CVSS: 8.2EPSS: 0%CPEs: 9EXPL: 0CVE-2025-38714 – hfsplus: fix slab-out-of-bounds in hfsplus_bnode_read()
https://notcve.org/view.php?id=CVE-2025-38714
04 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix slab-out-of-bounds in hfsplus_bnode_read() The hfsplus_bnode_read() method can trigger the issue: [ 174.852007][ T9784] ================================================================== [ 174.852709][ T9784] BUG: KASAN: slab-out-of-bounds in hfsplus_bnode_read+0x2f4/0x360 [ 174.853412][ T9784] Read of size 8 at addr ffff88810b5fc6c0 by task repro/9784 [ 174.854059][ T9784] [ 174.854272][ T9784] CPU: 1 UID: 0 PID: 9784 Comm: re... • https://git.kernel.org/stable/c/032f7ed6717a4cd3714f9801be39fdfc7f1c7644 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2025-38713 – hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc()
https://notcve.org/view.php?id=CVE-2025-38713
04 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() The hfsplus_readdir() method is capable to crash by calling hfsplus_uni2asc(): [ 667.121659][ T9805] ================================================================== [ 667.122651][ T9805] BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0x902/0xa10 [ 667.123627][ T9805] Read of size 2 at addr ffff88802592f40c by task repro/9805 [ 667.124578][ T9805] [ 667.124876][ T9805] CPU: 3 UI... • https://git.kernel.org/stable/c/73f7da507d787b489761a0fa280716f84fa32b2f •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2025-38712 – hfsplus: don't use BUG_ON() in hfsplus_create_attributes_file()
https://notcve.org/view.php?id=CVE-2025-38712
04 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: hfsplus: don't use BUG_ON() in hfsplus_create_attributes_file() When the volume header contains erroneous values that do not reflect the actual state of the filesystem, hfsplus_fill_super() assumes that the attributes file is not yet created, which later results in hitting BUG_ON() when hfsplus_create_attributes_file() is called. Replace this BUG_ON() with -EIO error with a message to suggest running fsck tool. In the Linux kernel, the foll... • https://git.kernel.org/stable/c/bb0eea8e375677f586ad11c12e2525ed3fc698c2 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2025-38711 – smb/server: avoid deadlock when linking with ReplaceIfExists
https://notcve.org/view.php?id=CVE-2025-38711
04 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: smb/server: avoid deadlock when linking with ReplaceIfExists If smb2_create_link() is called with ReplaceIfExists set and the name does exist then a deadlock will happen. ksmbd_vfs_kern_path_locked() will return with success and the parent directory will be locked. ksmbd_vfs_remove_file() will then remove the file. ksmbd_vfs_link() will then be called while the parent is still locked. It will try to lock the same parent and will deadlock. T... • https://git.kernel.org/stable/c/9d5012ffe14120f978ee34aef4df3d6cb026b7c4 •
CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2025-38710 – gfs2: Validate i_depth for exhash directories
https://notcve.org/view.php?id=CVE-2025-38710
04 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: gfs2: Validate i_depth for exhash directories A fuzzer test introduced corruption that ends up with a depth of 0 in dir_e_read(), causing an undefined shift by 32 at: index = hash >> (32 - dip->i_depth); As calculated in an open-coded way in dir_make_exhash(), the minimum depth for an exhash directory is ilog2(sdp->sd_hash_ptrs) and 0 is invalid as sdp->sd_hash_ptrs is fixed as sdp->bsize / 16 at mount time. So we can avoid the undefined be... • https://git.kernel.org/stable/c/53a0249d68a210c16e961b83adfa82f94ee0a53d •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-38709 – loop: Avoid updating block size under exclusive owner
https://notcve.org/view.php?id=CVE-2025-38709
04 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: loop: Avoid updating block size under exclusive owner Syzbot came up with a reproducer where a loop device block size is changed underneath a mounted filesystem. This causes a mismatch between the block device block size and the block size stored in the superblock causing confusion in various places such as fs/buffer.c. The particular issue triggered by syzbot was a warning in __getblk_slow() due to requested buffer size not matching block ... • https://git.kernel.org/stable/c/ce8da5d13d8c2a7b30b2fb376a22e8eb1a70b8bb •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2025-38708 – drbd: add missing kref_get in handle_write_conflicts
https://notcve.org/view.php?id=CVE-2025-38708
04 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: drbd: add missing kref_get in handle_write_conflicts With `two-primaries` enabled, DRBD tries to detect "concurrent" writes and handle write conflicts, so that even if you write to the same sector simultaneously on both nodes, they end up with the identical data once the writes are completed. In handling "superseeded" writes, we forgot a kref_get, resulting in a premature drbd_destroy_device and use after free, and further to kernel crashes... • https://git.kernel.org/stable/c/0336bfe9c237476bd7c45605a36ca79c2bca62e5 •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2025-38707 – fs/ntfs3: Add sanity check for file name
https://notcve.org/view.php?id=CVE-2025-38707
04 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Add sanity check for file name The length of the file name should be smaller than the directory entry size. • https://git.kernel.org/stable/c/bde58c1539f3ffddffc94d64007de16964e6b8eb •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38706 – ASoC: core: Check for rtd == NULL in snd_soc_remove_pcm_runtime()
https://notcve.org/view.php?id=CVE-2025-38706
04 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: ASoC: core: Check for rtd == NULL in snd_soc_remove_pcm_runtime() snd_soc_remove_pcm_runtime() might be called with rtd == NULL which will leads to null pointer dereference. This was reproduced with topology loading and marking a link as ignore due to missing hardware component on the system. On module removal the soc_tplg_remove_link() would call snd_soc_remove_pcm_runtime() with rtd == NULL since the link was ignored, no runtime was creat... • https://git.kernel.org/stable/c/8b465bedc2b417fd27c1d1ab7122882b4b60b1a0 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-38705 – drm/amd/pm: fix null pointer access
https://notcve.org/view.php?id=CVE-2025-38705
04 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: fix null pointer access Writing a string without delimiters (' ', '\n', '\0') to the under gpu_od/fan_ctrl sysfs or pp_power_profile_mode for the CUSTOM profile will result in a null pointer dereference. In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: fix null pointer access Writing a string without delimiters (' ', '\n', '\0') to the under gpu_od/fan_ctrl sysfs or pp_power_profile_mode for the CU... • https://git.kernel.org/stable/c/a83ffafd02a7af59848755c109d544e3894af737 •