CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38546 – atm: clip: Fix memory leak of struct clip_vcc.
https://notcve.org/view.php?id=CVE-2025-38546
16 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: atm: clip: Fix memory leak of struct clip_vcc. ioctl(ATMARP_MKIP) allocates struct clip_vcc and set it to vcc->user_back. The code assumes that vcc_destroy_socket() passes NULL skb to vcc->push() when the socket is close()d, and then clip_push() frees clip_vcc. However, ioctl(ATMARPD_CTRL) sets NULL to vcc->push() in atm_init_atmarp(), resulting in memory leak. Let's serialise two ioctl() by lock_sock() and check vcc->push() in atm_init_atm... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 6.6EPSS: 0%CPEs: 3EXPL: 0CVE-2025-38545 – net: ethernet: ti: am65-cpsw-nuss: Fix skb size by accounting for skb_shared_info
https://notcve.org/view.php?id=CVE-2025-38545
16 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: net: ethernet: ti: am65-cpsw-nuss: Fix skb size by accounting for skb_shared_info While transitioning from netdev_alloc_ip_align() to build_skb(), memory for the "skb_shared_info" member of an "skb" was not allocated. Fix this by allocating "PAGE_SIZE" as the skb length, accounting for the packet length, headroom and tailroom, thereby including the required memory space for skb_shared_info. In the Linux kernel, the following vulnerability h... • https://git.kernel.org/stable/c/8acacc40f7337527ff84cd901ed2ef0a2b95b2b6 •
CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2025-38544 – rxrpc: Fix bug due to prealloc collision
https://notcve.org/view.php?id=CVE-2025-38544
16 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix bug due to prealloc collision When userspace is using AF_RXRPC to provide a server, it has to preallocate incoming calls and assign to them call IDs that will be used to thread related recvmsg() and sendmsg() together. The preallocated call IDs will automatically be attached to calls as they come in until the pool is empty. To the kernel, the call IDs are just arbitrary numbers, but userspace can use the call ID to hold a pointer... • https://git.kernel.org/stable/c/00e907127e6f86d0f9b122d9b4347a8aa09a8b61 •
CVSS: 6.6EPSS: 0%CPEs: 5EXPL: 0CVE-2025-38543 – drm/tegra: nvdec: Fix dma_alloc_coherent error check
https://notcve.org/view.php?id=CVE-2025-38543
16 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/tegra: nvdec: Fix dma_alloc_coherent error check Check for NULL return value with dma_alloc_coherent, in line with Robin's fix for vic.c in 'drm/tegra: vic: Fix DMA API misuse'. In the Linux kernel, the following vulnerability has been resolved: drm/tegra: nvdec: Fix dma_alloc_coherent error check Check for NULL return value with dma_alloc_coherent, in line with Robin's fix for vic.c in 'drm/tegra: vic: Fix DMA API misuse'. • https://git.kernel.org/stable/c/46f226c93d35b936aeec6eb31da932dc2e86f413 •
CVSS: 6.6EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38542 – net: appletalk: Fix device refcount leak in atrtr_create()
https://notcve.org/view.php?id=CVE-2025-38542
16 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: net: appletalk: Fix device refcount leak in atrtr_create() When updating an existing route entry in atrtr_create(), the old device reference was not being released before assigning the new device, leading to a device refcount leak. Fix this by calling dev_put() to release the old device reference before holding the new one. In the Linux kernel, the following vulnerability has been resolved: net: appletalk: Fix device refcount leak in atrtr_... • https://git.kernel.org/stable/c/c7f905f0f6d49ed8c1aa4566c31f0383a0ba0c9d •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-38541 – wifi: mt76: mt7925: Fix null-ptr-deref in mt7925_thermal_init()
https://notcve.org/view.php?id=CVE-2025-38541
16 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7925: Fix null-ptr-deref in mt7925_thermal_init() devm_kasprintf() returns NULL on error. Currently, mt7925_thermal_init() does not check for this case, which results in a NULL pointer dereference. Add NULL check after devm_kasprintf() to prevent this issue. In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7925: Fix null-ptr-deref in mt7925_thermal_init() devm_kasprintf() returns NULL on error.... • https://git.kernel.org/stable/c/396e41a74a88654f23e36c46d2995752c91654a5 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38540 – HID: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras
https://notcve.org/view.php?id=CVE-2025-38540
16 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: HID: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras The Chicony Electronics HP 5MP Cameras (USB ID 04F2:B824 & 04F2:B82C) report a HID sensor interface that is not actually implemented. Attempting to access this non-functional sensor via iio_info causes system hangs as runtime PM tries to wake up an unresponsive sensor. Add these 2 devices to the HID ignore list since the sensor interface is non-functional by design and should n... • https://git.kernel.org/stable/c/35f1a5360ac68d9629abbb3930a0a07901cba296 •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2025-38539 – tracing: Add down_write(trace_event_sem) when adding trace event
https://notcve.org/view.php?id=CVE-2025-38539
16 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: tracing: Add down_write(trace_event_sem) when adding trace event When a module is loaded, it adds trace events defined by the module. It may also need to modify the modules trace printk formats to replace enum names with their values. If two modules are loaded at the same time, the adding of the event to the ftrace_events list can corrupt the walking of the list in the code that is modifying the printk format strings and crash the kernel. T... • https://git.kernel.org/stable/c/110bf2b764eb6026b868d84499263cb24b1bcc8d •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2025-38538 – dmaengine: nbpfaxi: Fix memory corruption in probe()
https://notcve.org/view.php?id=CVE-2025-38538
16 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: dmaengine: nbpfaxi: Fix memory corruption in probe() The nbpf->chan[] array is allocated earlier in the nbpf_probe() function and it has "num_channels" elements. These three loops iterate one element farther than they should and corrupt memory. The changes to the second loop are more involved. In this case, we're copying data from the irqbuf[] array into the nbpf->chan[] array. If the data in irqbuf[i] is the error IRQ then we skip it, so t... • https://git.kernel.org/stable/c/b45b262cefd5b8eb2ba88d20e5bd295881293894 •
CVSS: 6.3EPSS: 0%CPEs: 4EXPL: 0CVE-2025-38537 – net: phy: Don't register LEDs for genphy
https://notcve.org/view.php?id=CVE-2025-38537
16 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: net: phy: Don't register LEDs for genphy If a PHY has no driver, the genphy driver is probed/removed directly in phy_attach/detach. If the PHY's ofnode has an "leds" subnode, then the LEDs will be (un)registered when probing/removing the genphy driver. This could occur if the leds are for a non-generic driver that isn't loaded for whatever reason. Synchronously removing the PHY device in phy_detach leads to the following deadlock: rtnl_lock... • https://git.kernel.org/stable/c/01e5b728e9e43ae444e0369695a5f72209906464 •