CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2025-38235 – HID: appletb-kbd: fix "appletb_backlight" backlight device reference counting
https://notcve.org/view.php?id=CVE-2025-38235
06 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: HID: appletb-kbd: fix "appletb_backlight" backlight device reference counting During appletb_kbd_probe, probe attempts to get the backlight device by name. ... In the Linux kernel, the following vulnerability has been resolved: HID: appletb-kbd: fix "appletb_backlight" backlight device reference counting During appletb_kbd_probe, probe attempts to get the backlight device by name. • https://git.kernel.org/stable/c/93a0fc48948107e0cc34e1de22c3cb363a8f2783 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-38234 – sched/rt: Fix race in push_rt_task
https://notcve.org/view.php?id=CVE-2025-38234
04 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: sched/rt: Fix race in push_rt_task Overview ======== When a CPU chooses to call push_rt_task and picks a task to push to another CPU's runqueue then it will call find_lock_lowest_rq method which would take a double lock on both CPUs' runqueues. ... asm_sysvec_reschedule_i ---truncated--- In the Linux kernel, the following vulnerability has been resolved: sched/rt: Fix race in push_rt_task Overview ======== When a CPU chooses t... • https://git.kernel.org/stable/c/07ecabfbca64f4f0b6071cf96e49d162fa9d138d •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-38233 – powerpc64/ftrace: fix clobbered r15 during livepatching
https://notcve.org/view.php?id=CVE-2025-38233
04 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: powerpc64/ftrace: fix clobbered r15 during livepatching While r15 is clobbered always with PPC_FTRACE_OUT_OF_LINE, it is not restored in livepatch sequence leading to not so obvious fails like below: BUG: Unable to handle kernel data access on write at 0xc0000000000f9078 Faulting instruction address: 0xc0000000018ff958 Oops: Kernel access of bad area, sig: 11 [#1] ... In the Linux kernel, the following vulnerability has been r... • https://git.kernel.org/stable/c/eec37961a56aa4f3fe1c33ffd48eec7d1bb0c009 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-38232 – NFSD: fix race between nfsd registration and exports_proc
https://notcve.org/view.php?id=CVE-2025-38232
04 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: NFSD: fix race between nfsd registration and exports_proc As of now nfsd calls create_proc_exports_entry() at start of init_nfsd and cleanup by remove_proc_entry() at last of exit_nfsd. In the Linux kernel, the following vulnerability has been resolved: NFSD: fix race between nfsd registration and exports_proc As of now nfsd calls create_proc_exports_entry() at start of init_nfsd and cleanup by remove_proc_entry() at last of e... • https://git.kernel.org/stable/c/2029ca75cdfa6a25716a5a76b751486cce7e3822 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2025-38231 – nfsd: Initialize ssc before laundromat_work to prevent NULL dereference
https://notcve.org/view.php?id=CVE-2025-38231
04 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: nfsd: Initialize ssc before laundromat_work to prevent NULL dereference In nfs4_state_start_net(), laundromat_work may access nfsd_ssc through nfs4_laundromat -> nfsd4_ssc_expire_umount. In the Linux kernel, the following vulnerability has been resolved: nfsd: Initialize ssc before laundromat_work to prevent NULL dereference In nfs4_state_start_net(), laundromat_work may access nfsd_ssc through nfs4_laundromat -> nfsd4_ssc_exp... • https://git.kernel.org/stable/c/a4bc287943f5695209ff36bdc89f17b48d68fae7 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38230 – jfs: validate AG parameters in dbMount() to prevent crashes
https://notcve.org/view.php?id=CVE-2025-38230
04 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: jfs: validate AG parameters in dbMount() to prevent crashes Validate db_agheight, db_agwidth, and db_agstart in dbMount to catch corrupted metadata early and avoid undefined behavior in dbAllocAG. In the Linux kernel, the following vulnerability has been resolved: jfs: validate AG parameters in dbMount() to prevent crashes Validate db_agheight, db_agwidth, and db_agstart in dbMount to catch corrupted metadata early and avoid u... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 6.6EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38229 – media: cxusb: no longer judge rbuf when the write fails
https://notcve.org/view.php?id=CVE-2025-38229
04 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: media: cxusb: no longer judge rbuf when the write fails syzbot reported a uninit-value in cxusb_i2c_xfer. [1] Only when the write operation of usb_bulk_msg() in dvb_usb_generic_rw() succeeds and rlen is greater than 0, the read operation of usb_bulk_msg() will be executed to read rlen bytes of data from the dvb device into the rbuf. • https://git.kernel.org/stable/c/22c6d93a73105fddd58796d7cb10f5f90ee2a338 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-38228 – media: imagination: fix a potential memory leak in e5010_probe()
https://notcve.org/view.php?id=CVE-2025-38228
04 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: media: imagination: fix a potential memory leak in e5010_probe() Add video_device_release() to release the memory allocated by video_device_alloc() if something goes wrong. In the Linux kernel, the following vulnerability has been resolved: media: imagination: fix a potential memory leak in e5010_probe() Add video_device_release() to release the memory allocated by video_device_alloc() if something goes wrong. • https://git.kernel.org/stable/c/a1e2940458853d00c178c842c889e4ae3ef5eaec •
CVSS: 6.6EPSS: 0%CPEs: 7EXPL: 0CVE-2025-38227 – media: vidtv: Terminating the subsequent process of initialization failure
https://notcve.org/view.php?id=CVE-2025-38227
04 Jul 2025 — [1] BUG: KASAN: slab-use-after-free in vidtv_mux_pid_ctx_init drivers/media/test-drivers/vidtv/vidtv_mux.c:78 [inline] BUG: KASAN: slab-use-after-free in vidtv_mux_init+0xac2/0xbe0 drivers/media/test-drivers/vidtv/vidtv_mux.c:524 Read of size 8 at addr ffff88802fa42acc by task syz.2.37/6059 CPU: 0 UID: 0 PID: 6059 Comm: syz.2.37 Not tainted 6.14.0-rc5-syzkaller #0 Hardware name: Google Compute Engine, BIOS Google 02/12/2025 Call Trace:
CVSS: 6.6EPSS: 0%CPEs: 12EXPL: 0CVE-2025-38226 – media: vivid: Change the siize of the composing
https://notcve.org/view.php?id=CVE-2025-38226
04 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: media: vivid: Change the siize of the composing syzkaller found a bug: BUG: KASAN: vmalloc-out-of-bounds in tpg_fill_plane_pattern drivers/media/common/v4l2-tpg/v4l2-tpg-core.c:2608 [inline] BUG: KASAN: vmalloc-out-of-bounds in tpg_fill_plane_buffer+0x1a9c/0x5af0 drivers/media/common/v4l2-tpg/v4l2-tpg-core.c:2705 Write of size 1440 at addr ffffc9000d0ffda0 by task vivid-000-vid-c/5304 CPU: 0 UID: 0 PID: 5304 Comm: vivid-000-vid-c Not... • https://git.kernel.org/stable/c/54f259906039dbfe46c550011409fa16f72370f6 •