CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-38205 – drm/amd/display: Avoid divide by zero by initializing dummy pitch to 1
https://notcve.org/view.php?id=CVE-2025-38205
04 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Avoid divide by zero by initializing dummy pitch to 1 [Why] If the dummy values in `populate_dummy_dml_surface_cfg()` aren't updated then they can lead to a divide by zero in downstream callers like CalculateVMAndRowBytes() [How] Initialize dummy value to a value to avoid divide by zero. In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Avoid divide by zero by initializing dummy pitch to 1... • https://git.kernel.org/stable/c/7966f319c66d9468623c6a6a017ecbc0dd79be75 •
CVSS: 8.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-38204 – jfs: fix array-index-out-of-bounds read in add_missing_indices
https://notcve.org/view.php?id=CVE-2025-38204
04 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: jfs: fix array-index-out-of-bounds read in add_missing_indices stbl is s8 but it must contain offsets into slot which can go from 0 to 127. Added a bound check for that error and return -EIO if the check fails. Also make jfs_readdir return with error if add_missing_indices returns with an error. In the Linux kernel, the following vulnerability has been resolved: jfs: fix array-index-out-of-bounds read in add_missing_indices stbl is s8 but i... • https://git.kernel.org/stable/c/81af4b34fd72d390d7f237c6a545cc6d09707956 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-38203 – jfs: Fix null-ptr-deref in jfs_ioc_trim
https://notcve.org/view.php?id=CVE-2025-38203
04 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: jfs: Fix null-ptr-deref in jfs_ioc_trim [ Syzkaller Report ] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000087: 0000 [#1 KASAN: null-ptr-deref in range [0x0000000000000438-0x000000000000043f] CPU: 2 UID: 0 PID: 10614 Comm: syz-executor.0 Not tainted 6.13.0-rc6-gfbfd64d25c7a-dirty #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 Sched_ext: serialise (enabled+all), task: ru... • https://git.kernel.org/stable/c/b40c2e665cd552eae5fbdbb878bc29a34357668e •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-38202 – bpf: Check rcu_read_lock_trace_held() in bpf_map_lookup_percpu_elem()
https://notcve.org/view.php?id=CVE-2025-38202
04 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: Check rcu_read_lock_trace_held() in bpf_map_lookup_percpu_elem() bpf_map_lookup_percpu_elem() helper is also available for sleepable bpf program. When BPF JIT is disabled or under 32-bit host, bpf_map_lookup_percpu_elem() will not be inlined. Using it in a sleepable bpf program will trigger the warning in bpf_map_lookup_percpu_elem(), because the bpf program only holds rcu_read_lock_trace lock. Therefore, add the missed check. In the L... • https://git.kernel.org/stable/c/07343110b293456d30393e89b86c4dee1ac051c8 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-38201 – netfilter: nft_set_pipapo: clamp maximum map bucket size to INT_MAX
https://notcve.org/view.php?id=CVE-2025-38201
04 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo: clamp maximum map bucket size to INT_MAX Otherwise, it is possible to hit WARN_ON_ONCE in __kvmalloc_node_noprof() when resizing hashtable because __GFP_NOWARN is unset. Similar to: b541ba7d1f5a ("netfilter: conntrack: clamp maximum hashtable size to INT_MAX") In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo: clamp maximum map bucket size to INT_MAX Otherwise, it is pos... • https://git.kernel.org/stable/c/3c4287f62044a90e73a561aa05fc46e62da173da •
CVSS: 8.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38200 – i40e: fix MMIO write access to an invalid page in i40e_clear_hw
https://notcve.org/view.php?id=CVE-2025-38200
04 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: i40e: fix MMIO write access to an invalid page in i40e_clear_hw When the device sends a specific input, an integer underflow can occur, leading to MMIO write access to an invalid page. Prevent the integer underflow by changing the type of related variables. In the Linux kernel, the following vulnerability has been resolved: i40e: fix MMIO write access to an invalid page in i40e_clear_hw When the device sends a specific input, an integer und... • https://git.kernel.org/stable/c/872607632c658d3739e4e7889e4f3c419ae2c193 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-38199 – wifi: ath12k: Fix memory leak due to multiple rx_stats allocation
https://notcve.org/view.php?id=CVE-2025-38199
04 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Fix memory leak due to multiple rx_stats allocation rx_stats for each arsta is allocated when adding a station. arsta->rx_stats will be freed when a station is removed. Redundant allocations are occurring when the same station is added multiple times. This causes ath12k_mac_station_add() to be called multiple times, and rx_stats is allocated each time. As a result there is memory leaks. Prevent multiple allocations of rx_stats... • https://git.kernel.org/stable/c/d889913205cf7ebda905b1e62c5867ed4e39f6c2 •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2025-38198 – fbcon: Make sure modelist not set on unregistered console
https://notcve.org/view.php?id=CVE-2025-38198
04 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: fbcon: Make sure modelist not set on unregistered console It looks like attempting to write to the "store_modes" sysfs node will run afoul of unregistered consoles: UBSAN: array-index-out-of-bounds in drivers/video/fbdev/core/fbcon.c:122:28 index -1 is out of range for type 'fb_info *[32]' ... fbcon_info_from_console+0x192/0x1a0 drivers/video/fbdev/core/fbcon.c:122 fbcon_new_modelist+0xbf/0x2d0 drivers/video/fbdev/core/fbcon.c:3048 fb_new_m... • https://git.kernel.org/stable/c/b3237d451bf3a4490cb1a76f3b7c91d9888f1c4b •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2025-38197 – platform/x86: dell_rbu: Fix list usage
https://notcve.org/view.php?id=CVE-2025-38197
04 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell_rbu: Fix list usage Pass the correct list head to list_for_each_entry*() when looping through the packet list. Without this patch, reading the packet data via sysfs will show the data incorrectly (because it starts at the wrong packet), and clearing the packet list will result in a NULL pointer dereference. In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell_rbu: Fix list usage Pass the ... • https://git.kernel.org/stable/c/d19f359fbdc6b5d49e9b9a0db27a996b28a2ded3 •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2025-38196 – io_uring/rsrc: validate buffer count with offset for cloning
https://notcve.org/view.php?id=CVE-2025-38196
04 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: io_uring/rsrc: validate buffer count with offset for cloning syzbot reports that it can trigger a WARN_ON() for kmalloc() attempt that's too big: WARNING: CPU: 0 PID: 6488 at mm/slub.c:5024 __kvmalloc_node_noprof+0x520/0x640 mm/slub.c:5024 Modules linked in: CPU: 0 UID: 0 PID: 6488 Comm: syz-executor312 Not tainted 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05... • https://git.kernel.org/stable/c/b16e920a1909da6799c43000db730d8fcdcae907 •