CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38393 – NFSv4/pNFS: Fix a race to wake on NFS_LAYOUT_DRAIN
https://notcve.org/view.php?id=CVE-2025-38393
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: NFSv4/pNFS: Fix a race to wake on NFS_LAYOUT_DRAIN We found a few different systems hung up in writeback waiting on the same page lock, and one task waiting on the NFS_LAYOUT_DRAIN bit in pnfs_update_layout(), however the pnfs_layout_hdr's plh_outstanding count was zero. It seems most likely that this is another race between the waiter and waker similar to commit ed0172af5d6f ("SUNRPC: Fix a race to wake a sync task"). Fix it up by applying... • https://git.kernel.org/stable/c/8acc3e228e1c90bd410f73597a4549e0409f22d6 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38391 – usb: typec: altmodes/displayport: do not index invalid pin_assignments
https://notcve.org/view.php?id=CVE-2025-38391
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: typec: altmodes/displayport: do not index invalid pin_assignments A poorly implemented DisplayPort Alt Mode port partner can indicate that its pin assignment capabilities are greater than the maximum value, DP_PIN_ASSIGN_F. In this case, calls to pin_assignment_show will cause a BRK exception due to an out of bounds array access. Prevent for loop in pin_assignment_show from accessing invalid values in pin_assignments by adding DP_PIN_A... • https://git.kernel.org/stable/c/0e3bb7d6894d9b6e67d6382bb03a46a1dc989588 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38389 – drm/i915/gt: Fix timeline left held on VMA alloc error
https://notcve.org/view.php?id=CVE-2025-38389
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/i915/gt: Fix timeline left held on VMA alloc error The following error has been reported sporadically by CI when a test unbinds the i915 driver on a ring submission platform: <4> [239.330153] ------------[ cut here ]------------ <4> [239.330166] i915 0000:00:02.0: [drm] drm_WARN_ON(dev_priv->mm.shrink_count) <4> [239.330196] WARNING: CPU: 1 PID: 18570 at drivers/gpu/drm/i915/i915_gem.c:1309 i915_gem_cleanup_early+0x13e/0x150 [i915] ... ... • https://git.kernel.org/stable/c/75d0a7f31eec8ec4a53b4485905800e09dc5091f •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38387 – RDMA/mlx5: Initialize obj_event->obj_sub_list before xa_insert
https://notcve.org/view.php?id=CVE-2025-38387
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Initialize obj_event->obj_sub_list before xa_insert The obj_event may be loaded immediately after inserted, then if the list_head is not initialized then we may get a poisonous pointer. This fixes the crash below: mlx5_core 0000:03:00.0: MLX5E: StrdRq(1) RqSz(8) StrdSz(2048) RxCqeCmprss(0 enhanced) mlx5_core.sf mlx5_core.sf.4: firmware version: 32.38.3056 mlx5_core 0000:03:00.0 en3f0pf0sf2002: renamed from eth0 mlx5_core.sf mlx5_... • https://git.kernel.org/stable/c/7597385371425febdaa8c6a1da3625d4ffff16f5 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38386 – ACPICA: Refuse to evaluate a method if arguments are missing
https://notcve.org/view.php?id=CVE-2025-38386
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: ACPICA: Refuse to evaluate a method if arguments are missing As reported in [1], a platform firmware update that increased the number of method parameters and forgot to update a least one of its callers, caused ACPICA to crash due to use-after-free. Since this a result of a clear AML issue that arguably cannot be fixed up by the interpreter (it cannot produce missing data out of thin air), address it by making ACPICA refuse to evaluate a me... • https://git.kernel.org/stable/c/b49d224d1830c46e20adce2a239c454cdab426f1 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2025-38385 – net: usb: lan78xx: fix WARN in __netif_napi_del_locked on disconnect
https://notcve.org/view.php?id=CVE-2025-38385
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: net: usb: lan78xx: fix WARN in __netif_napi_del_locked on disconnect Remove redundant netif_napi_del() call from disconnect path. A WARN may be triggered in __netif_napi_del_locked() during USB device disconnect: WARNING: CPU: 0 PID: 11 at net/core/dev.c:7417 __netif_napi_del_locked+0x2b4/0x350 This happens because netif_napi_del() is called in the disconnect path while NAPI is still enabled. However, it is not necessary to call netif_napi_... • https://git.kernel.org/stable/c/ec4c7e12396b1a30fbacfa68425118f5b46ea878 •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2025-38384 – mtd: spinand: fix memory leak of ECC engine conf
https://notcve.org/view.php?id=CVE-2025-38384
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: mtd: spinand: fix memory leak of ECC engine conf Memory allocated for the ECC engine conf is not released during spinand cleanup. Below kmemleak trace is seen for this memory leak: unreferenced object 0xffffff80064f00e0 (size 8): comm "swapper/0", pid 1, jiffies 4294937458 hex dump (first 8 bytes): 00 00 00 00 00 00 00 00 ........ backtrace (crc 0): kmemleak_alloc+0x30/0x40 __kmalloc_cache_noprof+0x208/0x3c0 spinand_ondie_ecc_init_ctx+0x114... • https://git.kernel.org/stable/c/68d3417305ee100dcad90fd6e5846b22497aa394 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2025-38382 – btrfs: fix iteration of extrefs during log replay
https://notcve.org/view.php?id=CVE-2025-38382
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: fix iteration of extrefs during log replay At __inode_add_ref() when processing extrefs, if we jump into the next label we have an undefined value of victim_name.len, since we haven't initialized it before we did the goto. This results in an invalid memory access in the next iteration of the loop since victim_name.len was not initialized to the length of the name of the current extref. Fix this by initializing victim_name.len with th... • https://git.kernel.org/stable/c/1cf474cd474bc5d3ef63086ffd009a87a5b7bb2e •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2025-38380 – i2c/designware: Fix an initialization issue
https://notcve.org/view.php?id=CVE-2025-38380
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: i2c/designware: Fix an initialization issue The i2c_dw_xfer_init() function requires msgs and msg_write_idx from the dev context to be initialized. amd_i2c_dw_xfer_quirk() inits msgs and msgs_num, but not msg_write_idx. This could allow an out of bounds access (of msgs). Initialize msg_write_idx before calling i2c_dw_xfer_init(). • https://git.kernel.org/stable/c/17631e8ca2d3421090e54b39d9a1402091019ba1 •
CVSS: 5.9EPSS: 0%CPEs: 3EXPL: 0CVE-2025-38379 – smb: client: fix warning when reconnecting channel
https://notcve.org/view.php?id=CVE-2025-38379
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: smb: client: fix warning when reconnecting channel When reconnecting a channel in smb2_reconnect_server(), a dummy tcon is passed down to smb2_reconnect() with ->query_interface uninitialized, so we can't call queue_delayed_work() on it. Fix the following warning by ensuring that we're queueing the delayed worker from correct tcon. WARNING: CPU: 4 PID: 1126 at kernel/workqueue.c:2498 __queue_delayed_work+0x1d2/0x200 Modules linked in: cifs ... • https://git.kernel.org/stable/c/202d7e838967dda02855cd925db7fd8c52c56af7 •