CVSS: 6.6EPSS: 0%CPEs: 6EXPL: 0CVE-2025-38609 – PM / devfreq: Check governor before using governor->name
https://notcve.org/view.php?id=CVE-2025-38609
19 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: PM / devfreq: Check governor before using governor->name Commit 96ffcdf239de ("PM / devfreq: Remove redundant governor_name from struct devfreq") removes governor_name and uses governor->name to replace it. But devfreq->governor may be NULL and directly using devfreq->governor->name may cause null pointer exception. Move the check of governor to before using governor->name. In the Linux kernel, the following vulnerability has been resolved:... • https://git.kernel.org/stable/c/96ffcdf239de6f9970178bb7d643e16fd9e68ab9 •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2025-38608 – bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls
https://notcve.org/view.php?id=CVE-2025-38608
19 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls When sending plaintext data, we initially calculated the corresponding ciphertext length. However, if we later reduced the plaintext data length via socket policy, we failed to recalculate the ciphertext length. This results in transmitting buffers containing uninitialized data during ciphertext transmission. This causes uninitialized bytes to be appended after a complete ... • https://git.kernel.org/stable/c/d3b18ad31f93d0b6bae105c679018a1ba7daa9ca •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-38607 – bpf: handle jset (if a & b ...) as a jump in CFG computation
https://notcve.org/view.php?id=CVE-2025-38607
19 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: handle jset (if a & b ...) as a jump in CFG computation BPF_JSET is a conditional jump and currently verifier.c:can_jump() does not know about that. This can lead to incorrect live registers and SCC computation. E.g. in the following example: 1: r0 = 1; 2: r2 = 2; 3: if r1 & 0x7 goto +1; 4: exit; 5: r0 = r2; 6: exit; W/o this fix insn_successors(3) will return only (4), a jump to (5) would be missed and r2 won't be marked as alive at (... • https://git.kernel.org/stable/c/14c8552db64476ffc27c13dc6652fc0dac31c0ba •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-38606 – wifi: ath12k: Avoid accessing uninitialized arvif->ar during beacon miss
https://notcve.org/view.php?id=CVE-2025-38606
19 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Avoid accessing uninitialized arvif->ar during beacon miss During beacon miss handling, ath12k driver iterates over active virtual interfaces (vifs) and attempts to access the radio object (ar) via arvif->deflink->ar. However, after commit aa80f12f3bed ("wifi: ath12k: defer vdev creation for MLO"), arvif is linked to a radio only after vdev creation, typically when a channel is assigned or a scan is requested. For P2P capable ... • https://git.kernel.org/stable/c/aa80f12f3bedc2d73e4cc43554aee44c277cc938 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-38605 – wifi: ath12k: Pass ab pointer directly to ath12k_dp_tx_get_encap_type()
https://notcve.org/view.php?id=CVE-2025-38605
19 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Pass ab pointer directly to ath12k_dp_tx_get_encap_type() In ath12k_dp_tx_get_encap_type(), the arvif parameter is only used to retrieve the ab pointer. In vdev delete sequence the arvif->ar could become NULL and that would trigger kernel panic. Since the caller ath12k_dp_tx() already has a valid ab pointer, pass it directly to avoid panic and unnecessary dereferencing. PC points to "ath12k_dp_tx+0x228/0x988 [ath12k]" LR point... • https://git.kernel.org/stable/c/e93bbd65547ea8073b707c9034c3f051f8018614 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2025-38604 – wifi: rtl818x: Kill URBs before clearing tx status queue
https://notcve.org/view.php?id=CVE-2025-38604
19 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: rtl818x: Kill URBs before clearing tx status queue In rtl8187_stop() move the call of usb_kill_anchored_urbs() before clearing b_tx_status.queue. This change prevents callbacks from using already freed skb due to anchor was not killed before freeing such skb. BUG: kernel NULL pointer dereference, address: 0000000000000080 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: Oops: 0000... • https://git.kernel.org/stable/c/c1db52b9d27ee6e15a7136e67e4a21dc916cd07f •
CVSS: 6.6EPSS: 0%CPEs: 6EXPL: 0CVE-2025-38602 – iwlwifi: Add missing check for alloc_ordered_workqueue
https://notcve.org/view.php?id=CVE-2025-38602
19 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: iwlwifi: Add missing check for alloc_ordered_workqueue Add check for the return value of alloc_ordered_workqueue since it may return NULL pointer. In the Linux kernel, the following vulnerability has been resolved: iwlwifi: Add missing check for alloc_ordered_workqueue Add check for the return value of alloc_ordered_workqueue since it may return NULL pointer. • https://git.kernel.org/stable/c/b481de9ca074528fe8c429604e2777db8b89806a •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2025-38601 – wifi: ath11k: clear initialized flag for deinit-ed srng lists
https://notcve.org/view.php?id=CVE-2025-38601
19 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: clear initialized flag for deinit-ed srng lists In a number of cases we see kernel panics on resume due to ath11k kernel page fault, which happens under the following circumstances: 1) First ath11k_hal_dump_srng_stats() call Last interrupt received for each group: ath11k_pci 0000:01:00.0: group_id 0 22511ms before ath11k_pci 0000:01:00.0: group_id 1 14440788ms before [..] ath11k_pci 0000:01:00.0: failed to receive control resp... • https://git.kernel.org/stable/c/5118935b1bc28d0bce9427e584e11e905e68ee9a •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2025-38599 – wifi: mt76: mt7996: Fix possible OOB access in mt7996_tx()
https://notcve.org/view.php?id=CVE-2025-38599
19 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7996: Fix possible OOB access in mt7996_tx() Fis possible Out-Of-Boundary access in mt7996_tx routine if link_id is set to IEEE80211_LINK_UNSPECIFIED In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7996: Fix possible OOB access in mt7996_tx() Fis possible Out-Of-Boundary access in mt7996_tx routine if link_id is set to IEEE80211_LINK_UNSPECIFIED • https://git.kernel.org/stable/c/3ce8acb86b6614b9f7af794f119f9627efe6b302 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-38597 – drm/rockchip: vop2: fail cleanly if missing a primary plane for a video-port
https://notcve.org/view.php?id=CVE-2025-38597
19 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/rockchip: vop2: fail cleanly if missing a primary plane for a video-port Each window of a vop2 is usable by a specific set of video ports, so while binding the vop2, we look through the list of available windows trying to find one designated as primary-plane and usable by that specific port. The code later wants to use drm_crtc_init_with_planes with that found primary plane, but nothing has checked so far if a primary plane was actually... • https://git.kernel.org/stable/c/604be85547ce4d61b89292d2f9a78c721b778c16 •