CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2025-38277 – mtd: nand: ecc-mxic: Fix use of uninitialized variable ret
https://notcve.org/view.php?id=CVE-2025-38277
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: mtd: nand: ecc-mxic: Fix use of uninitialized variable ret If ctx->steps is zero, the loop processing ECC steps is skipped, and the variable ret remains uninitialized. It is later checked and returned, which leads to undefined behavior and may cause unpredictable results in user space or kernel crashes. This scenario can be triggered in edge cases such as misconfigured geometry, ECC engine misuse, or if ctx->steps is not validated after ini... • https://git.kernel.org/stable/c/48e6633a9fa2400b53a964358753769f291a7eb0 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2025-38275 – phy: qcom-qmp-usb: Fix an NULL vs IS_ERR() bug
https://notcve.org/view.php?id=CVE-2025-38275
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: phy: qcom-qmp-usb: Fix an NULL vs IS_ERR() bug The qmp_usb_iomap() helper function currently returns the raw result of devm_ioremap() for non-exclusive mappings. Since devm_ioremap() may return a NULL pointer and the caller only checks error pointers with IS_ERR(), NULL could bypass the check and lead to an invalid dereference. Fix the issue by checking if devm_ioremap() returns NULL. When it does, qmp_usb_iomap() now returns an error point... • https://git.kernel.org/stable/c/a5d6b1ac56cbd6b5850a3a54e35f1cb71e8e8cdd •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-38274 – fpga: fix potential null pointer deref in fpga_mgr_test_img_load_sgt()
https://notcve.org/view.php?id=CVE-2025-38274
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: fpga: fix potential null pointer deref in fpga_mgr_test_img_load_sgt() fpga_mgr_test_img_load_sgt() allocates memory for sgt using kunit_kzalloc() however it does not check if the allocation failed. It then passes sgt to sg_alloc_table(), which passes it to __sg_alloc_table(). This function calls memset() on sgt in an attempt to zero it out. If the allocation fails then sgt will be NULL and the memset will trigger a NULL pointer dereference... • https://git.kernel.org/stable/c/ccbc1c302115d8125d6a96296ba52702c6de0ade •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38273 – net: tipc: fix refcount warning in tipc_aead_encrypt
https://notcve.org/view.php?id=CVE-2025-38273
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: net: tipc: fix refcount warning in tipc_aead_encrypt syzbot reported a refcount warning [1] caused by calling get_net() on a network namespace that is being destroyed (refcount=0). This happens when a TIPC discovery timer fires during network namespace cleanup. The recently added get_net() call in commit e279024617134 ("net/tipc: fix slab-use-after-free Read in tipc_aead_encrypt_done") attempts to hold a reference to the network namespace. ... • https://git.kernel.org/stable/c/d42ed4de6aba232d946d20653a70f79158a6535b •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-38272 – net: dsa: b53: do not enable EEE on bcm63xx
https://notcve.org/view.php?id=CVE-2025-38272
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: net: dsa: b53: do not enable EEE on bcm63xx BCM63xx internal switches do not support EEE, but provide multiple RGMII ports where external PHYs may be connected. If one of these PHYs are EEE capable, we may try to enable EEE for the MACs, which then hangs the system on access of the (non-existent) EEE registers. Fix this by checking if the switch actually supports EEE before attempting to configure it. In the Linux kernel, the following vuln... • https://git.kernel.org/stable/c/22256b0afb12333571ad11799fa68fd27e4f4e80 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-38269 – btrfs: exit after state insertion failure at btrfs_convert_extent_bit()
https://notcve.org/view.php?id=CVE-2025-38269
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: exit after state insertion failure at btrfs_convert_extent_bit() If insert_state() state failed it returns an error pointer and we call extent_io_tree_panic() which will trigger a BUG() call. However if CONFIG_BUG is disabled, which is an uncommon and exotic scenario, then we fallthrough and call cache_state() which will dereference the error pointer, resulting in an invalid memory access. So jump to the 'out' label after calling ext... • https://git.kernel.org/stable/c/58c50f45e1821a04d61b62514f9bd34afe67c622 •
CVSS: 5.6EPSS: 0%CPEs: 3EXPL: 0CVE-2025-38268 – usb: typec: tcpm: move tcpm_queue_vdm_unlocked to asynchronous work
https://notcve.org/view.php?id=CVE-2025-38268
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: typec: tcpm: move tcpm_queue_vdm_unlocked to asynchronous work A state check was previously added to tcpm_queue_vdm_unlocked to prevent a deadlock where the DisplayPort Alt Mode driver would be executing work and attempting to grab the tcpm_lock while the TCPM was holding the lock and attempting to unregister the altmode, blocking on the altmode driver's cancel_work_sync call. Because the state check isn't protected, there is a small w... • https://git.kernel.org/stable/c/cdc9946ea6377e8e214b135ccc308c5e514ba25f •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-38265 – serial: jsm: fix NPE during jsm_uart_port_init
https://notcve.org/view.php?id=CVE-2025-38265
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: serial: jsm: fix NPE during jsm_uart_port_init No device was set which caused serial_base_ctrl_add to crash. BUG: kernel NULL pointer dereference, address: 0000000000000050 Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI CPU: 16 UID: 0 PID: 368 Comm: (udev-worker) Not tainted 6.12.25-amd64 #1 Debian 6.12.25-1 RIP: 0010:serial_base_ctrl_add+0x96/0x120 Call Trace:
CVSS: 8.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-38264 – nvme-tcp: sanitize request list handling
https://notcve.org/view.php?id=CVE-2025-38264
09 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: sanitize request list handling Validate the request in nvme_tcp_handle_r2t() to ensure it's not part of any list, otherwise a malicious R2T PDU might inject a loop in request list processing. In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: sanitize request list handling Validate the request in nvme_tcp_handle_r2t() to ensure it's not part of any list, otherwise a malicious R2T PDU might inject a loop ... • https://git.kernel.org/stable/c/78a4adcd3fedb0728436e8094848ebf4c6bae006 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2025-38263 – bcache: fix NULL pointer in cache_set_flush()
https://notcve.org/view.php?id=CVE-2025-38263
09 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: bcache: fix NULL pointer in cache_set_flush() 1. LINE#1794 - LINE#1887 is some codes about function of bch_cache_set_alloc(). 2. LINE#2078 - LINE#2142 is some codes about function of register_cache_set(). 3. register_cache_set() will call bch_cache_set_alloc() in LINE#2098. 1794 struct cache_set *bch_cache_set_alloc(struct cache_sb *sb) 1795 { ... 1860 if (!(c->devices = kcalloc(c->nr_uuids, sizeof(void *), GFP_KERNEL)) || 1861 mempool_init... • https://git.kernel.org/stable/c/1f25f2d3fa29325320c19a30abf787e0bd5fc91b •