CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2025-38437 – ksmbd: fix potential use-after-free in oplock/lease break ack
https://notcve.org/view.php?id=CVE-2025-38437
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix potential use-after-free in oplock/lease break ack If ksmbd_iov_pin_rsp return error, use-after-free can happen by accessing opinfo->state and opinfo_put and ksmbd_fd_put could called twice. • https://git.kernel.org/stable/c/e38ec88a2b42c494601b1213816d75f0b54d9bf0 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2025-38436 – drm/scheduler: signal scheduled fence when kill job
https://notcve.org/view.php?id=CVE-2025-38436
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/scheduler: signal scheduled fence when kill job When an entity from application B is killed, drm_sched_entity_kill() removes all jobs belonging to that entity through drm_sched_entity_kill_jobs_work(). If application A's job depends on a scheduled fence from application B's job, and that fence is not properly signaled during the killing process, application A's dependency cannot be cleared. This leads to application A hanging indefinite... • https://git.kernel.org/stable/c/c5734f9bab6f0d40577ad0633af4090a5fda2407 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-38435 – riscv: vector: Fix context save/restore with xtheadvector
https://notcve.org/view.php?id=CVE-2025-38435
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: riscv: vector: Fix context save/restore with xtheadvector Previously only v0-v7 were correctly saved/restored, and the context of v8-v31 are damanged. Correctly save/restore v8-v31 to avoid breaking userspace. In the Linux kernel, the following vulnerability has been resolved: riscv: vector: Fix context... • https://git.kernel.org/stable/c/d863910eabaffc68eb28aaf476dd870fc3f7197d •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2025-38434 – Revert "riscv: Define TASK_SIZE_MAX for __access_ok()"
https://notcve.org/view.php?id=CVE-2025-38434
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: Revert "riscv: Define TASK_SIZE_MAX for __access_ok()" This reverts commit ad5643cf2f69 ("riscv: Define TASK_SIZE_MAX for __access_ok()"). This commit changes TASK_SIZE_MAX to be LONG_MAX to optimize access_ok(), because the previous TASK_SIZE_MAX (default to TASK_SIZE) requires some computation. The reasoning was that all user addresses are less than LONG_MAX, and all kernel addresses are greater than LONG_MAX. Therefore access_ok() can fi... • https://git.kernel.org/stable/c/ad5643cf2f699989daa85d909403febd6712fccb •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-38433 – riscv: fix runtime constant support for nommu kernels
https://notcve.org/view.php?id=CVE-2025-38433
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: riscv: fix runtime constant support for nommu kernels the `__runtime_fixup_32` function does not handle the case where `val` is zero correctly (as might occur when patching a nommu kernel and referring to a physical address below the 4GiB boundary whose upper 32 bits are all zero) because nothing in the existing logic prevents the code from taking the `else` branch of both nop-checks and emitting two `nop` instructions. This leaves random g... • https://git.kernel.org/stable/c/a44fb5722199de8338d991db5ad3d509192179bb •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2025-38432 – net: netpoll: Initialize UDP checksum field before checksumming
https://notcve.org/view.php?id=CVE-2025-38432
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: net: netpoll: Initialize UDP checksum field before checksumming commit f1fce08e63fe ("netpoll: Eliminate redundant assignment") removed the initialization of the UDP checksum, which was wrong and broke netpoll IPv6 transmission due to bad checksumming. udph->check needs to be set before calling csum_ipv6_magic(). In the Linux kernel, the following vulnerability has been resolved: net: netpoll: Initialize UDP... • https://git.kernel.org/stable/c/f1fce08e63fe1a2a8b8106b93b7244a39830edae •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-38431 – smb: client: fix regression with native SMB symlinks
https://notcve.org/view.php?id=CVE-2025-38431
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: smb: client: fix regression with native SMB symlinks Some users and customers reported that their backup/copy tools started to fail when the directory being copied contained symlink targets that the client couldn't parse - even when those symlinks weren't followed. Fix this by allowing lstat(2) and readlink(2) to succeed even when the client can't resolve the symlink target, restoring old behavior. In the Linux kernel, the following vulnera... • https://git.kernel.org/stable/c/12b466eb52d926802b6898d2cb7e67386467f54a •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38430 – nfsd: nfsd4_spo_must_allow() must check this is a v4 compound request
https://notcve.org/view.php?id=CVE-2025-38430
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: nfsd: nfsd4_spo_must_allow() must check this is a v4 compound request If the request being processed is not a v4 compound request, then examining the cstate can have undefined results. This patch adds a check that the rpc procedure being executed (rq_procinfo) is the NFSPROC4_COMPOUND procedure. • https://git.kernel.org/stable/c/bf78a2706ce975981eb5167f2d3b609eb5d24c19 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2025-38429 – bus: mhi: ep: Update read pointer only after buffer is written
https://notcve.org/view.php?id=CVE-2025-38429
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: bus: mhi: ep: Update read pointer only after buffer is written Inside mhi_ep_ring_add_element, the read pointer (rd_offset) is updated before the buffer is written, potentially causing race conditions where the host sees an updated read pointer before the buffer is actually written. Updating rd_offset prematurely can lead to the host accessing an uninitialized or incomplete element, resulting in data corruption. Invoke the buffer write befo... • https://git.kernel.org/stable/c/bbdcba57a1a26a4439a4f4ecdbfaf80a10fd8f34 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38428 – Input: ims-pcu - check record size in ims_pcu_flash_firmware()
https://notcve.org/view.php?id=CVE-2025-38428
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: Input: ims-pcu - check record size in ims_pcu_flash_firmware() The "len" variable comes from the firmware and we generally do trust firmware, but it's always better to double check. If the "len" is too large it could result in memory corruption when we do "memcpy(fragment->data, rec->data, len);" • https://git.kernel.org/stable/c/628329d52474323938a03826941e166bc7c8eff4 •