CVSS: 5.5EPSS: %CPEs: 3EXPL: 0CVE-2025-38629 – ALSA: usb: scarlett2: Fix missing NULL check
https://notcve.org/view.php?id=CVE-2025-38629
22 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: ALSA: usb: scarlett2: Fix missing NULL check scarlett2_input_select_ctl_info() sets up the string arrays allocated via kasprintf(), but it misses NULL checks, which may lead to NULL dereference Oops. Let's add the proper NULL check. In the Linux kernel, the following vulnerability has been resolved: ALSA: usb: scarlett2: Fix missing NULL check scarlett2_input_select_ctl_info() sets up the string arrays allocated via kasprintf(), but it miss... • https://git.kernel.org/stable/c/8eba063b5b2b498ddd01ea6f29fc9b12368c3d53 •
CVSS: 6.6EPSS: %CPEs: 4EXPL: 0CVE-2025-38628 – vdpa/mlx5: Fix release of uninitialized resources on error path
https://notcve.org/view.php?id=CVE-2025-38628
22 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: vdpa/mlx5: Fix release of uninitialized resources on error path The commit in the fixes tag made sure that mlx5_vdpa_free() is the single entrypoint for removing the vdpa device resources added in mlx5_vdpa_dev_add(), even in the cleanup path of mlx5_vdpa_dev_add(). This means that all functions from mlx5_vdpa_free() should be able to handle uninitialized resources. This was not the case though: mlx5_vdpa_destroy_mr_resources() and mlx5_cmd... • https://git.kernel.org/stable/c/83e445e64f48bdae3f25013e788fcf592f142576 •
CVSS: 7.1EPSS: %CPEs: 2EXPL: 0CVE-2025-38627 – f2fs: compress: fix UAF of f2fs_inode_info in f2fs_free_dic
https://notcve.org/view.php?id=CVE-2025-38627
22 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: f2fs: compress: fix UAF of f2fs_inode_info in f2fs_free_dic The decompress_io_ctx may be released asynchronously after I/O completion. If this file is deleted immediately after read, and the kworker of processing post_read_wq has not been executed yet due to high workloads, It is possible that the inode(f2fs_inode_info) is evicted and freed before it is used f2fs_free_dic. The UAF case as below: Thread A Thread B - f2fs_decompress_end_io - ... • https://git.kernel.org/stable/c/bff139b49d9f70c1ac5384aac94554846aa834de •
CVSS: 5.5EPSS: %CPEs: 5EXPL: 0CVE-2025-38626 – f2fs: fix to trigger foreground gc during f2fs_map_blocks() in lfs mode
https://notcve.org/view.php?id=CVE-2025-38626
22 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to trigger foreground gc during f2fs_map_blocks() in lfs mode w/ "mode=lfs" mount option, generic/299 will cause system panic as below: ------------[ cut here ]------------ kernel BUG at fs/f2fs/segment.c:2835! Call Trace:
CVSS: 5.6EPSS: %CPEs: 5EXPL: 0CVE-2025-38625 – vfio/pds: Fix missing detach_ioas op
https://notcve.org/view.php?id=CVE-2025-38625
22 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: vfio/pds: Fix missing detach_ioas op When CONFIG_IOMMUFD is enabled and a device is bound to the pds_vfio_pci driver, the following WARN_ON() trace is seen and probe fails: WARNING: CPU: 0 PID: 5040 at drivers/vfio/vfio_main.c:317 __vfio_register_dev+0x130/0x140 [vfio] <...> pds_vfio_pci 0000:08:00.1: probe with driver pds_vfio_pci failed with error -22 This is because the driver's vfio_device_ops.detach_ioas isn't set. Fix this by using th... • https://git.kernel.org/stable/c/38fe3975b4c2c5eeefb543e09f9620da18b0d069 •
CVSS: 5.5EPSS: %CPEs: 6EXPL: 0CVE-2025-38624 – PCI: pnv_php: Clean up allocated IRQs on unplug
https://notcve.org/view.php?id=CVE-2025-38624
22 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: PCI: pnv_php: Clean up allocated IRQs on unplug When the root of a nested PCIe bridge configuration is unplugged, the pnv_php driver leaked the allocated IRQ resources for the child bridges' hotplug event notifications, resulting in a panic. Fix this by walking all child buses and deallocating all its IRQ resources before calling pci_hp_remove_devices(). Also modify the lifetime of the workqueue at struct pnv_php_slot::wq so that it is only... • https://git.kernel.org/stable/c/398170b7fd0e0db2f8096df5206c75e5ff41415a •
CVSS: 6.6EPSS: %CPEs: 6EXPL: 0CVE-2025-38623 – PCI: pnv_php: Fix surprise plug detection and recovery
https://notcve.org/view.php?id=CVE-2025-38623
22 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: PCI: pnv_php: Fix surprise plug detection and recovery The existing PowerNV hotplug code did not handle surprise plug events correctly, leading to a complete failure of the hotplug system after device removal and a required reboot to detect new devices. This comes down to two issues: 1) When a device is surprise removed, often the bridge upstream port will cause a PE freeze on the PHB. If this freeze is not cleared, the MSI interrupts from ... • https://git.kernel.org/stable/c/473999ba937eac9776be791deed7c84a21d7880b •
CVSS: 5.5EPSS: %CPEs: 6EXPL: 0CVE-2025-38622 – net: drop UFO packets in udp_rcv_segment()
https://notcve.org/view.php?id=CVE-2025-38622
22 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: net: drop UFO packets in udp_rcv_segment() When sending a packet with virtio_net_hdr to tun device, if the gso_type in virtio_net_hdr is SKB_GSO_UDP and the gso_size is less than udphdr size, below crash may happen. ------------[ cut here ]------------ kernel BUG at net/core/skbuff.c:4572! Oops: invalid opcode: 0000 [#1] SMP NOPTI CPU: 0 UID: 0 PID: 62 Comm: mytest Not tainted 6.16.0-rc7 #203 PREEMPT(voluntary) Hardware name: QEMU Standard ... • https://git.kernel.org/stable/c/cf329aa42b6659204fee865bbce0ea20462552eb •
CVSS: 5.5EPSS: %CPEs: 2EXPL: 0CVE-2025-38621 – md: make rdev_addable usable for rcu mode
https://notcve.org/view.php?id=CVE-2025-38621
22 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: md: make rdev_addable usable for rcu mode Our testcase trigger panic: BUG: kernel NULL pointer dereference, address: 00000000000000e0 ... Oops: Oops: 0000 [#1] SMP NOPTI CPU: 2 UID: 0 PID: 85 Comm: kworker/2:1 Not tainted 6.16.0+ #94 PREEMPT(none) Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.1-2.fc37 04/01/2014 Workqueue: md_misc md_start_sync RIP: 0010:rdev_addable+0x4d/0xf0 ... Call Trace:
CVSS: 6.2EPSS: %CPEs: 4EXPL: 0CVE-2025-38619 – media: ti: j721e-csi2rx: fix list_del corruption
https://notcve.org/view.php?id=CVE-2025-38619
22 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: media: ti: j721e-csi2rx: fix list_del corruption If ti_csi2rx_start_dma() fails in ti_csi2rx_dma_callback(), the buffer is marked done with VB2_BUF_STATE_ERROR but is not removed from the DMA queue. This causes the same buffer to be retried in the next iteration, resulting in a double list_del() and eventual list corruption. Fix this by removing the buffer from the queue before calling vb2_buffer_done() on error. This resolves a crash due t... • https://git.kernel.org/stable/c/b4a3d877dc92963a4db16ddb71df3d333c0d40bd •