CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38157 – wifi: ath9k_htc: Abort software beacon handling if disabled
https://notcve.org/view.php?id=CVE-2025-38157
03 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k_htc: Abort software beacon handling if disabled A malicious USB device can send a WMI_SWBA_EVENTID event from an ath9k_htc-managed device before beaconing has been enabled. This causes a device-by-zero error in the driver, leading to either a crash or an out of bounds read. Prevent this by aborting the handling in ath9k_htc_swba() if beacons are not enabled. In the Linux kernel, the following vulnerability has been resolved: wif... • https://git.kernel.org/stable/c/832f6a18fc2aead14954c081ece03b7a5b425f81 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38153 – net: usb: aqc111: fix error handling of usbnet read calls
https://notcve.org/view.php?id=CVE-2025-38153
03 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: net: usb: aqc111: fix error handling of usbnet read calls Syzkaller, courtesy of syzbot, identified an error (see report [1]) in aqc111 driver, caused by incomplete sanitation of usb read calls' results. This problem is quite similar to the one fixed in commit 920a9fa27e78 ("net: asix: add proper error handling of usb read errors"). For instance, usbnet_read_cmd() may read fewer than 'size' bytes, even if the caller expected the full amount... • https://git.kernel.org/stable/c/df2d59a2ab6c9ceac2c4104272fce03493b8f62f •
CVSS: 5.6EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38147 – calipso: Don't call calipso functions for AF_INET sk.
https://notcve.org/view.php?id=CVE-2025-38147
03 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: calipso: Don't call calipso functions for AF_INET sk. syzkaller reported a null-ptr-deref in txopt_get(). [0] The offset 0x70 was of struct ipv6_txoptions in struct ipv6_pinfo, so struct ipv6_pinfo was NULL there. However, this never happens for IPv6 sockets as inet_sk(sk)->pinet6 is always set in inet6_create(), meaning the socket was not IPv6 one. The root cause is missing validation in netlbl_conn_setattr(). netlbl_conn_setattr() switche... • https://git.kernel.org/stable/c/ceba1832b1b2da0149c51de62a847c00bca1677a •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38145 – soc: aspeed: Add NULL check in aspeed_lpc_enable_snoop()
https://notcve.org/view.php?id=CVE-2025-38145
03 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: soc: aspeed: Add NULL check in aspeed_lpc_enable_snoop() devm_kasprintf() returns NULL when memory allocation fails. Currently, aspeed_lpc_enable_snoop() does not check for this case, which results in a NULL pointer dereference. Add NULL check after devm_kasprintf() to prevent this issue. [arj: Fix Fixes: tag to use subject from 3772e5da4454] In the Linux kernel, the following vulnerability has been resolved: soc: aspeed: Add NULL check in ... • https://git.kernel.org/stable/c/3772e5da445420543b25825ac2b5971f3743f6e8 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2025-38143 – backlight: pm8941: Add NULL check in wled_configure()
https://notcve.org/view.php?id=CVE-2025-38143
03 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: backlight: pm8941: Add NULL check in wled_configure() devm_kasprintf() returns NULL when memory allocation fails. Currently, wled_configure() does not check for this case, which results in a NULL pointer dereference. Add NULL check after devm_kasprintf() to prevent this issue. In the Linux kernel, the following vulnerability has been resolved: backlight: pm8941: Add NULL check in wled_configure() devm_kasprintf() returns NULL when memory al... • https://git.kernel.org/stable/c/f86b77583d88c8402e8d89a339d96f847318f8a8 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38136 – usb: renesas_usbhs: Reorder clock handling and power management in probe
https://notcve.org/view.php?id=CVE-2025-38136
03 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: renesas_usbhs: Reorder clock handling and power management in probe Reorder the initialization sequence in `usbhs_probe()` to enable runtime PM before accessing registers, preventing potential crashes due to uninitialized clocks. Currently, in the probe path, registers are accessed before enabling the clocks, leading to a synchronous external abort on the RZ/V2H SoC. The problematic call flow is as follows: usbhs_probe() usbhs_sys_cloc... • https://git.kernel.org/stable/c/f1407d5c66240b33d11a7f1a41d55ccf6a9d7647 •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2025-38129 – page_pool: Fix use-after-free in page_pool_recycle_in_ring
https://notcve.org/view.php?id=CVE-2025-38129
03 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: page_pool: Fix use-after-free in page_pool_recycle_in_ring syzbot reported a uaf in page_pool_recycle_in_ring: BUG: KASAN: slab-use-after-free in lock_release+0x151/0xa30 kernel/locking/lockdep.c:5862 Read of size 8 at addr ffff8880286045a0 by task syz.0.284/6943 CPU: 0 UID: 0 PID: 6943 Comm: syz.0.284 Not tainted 6.13.0-rc3-syzkaller-gdfa94ce54f41 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 ... • https://git.kernel.org/stable/c/ff7d6b27f894f1469dc51ccb828b7363ccd9799f •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-38126 – net: stmmac: make sure that ptp_rate is not 0 before configuring timestamping
https://notcve.org/view.php?id=CVE-2025-38126
03 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: net: stmmac: make sure that ptp_rate is not 0 before configuring timestamping The stmmac platform drivers that do not open-code the clk_ptp_rate value after having retrieved the default one from the device-tree can end up with 0 in clk_ptp_rate (as clk_get_rate can return 0). It will eventually propagate up to PTP initialization when bringing up the interface, leading to a divide by 0: Division by zero in kernel. CPU: 1 UID: 0 PID: 1 Comm: ... • https://git.kernel.org/stable/c/19d857c9038e5c07db8f8cc02b5ad0cd0098714f •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2025-38119 – scsi: core: ufs: Fix a hang in the error handler
https://notcve.org/view.php?id=CVE-2025-38119
03 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: core: ufs: Fix a hang in the error handler ufshcd_err_handling_prepare() calls ufshcd_rpm_get_sync(). The latter function can only succeed if UFSHCD_EH_IN_PROGRESS is not set because resuming involves submitting a SCSI command and ufshcd_queuecommand() returns SCSI_MLQUEUE_HOST_BUSY if UFSHCD_EH_IN_PROGRESS is set. Fix this hang by setting UFSHCD_EH_IN_PROGRESS after ufshcd_rpm_get_sync() has been called instead of before. Backtrace: ... • https://git.kernel.org/stable/c/62694735ca95c74dac4eb9068d59801ac0ddebaf •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-38117 – Bluetooth: MGMT: Protect mgmt_pending list with its own lock
https://notcve.org/view.php?id=CVE-2025-38117
03 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Protect mgmt_pending list with its own lock This uses a mutex to protect from concurrent access of mgmt_pending list which can cause crashes like: ================================================================== BUG: KASAN: slab-use-after-free in hci_sock_get_channel+0x60/0x68 net/bluetooth/hci_sock.c:91 Read of size 2 at addr ffff0000c48885b2 by task syz.4.334/7318 CPU: 0 UID: 0 PID: 7318 Comm: syz.4.334 Not tainted 6.15... • https://git.kernel.org/stable/c/a380b6cff1a2d2139772e88219d08330f84d0381 •