CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2025-38441 – netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto()
https://notcve.org/view.php?id=CVE-2025-38441
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto() syzbot found a potential access to uninit-value in nf_flow_pppoe_proto() Blamed commit forgot the Ethernet header. BUG: KMSAN: uninit-value in nf_flow_offload_inet_hook+0x7e4/0x940 net/netfilter/nf_flow_table_inet.c:27 nf_flow_offload_inet_hook+0x7e4/0x940 net/netfilter/nf_flow_table_inet.c:27 nf_hook_entry_hookfn include/linux/netfilter.h:157 [inline] nf_hook_slow+0... • https://git.kernel.org/stable/c/d06977b9a4109f8738bb276125eb6a0b772bc433 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-38440 – net/mlx5e: Fix race between DIM disable and net_dim()
https://notcve.org/view.php?id=CVE-2025-38440
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix race between DIM disable and net_dim() There's a race between disabling DIM and NAPI callbacks using the dim pointer on the RQ or SQ. If NAPI checks the DIM state bit and sees it still set, it assumes `rq->dim` or `sq->dim` is valid. But if DIM gets disabled right after that check, the pointer might already be set to NULL, leading to a NULL pointer dereference in net_dim(). Fix this by calling `synchronize_net()` before freei... • https://git.kernel.org/stable/c/445a25f6e1a2f6a132b06af6ede4f3c9b5f9af68 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38439 – bnxt_en: Set DMA unmap len correctly for XDP_REDIRECT
https://notcve.org/view.php?id=CVE-2025-38439
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Set DMA unmap len correctly for XDP_REDIRECT When transmitting an XDP_REDIRECT packet, call dma_unmap_len_set() with the proper length instead of 0. This bug triggers this warning on a system with IOMMU enabled: WARNING: CPU: 36 PID: 0 at drivers/iommu/dma-iommu.c:842 __iommu_dma_unmap+0x159/0x170 RIP: 0010:__iommu_dma_unmap+0x159/0x170 Code: a8 00 00 00 00 48 c7 45 b0 00 00 00 00 48 c7 45 c8 00 00 00 00 48 c7 45 a0 ff ff ff ff 4c ... • https://git.kernel.org/stable/c/f18c2b77b2e4eec2313d519ba125bd6a069513cf •
CVSS: 5.6EPSS: 0%CPEs: 3EXPL: 0CVE-2025-38438 – ASoC: SOF: Intel: hda: Use devm_kstrdup() to avoid memleak.
https://notcve.org/view.php?id=CVE-2025-38438
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Intel: hda: Use devm_kstrdup() to avoid memleak. sof_pdata->tplg_filename can have address allocated by kstrdup() and can be overwritten. Memory leak was detected with kmemleak: unreferenced object 0xffff88812391ff60 (size 16): comm "kworker/4:1", pid 161, jiffies 4294802931 hex dump (first 16 bytes): 73 6f 66 2d 68 64 61 2d 67 65 6e 65 72 69 63 00 sof-hda-generic. backtrace (crc 4bf1675c): __kmalloc_node_track_caller_noprof+0x49... • https://git.kernel.org/stable/c/dd96daca6c83ecaf37f38ff49d8d174bbff576b4 •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-38437 – ksmbd: fix potential use-after-free in oplock/lease break ack
https://notcve.org/view.php?id=CVE-2025-38437
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix potential use-after-free in oplock/lease break ack If ksmbd_iov_pin_rsp return error, use-after-free can happen by accessing opinfo->state and opinfo_put and ksmbd_fd_put could called twice. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ksmbd: corrige el uso potencial use-after-free en el acuse de recibo de interrupción de oplock/lease Si ksmbd_iov_pin_rsp devuelve un error, el use-after-free puede ocurrir al... • https://git.kernel.org/stable/c/0626e6641f6b467447c81dd7678a69c66f7746cf •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2025-38436 – drm/scheduler: signal scheduled fence when kill job
https://notcve.org/view.php?id=CVE-2025-38436
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/scheduler: signal scheduled fence when kill job When an entity from application B is killed, drm_sched_entity_kill() removes all jobs belonging to that entity through drm_sched_entity_kill_jobs_work(). If application A's job depends on a scheduled fence from application B's job, and that fence is not properly signaled during the killing process, application A's dependency cannot be cleared. This leads to application A hanging indefinite... • https://git.kernel.org/stable/c/a72ce6f84109c1dec1ab236d65979d3250668af3 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-38435 – riscv: vector: Fix context save/restore with xtheadvector
https://notcve.org/view.php?id=CVE-2025-38435
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: riscv: vector: Fix context save/restore with xtheadvector Previously only v0-v7 were correctly saved/restored, and the context of v8-v31 are damanged. Correctly save/restore v8-v31 to avoid breaking userspace. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: riscv: vector: Se corrige el guardado/restauración de contexto con xtheadvector. Anteriormente, solo se guardaban/restauraban correctamente las versiones v0 a v7, y el... • https://git.kernel.org/stable/c/d863910eabaffc68eb28aaf476dd870fc3f7197d •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2025-38434 – Revert "riscv: Define TASK_SIZE_MAX for __access_ok()"
https://notcve.org/view.php?id=CVE-2025-38434
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: Revert "riscv: Define TASK_SIZE_MAX for __access_ok()" This reverts commit ad5643cf2f69 ("riscv: Define TASK_SIZE_MAX for __access_ok()"). This commit changes TASK_SIZE_MAX to be LONG_MAX to optimize access_ok(), because the previous TASK_SIZE_MAX (default to TASK_SIZE) requires some computation. The reasoning was that all user addresses are less than LONG_MAX, and all kernel addresses are greater than LONG_MAX. Therefore access_ok() can fi... • https://git.kernel.org/stable/c/ad5643cf2f699989daa85d909403febd6712fccb •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-38433 – riscv: fix runtime constant support for nommu kernels
https://notcve.org/view.php?id=CVE-2025-38433
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: riscv: fix runtime constant support for nommu kernels the `__runtime_fixup_32` function does not handle the case where `val` is zero correctly (as might occur when patching a nommu kernel and referring to a physical address below the 4GiB boundary whose upper 32 bits are all zero) because nothing in the existing logic prevents the code from taking the `else` branch of both nop-checks and emitting two `nop` instructions. This leaves random g... • https://git.kernel.org/stable/c/a44fb5722199de8338d991db5ad3d509192179bb •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2025-38432 – net: netpoll: Initialize UDP checksum field before checksumming
https://notcve.org/view.php?id=CVE-2025-38432
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: net: netpoll: Initialize UDP checksum field before checksumming commit f1fce08e63fe ("netpoll: Eliminate redundant assignment") removed the initialization of the UDP checksum, which was wrong and broke netpoll IPv6 transmission due to bad checksumming. udph->check needs to be set before calling csum_ipv6_magic(). En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: netpoll: Inicializar el campo de suma de comprobación UDP... • https://git.kernel.org/stable/c/f1fce08e63fe1a2a8b8106b93b7244a39830edae •