CVSS: 8.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-38204 – jfs: fix array-index-out-of-bounds read in add_missing_indices
https://notcve.org/view.php?id=CVE-2025-38204
04 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: jfs: fix array-index-out-of-bounds read in add_missing_indices stbl is s8 but it must contain offsets into slot which can go from 0 to 127. Added a bound check for that error and return -EIO if the check fails. Also make jfs_readdir return with error if add_missing_indices returns with an error. In the Linux kernel, the following vulnerability has been resolved: jfs: fix array-index-out-of-bounds read in add_missing_indices stbl is s8 but i... • https://git.kernel.org/stable/c/81af4b34fd72d390d7f237c6a545cc6d09707956 •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2025-38198 – fbcon: Make sure modelist not set on unregistered console
https://notcve.org/view.php?id=CVE-2025-38198
04 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: fbcon: Make sure modelist not set on unregistered console It looks like attempting to write to the "store_modes" sysfs node will run afoul of unregistered consoles: UBSAN: array-index-out-of-bounds in drivers/video/fbdev/core/fbcon.c:122:28 index -1 is out of range for type 'fb_info *[32]' ... fbcon_info_from_console+0x192/0x1a0 drivers/video/fbdev/core/fbcon.c:122 fbcon_new_modelist+0xbf/0x2d0 drivers/video/fbdev/core/fbcon.c:3048 fb_new_m... • https://git.kernel.org/stable/c/b3237d451bf3a4490cb1a76f3b7c91d9888f1c4b •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-38177 – sch_hfsc: make hfsc_qlen_notify() idempotent
https://notcve.org/view.php?id=CVE-2025-38177
04 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: sch_hfsc: make hfsc_qlen_notify() idempotent hfsc_qlen_notify() is not idempotent either and not friendly to its callers, like fq_codel_dequeue(). Let's make it idempotent to ease qdisc_tree_reduce_backlog() callers' life: 1. update_vf() decreases cl->cl_nactive, so we can check whether it is non-zero before calling it. 2. eltree_remove() always removes RB node cl->el_node, but we can use RB_EMPTY_NODE() + RB_CLEAR_NODE() to make it safe. I... • https://git.kernel.org/stable/c/0475c85426b18eccdcb7f9fb58d8f8e9c6c58c87 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-38099 – Bluetooth: Disable SCO support if READ_VOICE_SETTING is unsupported/broken
https://notcve.org/view.php?id=CVE-2025-38099
03 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Disable SCO support if READ_VOICE_SETTING is unsupported/broken A SCO connection without the proper voice_setting can cause the controller to lock up. In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Disable SCO support if READ_VOICE_SETTING is unsupported/broken A SCO connection without the proper voice_setting can cause the controller to lock up. • https://git.kernel.org/stable/c/f48ee562c095e552a30b8d9cc0566a267b410f8a •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-38096 – wifi: iwlwifi: don't warn when if there is a FW error
https://notcve.org/view.php?id=CVE-2025-38096
03 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: don't warn when if there is a FW error iwl_trans_reclaim is warning if it is called when the FW is not alive. But if it is called when there is a pending restart, i.e. after a FW error, there is no need to warn, instead - return silently. In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: don't warn when if there is a FW error iwl_trans_reclaim is warning if it is called when the FW is not aliv... • https://git.kernel.org/stable/c/0446d34a853d9576e2a7628c803d2abd2f8cf3a8 •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2022-50222 – tty: vt: initialize unicode screen buffer
https://notcve.org/view.php?id=CVE-2022-50222
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: tty: vt: initialize unicode screen buffer syzbot reports kernel infoleak at vcs_read() [1], for buffer can be read immediately after resize operation. Initialize buffer using kzalloc(). ---------- #include
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50215 – scsi: sg: Allow waiting for commands to complete on removed device
https://notcve.org/view.php?id=CVE-2022-50215
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: sg: Allow waiting for commands to complete on removed device When a SCSI device is removed while in active use, currently sg will immediately return -ENODEV on any attempt to wait for active commands that were sent before the removal. This is problematic for commands that use SG_FLAG_DIRECT_IO since the data buffer may still be in use by the kernel when userspace frees or reuses it after getting ENODEV, leading to corrupted userspace ... • https://git.kernel.org/stable/c/bbc118acf7baf9e93c5e1314d14f481301af4d0f •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50211 – md-raid10: fix KASAN warning
https://notcve.org/view.php?id=CVE-2022-50211
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: md-raid10: fix KASAN warning There's a KASAN warning in raid10_remove_disk when running the lvm test lvconvert-raid-reshape.sh. We fix this warning by verifying that the value "number" is valid. BUG: KASAN: slab-out-of-bounds in raid10_remove_disk+0x61/0x2a0 [raid10] Read of size 8 at addr ffff889108f3d300 by task mdX_raid10/124682 CPU: 3 PID: 124682 Comm: mdX_raid10 Not tainted 5.19.0-rc6 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, ... • https://git.kernel.org/stable/c/75fbd370a2cec9e92f48285bd90735ed0c837f52 • CWE-823: Use of Out-of-range Pointer Offset •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-50210 – MIPS: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK
https://notcve.org/view.php?id=CVE-2022-50210
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: MIPS: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK When CONFIG_CPUMASK_OFFSTACK and CONFIG_DEBUG_PER_CPU_MAPS is selected, cpu_max_bits_warn() generates a runtime warning similar as below while we show /proc/cpuinfo. Fix this by using nr_cpu_ids (the runtime limit) instead of NR_CPUS to iterate CPUs. [ 3.052463] ------------[ cut here ]------------ [ 3.059679] WARNING: CPU: 3 PID: 1 at include/linux/cpumask.h:108 show_cpuinfo+0x5e8/0x... • https://git.kernel.org/stable/c/d3ac4e47510ec0753ebe1e418a334ad202784aa8 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-50206 – arm64: fix oops in concurrently setting insn_emulation sysctls
https://notcve.org/view.php?id=CVE-2022-50206
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: arm64: fix oops in concurrently setting insn_emulation sysctls emulation_proc_handler() changes table->data for proc_dointvec_minmax and can generate the following Oops if called concurrently with itself: | Unable to handle kernel NULL pointer dereference at virtual address 0000000000000010 | Internal error: Oops: 96000006 [#1] SMP | Call trace: | update_insn_emulation_mode+0xc0/0x148 | emulation_proc_handler+0x64/0xb8 | proc_sys_call_handl... • https://git.kernel.org/stable/c/9d5fec6ba2e4117d196a8259ab54615ffe562460 •