CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-38521 – drm/imagination: Fix kernel crash when hard resetting the GPU
https://notcve.org/view.php?id=CVE-2025-38521
16 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/imagination: Fix kernel crash when hard resetting the GPU The GPU hard reset sequence calls pm_runtime_force_suspend() and pm_runtime_force_resume(), which according to their documentation should only be used during system-wide PM transitions to sleep states. The main issue though is that depending on some internal runtime PM state as seen by pm_runtime_force_suspend() (whether the usage count is <= 1), pm_runtime_force_resume() might n... • https://git.kernel.org/stable/c/cc1aeedb98ad347c06ff59e991b2f94dfb4c565d •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2025-38520 – drm/amdkfd: Don't call mmput from MMU notifier callback
https://notcve.org/view.php?id=CVE-2025-38520
16 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Don't call mmput from MMU notifier callback If the process is exiting, the mmput inside mmu notifier callback from compactd or fork or numa balancing could release the last reference of mm struct to call exit_mmap and free_pgtable, this triggers deadlock with below backtrace. The deadlock will leak kfd process as mmu notifier release is not called and cause VRAM leaking. The fix is to take mm reference mmget_non_zero when adding... • https://git.kernel.org/stable/c/fa582c6f3684ac0098a9d02ddf0ed52a02b37127 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-38517 – lib/alloc_tag: do not acquire non-existent lock in alloc_tag_top_users()
https://notcve.org/view.php?id=CVE-2025-38517
16 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: lib/alloc_tag: do not acquire non-existent lock in alloc_tag_top_users() alloc_tag_top_users() attempts to lock alloc_tag_cttype->mod_lock even when the alloc_tag_cttype is not allocated because: 1) alloc tagging is disabled because mem profiling is disabled (!alloc_tag_cttype) 2) alloc tagging is enabled, but not yet initialized (!alloc_tag_cttype) 3) alloc tagging is enabled, but failed initialization (!alloc_tag_cttype or IS_ERR(alloc_ta... • https://git.kernel.org/stable/c/1438d349d16b78d88f9e978a4a5496f078c8191b •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38516 – pinctrl: qcom: msm: mark certain pins as invalid for interrupts
https://notcve.org/view.php?id=CVE-2025-38516
16 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: pinctrl: qcom: msm: mark certain pins as invalid for interrupts On some platforms, the UFS-reset pin has no interrupt logic in TLMM but is nevertheless registered as a GPIO in the kernel. This enables the user-space to trigger a BUG() in the pinctrl-msm driver by running, for example: `gpiomon -c 0 113` on RB2. The exact culprit is requesting pins whose intr_detection_width setting is not 1 or 2 for interrupts. This hits a BUG() in msm_gpio... • https://git.kernel.org/stable/c/f365be0925729508fd8e62f8bdb504ef896cb6e0 •
CVSS: 6.9EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38515 – drm/sched: Increment job count before swapping tail spsc queue
https://notcve.org/view.php?id=CVE-2025-38515
16 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/sched: Increment job count before swapping tail spsc queue A small race exists between spsc_queue_push and the run-job worker, in which spsc_queue_push may return not-first while the run-job worker has already idled due to the job count being zero. If this race occurs, job scheduling stops, leading to hangs while waiting on the job’s DMA fences. Seal this race by incrementing the job count before appending to the SPSC queue. This race w... • https://git.kernel.org/stable/c/27105db6c63a571b91d01e749d026105a1e63bcf •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38514 – rxrpc: Fix oops due to non-existence of prealloc backlog struct
https://notcve.org/view.php?id=CVE-2025-38514
16 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix oops due to non-existence of prealloc backlog struct If an AF_RXRPC service socket is opened and bound, but calls are preallocated, then rxrpc_alloc_incoming_call() will oops because the rxrpc_backlog struct doesn't get allocated until the first preallocation is made. Fix this by returning NULL from rxrpc_alloc_incoming_call() if there is no backlog struct. This will cause the incoming call to be aborted. In the Linux kernel, the... • https://git.kernel.org/stable/c/bf0ca6a1bc4fb904b598137c6718785a107e3adf •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38513 – wifi: zd1211rw: Fix potential NULL pointer dereference in zd_mac_tx_to_dev()
https://notcve.org/view.php?id=CVE-2025-38513
16 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: zd1211rw: Fix potential NULL pointer dereference in zd_mac_tx_to_dev() There is a potential NULL pointer dereference in zd_mac_tx_to_dev(). For example, the following is possible: T0 T1 zd_mac_tx_to_dev() /* len == skb_queue_len(q) */ while (len > ZD_MAC_MAX_ACK_WAITERS) { filter_ack() spin_lock_irqsave(&q->lock, flags); /* position == skb_queue_len(q) */ for (i=1; i
CVSS: 5.7EPSS: 0%CPEs: 5EXPL: 0CVE-2025-38512 – wifi: prevent A-MSDU attacks in mesh networks
https://notcve.org/view.php?id=CVE-2025-38512
16 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: prevent A-MSDU attacks in mesh networks This patch is a mitigation to prevent the A-MSDU spoofing vulnerability for mesh networks. The initial update to the IEEE 802.11 standard, in response to the FragAttacks, missed this case (CVE-2025-27558). It can be considered a variant of CVE-2020-24588 but for mesh networks. This patch tries to detect if a standard MSDU was turned into an A-MSDU by an adversary. This is done by parsing a recei... • https://git.kernel.org/stable/c/e2c8a3c0388aef6bfc4aabfba07bc7dff16eea80 •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2025-38511 – drm/xe/pf: Clear all LMTT pages on alloc
https://notcve.org/view.php?id=CVE-2025-38511
16 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/xe/pf: Clear all LMTT pages on alloc Our LMEM buffer objects are not cleared by default on alloc and during VF provisioning we only setup LMTT PTEs for the actually provisioned LMEM range. But beyond that valid range we might leave some stale data that could either point to some other VFs allocations or even to the PF pages. Explicitly clear all new LMTT page to avoid the risk that a malicious VF would try to exploit that gap. While aro... • https://git.kernel.org/stable/c/b1d20405821812ad70d95eefe58cadc6d50b0917 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-38510 – kasan: remove kasan_find_vm_area() to prevent possible deadlock
https://notcve.org/view.php?id=CVE-2025-38510
16 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: kasan: remove kasan_find_vm_area() to prevent possible deadlock find_vm_area() couldn't be called in atomic_context. If find_vm_area() is called to reports vm area information, kasan can trigger deadlock like: CPU0 CPU1 vmalloc(); alloc_vmap_area(); spin_lock(&vn->busy.lock) spin_lock_bh(&some_lock);