CVSS: -EPSS: %CPEs: 2EXPL: 0CVE-2025-38139 – netfs: Fix oops in write-retry from mis-resetting the subreq iterator
https://notcve.org/view.php?id=CVE-2025-38139
03 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: netfs: Fix oops in write-retry from mis-resetting the subreq iterator Fix the resetting of the subrequest iterator in netfs_retry_write_stream() to use the iterator-reset function as the iterator may have been shortened by a previous retry. In such a case, the amount of data to be written by the subrequest is not "subreq->len" but "subreq->len - subreq->transferred". Without this, KASAN may see an error in iov_iter_revert(): BUG: KASAN: sla... • https://git.kernel.org/stable/c/cd0277ed0c188dd40e7744e89299af7b78831ca4 •
CVSS: -EPSS: %CPEs: 7EXPL: 0CVE-2025-38138 – dmaengine: ti: Add NULL check in udma_probe()
https://notcve.org/view.php?id=CVE-2025-38138
03 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: Add NULL check in udma_probe() devm_kasprintf() returns NULL when memory allocation fails. Currently, udma_probe() does not check for this case, which results in a NULL pointer dereference. Add NULL check after devm_kasprintf() to prevent this issue. • https://git.kernel.org/stable/c/25dcb5dd7b7ce5587c1df18f584ff78f51a68a94 •
CVSS: -EPSS: %CPEs: 2EXPL: 0CVE-2025-38137 – PCI/pwrctrl: Cancel outstanding rescan work when unregistering
https://notcve.org/view.php?id=CVE-2025-38137
03 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: PCI/pwrctrl: Cancel outstanding rescan work when unregistering It's possible to trigger use-after-free here by: (a) forcing rescan_work_func() to take a long time and (b) utilizing a pwrctrl driver that may be unloaded for some reason Cancel outstanding work to ensure it is finished before we allow our data structures to be cleaned up. [bhelgaas: tidy commit log] • https://git.kernel.org/stable/c/8f62819aaace77dd85037ae766eb767f8c4417ce •
CVSS: -EPSS: %CPEs: 8EXPL: 0CVE-2025-38136 – usb: renesas_usbhs: Reorder clock handling and power management in probe
https://notcve.org/view.php?id=CVE-2025-38136
03 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: renesas_usbhs: Reorder clock handling and power management in probe Reorder the initialization sequence in `usbhs_probe()` to enable runtime PM before accessing registers, preventing potential crashes due to uninitialized clocks. Currently, in the probe path, registers are accessed before enabling the clocks, leading to a synchronous external abort on the RZ/V2H SoC. The problematic call flow is as follows: usbhs_probe() usbhs_sys_cloc... • https://git.kernel.org/stable/c/f1407d5c66240b33d11a7f1a41d55ccf6a9d7647 •
CVSS: -EPSS: %CPEs: 8EXPL: 0CVE-2025-38135 – serial: Fix potential null-ptr-deref in mlb_usio_probe()
https://notcve.org/view.php?id=CVE-2025-38135
03 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: serial: Fix potential null-ptr-deref in mlb_usio_probe() devm_ioremap() can return NULL on error. Currently, mlb_usio_probe() does not check for this case, which could result in a NULL pointer dereference. Add NULL check after devm_ioremap() to prevent this issue. • https://git.kernel.org/stable/c/ba44dc04300441b47618f9933bf36e75a280e5fe •
CVSS: -EPSS: %CPEs: 3EXPL: 0CVE-2025-38134 – usb: acpi: Prevent null pointer dereference in usb_acpi_add_usb4_devlink()
https://notcve.org/view.php?id=CVE-2025-38134
03 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: acpi: Prevent null pointer dereference in usb_acpi_add_usb4_devlink() As demonstrated by the fix for update_port_device_state, commit 12783c0b9e2c ("usb: core: Prevent null pointer dereference in update_port_device_state"), usb_hub_to_struct_hub() can return NULL in certain scenarios, such as during hub driver unbind or teardown race conditions, even if the underlying usb_device structure exists. Plus, all other places that call usb_hu... • https://git.kernel.org/stable/c/f1bfb4a6fed64de1771b43a76631942279851744 •
CVSS: -EPSS: %CPEs: 2EXPL: 0CVE-2025-38132 – coresight: holding cscfg_csdev_lock while removing cscfg from csdev
https://notcve.org/view.php?id=CVE-2025-38132
03 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: coresight: holding cscfg_csdev_lock while removing cscfg from csdev There'll be possible race scenario for coresight config: CPU0 CPU1 (perf enable) load module cscfg_load_config_sets() activate config. // sysfs (sys_active_cnt == 1) ... cscfg_csdev_enable_active_config() lock(csdev->cscfg_csdev_lock) deactivate config // sysfs (sys_activec_cnt == 0) cscfg_unload_config_sets()
CVSS: -EPSS: %CPEs: 5EXPL: 0CVE-2025-38131 – coresight: prevent deactivate active config while enabling the config
https://notcve.org/view.php?id=CVE-2025-38131
03 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: coresight: prevent deactivate active config while enabling the config While enable active config via cscfg_csdev_enable_active_config(), active config could be deactivated via configfs' sysfs interface. This could make UAF issue in below scenario: CPU0 CPU1 (sysfs enable) load module cscfg_load_config_sets() activate config. // sysfs (sys_active_cnt == 1) ... cscfg_csdev_enable_active_config() lock(csdev->cscfg_csdev_lock) // here load conf... • https://git.kernel.org/stable/c/f8cce2ff3c04361b8843d8489620fda8880f668b •
CVSS: -EPSS: %CPEs: 2EXPL: 0CVE-2025-38130 – drm/connector: only call HDMI audio helper plugged cb if non-null
https://notcve.org/view.php?id=CVE-2025-38130
03 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/connector: only call HDMI audio helper plugged cb if non-null On driver remove, sound/soc/codecs/hdmi-codec.c calls the plugged_cb with NULL as the callback function and codec_dev, as seen in its hdmi_remove function. The HDMI audio helper then happily tries calling said null function pointer, and produces an Oops as a result. Fix this by only executing the callback if fn is non-null. This means the .plugged_cb and .plugged_cb_dev membe... • https://git.kernel.org/stable/c/baf616647fe6f857a0cf2187197de31e9bb17a71 •
CVSS: -EPSS: %CPEs: 3EXPL: 0CVE-2025-38129 – page_pool: Fix use-after-free in page_pool_recycle_in_ring
https://notcve.org/view.php?id=CVE-2025-38129
03 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: page_pool: Fix use-after-free in page_pool_recycle_in_ring syzbot reported a uaf in page_pool_recycle_in_ring: BUG: KASAN: slab-use-after-free in lock_release+0x151/0xa30 kernel/locking/lockdep.c:5862 Read of size 8 at addr ffff8880286045a0 by task syz.0.284/6943 CPU: 0 UID: 0 PID: 6943 Comm: syz.0.284 Not tainted 6.13.0-rc3-syzkaller-gdfa94ce54f41 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 ... • https://git.kernel.org/stable/c/ff7d6b27f894f1469dc51ccb828b7363ccd9799f •