CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-38407 – riscv: cpu_ops_sbi: Use static array for boot_data
https://notcve.org/view.php?id=CVE-2025-38407
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: riscv: cpu_ops_sbi: Use static array for boot_data Since commit 6b9f29b81b15 ("riscv: Enable pcpu page first chunk allocator"), if NUMA is enabled, the page percpu allocator may be used on very sparse configurations, or when requested on boot with percpu_alloc=page. In that case, percpu data gets put in the vmalloc area. However, sbi_hsm_hart_start() needs the physical address of a sbi_hart_boot_data, and simply assumes that __pa() would wo... • https://git.kernel.org/stable/c/6b9f29b81b155af023da95f560f738f29722b306 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38406 – wifi: ath6kl: remove WARN on bad firmware input
https://notcve.org/view.php?id=CVE-2025-38406
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath6kl: remove WARN on bad firmware input If the firmware gives bad input, that's nothing to do with the driver's stack at this point etc., so the WARN_ON() doesn't add any value. Additionally, this is one of the top syzbot reports now. Just print a message, and as an added bonus, print the sizes too. • https://git.kernel.org/stable/c/7a2afdc5af3b82b601f6a2f0d1c90d5f0bc27aeb •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2025-38405 – nvmet: fix memory leak of bio integrity
https://notcve.org/view.php?id=CVE-2025-38405
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: nvmet: fix memory leak of bio integrity If nvmet receives commands with metadata there is a continuous memory leak of kmalloc-128 slab or more precisely bio->bi_integrity. Since commit bf4c89fc8797 ("block: don't call bio_uninit from bio_endio") each user of bio_init has to use bio_uninit as well. Otherwise the bio integrity is not getting free. Nvmet uses bio_init for inline bios. Uninit the inline bio to complete deallocation of integrity... • https://git.kernel.org/stable/c/bf4c89fc8797f5c0964a0c3d561fbe7e8483b62f •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2025-38404 – usb: typec: displayport: Fix potential deadlock
https://notcve.org/view.php?id=CVE-2025-38404
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: typec: displayport: Fix potential deadlock The deadlock can occur due to a recursive lock acquisition of `cros_typec_altmode_data::mutex`. The call chain is as follows: 1. cros_typec_altmode_work() acquires the mutex 2. typec_altmode_vdm() -> dp_altmode_vdm() -> 3. typec_altmode_exit() -> cros_typec_altmode_exit() 4. cros_typec_altmode_exit() attempts to acquire the mutex again To prevent this, defer the `typec_altmode_exit()` call by ... • https://git.kernel.org/stable/c/8e8a69b1f8c59f0505f8a1c0fb77191f27b75011 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38403 – vsock/vmci: Clear the vmci transport packet properly when initializing it
https://notcve.org/view.php?id=CVE-2025-38403
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: vsock/vmci: Clear the vmci transport packet properly when initializing it In vmci_transport_packet_init memset the vmci_transport_packet before populating the fields to avoid any uninitialised data being left in the structure. • https://git.kernel.org/stable/c/d021c344051af91f42c5ba9fdedc176740cbd238 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-38402 – idpf: return 0 size for RSS key if not supported
https://notcve.org/view.php?id=CVE-2025-38402
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: idpf: return 0 size for RSS key if not supported Returning -EOPNOTSUPP from function returning u32 is leading to cast and invalid size value as a result. -EOPNOTSUPP as a size probably will lead to allocation fail. Command: ethtool -x eth0 It is visible on all devices that don't have RSS caps set. [ 136.615917] Call Trace: [ 136.615921]
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38401 – mtk-sd: Prevent memory corruption from DMA map failure
https://notcve.org/view.php?id=CVE-2025-38401
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: mtk-sd: Prevent memory corruption from DMA map failure If msdc_prepare_data() fails to map the DMA region, the request is not prepared for data receiving, but msdc_start_data() proceeds the DMA with previous setting. Since this will lead a memory corruption, we have to stop the request operation soon after the msdc_prepare_data() fails to prepare it. • https://git.kernel.org/stable/c/208489032bdd8d4a7de50f3057c175058f271956 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2025-38400 – nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails.
https://notcve.org/view.php?id=CVE-2025-38400
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails. syzbot reported a warning below [1] following a fault injection in nfs_fs_proc_net_init(). [0] When nfs_fs_proc_net_init() fails, /proc/net/rpc/nfs is not removed. Later, rpc_proc_exit() tries to remove /proc/net/rpc, and the warning is logged as the directory is not empty. Let's handle the error of nfs_fs_proc_net_init() properly. [0]: FAULT_INJECTION: forcing a failure. na... • https://git.kernel.org/stable/c/31dd0cda5aa0547de447aaf184812f85ccc34044 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2025-38399 – scsi: target: Fix NULL pointer dereference in core_scsi3_decode_spec_i_port()
https://notcve.org/view.php?id=CVE-2025-38399
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: target: Fix NULL pointer dereference in core_scsi3_decode_spec_i_port() The function core_scsi3_decode_spec_i_port(), in its error code path, unconditionally calls core_scsi3_lunacl_undepend_item() passing the dest_se_deve pointer, which may be NULL. This can lead to a NULL pointer dereference if dest_se_deve remains unset. SPC-3 PR SPEC_I_PT: Unable to locate dest_tpg Unable to handle kernel paging request at virtual address dfff8000... • https://git.kernel.org/stable/c/70ddb8133fdb512d4b1f2b4fd1c9e518514f182c •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2025-38396 – fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass
https://notcve.org/view.php?id=CVE-2025-38396
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass Export anon_inode_make_secure_inode() to allow KVM guest_memfd to create anonymous inodes with proper security context. This replaces the current pattern of calling alloc_anon_inode() followed by inode_init_security_anon() for creating security context manually. This change also fixes a security regression in secretmem where the S_PRIVATE flag was not cleared after alloc... • https://git.kernel.org/stable/c/2bfe15c5261212130f1a71f32a300bcf426443d4 •