CVSS: 7.1EPSS: 0%CPEs: 10EXPL: 0CVE-2025-38285 – bpf: Fix WARN() in get_bpf_raw_tp_regs
https://notcve.org/view.php?id=CVE-2025-38285
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: Fix WARN() in get_bpf_raw_tp_regs syzkaller reported an issue: WARNING: CPU: 3 PID: 5971 at kernel/trace/bpf_trace.c:1861 get_bpf_raw_tp_regs+0xa4/0x100 kernel/trace/bpf_trace.c:1861 Modules linked in: CPU: 3 UID: 0 PID: 5971 Comm: syz-executor205 Not tainted 6.15.0-rc5-syzkaller-00038-g707df3375124 #0 PREEMPT(full) Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 RIP: 0010:get_bpf_raw_... • https://git.kernel.org/stable/c/9594dc3c7e71b9f52bee1d7852eb3d4e3aea9e99 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-38284 – wifi: rtw89: pci: configure manual DAC mode via PCI config API only
https://notcve.org/view.php?id=CVE-2025-38284
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: pci: configure manual DAC mode via PCI config API only To support 36-bit DMA, configure chip proprietary bit via PCI config API or chip DBI interface. However, the PCI device mmap isn't set yet and the DBI is also inaccessible via mmap, so only if the bit can be accessible via PCI config API, chip can support 36-bit DMA. Otherwise, fallback to 32-bit DMA. With NULL mmap address, kernel throws trace: BUG: unable to handle page f... • https://git.kernel.org/stable/c/1fd4b3fe52efd5ad1647966f619c10988e7a4457 •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2025-38283 – hisi_acc_vfio_pci: bugfix live migration function without VF device driver
https://notcve.org/view.php?id=CVE-2025-38283
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: hisi_acc_vfio_pci: bugfix live migration function without VF device driver If the VF device driver is not loaded in the Guest OS and we attempt to perform device data migration, the address of the migrated data will be NULL. The live migration recovery operation on the destination side will access a null address value, which will cause access errors. Therefore, live migration of VMs without added VF device drivers does not require device da... • https://git.kernel.org/stable/c/b0eed085903e7758532696d64397901a75bba8ba •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2025-38282 – kernfs: Relax constraint in draining guard
https://notcve.org/view.php?id=CVE-2025-38282
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: kernfs: Relax constraint in draining guard The active reference lifecycle provides the break/unbreak mechanism but the active reference is not truly active after unbreak -- callers don't use it afterwards but it's important for proper pairing of kn->active counting. Assuming this mechanism is in place, the WARN check in kernfs_should_drain_open_files() is too sensitive -- it may transiently catch those (rightful) callers between kernfs_unbr... • https://git.kernel.org/stable/c/bdb2fd7fc56e197a63c0b0e7e07d25d5e20e7c72 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-38281 – wifi: mt76: mt7996: Add NULL check in mt7996_thermal_init
https://notcve.org/view.php?id=CVE-2025-38281
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7996: Add NULL check in mt7996_thermal_init devm_kasprintf() can return a NULL pointer on failure,but this returned value in mt7996_thermal_init() is not checked. Add NULL check in mt7996_thermal_init(), to handle kernel NULL pointer dereference error. In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7996: Add NULL check in mt7996_thermal_init devm_kasprintf() can return a NULL pointer on failu... • https://git.kernel.org/stable/c/69d54ce7491d046eaae05de7fb2493319a481991 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38280 – bpf: Avoid __bpf_prog_ret0_warn when jit fails
https://notcve.org/view.php?id=CVE-2025-38280
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: Avoid __bpf_prog_ret0_warn when jit fails syzkaller reported an issue: WARNING: CPU: 3 PID: 217 at kernel/bpf/core.c:2357 __bpf_prog_ret0_warn+0xa/0x20 kernel/bpf/core.c:2357 Modules linked in: CPU: 3 UID: 0 PID: 217 Comm: kworker/u32:6 Not tainted 6.15.0-rc4-syzkaller-00040-g8bac8898fe39 RIP: 0010:__bpf_prog_ret0_warn+0xa/0x20 kernel/bpf/core.c:2357 Call Trace:
CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2025-38279 – bpf: Do not include stack ptr register in precision backtracking bookkeeping
https://notcve.org/view.php?id=CVE-2025-38279
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: Do not include stack ptr register in precision backtracking bookkeeping Yi Lai reported an issue ([1]) where the following warning appears in kernel dmesg: [ 60.643604] verifier backtracking bug [ 60.643635] WARNING: CPU: 10 PID: 2315 at kernel/bpf/verifier.c:4302 __mark_chain_precision+0x3a6c/0x3e10 [ 60.648428] Modules linked in: bpf_testmod(OE) [ 60.650471] CPU: 10 UID: 0 PID: 2315 Comm: test_progs Tainted: G OE 6.15.0-rc4-gef11287f... • https://git.kernel.org/stable/c/407958a0e980b9e1842ab87b5a1040521e1e24e9 •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2025-38278 – octeontx2-pf: QOS: Refactor TC_HTB_LEAF_DEL_LAST callback
https://notcve.org/view.php?id=CVE-2025-38278
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: QOS: Refactor TC_HTB_LEAF_DEL_LAST callback This patch addresses below issues, 1. Active traffic on the leaf node must be stopped before its send queue is reassigned to the parent. This patch resolves the issue by marking the node as 'Inner'. 2. During a system reboot, the interface receives TC_HTB_LEAF_DEL and TC_HTB_LEAF_DEL_LAST callbacks to delete its HTB queues. In the case of TC_HTB_LEAF_DEL_LAST, although the same send ... • https://git.kernel.org/stable/c/5e6808b4c68d7882971514ab3279926eb07c8b2d •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2025-38277 – mtd: nand: ecc-mxic: Fix use of uninitialized variable ret
https://notcve.org/view.php?id=CVE-2025-38277
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: mtd: nand: ecc-mxic: Fix use of uninitialized variable ret If ctx->steps is zero, the loop processing ECC steps is skipped, and the variable ret remains uninitialized. It is later checked and returned, which leads to undefined behavior and may cause unpredictable results in user space or kernel crashes. This scenario can be triggered in edge cases such as misconfigured geometry, ECC engine misuse, or if ctx->steps is not validated after ini... • https://git.kernel.org/stable/c/48e6633a9fa2400b53a964358753769f291a7eb0 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2025-38275 – phy: qcom-qmp-usb: Fix an NULL vs IS_ERR() bug
https://notcve.org/view.php?id=CVE-2025-38275
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: phy: qcom-qmp-usb: Fix an NULL vs IS_ERR() bug The qmp_usb_iomap() helper function currently returns the raw result of devm_ioremap() for non-exclusive mappings. Since devm_ioremap() may return a NULL pointer and the caller only checks error pointers with IS_ERR(), NULL could bypass the check and lead to an invalid dereference. Fix the issue by checking if devm_ioremap() returns NULL. When it does, qmp_usb_iomap() now returns an error point... • https://git.kernel.org/stable/c/a5d6b1ac56cbd6b5850a3a54e35f1cb71e8e8cdd •