CVSS: -EPSS: %CPEs: 6EXPL: 0CVE-2025-38102 – VMCI: fix race between vmci_host_setup_notify and vmci_ctx_unset_notify
https://notcve.org/view.php?id=CVE-2025-38102
03 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: VMCI: fix race between vmci_host_setup_notify and vmci_ctx_unset_notify During our test, it is found that a warning can be trigger in try_grab_folio as follow: ------------[ cut here ]------------ WARNING: CPU: 0 PID: 1678 at mm/gup.c:147 try_grab_folio+0x106/0x130 Modules linked in: CPU: 0 UID: 0 PID: 1678 Comm: syz.3.31 Not tainted 6.15.0-rc5 #163 PREEMPT(undef) RIP: 0010:try_grab_folio+0x106/0x130 Call Trace:
CVSS: -EPSS: %CPEs: 7EXPL: 0CVE-2025-38100 – x86/iopl: Cure TIF_IO_BITMAP inconsistencies
https://notcve.org/view.php?id=CVE-2025-38100
03 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: x86/iopl: Cure TIF_IO_BITMAP inconsistencies io_bitmap_exit() is invoked from exit_thread() when a task exists or when a fork fails. In the latter case the exit_thread() cleans up resources which were allocated during fork(). io_bitmap_exit() invokes task_update_io_bitmap(), which in turn ends up in tss_update_io_bitmap(). tss_update_io_bitmap() operates on the current task. If current has TIF_IO_BITMAP set, but no bitmap installed, tss_upd... • https://git.kernel.org/stable/c/ea5f1cd7ab494f65f50f338299eabb40ad6a1767 •
CVSS: -EPSS: %CPEs: 3EXPL: 0CVE-2025-38099 – Bluetooth: Disable SCO support if READ_VOICE_SETTING is unsupported/broken
https://notcve.org/view.php?id=CVE-2025-38099
03 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Disable SCO support if READ_VOICE_SETTING is unsupported/broken A SCO connection without the proper voice_setting can cause the controller to lock up. • https://git.kernel.org/stable/c/f48ee562c095e552a30b8d9cc0566a267b410f8a •
CVSS: -EPSS: %CPEs: 3EXPL: 0CVE-2025-38098 – drm/amd/display: Don't treat wb connector as physical in create_validate_stream_for_sink
https://notcve.org/view.php?id=CVE-2025-38098
03 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Don't treat wb connector as physical in create_validate_stream_for_sink Don't try to operate on a drm_wb_connector as an amdgpu_dm_connector. While dereferencing aconnector->base will "work" it's wrong and might lead to unknown bad things. Just... don't. • https://git.kernel.org/stable/c/b14e726d57f61085485f107a6203c50a09695abd •
CVSS: -EPSS: %CPEs: 5EXPL: 0CVE-2025-38097 – espintcp: remove encap socket caching to avoid reference leak
https://notcve.org/view.php?id=CVE-2025-38097
03 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: espintcp: remove encap socket caching to avoid reference leak The current scheme for caching the encap socket can lead to reference leaks when we try to delete the netns. The reference chain is: xfrm_state -> enacp_sk -> netns Since the encap socket is a userspace socket, it holds a reference on the netns. If we delete the espintcp state (through flush or individual delete) before removing the netns, the reference on the socket is dropped a... • https://git.kernel.org/stable/c/e27cca96cd68fa2c6814c90f9a1cfd36bb68c593 •
CVSS: -EPSS: %CPEs: 3EXPL: 0CVE-2025-38096 – wifi: iwlwifi: don't warn when if there is a FW error
https://notcve.org/view.php?id=CVE-2025-38096
03 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: don't warn when if there is a FW error iwl_trans_reclaim is warning if it is called when the FW is not alive. But if it is called when there is a pending restart, i.e. after a FW error, there is no need to warn, instead - return silently. • https://git.kernel.org/stable/c/0446d34a853d9576e2a7628c803d2abd2f8cf3a8 •
CVSS: -EPSS: %CPEs: 5EXPL: 0CVE-2025-38095 – dma-buf: insert memory barrier before updating num_fences
https://notcve.org/view.php?id=CVE-2025-38095
03 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: dma-buf: insert memory barrier before updating num_fences smp_store_mb() inserts memory barrier after storing operation. It is different with what the comment is originally aiming so Null pointer dereference can be happened if memory update is reordered. • https://git.kernel.org/stable/c/a590d0fdbaa56f482ff515e1040b6d9b1b200d63 •
CVSS: -EPSS: %CPEs: 7EXPL: 0CVE-2025-38094 – net: cadence: macb: Fix a possible deadlock in macb_halt_tx.
https://notcve.org/view.php?id=CVE-2025-38094
03 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: net: cadence: macb: Fix a possible deadlock in macb_halt_tx. There is a situation where after THALT is set high, TGO stays high as well. Because jiffies are never updated, as we are in a context with interrupts disabled, we never exit that loop and have a deadlock. That deadlock was noticed on a sama5d4 device that stayed locked for days. Use retries instead of jiffies so that the timeout really works and we do not have a deadlock anymore. • https://git.kernel.org/stable/c/e86cd53afc5907f7c221b709916e2dd354e14691 •
CVSS: 8.5EPSS: %CPEs: 4EXPL: 0CVE-2025-38092 – ksmbd: use list_first_entry_or_null for opinfo_get_list()
https://notcve.org/view.php?id=CVE-2025-38092
02 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: use list_first_entry_or_null for opinfo_get_list() The list_first_entry() macro never returns NULL. If the list is empty then it returns an invalid pointer. Use list_first_entry_or_null() to check if the list is empty. In the Linux kernel, the following vulnerability has been resolved: ksmbd: use list_first_entry_or_null for opinfo_get_list() The list_first_entry() macro never returns NULL. If the list is empty then it returns an inv... • https://git.kernel.org/stable/c/c78abb646ff823e7d22faad4cc0703d4484da9e8 •
CVSS: 5.5EPSS: %CPEs: 3EXPL: 0CVE-2025-38091 – drm/amd/display: check stream id dml21 wrapper to get plane_id
https://notcve.org/view.php?id=CVE-2025-38091
02 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: check stream id dml21 wrapper to get plane_id [Why & How] Fix a false positive warning which occurs due to lack of correct checks when querying plane_id in DML21. This fixes the warning when performing a mode1 reset (cat /sys/kernel/debug/dri/1/amdgpu_gpu_recover): [ 35.751250] WARNING: CPU: 11 PID: 326 at /tmp/amd.PHpyAl7v/amd/amdgpu/../display/dc/dml2/dml2_dc_resource_mgmt.c:91 dml2_map_dc_pipes+0x243d/0x3f40 [amdgpu] [ 3... • https://git.kernel.org/stable/c/6f47d7408133631a1b178f8a04e79aee189ef046 •