CVSS: 8.2EPSS: 0%CPEs: 9EXPL: 0CVE-2025-38714 – hfsplus: fix slab-out-of-bounds in hfsplus_bnode_read()
https://notcve.org/view.php?id=CVE-2025-38714
04 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix slab-out-of-bounds in hfsplus_bnode_read() The hfsplus_bnode_read() method can trigger the issue: [ 174.852007][ T9784] ================================================================== [ 174.852709][ T9784] BUG: KASAN: slab-out-of-bounds in hfsplus_bnode_read+0x2f4/0x360 [ 174.853412][ T9784] Read of size 8 at addr ffff88810b5fc6c0 by task repro/9784 [ 174.854059][ T9784] [ 174.854272][ T9784] CPU: 1 UID: 0 PID: 9784 Comm: re... • https://git.kernel.org/stable/c/032f7ed6717a4cd3714f9801be39fdfc7f1c7644 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2025-38713 – hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc()
https://notcve.org/view.php?id=CVE-2025-38713
04 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() The hfsplus_readdir() method is capable to crash by calling hfsplus_uni2asc(): [ 667.121659][ T9805] ================================================================== [ 667.122651][ T9805] BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0x902/0xa10 [ 667.123627][ T9805] Read of size 2 at addr ffff88802592f40c by task repro/9805 [ 667.124578][ T9805] [ 667.124876][ T9805] CPU: 3 UI... • https://git.kernel.org/stable/c/73f7da507d787b489761a0fa280716f84fa32b2f •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2025-38712 – hfsplus: don't use BUG_ON() in hfsplus_create_attributes_file()
https://notcve.org/view.php?id=CVE-2025-38712
04 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: hfsplus: don't use BUG_ON() in hfsplus_create_attributes_file() When the volume header contains erroneous values that do not reflect the actual state of the filesystem, hfsplus_fill_super() assumes that the attributes file is not yet created, which later results in hitting BUG_ON() when hfsplus_create_attributes_file() is called. Replace this BUG_ON() with -EIO error with a message to suggest running fsck tool. In the Linux kernel, the foll... • https://git.kernel.org/stable/c/bb0eea8e375677f586ad11c12e2525ed3fc698c2 •
CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2025-38710 – gfs2: Validate i_depth for exhash directories
https://notcve.org/view.php?id=CVE-2025-38710
04 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: gfs2: Validate i_depth for exhash directories A fuzzer test introduced corruption that ends up with a depth of 0 in dir_e_read(), causing an undefined shift by 32 at: index = hash >> (32 - dip->i_depth); As calculated in an open-coded way in dir_make_exhash(), the minimum depth for an exhash directory is ilog2(sdp->sd_hash_ptrs) and 0 is invalid as sdp->sd_hash_ptrs is fixed as sdp->bsize / 16 at mount time. So we can avoid the undefined be... • https://git.kernel.org/stable/c/53a0249d68a210c16e961b83adfa82f94ee0a53d •
CVSS: 7.0EPSS: 0%CPEs: 5EXPL: 0CVE-2025-38709 – loop: Avoid updating block size under exclusive owner
https://notcve.org/view.php?id=CVE-2025-38709
04 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: loop: Avoid updating block size under exclusive owner Syzbot came up with a reproducer where a loop device block size is changed underneath a mounted filesystem. This causes a mismatch between the block device block size and the block size stored in the superblock causing confusion in various places such as fs/buffer.c. The particular issue triggered by syzbot was a warning in __getblk_slow() due to requested buffer size not matching block ... • https://git.kernel.org/stable/c/457d2c5e112fd08dc1039b1ae39a83ec1782360d •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2025-38708 – drbd: add missing kref_get in handle_write_conflicts
https://notcve.org/view.php?id=CVE-2025-38708
04 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: drbd: add missing kref_get in handle_write_conflicts With `two-primaries` enabled, DRBD tries to detect "concurrent" writes and handle write conflicts, so that even if you write to the same sector simultaneously on both nodes, they end up with the identical data once the writes are completed. In handling "superseeded" writes, we forgot a kref_get, resulting in a premature drbd_destroy_device and use after free, and further to kernel crashes... • https://git.kernel.org/stable/c/0336bfe9c237476bd7c45605a36ca79c2bca62e5 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38706 – ASoC: core: Check for rtd == NULL in snd_soc_remove_pcm_runtime()
https://notcve.org/view.php?id=CVE-2025-38706
04 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: ASoC: core: Check for rtd == NULL in snd_soc_remove_pcm_runtime() snd_soc_remove_pcm_runtime() might be called with rtd == NULL which will leads to null pointer dereference. This was reproduced with topology loading and marking a link as ignore due to missing hardware component on the system. On module removal the soc_tplg_remove_link() would call snd_soc_remove_pcm_runtime() with rtd == NULL since the link was ignored, no runtime was creat... • https://git.kernel.org/stable/c/8b465bedc2b417fd27c1d1ab7122882b4b60b1a0 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-38705 – drm/amd/pm: fix null pointer access
https://notcve.org/view.php?id=CVE-2025-38705
04 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: fix null pointer access Writing a string without delimiters (' ', '\n', '\0') to the under gpu_od/fan_ctrl sysfs or pp_power_profile_mode for the CUSTOM profile will result in a null pointer dereference. In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: fix null pointer access Writing a string without delimiters (' ', '\n', '\0') to the under gpu_od/fan_ctrl sysfs or pp_power_profile_mode for the CU... • https://git.kernel.org/stable/c/a83ffafd02a7af59848755c109d544e3894af737 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-38704 – rcu/nocb: Fix possible invalid rdp's->nocb_cb_kthread pointer access
https://notcve.org/view.php?id=CVE-2025-38704
04 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: rcu/nocb: Fix possible invalid rdp's->nocb_cb_kthread pointer access In the preparation stage of CPU online, if the corresponding the rdp's->nocb_cb_kthread does not exist, will be created, there is a situation where the rdp's rcuop kthreads creation fails, and then de-offload this CPU's rdp, does not assign this CPU's rdp->nocb_cb_kthread pointer, but this rdp's->nocb_gp_rdp and rdp's->rdp_gp->nocb_gp_kthread is still valid. This will caus... • https://git.kernel.org/stable/c/cce3d027227c69e85896af9fbc6fa9af5c68f067 •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2025-38702 – fbdev: fix potential buffer overflow in do_register_framebuffer()
https://notcve.org/view.php?id=CVE-2025-38702
04 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: fbdev: fix potential buffer overflow in do_register_framebuffer() The current implementation may lead to buffer overflow when: 1. Unregistration creates NULL gaps in registered_fb[] 2. All array slots become occupied despite num_registered_fb < FB_MAX 3. The registration loop exceeds array bounds Add boundary check to prevent registered_fb[FB_MAX] access. In the Linux kernel, the following vulnerability has been resolved: fbdev: fix potenti... • https://git.kernel.org/stable/c/5c3f5a25c62230b7965804ce7a2e9305c3ca3961 •