CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38403 – vsock/vmci: Clear the vmci transport packet properly when initializing it
https://notcve.org/view.php?id=CVE-2025-38403
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: vsock/vmci: Clear the vmci transport packet properly when initializing it In vmci_transport_packet_init memset the vmci_transport_packet before populating the fields to avoid any uninitialised data being left in the structure. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: vsock/vmci: borre el paquete de transporte vmci correctamente al inicializarlo. En vmci_transport_packet_init, configure el vmci_transport_packet ante... • https://git.kernel.org/stable/c/d021c344051af91f42c5ba9fdedc176740cbd238 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38401 – mtk-sd: Prevent memory corruption from DMA map failure
https://notcve.org/view.php?id=CVE-2025-38401
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: mtk-sd: Prevent memory corruption from DMA map failure If msdc_prepare_data() fails to map the DMA region, the request is not prepared for data receiving, but msdc_start_data() proceeds the DMA with previous setting. Since this will lead a memory corruption, we have to stop the request operation soon after the msdc_prepare_data() fails to prepare it. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mtk-sd: Prevenir la corr... • https://git.kernel.org/stable/c/208489032bdd8d4a7de50f3057c175058f271956 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2025-38399 – scsi: target: Fix NULL pointer dereference in core_scsi3_decode_spec_i_port()
https://notcve.org/view.php?id=CVE-2025-38399
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: target: Fix NULL pointer dereference in core_scsi3_decode_spec_i_port() The function core_scsi3_decode_spec_i_port(), in its error code path, unconditionally calls core_scsi3_lunacl_undepend_item() passing the dest_se_deve pointer, which may be NULL. This can lead to a NULL pointer dereference if dest_se_deve remains unset. SPC-3 PR SPEC_I_PT: Unable to locate dest_tpg Unable to handle kernel paging request at virtual address dfff8000... • https://git.kernel.org/stable/c/70ddb8133fdb512d4b1f2b4fd1c9e518514f182c •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38391 – usb: typec: altmodes/displayport: do not index invalid pin_assignments
https://notcve.org/view.php?id=CVE-2025-38391
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: typec: altmodes/displayport: do not index invalid pin_assignments A poorly implemented DisplayPort Alt Mode port partner can indicate that its pin assignment capabilities are greater than the maximum value, DP_PIN_ASSIGN_F. In this case, calls to pin_assignment_show will cause a BRK exception due to an out of bounds array access. Prevent for loop in pin_assignment_show from accessing invalid values in pin_assignments by adding DP_PIN_A... • https://git.kernel.org/stable/c/0e3bb7d6894d9b6e67d6382bb03a46a1dc989588 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38386 – ACPICA: Refuse to evaluate a method if arguments are missing
https://notcve.org/view.php?id=CVE-2025-38386
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: ACPICA: Refuse to evaluate a method if arguments are missing As reported in [1], a platform firmware update that increased the number of method parameters and forgot to update a least one of its callers, caused ACPICA to crash due to use-after-free. Since this a result of a clear AML issue that arguably cannot be fixed up by the interpreter (it cannot produce missing data out of thin air), address it by making ACPICA refuse to evaluate a me... • https://git.kernel.org/stable/c/b49d224d1830c46e20adce2a239c454cdab426f1 •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2025-38384 – mtd: spinand: fix memory leak of ECC engine conf
https://notcve.org/view.php?id=CVE-2025-38384
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: mtd: spinand: fix memory leak of ECC engine conf Memory allocated for the ECC engine conf is not released during spinand cleanup. Below kmemleak trace is seen for this memory leak: unreferenced object 0xffffff80064f00e0 (size 8): comm "swapper/0", pid 1, jiffies 4294937458 hex dump (first 8 bytes): 00 00 00 00 00 00 00 00 ........ backtrace (crc 0): kmemleak_alloc+0x30/0x40 __kmalloc_cache_noprof+0x208/0x3c0 spinand_ondie_ecc_init_ctx+0x114... • https://git.kernel.org/stable/c/68d3417305ee100dcad90fd6e5846b22497aa394 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38377 – rose: fix dangling neighbour pointers in rose_rt_device_down()
https://notcve.org/view.php?id=CVE-2025-38377
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: rose: fix dangling neighbour pointers in rose_rt_device_down() There are two bugs in rose_rt_device_down() that can cause use-after-free: 1. The loop bound `t->count` is modified within the loop, which can cause the loop to terminate early and miss some entries. 2. When removing an entry from the neighbour array, the subsequent entries are moved up to fill the gap, but the loop index `i` is still incremented, causing the next entry to be sk... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2025-38375 – virtio-net: ensure the received length does not exceed allocated size
https://notcve.org/view.php?id=CVE-2025-38375
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: virtio-net: ensure the received length does not exceed allocated size In xdp_linearize_page, when reading the following buffers from the ring, we forget to check the received length with the true allocate size. This can lead to an out-of-bound read. This commit adds that missing check. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: virtio-net: garantizar que la longitud recibida no supere el tamaño asignado. En xdp_linea... • https://git.kernel.org/stable/c/4941d472bf95b4345d6e38906fcf354e74afa311 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38371 – drm/v3d: Disable interrupts before resetting the GPU
https://notcve.org/view.php?id=CVE-2025-38371
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Disable interrupts before resetting the GPU Currently, an interrupt can be triggered during a GPU reset, which can lead to GPU hangs and NULL pointer dereference in an interrupt context as shown in the following trace: [ 314.035040] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000c0 [ 314.043822] Mem abort info: [ 314.046606] ESR = 0x0000000096000005 [ 314.050347] EC = 0x25: DABT (current EL), IL =... • https://git.kernel.org/stable/c/57692c94dcbe99a1e0444409a3da13fb3443562c •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2025-38361 – drm/amd/display: Check dce_hwseq before dereferencing it
https://notcve.org/view.php?id=CVE-2025-38361
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check dce_hwseq before dereferencing it [WHAT] hws was checked for null earlier in dce110_blank_stream, indicating hws can be null, and should be checked whenever it is used. (cherry picked from commit 79db43611ff61280b6de58ce1305e0b2ecf675ad) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: Comprobar dce_hwseq antes de desreferenciarlo [WHAT] hws se verificó para nulo anteriormente en dce... • https://git.kernel.org/stable/c/4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c •