CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2025-38579 – f2fs: fix KMSAN uninit-value in extent_info usage
https://notcve.org/view.php?id=CVE-2025-38579
19 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix KMSAN uninit-value in extent_info usage KMSAN reported a use of uninitialized value in `__is_extent_mergeable()` and `__is_back_mergeable()` via the read extent tree path. The root cause is that `get_read_extent_info()` only initializes three fields (`fofs`, `blk`, `len`) of `struct extent_info`, leaving the remaining fields uninitialized. This leads to undefined behavior when those fields are accessed later, especially during ext... • https://git.kernel.org/stable/c/94afd6d6e5253179c9b891d02081cc8355a11768 •
CVSS: 7.3EPSS: 0%CPEs: 6EXPL: 0CVE-2025-38578 – f2fs: fix to avoid UAF in f2fs_sync_inode_meta()
https://notcve.org/view.php?id=CVE-2025-38578
19 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid UAF in f2fs_sync_inode_meta() syzbot reported an UAF issue as below: [1] [2] [1] https://syzkaller.appspot.com/text?tag=CrashReport&x=16594c60580000 ================================================================== BUG: KASAN: use-after-free in __list_del_entry_valid+0xa6/0x130 lib/list_debug.c:62 Read of size 8 at addr ffff888100567dc8 by task kworker/u4:0/8 CPU: 1 PID: 8 Comm: kworker/u4:0 Tainted: G W 6.1.129-syzkalle... • https://git.kernel.org/stable/c/0f18b462b2e5aff64b8638e8a47284b907351ef3 •
CVSS: 6.6EPSS: 0%CPEs: 6EXPL: 0CVE-2025-38577 – f2fs: fix to avoid panic in f2fs_evict_inode
https://notcve.org/view.php?id=CVE-2025-38577
19 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid panic in f2fs_evict_inode As syzbot [1] reported as below: R10: 0000000000000100 R11: 0000000000000206 R12: 00007ffe17473450 R13: 00007f28b1c10854 R14: 000000000000dae5 R15: 00007ffe17474520 ---[ end trace 0000000000000000 ]--- ================================================================== BUG: KASAN: use-after-free in __list_del_entry_valid+0xa6/0x130 lib/list_debug.c:62 Read of size 8 at addr ffff88812d96227... • https://git.kernel.org/stable/c/0f18b462b2e5aff64b8638e8a47284b907351ef3 •
CVSS: 6.3EPSS: 0%CPEs: 6EXPL: 0CVE-2025-38576 – powerpc/eeh: Make EEH driver device hotplug safe
https://notcve.org/view.php?id=CVE-2025-38576
19 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: powerpc/eeh: Make EEH driver device hotplug safe Multiple race conditions existed between the PCIe hotplug driver and the EEH driver, leading to a variety of kernel oopses of the same general nature:
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2025-38574 – pptp: ensure minimal skb length in pptp_xmit()
https://notcve.org/view.php?id=CVE-2025-38574
19 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: pptp: ensure minimal skb length in pptp_xmit() Commit aabc6596ffb3 ("net: ppp: Add bound checking for skb data on ppp_sync_txmung") fixed ppp_sync_txmunge() We need a similar fix in pptp_xmit(), otherwise we might read uninit data as reported by syzbot. BUG: KMSAN: uninit-value in pptp_xmit+0xc34/0x2720 drivers/net/ppp/pptp.c:193 pptp_xmit+0xc34/0x2720 drivers/net/ppp/pptp.c:193 ppp_channel_bridge_input drivers/net/ppp/ppp_generic.c:2290 [i... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 6.8EPSS: 0%CPEs: 6EXPL: 0CVE-2025-38572 – ipv6: reject malicious packets in ipv6_gso_segment()
https://notcve.org/view.php?id=CVE-2025-38572
19 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: ipv6: reject malicious packets in ipv6_gso_segment() syzbot was able to craft a packet with very long IPv6 extension headers leading to an overflow of skb->transport_header. This 16bit field has a limited range. Add skb_reset_transport_header_careful() helper and use it from ipv6_gso_segment() WARNING: CPU: 0 PID: 5871 at ./include/linux/skbuff.h:3032 skb_reset_transport_header include/linux/skbuff.h:3032 [inline] WARNING: CPU: 0 PID: 5871 ... • https://git.kernel.org/stable/c/d1da932ed4ecad2a14cbcc01ed589d617d0f0f09 •
CVSS: 6.3EPSS: 0%CPEs: 5EXPL: 0CVE-2025-38571 – sunrpc: fix client side handling of tls alerts
https://notcve.org/view.php?id=CVE-2025-38571
19 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix client side handling of tls alerts A security exploit was discovered in NFS over TLS in tls_alert_recv due to its assumption that there is valid data in the msghdr's iterator's kvec. Instead, this patch proposes the rework how control messages are setup and used by sock_recvmsg(). If no control message structure is setup, kTLS layer will read and process TLS data record types. As soon as it encounters a TLS control message, it w... • https://git.kernel.org/stable/c/dea034b963c8901bdcc3d3880c04f0d75c95112f •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2025-38569 – benet: fix BUG when creating VFs
https://notcve.org/view.php?id=CVE-2025-38569
19 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: benet: fix BUG when creating VFs benet crashes as soon as SRIOV VFs are created: kernel BUG at mm/vmalloc.c:3457! Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI CPU: 4 UID: 0 PID: 7408 Comm: test.sh Kdump: loaded Not tainted 6.16.0+ #1 PREEMPT(voluntary) [...] RIP: 0010:vunmap+0x5f/0x70 [...] Call Trace:
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2025-38568 – net/sched: mqprio: fix stack out-of-bounds write in tc entry parsing
https://notcve.org/view.php?id=CVE-2025-38568
19 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: net/sched: mqprio: fix stack out-of-bounds write in tc entry parsing TCA_MQPRIO_TC_ENTRY_INDEX is validated using NLA_POLICY_MAX(NLA_U32, TC_QOPT_MAX_QUEUE), which allows the value TC_QOPT_MAX_QUEUE (16). This leads to a 4-byte out-of-bounds stack write in the fp[] array, which only has room for 16 elements (0–15). Fix this by changing the policy to allow only up to TC_QOPT_MAX_QUEUE - 1. In the Linux kernel, the following vulnerability has... • https://git.kernel.org/stable/c/f62af20bed2d9e824f51cfc97ff01bc261f40e58 •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2025-38566 – sunrpc: fix handling of server side tls alerts
https://notcve.org/view.php?id=CVE-2025-38566
19 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix handling of server side tls alerts Scott Mayhew discovered a security exploit in NFS over TLS in tls_alert_recv() due to its assumption it can read data from the msg iterator's kvec.. kTLS implementation splits TLS non-data record payload between the control message buffer (which includes the type such as TLS aler or TLS cipher change) and the rest of the payload (say TLS alert's level/description) which goes into the msg payloa... • https://git.kernel.org/stable/c/5e052dda121e2870dd87181783da4a95d7d2927b •