CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 1CVE-2025-9394 – PoDoFo PDF Dictionary PdfTokenizer.cpp DetermineDataType use after free
https://notcve.org/view.php?id=CVE-2025-9394
24 Aug 2025 — A flaw has been found in PoDoFo 1.1.0-dev. This issue affects the function PdfTokenizer::DetermineDataType of the file src/podofo/main/PdfTokenizer.cpp of the component PDF Dictionary Parser. Executing manipulation can lead to use after free. It is possible to launch the attack on the local host. The exploit has been published and may be used. • https://vuldb.com/?id.321227 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 1CVE-2025-9390 – vim xxd xxd.c main buffer overflow
https://notcve.org/view.php?id=CVE-2025-9390
24 Aug 2025 — A security flaw has been discovered in vim up to 9.1.1615. Affected by this vulnerability is the function main of the file src/xxd/xxd.c of the component xxd. The manipulation results in buffer overflow. The attack requires a local approach. The exploit has been released to the public and may be exploited. • https://vuldb.com/?id.321223 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.6EPSS: 0%CPEs: 4EXPL: 0CVE-2025-38675 – xfrm: state: initialize state_ptrs earlier in xfrm_state_find
https://notcve.org/view.php?id=CVE-2025-38675
22 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: xfrm: state: initialize state_ptrs earlier in xfrm_state_find In case of preemption, xfrm_state_look_at will find a different pcpu_id and look up states for that other CPU. ... In the Linux kernel, the following vulnerability has been resolved: xfrm: state: initialize state_ptrs earlier in xfrm_state_find In case of preemption, xfrm_state_look_at will find a different pcpu_id and look up states for that other CPU. • https://git.kernel.org/stable/c/a16871c7832ea6435abb6e0b58289ae7dcb7e4fc •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-38674 – Revert "drm/prime: Use dma_buf from GEM object instance"
https://notcve.org/view.php?id=CVE-2025-38674
22 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: Revert "drm/prime: Use dma_buf from GEM object instance" This reverts commit f83a9b8c7fd0557b0c50784bfdc1bbe9140c9bf8. ... Hence, this revert to going back to using .import_attach->dmabuf. v3: - cc stable In the Linux kernel, the following vulnerability has been resolved: Revert "drm/prime: Use dma_buf from GEM object instance" This reverts commit f83a9b8c7fd0557b0c50784bfdc1bbe9140c9bf8. • https://git.kernel.org/stable/c/f83a9b8c7fd0557b0c50784bfdc1bbe9140c9bf8 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-38673 – Revert "drm/gem-framebuffer: Use dma_buf from GEM object instance"
https://notcve.org/view.php?id=CVE-2025-38673
22 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: Revert "drm/gem-framebuffer: Use dma_buf from GEM object instance" This reverts commit cce16fcd7446dcff7480cd9d2b6417075ed81065. ... Hence, this revert to going back to using .import_attach->dmabuf. v3: - cc stable In the Linux kernel, the following vulnerability has been resolved: Revert "drm/gem-framebuffer: Use dma_buf from GEM object instance" This reverts commit cce16fcd7446dcff7480cd9d2b6417075ed81065. • https://git.kernel.org/stable/c/cce16fcd7446dcff7480cd9d2b6417075ed81065 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-38672 – Revert "drm/gem-dma: Use dma_buf from GEM object instance"
https://notcve.org/view.php?id=CVE-2025-38672
22 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: Revert "drm/gem-dma: Use dma_buf from GEM object instance" This reverts commit e8afa1557f4f963c9a511bd2c6074a941c308685. ... Hence, this revert to going back to using .import_attach->dmabuf. v3: - cc stable In the Linux kernel, the following vulnerability has been resolved: Revert "drm/gem-dma: Use dma_buf from GEM object instance" This reverts commit e8afa1557f4f963c9a511bd2c6074a941c308685. • https://git.kernel.org/stable/c/e8afa1557f4f963c9a511bd2c6074a941c308685 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38671 – i2c: qup: jump out of the loop in case of timeout
https://notcve.org/view.php?id=CVE-2025-38671
22 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: i2c: qup: jump out of the loop in case of timeout Original logic only sets the return value but doesn't jump out of the loop if the bus is kept active by a client. ... In the Linux kernel, the following vulnerability has been resolved: i2c: qup: jump out of the loop in case of timeout Original logic only sets the return value but doesn't jump out of the loop if the bus is kept active by a client. • https://git.kernel.org/stable/c/fbfab1ab065879370541caf0e514987368eb41b2 •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2025-38670 – arm64/entry: Mask DAIF in cpu_switch_to(), call_on_irq_stack()
https://notcve.org/view.php?id=CVE-2025-38670
22 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: arm64/entry: Mask DAIF in cpu_switch_to(), call_on_irq_stack() `cpu_switch_to()` and `call_on_irq_stack()` manipulate SP to change to different stacks along with the Shadow Call Stack if it is enabled. In the Linux kernel, the following vulnerability has been resolved: arm64/entry: Mask DAIF in cpu_switch_to(), call_on_irq_stack() `cpu_switch_to()` and `call_on_irq_stack()` manipulate SP to change to different stacks along wit... • https://git.kernel.org/stable/c/402d2b1d54b7085d0c3bfd01fd50c2701dde64b3 •
CVSS: 8.4EPSS: 0%CPEs: 2EXPL: 0CVE-2025-38669 – Revert "drm/gem-shmem: Use dma_buf from GEM object instance"
https://notcve.org/view.php?id=CVE-2025-38669
22 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: Revert "drm/gem-shmem: Use dma_buf from GEM object instance" This reverts commit 1a148af06000e545e714fe3210af3d77ff903c11. ... Hence, this revert to going back to using .import_attach->dmabuf. v3: - cc stable In the Linux kernel, the following vulnerability has been resolved: Revert "drm/gem-shmem: Use dma_buf from GEM object instance" This reverts commit 1a148af06000e545e714fe3210af3d77ff903c11. • https://git.kernel.org/stable/c/1a148af06000e545e714fe3210af3d77ff903c11 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38668 – regulator: core: fix NULL dereference on unbind due to stale coupling data
https://notcve.org/view.php?id=CVE-2025-38668
22 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: regulator: core: fix NULL dereference on unbind due to stale coupling data Failing to reset coupling_desc.n_coupled after freeing coupled_rdevs can lead to NULL pointer dereference when regulators are accessed post-unbind. In the Linux kernel, the following vulnerability has been resolved: regulator: core: fix NULL dereference on unbind due to stale coupling data Failing to reset coupling_desc.n_coupled after freeing coupled_r... • https://git.kernel.org/stable/c/7574892e259bbb16262ebfb4b65a2054a5e03a49 •