CVSS: -EPSS: %CPEs: 8EXPL: 0CVE-2025-38135 – serial: Fix potential null-ptr-deref in mlb_usio_probe()
https://notcve.org/view.php?id=CVE-2025-38135
03 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: serial: Fix potential null-ptr-deref in mlb_usio_probe() devm_ioremap() can return NULL on error. Currently, mlb_usio_probe() does not check for this case, which could result in a NULL pointer dereference. Add NULL check after devm_ioremap() to prevent this issue. • https://git.kernel.org/stable/c/ba44dc04300441b47618f9933bf36e75a280e5fe •
CVSS: -EPSS: %CPEs: 2EXPL: 0CVE-2025-38132 – coresight: holding cscfg_csdev_lock while removing cscfg from csdev
https://notcve.org/view.php?id=CVE-2025-38132
03 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: coresight: holding cscfg_csdev_lock while removing cscfg from csdev There'll be possible race scenario for coresight config: CPU0 CPU1 (perf enable) load module cscfg_load_config_sets() activate config. // sysfs (sys_active_cnt == 1) ... cscfg_csdev_enable_active_config() lock(csdev->cscfg_csdev_lock) deactivate config // sysfs (sys_activec_cnt == 0) cscfg_unload_config_sets()
CVSS: -EPSS: %CPEs: 5EXPL: 0CVE-2025-38131 – coresight: prevent deactivate active config while enabling the config
https://notcve.org/view.php?id=CVE-2025-38131
03 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: coresight: prevent deactivate active config while enabling the config While enable active config via cscfg_csdev_enable_active_config(), active config could be deactivated via configfs' sysfs interface. This could make UAF issue in below scenario: CPU0 CPU1 (sysfs enable) load module cscfg_load_config_sets() activate config. // sysfs (sys_active_cnt == 1) ... cscfg_csdev_enable_active_config() lock(csdev->cscfg_csdev_lock) // here load conf... • https://git.kernel.org/stable/c/f8cce2ff3c04361b8843d8489620fda8880f668b •
CVSS: -EPSS: %CPEs: 3EXPL: 0CVE-2025-38129 – page_pool: Fix use-after-free in page_pool_recycle_in_ring
https://notcve.org/view.php?id=CVE-2025-38129
03 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: page_pool: Fix use-after-free in page_pool_recycle_in_ring syzbot reported a uaf in page_pool_recycle_in_ring: BUG: KASAN: slab-use-after-free in lock_release+0x151/0xa30 kernel/locking/lockdep.c:5862 Read of size 8 at addr ffff8880286045a0 by task syz.0.284/6943 CPU: 0 UID: 0 PID: 6943 Comm: syz.0.284 Not tainted 6.13.0-rc3-syzkaller-gdfa94ce54f41 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 ... • https://git.kernel.org/stable/c/ff7d6b27f894f1469dc51ccb828b7363ccd9799f •
CVSS: -EPSS: %CPEs: 4EXPL: 0CVE-2025-38127 – ice: fix Tx scheduler error handling in XDP callback
https://notcve.org/view.php?id=CVE-2025-38127
03 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: ice: fix Tx scheduler error handling in XDP callback When the XDP program is loaded, the XDP callback adds new Tx queues. This means that the callback must update the Tx scheduler with the new queue number. In the event of a Tx scheduler failure, the XDP callback should also fail and roll back any changes previously made for XDP preparation. The previous implementation had a bug that not all changes made by the XDP callback were rolled back... • https://git.kernel.org/stable/c/efc2214b6047b6f5b4ca53151eba62521b9452d6 •
CVSS: -EPSS: %CPEs: 5EXPL: 0CVE-2025-38126 – net: stmmac: make sure that ptp_rate is not 0 before configuring timestamping
https://notcve.org/view.php?id=CVE-2025-38126
03 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: net: stmmac: make sure that ptp_rate is not 0 before configuring timestamping The stmmac platform drivers that do not open-code the clk_ptp_rate value after having retrieved the default one from the device-tree can end up with 0 in clk_ptp_rate (as clk_get_rate can return 0). It will eventually propagate up to PTP initialization when bringing up the interface, leading to a divide by 0: Division by zero in kernel. CPU: 1 UID: 0 PID: 1 Comm: ... • https://git.kernel.org/stable/c/19d857c9038e5c07db8f8cc02b5ad0cd0098714f •
CVSS: -EPSS: %CPEs: 3EXPL: 0CVE-2025-38125 – net: stmmac: make sure that ptp_rate is not 0 before configuring EST
https://notcve.org/view.php?id=CVE-2025-38125
03 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: net: stmmac: make sure that ptp_rate is not 0 before configuring EST If the ptp_rate recorded earlier in the driver happens to be 0, this bogus value will propagate up to EST configuration, where it will trigger a division by 0. Prevent this division by 0 by adding the corresponding check and error code. • https://git.kernel.org/stable/c/8572aec3d0dc43045254fd1bf581fb980bfdbc4b •
CVSS: -EPSS: %CPEs: 7EXPL: 0CVE-2025-38124 – net: fix udp gso skb_segment after pull from frag_list
https://notcve.org/view.php?id=CVE-2025-38124
03 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: net: fix udp gso skb_segment after pull from frag_list Commit a1e40ac5b5e9 ("net: gso: fix udp gso fraglist segmentation after pull from frag_list") detected invalid geometry in frag_list skbs and redirects them from skb_segment_list to more robust skb_segment. But some packets with modified geometry can also hit bugs in that code. We don't know how many such cases exist. Addressing each one by one also requires touching the complex skb_seg... • https://git.kernel.org/stable/c/080e6c9a3908de193a48f646c5ce1bfb15676ffc •
CVSS: -EPSS: %CPEs: 4EXPL: 0CVE-2025-38123 – net: wwan: t7xx: Fix napi rx poll issue
https://notcve.org/view.php?id=CVE-2025-38123
03 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: net: wwan: t7xx: Fix napi rx poll issue When driver handles the napi rx polling requests, the netdev might have been released by the dellink logic triggered by the disconnect operation on user plane. However, in the logic of processing skb in polling, an invalid netdev is still being used, which causes a panic. BUG: kernel NULL pointer dereference, address: 00000000000000f1 Oops: 0000 [#1] PREEMPT SMP NOPTI RIP: 0010:dev_gro_receive+0x3a/0x... • https://git.kernel.org/stable/c/5545b7b9f294de7f95ec6a7cb1de0db52296001c •
CVSS: -EPSS: %CPEs: 6EXPL: 0CVE-2025-38122 – gve: add missing NULL check for gve_alloc_pending_packet() in TX DQO
https://notcve.org/view.php?id=CVE-2025-38122
03 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: gve: add missing NULL check for gve_alloc_pending_packet() in TX DQO gve_alloc_pending_packet() can return NULL, but gve_tx_add_skb_dqo() did not check for this case before dereferencing the returned pointer. Add a missing NULL check to prevent a potential NULL pointer dereference when allocation fails. This improves robustness in low-memory scenarios. • https://git.kernel.org/stable/c/a57e5de476be0b4b7f42beb6a21c19ad9c577aa3 •