CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49937 – media: mceusb: Use new usb_control_msg_*() routines
https://notcve.org/view.php?id=CVE-2022-49937
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: media: mceusb: Use new usb_control_msg_*() routines Automatic kernel fuzzing led to a WARN about invalid pipe direction in the mceusb driver: ------------[ cut here ]------------ usb 6-1: BOGUS control dir, pipe 80000380 doesn't match bRequestType 40 WARNING: CPU: 0 PID: 2465 at drivers/usb/core/urb.c:410 usb_submit_urb+0x1326/0x1820 drivers/usb/core/urb.c:410 Modules linked in: CPU: 0 PID: 2465 Comm: kworker/0:2 Not tainted 5.19.0-r... • https://git.kernel.org/stable/c/587f793c64d99d92be8ef01c4c69d885a3f2edb6 •
CVSS: 6.6EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49936 – USB: core: Prevent nested device-reset calls
https://notcve.org/view.php?id=CVE-2022-49936
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: USB: core: Prevent nested device-reset calls Automatic kernel fuzzing revealed a recursive locking violation in usb-storage: ============================================ WARNING: possible recursive locking detected 5.18.0 #3 Not tainted -------------------------------------------- kworker/1:3/1205 is trying to acquire lock: ffff888018638db8 (&us_interface_key[i]){+.+.}-{3:3}, at: usb_stor_pre_reset+0x35/0x40 drivers/usb/storage/usb.c... • https://git.kernel.org/stable/c/d90419b8b8322b6924f6da9da952647f2dadc21b •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-49935 – dma-buf/dma-resv: check if the new fence is really later
https://notcve.org/view.php?id=CVE-2022-49935
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: dma-buf/dma-resv: check if the new fence is really later Previously when we added a fence to a dma_resv object we always assumed the the newer than all the existing fences. ... In the Linux kernel, the following vulnerability has been resolved: dma-buf/dma-resv: check if the new fence is really later Previously when we added a fence to a dma_resv object we always assumed the the newer than all the existing fences. • https://git.kernel.org/stable/c/c4c798fe98adceb642050819cb57cbc8f5c27870 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49934 – wifi: mac80211: Fix UAF in ieee80211_scan_rx()
https://notcve.org/view.php?id=CVE-2022-49934
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: Fix UAF in ieee80211_scan_rx() ieee80211_scan_rx() tries to access scan_req->flags after a null check, but a UAF is observed when the scan is completed and __ieee80211_scan_completed() executes, which then calls cfg80211_scan_done() leading to the freeing of scan_req. In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: Fix UAF in ieee80211_scan_rx() ieee80211_scan_rx() tries to a... • https://git.kernel.org/stable/c/6eb181a64fdabf10be9e54de728876667da20255 •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2025-38082 – gpio: virtuser: fix potential out-of-bound write
https://notcve.org/view.php?id=CVE-2025-38082
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: gpio: virtuser: fix potential out-of-bound write If the caller wrote more characters, count is truncated to the max available space in "simple_write_to_buffer". ... In the Linux kernel, the following vulnerability has been resolved: gpio: virtuser: fix potential out-of-bound write If the caller wrote more characters, count is truncated to the max available space in "simple_write_to_buffer". • https://git.kernel.org/stable/c/91581c4b3f29e2e22aeb1a62e842d529ca638b2d •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2025-38081 – spi-rockchip: Fix register out of bounds access
https://notcve.org/view.php?id=CVE-2025-38081
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: spi-rockchip: Fix register out of bounds access Do not write native chip select stuff for GPIO chip selects. In the Linux kernel, the following vulnerability has been resolved: spi-rockchip: Fix register out of bounds access Do not write native chip select stuff for GPIO chip selects. GPIOs can be numbered much higher than native CS. Also, it makes no sense. • https://git.kernel.org/stable/c/4a120221661fcecb253448d7b041a52d47f1d91f •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-38080 – drm/amd/display: Increase block_sequence array size
https://notcve.org/view.php?id=CVE-2025-38080
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Increase block_sequence array size [Why] It's possible to generate more than 50 steps in hwss_build_fast_sequence, for example with a 6-pipe asic where all pipes are in one MPC chain. In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Increase block_sequence array size [Why] It's possible to generate more than 50 steps in hwss_build_fast_sequence, for example with a 6-pipe asi... • https://git.kernel.org/stable/c/de67e80ab48f1f23663831007a2fa3c1471a7757 •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38079 – crypto: algif_hash - fix double free in hash_accept
https://notcve.org/view.php?id=CVE-2025-38079
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: crypto: algif_hash - fix double free in hash_accept If accept(2) is called on socket type algif_hash with MSG_MORE flag set and crypto_ahash_import fails, sk2 is freed. In the Linux kernel, the following vulnerability has been resolved: crypto: algif_hash - fix double free in hash_accept If accept(2) is called on socket type algif_hash with MSG_MORE flag set and crypto_ahash_import fails, sk2 is freed. ... • https://git.kernel.org/stable/c/fe869cdb89c95d060c77eea20204d6c91f233b53 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38078 – ALSA: pcm: Fix race of buffer access at PCM OSS layer
https://notcve.org/view.php?id=CVE-2025-38078
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Fix race of buffer access at PCM OSS layer The PCM OSS layer tries to clear the buffer with the silence data at initialization (or reconfiguration) of a stream with the explicit call of snd_pcm_format_set_silence() with runtime->dma_area. In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Fix race of buffer access at PCM OSS layer The PCM OSS layer tries to clear the buffer with the silen... • https://git.kernel.org/stable/c/c0e05a76fc727929524ef24a19c302e6dd40233f •
CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0CVE-2025-38077 – platform/x86: dell-wmi-sysman: Avoid buffer overflow in current_password_store()
https://notcve.org/view.php?id=CVE-2025-38077
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell-wmi-sysman: Avoid buffer overflow in current_password_store() If the 'buf' array received from the user contains an empty string, the 'length' variable will be zero. In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell-wmi-sysman: Avoid buffer overflow in current_password_store() If the 'buf' array received from the user contains an empty string, the 'length' variable will b... • https://git.kernel.org/stable/c/e8a60aa7404bfef37705da5607c97737073ac38d •