CVSS: -EPSS: %CPEs: 3EXPL: 0CVE-2025-38580 – ext4: fix inode use after free in ext4_end_io_rsv_work()
https://notcve.org/view.php?id=CVE-2025-38580
19 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: fix inode use after free in ext4_end_io_rsv_work() In ext4_io_end_defer_completion(), check if io_end->list_vec is empty to avoid adding an io_end that requires no conversion to the i_rsv_conversion_list, which in turn prevents starting an unnecessary worker. An ext4_emergency_state() check is also added to avoid attempting to abort the journal in an emergency state. Additionally, ext4_put_io_end_defer() is refactored to call ext4_io_... • https://git.kernel.org/stable/c/ce51afb8cc5e1867ea0dfdf5e92ddbe31a1fad5d •
CVSS: -EPSS: %CPEs: 6EXPL: 0CVE-2025-38579 – f2fs: fix KMSAN uninit-value in extent_info usage
https://notcve.org/view.php?id=CVE-2025-38579
19 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix KMSAN uninit-value in extent_info usage KMSAN reported a use of uninitialized value in `__is_extent_mergeable()` and `__is_back_mergeable()` via the read extent tree path. The root cause is that `get_read_extent_info()` only initializes three fields (`fofs`, `blk`, `len`) of `struct extent_info`, leaving the remaining fields uninitialized. This leads to undefined behavior when those fields are accessed later, especially during ext... • https://git.kernel.org/stable/c/94afd6d6e5253179c9b891d02081cc8355a11768 •
CVSS: -EPSS: %CPEs: 6EXPL: 0CVE-2025-38578 – f2fs: fix to avoid UAF in f2fs_sync_inode_meta()
https://notcve.org/view.php?id=CVE-2025-38578
19 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid UAF in f2fs_sync_inode_meta() syzbot reported an UAF issue as below: [1] [2] [1] https://syzkaller.appspot.com/text?tag=CrashReport&x=16594c60580000 ================================================================== BUG: KASAN: use-after-free in __list_del_entry_valid+0xa6/0x130 lib/list_debug.c:62 Read of size 8 at addr ffff888100567dc8 by task kworker/u4:0/8 CPU: 1 PID: 8 Comm: kworker/u4:0 Tainted: G W 6.1.129-syzkalle... • https://git.kernel.org/stable/c/0f18b462b2e5aff64b8638e8a47284b907351ef3 •
CVSS: -EPSS: %CPEs: 6EXPL: 0CVE-2025-38577 – f2fs: fix to avoid panic in f2fs_evict_inode
https://notcve.org/view.php?id=CVE-2025-38577
19 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid panic in f2fs_evict_inode As syzbot [1] reported as below: R10: 0000000000000100 R11: 0000000000000206 R12: 00007ffe17473450 R13: 00007f28b1c10854 R14: 000000000000dae5 R15: 00007ffe17474520 ---[ end trace 0000000000000000 ]--- ================================================================== BUG: KASAN: use-after-free in __list_del_entry_valid+0xa6/0x130 lib/list_debug.c:62 Read of size 8 at addr ffff88812d96227... • https://git.kernel.org/stable/c/0f18b462b2e5aff64b8638e8a47284b907351ef3 •
CVSS: -EPSS: %CPEs: 6EXPL: 0CVE-2025-38576 – powerpc/eeh: Make EEH driver device hotplug safe
https://notcve.org/view.php?id=CVE-2025-38576
19 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: powerpc/eeh: Make EEH driver device hotplug safe Multiple race conditions existed between the PCIe hotplug driver and the EEH driver, leading to a variety of kernel oopses of the same general nature:
CVSS: -EPSS: %CPEs: 6EXPL: 0CVE-2025-38574 – pptp: ensure minimal skb length in pptp_xmit()
https://notcve.org/view.php?id=CVE-2025-38574
19 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: pptp: ensure minimal skb length in pptp_xmit() Commit aabc6596ffb3 ("net: ppp: Add bound checking for skb data on ppp_sync_txmung") fixed ppp_sync_txmunge() We need a similar fix in pptp_xmit(), otherwise we might read uninit data as reported by syzbot. BUG: KMSAN: uninit-value in pptp_xmit+0xc34/0x2720 drivers/net/ppp/pptp.c:193 pptp_xmit+0xc34/0x2720 drivers/net/ppp/pptp.c:193 ppp_channel_bridge_input drivers/net/ppp/ppp_generic.c:2290 [i... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: -EPSS: %CPEs: 4EXPL: 0CVE-2025-38573 – spi: cs42l43: Property entry should be a null-terminated array
https://notcve.org/view.php?id=CVE-2025-38573
19 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: spi: cs42l43: Property entry should be a null-terminated array The software node does not specify a count of property entries, so the array must be null-terminated. When unterminated, this can lead to a fault in the downstream cs35l56 amplifier driver, because the node parse walks off the end of the array into unknown memory. • https://git.kernel.org/stable/c/0ca645ab5b1528666f6662a0e620140355b5aea3 •
CVSS: -EPSS: %CPEs: 6EXPL: 0CVE-2025-38572 – ipv6: reject malicious packets in ipv6_gso_segment()
https://notcve.org/view.php?id=CVE-2025-38572
19 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: ipv6: reject malicious packets in ipv6_gso_segment() syzbot was able to craft a packet with very long IPv6 extension headers leading to an overflow of skb->transport_header. This 16bit field has a limited range. Add skb_reset_transport_header_careful() helper and use it from ipv6_gso_segment() WARNING: CPU: 0 PID: 5871 at ./include/linux/skbuff.h:3032 skb_reset_transport_header include/linux/skbuff.h:3032 [inline] WARNING: CPU: 0 PID: 5871 ... • https://git.kernel.org/stable/c/d1da932ed4ecad2a14cbcc01ed589d617d0f0f09 •
CVSS: -EPSS: %CPEs: 5EXPL: 0CVE-2025-38571 – sunrpc: fix client side handling of tls alerts
https://notcve.org/view.php?id=CVE-2025-38571
19 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix client side handling of tls alerts A security exploit was discovered in NFS over TLS in tls_alert_recv due to its assumption that there is valid data in the msghdr's iterator's kvec. Instead, this patch proposes the rework how control messages are setup and used by sock_recvmsg(). If no control message structure is setup, kTLS layer will read and process TLS data record types. As soon as it encounters a TLS control message, it w... • https://git.kernel.org/stable/c/dea034b963c8901bdcc3d3880c04f0d75c95112f •
CVSS: -EPSS: %CPEs: 3EXPL: 0CVE-2025-38570 – eth: fbnic: unlink NAPIs from queues on error to open
https://notcve.org/view.php?id=CVE-2025-38570
19 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: eth: fbnic: unlink NAPIs from queues on error to open CI hit a UaF in fbnic in the AF_XDP portion of the queues.py test. The UaF is in the __sk_mark_napi_id_once() call in xsk_bind(), NAPI has been freed. Looks like the device failed to open earlier, and we lack clearing the NAPI pointer from the queue. • https://git.kernel.org/stable/c/557d02238e05eb66b9aba9a1f90f3a2131c6c887 •