CVSS: 8.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-38027 – regulator: max20086: fix invalid memory access
https://notcve.org/view.php?id=CVE-2025-38027
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: regulator: max20086: fix invalid memory access max20086_parse_regulators_dt() calls of_regulator_match() using an array of struct of_regulator_match allocated on the stack for the matches argument. of_regulator_match() calls devm_of_regulator_put_matches(), which calls devres_alloc() to allocate a struct devm_of_regulator_matches which will be de-allocated using devm_of_regulator_put_matches(). struct devm_of_regulator_matches is populated ... • https://git.kernel.org/stable/c/bfff546aae50ae68ed395bf0e0848188d27b0ba3 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38024 – RDMA/rxe: Fix slab-use-after-free Read in rxe_queue_cleanup bug
https://notcve.org/view.php?id=CVE-2025-38024
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix slab-use-after-free Read in rxe_queue_cleanup bug Call Trace:
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38023 – nfs: handle failure of nfs_get_lock_context in unlock path
https://notcve.org/view.php?id=CVE-2025-38023
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: nfs: handle failure of nfs_get_lock_context in unlock path When memory is insufficient, the allocation of nfs_lock_context in nfs_get_lock_context() fails and returns -ENOMEM. If we mistakenly treat an nfs4_unlockdata structure (whose l_ctx member has been set to -ENOMEM) as valid and proceed to execute rpc_run_task(), this will trigger a NULL pointer dereference in nfs4_locku_prepare. For example: BUG: kernel NULL pointer dereference, addr... • https://git.kernel.org/stable/c/f30cb757f680f965ba8a2e53cb3588052a01aeb5 •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-38022 – RDMA/core: Fix "KASAN: slab-use-after-free Read in ib_register_device" problem
https://notcve.org/view.php?id=CVE-2025-38022
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Fix "KASAN: slab-use-after-free Read in ib_register_device" problem Call Trace: __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:408 [inline] print_report+0xc3/0x670 mm/kasan/report.c:521 kasan_report+0xe0/0x110 mm/kasan/report.c:634 strlen+0x93/0xa0 lib/string.c:420 __fortify_strlen include/linux/fortify-string.h:268 [inline] get_kobj_path_lengt... • https://git.kernel.org/stable/c/779e0bf47632c609c59f527f9711ecd3214dccb0 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-38020 – net/mlx5e: Disable MACsec offload for uplink representor profile
https://notcve.org/view.php?id=CVE-2025-38020
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Disable MACsec offload for uplink representor profile MACsec offload is not supported in switchdev mode for uplink representors. When switching to the uplink representor profile, the MACsec offload feature must be cleared from the netdevice's features. If left enabled, attempts to add offloads result in a null pointer dereference, as the uplink representor does not support MACsec offload even though the feature bit remains set. C... • https://git.kernel.org/stable/c/8ff0ac5be1446920d71bdce5547f0d8476e280ff •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-38018 – net/tls: fix kernel panic when alloc_page failed
https://notcve.org/view.php?id=CVE-2025-38018
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: net/tls: fix kernel panic when alloc_page failed We cannot set frag_list to NULL pointer when alloc_page failed. It will be used in tls_strp_check_queue_ok when the next time tls_strp_read_sock is called. This is because we don't reset full_len in tls_strp_flush_anchor_copy() so the recv path will try to continue handling the partial record on the next call but we dettached the rcvq from the frag list. Alternative fix would be to reset full... • https://git.kernel.org/stable/c/84c61fe1a75b4255df1e1e7c054c9e6d048da417 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2025-38015 – dmaengine: idxd: fix memory leak in error handling path of idxd_alloc
https://notcve.org/view.php?id=CVE-2025-38015
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: fix memory leak in error handling path of idxd_alloc Memory allocated for idxd is not freed if an error occurs during idxd_alloc(). To fix it, free the allocated memory in the reverse order of allocation before exiting the function in case of an error. In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: fix memory leak in error handling path of idxd_alloc Memory allocated for idxd is not fre... • https://git.kernel.org/stable/c/a8563a33a5e26064061f2fb34215c97f0e2995f4 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-38014 – dmaengine: idxd: Refactor remove call with idxd_cleanup() helper
https://notcve.org/view.php?id=CVE-2025-38014
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Refactor remove call with idxd_cleanup() helper The idxd_cleanup() helper cleans up perfmon, interrupts, internals and so on. Refactor remove call with the idxd_cleanup() helper to avoid code duplication. Note, this also fixes the missing put_device() for idxd groups, enginces and wqs. In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Refactor remove call with idxd_cleanup() helper The idx... • https://git.kernel.org/stable/c/bfe1d56091c1a404b3d4ce7e9809d745fc4453bb •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-38011 – drm/amdgpu: csa unmap use uninterruptible lock
https://notcve.org/view.php?id=CVE-2025-38011
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: csa unmap use uninterruptible lock After process exit to unmap csa and free GPU vm, if signal is accepted and then waiting to take vm lock is interrupted and return, it causes memory leaking and below warning backtrace. Change to use uninterruptible wait lock fix the issue. WARNING: CPU: 69 PID: 167800 at amd/amdgpu/amdgpu_kms.c:1525 amdgpu_driver_postclose_kms+0x294/0x2a0 [amdgpu] Call Trace:
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2025-38009 – wifi: mt76: disable napi on driver removal
https://notcve.org/view.php?id=CVE-2025-38009
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: disable napi on driver removal A warning on driver removal started occurring after commit 9dd05df8403b ("net: warn if NAPI instance wasn't shut down"). Disable tx napi before deleting it in mt76_dma_cleanup(). WARNING: CPU: 4 PID: 18828 at net/core/dev.c:7288 __netif_napi_del_locked+0xf0/0x100 CPU: 4 UID: 0 PID: 18828 Comm: modprobe Not tainted 6.15.0-rc4 #4 PREEMPT(lazy) Hardware name: ASUS System Product Name/PRIME X670E-PRO W... • https://git.kernel.org/stable/c/2ac515a5d74f26963362d5da9589c67ca3663338 •