CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2025-38336 – ata: pata_via: Force PIO for ATAPI devices on VT6415/VT6330
https://notcve.org/view.php?id=CVE-2025-38336
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: ata: pata_via: Force PIO for ATAPI devices on VT6415/VT6330 The controller has a hardware bug that can hard hang the system when doing ATAPI DMAs without any trace of what happened. Depending on the device attached, it can also prevent the system from booting. In this case, the system hangs when reading the ATIP from optical media with cdrecord -vvv -atip on an _NEC DVD_RW ND-4571A 1-01 and an Optiarc DVD RW AD-7200A 1.06 attached to an ASR... • https://git.kernel.org/stable/c/5955c7a2cfb6a35429adea5dc480002b15ca8cfc •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-38333 – f2fs: fix to bail out in get_new_segment()
https://notcve.org/view.php?id=CVE-2025-38333
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to bail out in get_new_segment() ------------[ cut here ]------------ WARNING: CPU: 3 PID: 579 at fs/f2fs/segment.c:2832 new_curseg+0x5e8/0x6dc pc : new_curseg+0x5e8/0x6dc Call trace: new_curseg+0x5e8/0x6dc f2fs_allocate_data_block+0xa54/0xe28 do_write_page+0x6c/0x194 f2fs_do_write_node_page+0x38/0x78 __write_node_page+0x248/0x6d4 f2fs_sync_node_pages+0x524/0x72c f2fs_write_checkpoint+0x4bc/0x9b0 __checkpoint_and_complete_reqs+0x8... • https://git.kernel.org/stable/c/98e4da8ca301e062d79ae168c67e56f3c3de3ce4 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38328 – jffs2: check jffs2_prealloc_raw_node_refs() result in few other places
https://notcve.org/view.php?id=CVE-2025-38328
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: jffs2: check jffs2_prealloc_raw_node_refs() result in few other places Fuzzing hit another invalid pointer dereference due to the lack of checking whether jffs2_prealloc_raw_node_refs() completed successfully. Subsequent logic implies that the node refs have been allocated. Handle that. The code is ready for propagating the error upwards. KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f] CPU: 1 PID: 5835 Comm: syz-execu... • https://git.kernel.org/stable/c/2f785402f39b96a077b6e62bf26164bfb8e0c980 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38323 – net: atm: add lec_mutex
https://notcve.org/view.php?id=CVE-2025-38323
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: net: atm: add lec_mutex syzbot found its way in net/atm/lec.c, and found an error path in lecd_attach() could leave a dangling pointer in dev_lec[]. Add a mutex to protect dev_lecp[] uses from lecd_attach(), lec_vcc_attach() and lec_mcast_attach(). Following patch will use this mutex for /proc/net/atm/lec. BUG: KASAN: slab-use-after-free in lecd_attach net/atm/lec.c:751 [inline] BUG: KASAN: slab-use-after-free in lane_ioctl+0x2224/0x23e0 ne... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38312 – fbdev: core: fbcvt: avoid division by 0 in fb_cvt_hperiod()
https://notcve.org/view.php?id=CVE-2025-38312
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: fbdev: core: fbcvt: avoid division by 0 in fb_cvt_hperiod() In fb_find_mode_cvt(), iff mode->refresh somehow happens to be 0x80000000, cvt.f_refresh will become 0 when multiplying it by 2 due to overflow. It's then passed to fb_cvt_hperiod(), where it's used as a divider -- division by 0 will result in kernel oops. Add a sanity check for cvt.f_refresh to avoid such overflow... Found by Linux Verification Center (linuxtesting.org) with the S... • https://git.kernel.org/stable/c/96fe6a2109db29cd15b90a093c16e6cb4b19371a •
CVSS: 8.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38286 – pinctrl: at91: Fix possible out-of-boundary access
https://notcve.org/view.php?id=CVE-2025-38286
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: pinctrl: at91: Fix possible out-of-boundary access at91_gpio_probe() doesn't check that given OF alias is not available or something went wrong when trying to get it. This might have consequences when accessing gpio_chips array with that value as an index. Note, that BUG() can be compiled out and hence won't actually perform the required checks. In the Linux kernel, the following vulnerability has been resolved: pinctrl: at91: Fix possible ... • https://git.kernel.org/stable/c/6732ae5cb47c4f9a72727585956f2a5e069d1637 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2025-38263 – bcache: fix NULL pointer in cache_set_flush()
https://notcve.org/view.php?id=CVE-2025-38263
09 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: bcache: fix NULL pointer in cache_set_flush() 1. LINE#1794 - LINE#1887 is some codes about function of bch_cache_set_alloc(). 2. LINE#2078 - LINE#2142 is some codes about function of register_cache_set(). 3. register_cache_set() will call bch_cache_set_alloc() in LINE#2098. 1794 struct cache_set *bch_cache_set_alloc(struct cache_sb *sb) 1795 { ... 1860 if (!(c->devices = kcalloc(c->nr_uuids, sizeof(void *), GFP_KERNEL)) || 1861 mempool_init... • https://git.kernel.org/stable/c/cafe563591446cf80bfbc2fe3bc72a2e36cf1060 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2025-38262 – tty: serial: uartlite: register uart driver in init
https://notcve.org/view.php?id=CVE-2025-38262
09 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: tty: serial: uartlite: register uart driver in init When two instances of uart devices are probing, a concurrency race can occur. If one thread calls uart_register_driver function, which first allocates and assigns memory to 'uart_state' member of uart_driver structure, the other instance can bypass uart driver registration and call ulite_assign. This calls uart_add_one_port, which expects the uart driver to be fully initialized. This leads... • https://git.kernel.org/stable/c/238b8721a554a33a451a3f13bdb5be8fe5cfc927 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-38250 – Bluetooth: hci_core: Fix use-after-free in vhci_flush()
https://notcve.org/view.php?id=CVE-2025-38250
09 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_core: Fix use-after-free in vhci_flush() syzbot reported use-after-free in vhci_flush() without repro. [0] From the splat, a thread close()d a vhci file descriptor while its device was being used by iotcl() on another thread. Once the last fd refcnt is released, vhci_release() calls hci_unregister_dev(), hci_free_dev(), and kfree() for struct vhci_data, which is set to hci_dev->dev->driver_data. The problem is that there is n... • https://git.kernel.org/stable/c/bf18c7118cf83ad4b9aa476354b4a06bcb9d0c4f • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38245 – atm: Release atm_dev_mutex after removing procfs in atm_dev_deregister().
https://notcve.org/view.php?id=CVE-2025-38245
09 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: atm: Release atm_dev_mutex after removing procfs in atm_dev_deregister(). syzbot reported a warning below during atm_dev_register(). [0] Before creating a new device and procfs/sysfs for it, atm_dev_register() looks up a duplicated device by __atm_dev_lookup(). These operations are done under atm_dev_mutex. However, when removing a device in atm_dev_deregister(), it releases the mutex just after removing the device from the list that __atm_... • https://git.kernel.org/stable/c/64bf69ddff7637b7ed7acf9b2a823cc0ee519439 •