=CVE-2025-38203
04 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: jfs: Fix null-ptr-deref in jfs_ioc_trim [ Syzkaller Report ] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000087: 0000 [#1 KASAN: null-ptr-deref in range [0x0000000000000438-0x000000000000043f] CPU: 2 UID: 0 PID: 10614 Comm: syz-executor.0 Not tainted 6.13.0-rc6-gfbfd64d25c7a-dirty #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 Sched_ext: serialise (enabled+all), task: ru... • https://git.kernel.org/stable/c/b40c2e665cd552eae5fbdbb878bc29a34357668e •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-38201 – netfilter: nft_set_pipapo: clamp maximum map bucket size to INT_MAX
https://notcve.org/view.php?id=CVE-2025-38201
04 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo: clamp maximum map bucket size to INT_MAX Otherwise, it is possible to hit WARN_ON_ONCE in __kvmalloc_node_noprof() when resizing hashtable because __GFP_NOWARN is unset. Similar to: b541ba7d1f5a ("netfilter: conntrack: clamp maximum hashtable size to INT_MAX") In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo: clamp maximum map bucket size to INT_MAX Otherwise, it is pos... • https://git.kernel.org/stable/c/3c4287f62044a90e73a561aa05fc46e62da173da •
CVSS: 8.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38200 – i40e: fix MMIO write access to an invalid page in i40e_clear_hw
https://notcve.org/view.php?id=CVE-2025-38200
04 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: i40e: fix MMIO write access to an invalid page in i40e_clear_hw When the device sends a specific input, an integer underflow can occur, leading to MMIO write access to an invalid page. Prevent the integer underflow by changing the type of related variables. In the Linux kernel, the following vulnerability has been resolved: i40e: fix MMIO write access to an invalid page in i40e_clear_hw When the device sends a specific input, an integer und... • https://git.kernel.org/stable/c/872607632c658d3739e4e7889e4f3c419ae2c193 •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2025-38198 – fbcon: Make sure modelist not set on unregistered console
https://notcve.org/view.php?id=CVE-2025-38198
04 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: fbcon: Make sure modelist not set on unregistered console It looks like attempting to write to the "store_modes" sysfs node will run afoul of unregistered consoles: UBSAN: array-index-out-of-bounds in drivers/video/fbdev/core/fbcon.c:122:28 index -1 is out of range for type 'fb_info *[32]' ... fbcon_info_from_console+0x192/0x1a0 drivers/video/fbdev/core/fbcon.c:122 fbcon_new_modelist+0xbf/0x2d0 drivers/video/fbdev/core/fbcon.c:3048 fb_new_m... • https://git.kernel.org/stable/c/b3237d451bf3a4490cb1a76f3b7c91d9888f1c4b •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2025-38197 – platform/x86: dell_rbu: Fix list usage
https://notcve.org/view.php?id=CVE-2025-38197
04 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell_rbu: Fix list usage Pass the correct list head to list_for_each_entry*() when looping through the packet list. Without this patch, reading the packet data via sysfs will show the data incorrectly (because it starts at the wrong packet), and clearing the packet list will result in a NULL pointer dereference. In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell_rbu: Fix list usage Pass the ... • https://git.kernel.org/stable/c/d19f359fbdc6b5d49e9b9a0db27a996b28a2ded3 •