CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38395 – regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods
https://notcve.org/view.php?id=CVE-2025-38395
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods drvdata::gpiods is supposed to hold an array of 'gpio_desc' pointers. But the memory is allocated for only one pointer. This will lead to out-of-bounds access later in the code if 'config::ngpios' is > 1. So fix the code to allocate enough memory to hold 'config::ngpios' of GPIO descriptors. While at it, also move the check for memory allocation failure to be below the allocat... • https://git.kernel.org/stable/c/d6cd33ad71029a3f77ba1686caf55d4dea58d916 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38393 – NFSv4/pNFS: Fix a race to wake on NFS_LAYOUT_DRAIN
https://notcve.org/view.php?id=CVE-2025-38393
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: NFSv4/pNFS: Fix a race to wake on NFS_LAYOUT_DRAIN We found a few different systems hung up in writeback waiting on the same page lock, and one task waiting on the NFS_LAYOUT_DRAIN bit in pnfs_update_layout(), however the pnfs_layout_hdr's plh_outstanding count was zero. It seems most likely that this is another race between the waiter and waker similar to commit ed0172af5d6f ("SUNRPC: Fix a race to wake a sync task"). Fix it up by applying... • https://git.kernel.org/stable/c/8acc3e228e1c90bd410f73597a4549e0409f22d6 •
CVSS: 6.3EPSS: 0%CPEs: 3EXPL: 0CVE-2025-38392 – idpf: convert control queue mutex to a spinlock
https://notcve.org/view.php?id=CVE-2025-38392
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: idpf: convert control queue mutex to a spinlock With VIRTCHNL2_CAP_MACFILTER enabled, the following warning is generated on module load: [ 324.701677] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:578 [ 324.701684] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 1582, name: NetworkManager [ 324.701689] preempt_count: 201, expected: 0 [ 324.701693] RCU nest depth: 0, expected: 0 [ 324.701697] 2 locks hel... • https://git.kernel.org/stable/c/a251eee62133774cf35ff829041377e721ef9c8c •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38391 – usb: typec: altmodes/displayport: do not index invalid pin_assignments
https://notcve.org/view.php?id=CVE-2025-38391
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: typec: altmodes/displayport: do not index invalid pin_assignments A poorly implemented DisplayPort Alt Mode port partner can indicate that its pin assignment capabilities are greater than the maximum value, DP_PIN_ASSIGN_F. In this case, calls to pin_assignment_show will cause a BRK exception due to an out of bounds array access. Prevent for loop in pin_assignment_show from accessing invalid values in pin_assignments by adding DP_PIN_A... • https://git.kernel.org/stable/c/0e3bb7d6894d9b6e67d6382bb03a46a1dc989588 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-38390 – firmware: arm_ffa: Fix memory leak by freeing notifier callback node
https://notcve.org/view.php?id=CVE-2025-38390
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: firmware: arm_ffa: Fix memory leak by freeing notifier callback node Commit e0573444edbf ("firmware: arm_ffa: Add interfaces to request notification callbacks") adds support for notifier callbacks by allocating and inserting a callback node into a hashtable during registration of notifiers. However, during unregistration, the code only removes the node from the hashtable without freeing the associated memory, resulting in a memory leak. Res... • https://git.kernel.org/stable/c/e0573444edbf4ee7e3c191d3d08a4ccbd26628be •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38389 – drm/i915/gt: Fix timeline left held on VMA alloc error
https://notcve.org/view.php?id=CVE-2025-38389
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/i915/gt: Fix timeline left held on VMA alloc error The following error has been reported sporadically by CI when a test unbinds the i915 driver on a ring submission platform: <4> [239.330153] ------------[ cut here ]------------ <4> [239.330166] i915 0000:00:02.0: [drm] drm_WARN_ON(dev_priv->mm.shrink_count) <4> [239.330196] WARNING: CPU: 1 PID: 18570 at drivers/gpu/drm/i915/i915_gem.c:1309 i915_gem_cleanup_early+0x13e/0x150 [i915] ... ... • https://git.kernel.org/stable/c/75d0a7f31eec8ec4a53b4485905800e09dc5091f •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2025-38388 – firmware: arm_ffa: Replace mutex with rwlock to avoid sleep in atomic context
https://notcve.org/view.php?id=CVE-2025-38388
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: firmware: arm_ffa: Replace mutex with rwlock to avoid sleep in atomic context The current use of a mutex to protect the notifier hashtable accesses can lead to issues in the atomic context. It results in the below kernel warnings: | BUG: sleeping function called from invalid context at kernel/locking/mutex.c:258 | in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 9, name: kworker/0:0 | preempt_count: 1, expected: 0 | RCU nest depth: 0,... • https://git.kernel.org/stable/c/e0573444edbf4ee7e3c191d3d08a4ccbd26628be •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38387 – RDMA/mlx5: Initialize obj_event->obj_sub_list before xa_insert
https://notcve.org/view.php?id=CVE-2025-38387
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Initialize obj_event->obj_sub_list before xa_insert The obj_event may be loaded immediately after inserted, then if the list_head is not initialized then we may get a poisonous pointer. This fixes the crash below: mlx5_core 0000:03:00.0: MLX5E: StrdRq(1) RqSz(8) StrdSz(2048) RxCqeCmprss(0 enhanced) mlx5_core.sf mlx5_core.sf.4: firmware version: 32.38.3056 mlx5_core 0000:03:00.0 en3f0pf0sf2002: renamed from eth0 mlx5_core.sf mlx5_... • https://git.kernel.org/stable/c/7597385371425febdaa8c6a1da3625d4ffff16f5 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38386 – ACPICA: Refuse to evaluate a method if arguments are missing
https://notcve.org/view.php?id=CVE-2025-38386
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: ACPICA: Refuse to evaluate a method if arguments are missing As reported in [1], a platform firmware update that increased the number of method parameters and forgot to update a least one of its callers, caused ACPICA to crash due to use-after-free. Since this a result of a clear AML issue that arguably cannot be fixed up by the interpreter (it cannot produce missing data out of thin air), address it by making ACPICA refuse to evaluate a me... • https://git.kernel.org/stable/c/b49d224d1830c46e20adce2a239c454cdab426f1 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2025-38385 – net: usb: lan78xx: fix WARN in __netif_napi_del_locked on disconnect
https://notcve.org/view.php?id=CVE-2025-38385
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: net: usb: lan78xx: fix WARN in __netif_napi_del_locked on disconnect Remove redundant netif_napi_del() call from disconnect path. A WARN may be triggered in __netif_napi_del_locked() during USB device disconnect: WARNING: CPU: 0 PID: 11 at net/core/dev.c:7417 __netif_napi_del_locked+0x2b4/0x350 This happens because netif_napi_del() is called in the disconnect path while NAPI is still enabled. However, it is not necessary to call netif_napi_... • https://git.kernel.org/stable/c/ec4c7e12396b1a30fbacfa68425118f5b46ea878 •