CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2025-38293 – wifi: ath11k: fix node corruption in ar->arvifs list
https://notcve.org/view.php?id=CVE-2025-38293
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fix node corruption in ar->arvifs list In current WLAN recovery code flow, ath11k_core_halt() only reinitializes the "arvifs" list head. This will cause the list node immediately following the list head to become an invalid list node. Because the prev of that node still points to the list head "arvifs", but the next of the list head "arvifs" no longer points to that list node. When a WLAN recovery occurs during the execution o... • https://git.kernel.org/stable/c/d5c65159f2895379e11ca13f62feabe93278985d •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-38292 – wifi: ath12k: fix invalid access to memory
https://notcve.org/view.php?id=CVE-2025-38292
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix invalid access to memory In ath12k_dp_rx_msdu_coalesce(), rxcb is fetched from skb and boolean is_continuation is part of rxcb. Currently, after freeing the skb, the rxcb->is_continuation accessed again which is wrong since the memory is already freed. This might lead use-after-free error. Hence, fix by locally defining bool is_continuation from rxcb, so that after freeing skb, is_continuation can be used. Compile tested o... • https://git.kernel.org/stable/c/d889913205cf7ebda905b1e62c5867ed4e39f6c2 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-38290 – wifi: ath12k: fix node corruption in ar->arvifs list
https://notcve.org/view.php?id=CVE-2025-38290
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix node corruption in ar->arvifs list In current WLAN recovery code flow, ath12k_core_halt() only reinitializes the "arvifs" list head. This will cause the list node immediately following the list head to become an invalid list node. Because the prev of that node still points to the list head "arvifs", but the next of the list head "arvifs" no longer points to that list node. When a WLAN recovery occurs during the execution o... • https://git.kernel.org/stable/c/d889913205cf7ebda905b1e62c5867ed4e39f6c2 •
CVSS: 8.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38286 – pinctrl: at91: Fix possible out-of-boundary access
https://notcve.org/view.php?id=CVE-2025-38286
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: pinctrl: at91: Fix possible out-of-boundary access at91_gpio_probe() doesn't check that given OF alias is not available or something went wrong when trying to get it. This might have consequences when accessing gpio_chips array with that value as an index. Note, that BUG() can be compiled out and hence won't actually perform the required checks. In the Linux kernel, the following vulnerability has been resolved: pinctrl: at91: Fix possible ... • https://git.kernel.org/stable/c/6732ae5cb47c4f9a72727585956f2a5e069d1637 •
CVSS: 7.1EPSS: 0%CPEs: 10EXPL: 0CVE-2025-38285 – bpf: Fix WARN() in get_bpf_raw_tp_regs
https://notcve.org/view.php?id=CVE-2025-38285
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: Fix WARN() in get_bpf_raw_tp_regs syzkaller reported an issue: WARNING: CPU: 3 PID: 5971 at kernel/trace/bpf_trace.c:1861 get_bpf_raw_tp_regs+0xa4/0x100 kernel/trace/bpf_trace.c:1861 Modules linked in: CPU: 3 UID: 0 PID: 5971 Comm: syz-executor205 Not tainted 6.15.0-rc5-syzkaller-00038-g707df3375124 #0 PREEMPT(full) Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 RIP: 0010:get_bpf_raw_... • https://git.kernel.org/stable/c/9594dc3c7e71b9f52bee1d7852eb3d4e3aea9e99 •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2025-38283 – hisi_acc_vfio_pci: bugfix live migration function without VF device driver
https://notcve.org/view.php?id=CVE-2025-38283
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: hisi_acc_vfio_pci: bugfix live migration function without VF device driver If the VF device driver is not loaded in the Guest OS and we attempt to perform device data migration, the address of the migrated data will be NULL. The live migration recovery operation on the destination side will access a null address value, which will cause access errors. Therefore, live migration of VMs without added VF device drivers does not require device da... • https://git.kernel.org/stable/c/b0eed085903e7758532696d64397901a75bba8ba •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2025-38282 – kernfs: Relax constraint in draining guard
https://notcve.org/view.php?id=CVE-2025-38282
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: kernfs: Relax constraint in draining guard The active reference lifecycle provides the break/unbreak mechanism but the active reference is not truly active after unbreak -- callers don't use it afterwards but it's important for proper pairing of kn->active counting. Assuming this mechanism is in place, the WARN check in kernfs_should_drain_open_files() is too sensitive -- it may transiently catch those (rightful) callers between kernfs_unbr... • https://git.kernel.org/stable/c/bdb2fd7fc56e197a63c0b0e7e07d25d5e20e7c72 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38280 – bpf: Avoid __bpf_prog_ret0_warn when jit fails
https://notcve.org/view.php?id=CVE-2025-38280
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: Avoid __bpf_prog_ret0_warn when jit fails syzkaller reported an issue: WARNING: CPU: 3 PID: 217 at kernel/bpf/core.c:2357 __bpf_prog_ret0_warn+0xa/0x20 kernel/bpf/core.c:2357 Modules linked in: CPU: 3 UID: 0 PID: 217 Comm: kworker/u32:6 Not tainted 6.15.0-rc4-syzkaller-00040-g8bac8898fe39 RIP: 0010:__bpf_prog_ret0_warn+0xa/0x20 kernel/bpf/core.c:2357 Call Trace:
CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2025-38279 – bpf: Do not include stack ptr register in precision backtracking bookkeeping
https://notcve.org/view.php?id=CVE-2025-38279
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: Do not include stack ptr register in precision backtracking bookkeeping Yi Lai reported an issue ([1]) where the following warning appears in kernel dmesg: [ 60.643604] verifier backtracking bug [ 60.643635] WARNING: CPU: 10 PID: 2315 at kernel/bpf/verifier.c:4302 __mark_chain_precision+0x3a6c/0x3e10 [ 60.648428] Modules linked in: bpf_testmod(OE) [ 60.650471] CPU: 10 UID: 0 PID: 2315 Comm: test_progs Tainted: G OE 6.15.0-rc4-gef11287f... • https://git.kernel.org/stable/c/407958a0e980b9e1842ab87b5a1040521e1e24e9 •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2025-38278 – octeontx2-pf: QOS: Refactor TC_HTB_LEAF_DEL_LAST callback
https://notcve.org/view.php?id=CVE-2025-38278
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: QOS: Refactor TC_HTB_LEAF_DEL_LAST callback This patch addresses below issues, 1. Active traffic on the leaf node must be stopped before its send queue is reassigned to the parent. This patch resolves the issue by marking the node as 'Inner'. 2. During a system reboot, the interface receives TC_HTB_LEAF_DEL and TC_HTB_LEAF_DEL_LAST callbacks to delete its HTB queues. In the case of TC_HTB_LEAF_DEL_LAST, although the same send ... • https://git.kernel.org/stable/c/5e6808b4c68d7882971514ab3279926eb07c8b2d •