CVSS: -EPSS: %CPEs: 4EXPL: 0CVE-2025-38039 – net/mlx5e: Avoid WARN_ON when configuring MQPRIO with HTB offload enabled
https://notcve.org/view.php?id=CVE-2025-38039
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Avoid WARN_ON when configuring MQPRIO with HTB offload enabled When attempting to enable MQPRIO while HTB offload is already configured, the driver currently returns `-EINVAL` and triggers a `WARN_ON`, leading to an unnecessary call trace. Update the code to handle this case more gracefully by returning `-EOPNOTSUPP` instead, while also providing a helpful user message. • https://git.kernel.org/stable/c/090c0ba179eaf7b670e720aa054533756a43d565 •
CVSS: -EPSS: %CPEs: 3EXPL: 0CVE-2025-38038 – cpufreq: amd-pstate: Remove unnecessary driver_lock in set_boost
https://notcve.org/view.php?id=CVE-2025-38038
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: cpufreq: amd-pstate: Remove unnecessary driver_lock in set_boost set_boost is a per-policy function call, hence a driver wide lock is unnecessary. Also this mutex_acquire can collide with the mutex_acquire from the mode-switch path in status_store(), which can lead to a deadlock. So, remove it. • https://git.kernel.org/stable/c/61e931ee145eeab8196e585ff4334870b130b744 •
CVSS: -EPSS: %CPEs: 8EXPL: 0CVE-2025-38037 – vxlan: Annotate FDB data races
https://notcve.org/view.php?id=CVE-2025-38037
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: vxlan: Annotate FDB data races The 'used' and 'updated' fields in the FDB entry structure can be accessed concurrently by multiple threads, leading to reports such as [1]. Can be reproduced using [2]. Suppress these reports by annotating these accesses using READ_ONCE() / WRITE_ONCE(). [1] BUG: KCSAN: data-race in vxlan_xmit / vxlan_xmit write to 0xffff942604d263a8 of 8 bytes by task 286 on cpu 0: vxlan_xmit+0xb29/0x2380 dev_hard_start_xmit... • https://git.kernel.org/stable/c/02a33b1035a307453a1da6ce0a1bf3676be287d7 •
CVSS: -EPSS: %CPEs: 2EXPL: 0CVE-2025-38036 – drm/xe/vf: Perform early GT MMIO initialization to read GMDID
https://notcve.org/view.php?id=CVE-2025-38036
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/xe/vf: Perform early GT MMIO initialization to read GMDID VFs need to communicate with the GuC to obtain the GMDID value and existing GuC functions used for that assume that the GT has it's MMIO members already setup. However, due to recent refactoring the gt->mmio is initialized later, and any attempt by the VF to use xe_mmio_read|write() from GuC functions will lead to NPD crash due to unset MMIO register address: [] xe 0000:00:02.1: ... • https://git.kernel.org/stable/c/ef6e950aea76a5009ccc79ebfa955ecc66cd85a2 •
CVSS: -EPSS: %CPEs: 8EXPL: 0CVE-2025-38035 – nvmet-tcp: don't restore null sk_state_change
https://notcve.org/view.php?id=CVE-2025-38035
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: don't restore null sk_state_change queue->state_change is set as part of nvmet_tcp_set_queue_sock(), but if the TCP connection isn't established when nvmet_tcp_set_queue_sock() is called then queue->state_change isn't set and sock->sk->sk_state_change isn't replaced. As such we don't need to restore sock->sk->sk_state_change if queue->state_change is NULL. This avoids NULL pointer dereferences such as this: [ 286.462026][ C0] BUG... • https://git.kernel.org/stable/c/6265538446e2426f4bf3b57e91d7680b2047ddd9 •
CVSS: -EPSS: %CPEs: 8EXPL: 0CVE-2025-38034 – btrfs: correct the order of prelim_ref arguments in btrfs__prelim_ref
https://notcve.org/view.php?id=CVE-2025-38034
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: correct the order of prelim_ref arguments in btrfs__prelim_ref btrfs_prelim_ref() calls the old and new reference variables in the incorrect order. This causes a NULL pointer dereference because oldref is passed as NULL to trace_btrfs_prelim_ref_insert(). Note, trace_btrfs_prelim_ref_insert() is being called with newref as oldref (and oldref as NULL) on purpose in order to print out the values of newref. To reproduce: echo 1 > /sys/k... • https://git.kernel.org/stable/c/5755b6731655e248c4f1d52a2e1b18795b4a2a3a •
CVSS: -EPSS: %CPEs: 3EXPL: 0CVE-2025-38033 – x86/Kconfig: make CFI_AUTO_DEFAULT depend on !RUST or Rust >= 1.88
https://notcve.org/view.php?id=CVE-2025-38033
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: x86/Kconfig: make CFI_AUTO_DEFAULT depend on !RUST or Rust >= 1.88 Calling core::fmt::write() from rust code while FineIBT is enabled results in a kernel panic: [ 4614.199779] kernel BUG at arch/x86/kernel/cet.c:132! [ 4614.205343] Oops: invalid opcode: 0000 [#1] PREEMPT SMP NOPTI [ 4614.211781] CPU: 2 UID: 0 PID: 6057 Comm: dmabuf_dump Tainted: G U O 6.12.17-android16-0-g6ab38c534a43 #1 9da040f27673ec3945e23b998a0f8bd64c846599 [ 4614.22783... • https://git.kernel.org/stable/c/5a8d073d87da4ad1496b35adaee5719e94665d81 •
CVSS: -EPSS: %CPEs: 8EXPL: 0CVE-2025-38031 – padata: do not leak refcount in reorder_work
https://notcve.org/view.php?id=CVE-2025-38031
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: padata: do not leak refcount in reorder_work A recent patch that addressed a UAF introduced a reference count leak: the parallel_data refcount is incremented unconditionally, regardless of the return value of queue_work(). If the work item is already queued, the incremented refcount is never decremented. Fix this by checking the return value of queue_work() and decrementing the refcount when necessary. Resolves: Unreferenced object 0xffff9d... • https://git.kernel.org/stable/c/f4f1b1169fc3694f9bc3e28c6c68dbbf4cc744c0 •
CVSS: -EPSS: %CPEs: 2EXPL: 0CVE-2025-38029 – kasan: avoid sleepable page allocation from atomic context
https://notcve.org/view.php?id=CVE-2025-38029
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: kasan: avoid sleepable page allocation from atomic context apply_to_pte_range() enters the lazy MMU mode and then invokes kasan_populate_vmalloc_pte() callback on each page table walk iteration. However, the callback can go into sleep when trying to allocate a single page, e.g. if an architecutre disables preemption on lazy MMU mode enter. On s390 if make arch_enter_lazy_mmu_mode() -> preempt_enable() and arch_leave_lazy_mmu_mode() -> preem... • https://git.kernel.org/stable/c/3c5c3cfb9ef4da957e3357a2bd36f76ee34c0862 •
CVSS: -EPSS: %CPEs: 5EXPL: 0CVE-2025-38027 – regulator: max20086: fix invalid memory access
https://notcve.org/view.php?id=CVE-2025-38027
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: regulator: max20086: fix invalid memory access max20086_parse_regulators_dt() calls of_regulator_match() using an array of struct of_regulator_match allocated on the stack for the matches argument. of_regulator_match() calls devm_of_regulator_put_matches(), which calls devres_alloc() to allocate a struct devm_of_regulator_matches which will be de-allocated using devm_of_regulator_put_matches(). struct devm_of_regulator_matches is populated ... • https://git.kernel.org/stable/c/bfff546aae50ae68ed395bf0e0848188d27b0ba3 •