CVSS: -EPSS: %CPEs: 5EXPL: 0CVE-2025-38142 – hwmon: (asus-ec-sensors) check sensor index in read_string()
https://notcve.org/view.php?id=CVE-2025-38142
03 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: hwmon: (asus-ec-sensors) check sensor index in read_string() Prevent a potential invalid memory access when the requested sensor is not found. find_ec_sensor_index() may return a negative value (e.g. -ENOENT), but its result was used without checking, which could lead to undefined behavior when passed to get_sensor_info(). Add a proper check to return -EINVAL if sensor_index is negative. Found by Linux Verification Center (linuxtesting.org)... • https://git.kernel.org/stable/c/d0ddfd241e5719d696bc0b081e260db69d368668 •
CVSS: -EPSS: %CPEs: 3EXPL: 0CVE-2025-38141 – dm: fix dm_blk_report_zones
https://notcve.org/view.php?id=CVE-2025-38141
03 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: dm: fix dm_blk_report_zones If dm_get_live_table() returned NULL, dm_put_live_table() was never called. Also, it is possible that md->zone_revalidate_map will change while calling this function. Only read it once, so that we are always using the same value. Otherwise we might miss a call to dm_put_live_table(). Finally, while md->zone_revalidate_map is set and a process is calling blk_revalidate_disk_zones() to set up the zone append emulat... • https://git.kernel.org/stable/c/f211268ed1f9bdf48f06a3ead5f5d88437450579 •
CVSS: -EPSS: %CPEs: 2EXPL: 0CVE-2025-38140 – dm: limit swapping tables for devices with zone write plugs
https://notcve.org/view.php?id=CVE-2025-38140
03 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: dm: limit swapping tables for devices with zone write plugs dm_revalidate_zones() only allowed new or previously unzoned devices to call blk_revalidate_disk_zones(). If the device was already zoned, disk->nr_zones would always equal md->nr_zones, so dm_revalidate_zones() returned without doing any work. This would make the zoned settings for the device not match the new table. If the device had zone write plug resources, it could run into e... • https://git.kernel.org/stable/c/bb37d77239af25cde59693dbe3fac04dd17d7b29 •
CVSS: -EPSS: %CPEs: 2EXPL: 0CVE-2025-38139 – netfs: Fix oops in write-retry from mis-resetting the subreq iterator
https://notcve.org/view.php?id=CVE-2025-38139
03 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: netfs: Fix oops in write-retry from mis-resetting the subreq iterator Fix the resetting of the subrequest iterator in netfs_retry_write_stream() to use the iterator-reset function as the iterator may have been shortened by a previous retry. In such a case, the amount of data to be written by the subrequest is not "subreq->len" but "subreq->len - subreq->transferred". Without this, KASAN may see an error in iov_iter_revert(): BUG: KASAN: sla... • https://git.kernel.org/stable/c/cd0277ed0c188dd40e7744e89299af7b78831ca4 •
CVSS: -EPSS: %CPEs: 7EXPL: 0CVE-2025-38138 – dmaengine: ti: Add NULL check in udma_probe()
https://notcve.org/view.php?id=CVE-2025-38138
03 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: Add NULL check in udma_probe() devm_kasprintf() returns NULL when memory allocation fails. Currently, udma_probe() does not check for this case, which results in a NULL pointer dereference. Add NULL check after devm_kasprintf() to prevent this issue. • https://git.kernel.org/stable/c/25dcb5dd7b7ce5587c1df18f584ff78f51a68a94 •
CVSS: -EPSS: %CPEs: 2EXPL: 0CVE-2025-38137 – PCI/pwrctrl: Cancel outstanding rescan work when unregistering
https://notcve.org/view.php?id=CVE-2025-38137
03 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: PCI/pwrctrl: Cancel outstanding rescan work when unregistering It's possible to trigger use-after-free here by: (a) forcing rescan_work_func() to take a long time and (b) utilizing a pwrctrl driver that may be unloaded for some reason Cancel outstanding work to ensure it is finished before we allow our data structures to be cleaned up. [bhelgaas: tidy commit log] • https://git.kernel.org/stable/c/8f62819aaace77dd85037ae766eb767f8c4417ce •
CVSS: -EPSS: %CPEs: 8EXPL: 0CVE-2025-38136 – usb: renesas_usbhs: Reorder clock handling and power management in probe
https://notcve.org/view.php?id=CVE-2025-38136
03 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: renesas_usbhs: Reorder clock handling and power management in probe Reorder the initialization sequence in `usbhs_probe()` to enable runtime PM before accessing registers, preventing potential crashes due to uninitialized clocks. Currently, in the probe path, registers are accessed before enabling the clocks, leading to a synchronous external abort on the RZ/V2H SoC. The problematic call flow is as follows: usbhs_probe() usbhs_sys_cloc... • https://git.kernel.org/stable/c/f1407d5c66240b33d11a7f1a41d55ccf6a9d7647 •
CVSS: -EPSS: %CPEs: 8EXPL: 0CVE-2025-38135 – serial: Fix potential null-ptr-deref in mlb_usio_probe()
https://notcve.org/view.php?id=CVE-2025-38135
03 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: serial: Fix potential null-ptr-deref in mlb_usio_probe() devm_ioremap() can return NULL on error. Currently, mlb_usio_probe() does not check for this case, which could result in a NULL pointer dereference. Add NULL check after devm_ioremap() to prevent this issue. • https://git.kernel.org/stable/c/ba44dc04300441b47618f9933bf36e75a280e5fe •
CVSS: -EPSS: %CPEs: 3EXPL: 0CVE-2025-38134 – usb: acpi: Prevent null pointer dereference in usb_acpi_add_usb4_devlink()
https://notcve.org/view.php?id=CVE-2025-38134
03 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: acpi: Prevent null pointer dereference in usb_acpi_add_usb4_devlink() As demonstrated by the fix for update_port_device_state, commit 12783c0b9e2c ("usb: core: Prevent null pointer dereference in update_port_device_state"), usb_hub_to_struct_hub() can return NULL in certain scenarios, such as during hub driver unbind or teardown race conditions, even if the underlying usb_device structure exists. Plus, all other places that call usb_hu... • https://git.kernel.org/stable/c/f1bfb4a6fed64de1771b43a76631942279851744 •
CVSS: -EPSS: %CPEs: 2EXPL: 0CVE-2025-38133 – iio: adc: ad4851: fix ad4858 chan pointer handling
https://notcve.org/view.php?id=CVE-2025-38133
03 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: iio: adc: ad4851: fix ad4858 chan pointer handling The pointer returned from ad4851_parse_channels_common() is incremented internally as each channel is populated. In ad4858_parse_channels(), the same pointer was further incremented while setting ext_scan_type fields for each channel. This resulted in indio_dev->channels being set to a pointer past the end of the allocated array, potentially causing memory corruption or undefined behavior. ... • https://git.kernel.org/stable/c/6250803fe2ec92be32a4df1c3a39c4a460d5bd58 •