CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2025-38419 – remoteproc: core: Cleanup acquired resources when rproc_handle_resources() fails in rproc_attach()
https://notcve.org/view.php?id=CVE-2025-38419
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: remoteproc: core: Cleanup acquired resources when rproc_handle_resources() fails in rproc_attach() When rproc->state = RPROC_DETACHED and rproc_attach() is used to attach to the remote processor, if rproc_handle_resources() returns a failure, the resources allocated by imx_rproc_prepare() should be released, otherwise the following memory leak will occur. Since almost the same thing is done in imx_rproc_prepare() and rproc_resource_cleanup(... • https://git.kernel.org/stable/c/10a3d4079eaea06472f1981152e2840e7232ffa9 •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2025-38418 – remoteproc: core: Release rproc->clean_table after rproc_attach() fails
https://notcve.org/view.php?id=CVE-2025-38418
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: remoteproc: core: Release rproc->clean_table after rproc_attach() fails When rproc->state = RPROC_DETACHED is attached to remote processor through rproc_attach(), if rproc_handle_resources() returns failure, then the clean table should be released, otherwise the following memory leak will occur. unreferenced object 0xffff000086a99800 (size 1024): comm "kworker/u12:3", pid 59, jiffies 4294893670 (age 121.140s) hex dump (first 32 bytes): 00 0... • https://git.kernel.org/stable/c/9dc9507f1880fb6225e3e058cb5219b152cbf198 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38416 – NFC: nci: uart: Set tty->disc_data only in success path
https://notcve.org/view.php?id=CVE-2025-38416
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: NFC: nci: uart: Set tty->disc_data only in success path Setting tty->disc_data before opening the NCI device means we need to clean it up on error paths. This also opens some short window if device starts sending data, even before NCIUARTSETDRIVER IOCTL succeeded (broken hardware?). Close the window by exposing tty->disc_data only on the success path, when opening of the NCI device and try_module_get() succeeds. The code differs in error pa... • https://git.kernel.org/stable/c/9961127d4bce6325e9a0b0fb105e0c85a6c62cb7 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38415 – Squashfs: check return result of sb_min_blocksize
https://notcve.org/view.php?id=CVE-2025-38415
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: Squashfs: check return result of sb_min_blocksize Syzkaller reports an "UBSAN: shift-out-of-bounds in squashfs_bio_read" bug. Syzkaller forks multiple processes which after mounting the Squashfs filesystem, issues an ioctl("/dev/loop0", LOOP_SET_BLOCK_SIZE, 0x8000). Now if this ioctl occurs at the same time another process is in the process of mounting a Squashfs filesystem on /dev/loop0, the failure occurs. When this happens the following ... • https://git.kernel.org/stable/c/0aa666190509ffab81c202c5095a166be23961ac •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-38414 – wifi: ath12k: fix GCC_GCC_PCIE_HOT_RST definition for WCN7850
https://notcve.org/view.php?id=CVE-2025-38414
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix GCC_GCC_PCIE_HOT_RST definition for WCN7850 GCC_GCC_PCIE_HOT_RST is wrongly defined for WCN7850, causing kernel crash on some specific platforms. Since this register is divergent for WCN7850 and QCN9274, move it to register table to allow different definitions. Then correct the register address for WCN7850 to fix this issue. Note IPQ5332 is not affected as it is not PCIe based device. Tested-on: WCN7850 hw2.0 PCI WLAN.HMT.... • https://git.kernel.org/stable/c/d889913205cf7ebda905b1e62c5867ed4e39f6c2 •
CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 0CVE-2025-38413 – virtio-net: xsk: rx: fix the frame's length check
https://notcve.org/view.php?id=CVE-2025-38413
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: virtio-net: xsk: rx: fix the frame's length check When calling buf_to_xdp, the len argument is the frame data's length without virtio header's length (vi->hdr_len). We check that len with xsk_pool_get_rx_frame_size() + vi->hdr_len to ensure the provided len does not larger than the allocated chunk size. The additional vi->hdr_len is because in virtnet_add_recvbuf_xsk, we use part of XDP_PACKET_HEADROOM for virtio header and ask the vhost to... • https://git.kernel.org/stable/c/a4e7ba7027012f009f22a68bcfde670f9298d3a4 •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2025-38412 – platform/x86: dell-wmi-sysman: Fix WMI data block retrieval in sysfs callbacks
https://notcve.org/view.php?id=CVE-2025-38412
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell-wmi-sysman: Fix WMI data block retrieval in sysfs callbacks After retrieving WMI data blocks in sysfs callbacks, check for the validity of them before dereferencing their content. • https://git.kernel.org/stable/c/e8a60aa7404bfef37705da5607c97737073ac38d •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2025-38410 – drm/msm: Fix a fence leak in submit error path
https://notcve.org/view.php?id=CVE-2025-38410
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/msm: Fix a fence leak in submit error path In error paths, we could unref the submit without calling drm_sched_entity_push_job(), so msm_job_free() will never get called. Since drm_sched_job_cleanup() will NULL out the s_fence, we can use that to detect this case. Patchwork: https://patchwork.freedesktop.org/patch/653584/ • https://git.kernel.org/stable/c/5deab0fa6cfd0cd7def17598db15ceb84f950584 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2025-38409 – drm/msm: Fix another leak in the submit error path
https://notcve.org/view.php?id=CVE-2025-38409
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/msm: Fix another leak in the submit error path put_unused_fd() doesn't free the installed file, if we've already done fd_install(). So we need to also free the sync_file. Patchwork: https://patchwork.freedesktop.org/patch/653583/ • https://git.kernel.org/stable/c/00b3401f692082ddf6342500d1be25560bba46d4 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2025-38408 – genirq/irq_sim: Initialize work context pointers properly
https://notcve.org/view.php?id=CVE-2025-38408
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: genirq/irq_sim: Initialize work context pointers properly Initialize `ops` member's pointers properly by using kzalloc() instead of kmalloc() when allocating the simulation work context. Otherwise the pointers contain random content leading to invalid dereferencing. • https://git.kernel.org/stable/c/19bd7597858dd15802c1d99fcc38e528f469080a •