CVSS: -EPSS: %CPEs: 4EXPL: 0CVE-2025-38006 – net: mctp: Don't access ifa_index when missing
https://notcve.org/view.php?id=CVE-2025-38006
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: net: mctp: Don't access ifa_index when missing In mctp_dump_addrinfo, ifa_index can be used to filter interfaces, but only when the struct ifaddrmsg is provided. Otherwise it will be comparing to uninitialised memory - reproducible in the syzkaller case from dhcpd, or busybox "ip addr show". The kernel MCTP implementation has always filtered by ifa_index, so existing userspace programs expecting to dump MCTP addresses must already be passin... • https://git.kernel.org/stable/c/583be982d93479ea3d85091b0fd0b01201ede87d •
CVSS: -EPSS: %CPEs: 7EXPL: 0CVE-2025-38005 – dmaengine: ti: k3-udma: Add missing locking
https://notcve.org/view.php?id=CVE-2025-38005
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: k3-udma: Add missing locking Recent kernels complain about a missing lock in k3-udma.c when the lock validator is enabled: [ 4.128073] WARNING: CPU: 0 PID: 746 at drivers/dma/ti/../virt-dma.h:169 udma_start.isra.0+0x34/0x238 [ 4.137352] CPU: 0 UID: 0 PID: 746 Comm: kworker/0:3 Not tainted 6.12.9-arm64 #28 [ 4.144867] Hardware name: pp-v12 (DT) [ 4.148648] Workqueue: events udma_check_tx_completion [ 4.153841] pstate: 60000005... • https://git.kernel.org/stable/c/25dcb5dd7b7ce5587c1df18f584ff78f51a68a94 •
CVSS: 6.4EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38004 – can: bcm: add locking for bcm_op runtime updates
https://notcve.org/view.php?id=CVE-2025-38004
08 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: can: bcm: add locking for bcm_op runtime updates The CAN broadcast manager (CAN BCM) can send a sequence of CAN frames via hrtimer. The content and also the length of the sequence can be changed resp reduced at runtime where the 'currframe' counter is then set to zero. Although this appeared to be a safe operation the updates of 'currframe' can be triggered from user space and hrtimer context in bcm_can_tx(). Anderson Nascimento created a p... • https://git.kernel.org/stable/c/ffd980f976e7fd666c2e61bf8ab35107efd11828 •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2025-38003 – can: bcm: add missing rcu read protection for procfs content
https://notcve.org/view.php?id=CVE-2025-38003
08 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: can: bcm: add missing rcu read protection for procfs content When the procfs content is generated for a bcm_op which is in the process to be removed the procfs output might show unreliable data (UAF). As the removal of bcm_op's is already implemented with rcu handling this patch adds the missing rcu_read_lock() and makes sure the list entries are properly removed under rcu protection. En el kernel de Linux, se ha resuelto la siguiente vulne... • https://git.kernel.org/stable/c/5b48f5711f1c630841ab78dcc061de902f0e37bf •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2025-38001 – net_sched: hfsc: Address reentrant enqueue adding class to eltree twice
https://notcve.org/view.php?id=CVE-2025-38001
06 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice Savino says: "We are writing to report that this recent patch (141d34391abbb315d68556b7c67ad97885407547) [1] can be bypassed, and a UAF can still occur when HFSC is utilized with NETEM. The patch only checks the cl->cl_nactive field to determine whether it is the first insertion or not [2], but this field is only incremented by init_vf [3]. By using HFSC_RSC (which uses... • https://git.kernel.org/stable/c/37d9cf1a3ce35de3df6f7d209bfb1f50cf188cea •
CVSS: 6.4EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38000 – sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue()
https://notcve.org/view.php?id=CVE-2025-38000
06 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() When enqueuing the first packet to an HFSC class, hfsc_enqueue() calls the child qdisc's peek() operation before incrementing sch->q.qlen and sch->qstats.backlog. If the child qdisc uses qdisc_peek_dequeued(), this may trigger an immediate dequeue and potential packet drop. In such cases, qdisc_tree_reduce_backlog() is called, but the HFSC qdisc's qlen and backlog have not ... • https://git.kernel.org/stable/c/12d0ad3be9c3854e52ec74bb83bb6f43612827c7 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2025-37998 – openvswitch: Fix unsafe attribute parsing in output_userspace()
https://notcve.org/view.php?id=CVE-2025-37998
29 May 2025 — In the Linux kernel, the following vulnerability has been resolved: openvswitch: Fix unsafe attribute parsing in output_userspace() This patch replaces the manual Netlink attribute iteration in output_userspace() with nla_for_each_nested(), which ensures that only well-formed attributes are processed. In the Linux kernel, the following vulnerability has been resolved: openvswitch: Fix unsafe attribute parsing in output_userspace() This patch replaces the manual Netlink attribute iteration in output_userspac... • https://git.kernel.org/stable/c/ccb1352e76cff0524e7ccb2074826a092dd13016 •
CVSS: 6.9EPSS: 0%CPEs: 9EXPL: 0CVE-2025-37997 – netfilter: ipset: fix region locking in hash types
https://notcve.org/view.php?id=CVE-2025-37997
29 May 2025 — In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: fix region locking in hash types Region locking introduced in v5.6-rc4 contained three macros to handle the region locks: ahash_bucket_start(), ahash_bucket_end() which gave back the start and end hash bucket values belonging to a given region lock and ahash_region() which should give back the region lock belonging to a given hash bucket. The latter was incorrect which can lead to a race condition between the garbage colle... • https://git.kernel.org/stable/c/5dd9488ae41070b69d2f4acb580f77db5705f9ca •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-37995 – module: ensure that kobject_put() is safe for module type kobjects
https://notcve.org/view.php?id=CVE-2025-37995
29 May 2025 — In the Linux kernel, the following vulnerability has been resolved: module: ensure that kobject_put() is safe for module type kobjects In 'lookup_or_create_module_kobject()', an internal kobject is created using 'module_ktype'. So call to 'kobject_put()' on error handling path causes an attempt to use an uninitialized completion pointer in 'module_kobject_release()'. In this scenario, we just want to release kobject without an extra synchronization required for a regular module unloading process, so adding ... • https://git.kernel.org/stable/c/942e443127e928a5631c3d5102aca8c8b3c2dd98 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-37994 – usb: typec: ucsi: displayport: Fix NULL pointer access
https://notcve.org/view.php?id=CVE-2025-37994
29 May 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: displayport: Fix NULL pointer access This patch ensures that the UCSI driver waits for all pending tasks in the ucsi_displayport_work workqueue to finish executing before proceeding with the partner removal. In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: displayport: Fix NULL pointer access This patch ensures that the UCSI driver waits for all pending tasks in the ucsi_displayport_wor... • https://git.kernel.org/stable/c/af8622f6a585d8d82b11cd7987e082861fd0edd3 •