CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-38042 – dmaengine: ti: k3-udma-glue: Drop skip_fdq argument from k3_udma_glue_reset_rx_chn
https://notcve.org/view.php?id=CVE-2025-38042
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: k3-udma-glue: Drop skip_fdq argument from k3_udma_glue_reset_rx_chn The user of k3_udma_glue_reset_rx_chn() e.g. ti_am65_cpsw_nuss can run on multiple platforms having different DMA architectures. On some platforms there can be one FDQ for all flows in the RX channel while for others there is a separate FDQ for each flow in the RX channel. So far we have been relying on the skip_fdq argument of k3_udma_glue_reset_rx_chn(). In... • https://git.kernel.org/stable/c/d702419134133db1eab2067dc6ea5723467fd917 •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2025-38041 – clk: sunxi-ng: h616: Reparent GPU clock during frequency changes
https://notcve.org/view.php?id=CVE-2025-38041
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: clk: sunxi-ng: h616: Reparent GPU clock during frequency changes The H616 manual does not state that the GPU PLL supports dynamic frequency configuration, so we must take extra care when changing the frequency. Currently any attempt to do device DVFS on the GPU lead to panfrost various ooops, and GPU hangs. The manual describes the algorithm for changing the PLL frequency, which the CPU PLL notifier code already support, so we reuse that to... • https://git.kernel.org/stable/c/1439673b78185eaaa5fae444b3a9d58c434ee78e •
CVSS: 7.3EPSS: 0%CPEs: 5EXPL: 0CVE-2025-38040 – serial: mctrl_gpio: split disable_ms into sync and no_sync APIs
https://notcve.org/view.php?id=CVE-2025-38040
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: serial: mctrl_gpio: split disable_ms into sync and no_sync APIs The following splat has been observed on a SAMA5D27 platform using atmel_serial: BUG: sleeping function called from invalid context at kernel/irq/manage.c:738 in_atomic(): 1, irqs_disabled(): 128, non_block: 0, pid: 27, name: kworker/u5:0 preempt_count: 1, expected: 0 INFO: lockdep is turned off. irq event stamp: 0 hardirqs last enabled at (0): [<00000000>] 0x0 hardirqs last di... • https://git.kernel.org/stable/c/68435c1fa3db696db4f480385db9e50e26691d0d •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-38039 – net/mlx5e: Avoid WARN_ON when configuring MQPRIO with HTB offload enabled
https://notcve.org/view.php?id=CVE-2025-38039
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Avoid WARN_ON when configuring MQPRIO with HTB offload enabled When attempting to enable MQPRIO while HTB offload is already configured, the driver currently returns `-EINVAL` and triggers a `WARN_ON`, leading to an unnecessary call trace. Update the code to handle this case more gracefully by returning `-EOPNOTSUPP` instead, while also providing a helpful user message. In the Linux kernel, the following vulnerability has been re... • https://git.kernel.org/stable/c/090c0ba179eaf7b670e720aa054533756a43d565 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-38038 – cpufreq: amd-pstate: Remove unnecessary driver_lock in set_boost
https://notcve.org/view.php?id=CVE-2025-38038
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: cpufreq: amd-pstate: Remove unnecessary driver_lock in set_boost set_boost is a per-policy function call, hence a driver wide lock is unnecessary. Also this mutex_acquire can collide with the mutex_acquire from the mode-switch path in status_store(), which can lead to a deadlock. So, remove it. In the Linux kernel, the following vulnerability has been resolved: cpufreq: amd-pstate: Remove unnecessary driver_lock in set_boost set_boost is a ... • https://git.kernel.org/stable/c/ec437d71db77a181227bf6d0ac9d4a80e58ecf0f •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38037 – vxlan: Annotate FDB data races
https://notcve.org/view.php?id=CVE-2025-38037
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: vxlan: Annotate FDB data races The 'used' and 'updated' fields in the FDB entry structure can be accessed concurrently by multiple threads, leading to reports such as [1]. Can be reproduced using [2]. Suppress these reports by annotating these accesses using READ_ONCE() / WRITE_ONCE(). [1] BUG: KCSAN: data-race in vxlan_xmit / vxlan_xmit write to 0xffff942604d263a8 of 8 bytes by task 286 on cpu 0: vxlan_xmit+0xb29/0x2380 dev_hard_start_xmit... • https://git.kernel.org/stable/c/02a33b1035a307453a1da6ce0a1bf3676be287d7 •
CVSS: 6.6EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38035 – nvmet-tcp: don't restore null sk_state_change
https://notcve.org/view.php?id=CVE-2025-38035
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: don't restore null sk_state_change queue->state_change is set as part of nvmet_tcp_set_queue_sock(), but if the TCP connection isn't established when nvmet_tcp_set_queue_sock() is called then queue->state_change isn't set and sock->sk->sk_state_change isn't replaced. As such we don't need to restore sock->sk->sk_state_change if queue->state_change is NULL. This avoids NULL pointer dereferences such as this: [ 286.462026][ C0] BUG... • https://git.kernel.org/stable/c/872d26a391da92ed8f0c0f5cb5fef428067b7f30 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38034 – btrfs: correct the order of prelim_ref arguments in btrfs__prelim_ref
https://notcve.org/view.php?id=CVE-2025-38034
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: correct the order of prelim_ref arguments in btrfs__prelim_ref btrfs_prelim_ref() calls the old and new reference variables in the incorrect order. This causes a NULL pointer dereference because oldref is passed as NULL to trace_btrfs_prelim_ref_insert(). Note, trace_btrfs_prelim_ref_insert() is being called with newref as oldref (and oldref as NULL) on purpose in order to print out the values of newref. To reproduce: echo 1 > /sys/k... • https://git.kernel.org/stable/c/5755b6731655e248c4f1d52a2e1b18795b4a2a3a •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38031 – padata: do not leak refcount in reorder_work
https://notcve.org/view.php?id=CVE-2025-38031
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: padata: do not leak refcount in reorder_work A recent patch that addressed a UAF introduced a reference count leak: the parallel_data refcount is incremented unconditionally, regardless of the return value of queue_work(). If the work item is already queued, the incremented refcount is never decremented. Fix this by checking the return value of queue_work() and decrementing the refcount when necessary. Resolves: Unreferenced object 0xffff9d... • https://git.kernel.org/stable/c/f4f1b1169fc3694f9bc3e28c6c68dbbf4cc744c0 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-38029 – kasan: avoid sleepable page allocation from atomic context
https://notcve.org/view.php?id=CVE-2025-38029
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: kasan: avoid sleepable page allocation from atomic context apply_to_pte_range() enters the lazy MMU mode and then invokes kasan_populate_vmalloc_pte() callback on each page table walk iteration. However, the callback can go into sleep when trying to allocate a single page, e.g. if an architecutre disables preemption on lazy MMU mode enter. On s390 if make arch_enter_lazy_mmu_mode() -> preempt_enable() and arch_leave_lazy_mmu_mode() -> preem... • https://git.kernel.org/stable/c/3c5c3cfb9ef4da957e3357a2bd36f76ee34c0862 •