CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-38018 – net/tls: fix kernel panic when alloc_page failed
https://notcve.org/view.php?id=CVE-2025-38018
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: net/tls: fix kernel panic when alloc_page failed We cannot set frag_list to NULL pointer when alloc_page failed. It will be used in tls_strp_check_queue_ok when the next time tls_strp_read_sock is called. This is because we don't reset full_len in tls_strp_flush_anchor_copy() so the recv path will try to continue handling the partial record on the next call but we dettached the rcvq from the frag list. Alternative fix would be to reset full... • https://git.kernel.org/stable/c/84c61fe1a75b4255df1e1e7c054c9e6d048da417 •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-38017 – fs/eventpoll: fix endless busy loop after timeout has expired
https://notcve.org/view.php?id=CVE-2025-38017
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: fs/eventpoll: fix endless busy loop after timeout has expired After commit 0a65bc27bd64 ("eventpoll: Set epoll timeout if it's in the future"), the following program would immediately enter a busy loop in the kernel: ``` int main() { int e = epoll_create1(0); struct epoll_event event = {.events = EPOLLIN}; epoll_ctl(e, EPOLL_CTL_ADD, 0, &event); const struct timespec timeout = {.tv_nsec = 1}; epoll_pwait2(e, &event, 1, &timeout, 0); } ``` T... • https://git.kernel.org/stable/c/99a0ad16dfd114a429df665065dcc576dad743c0 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-38016 – HID: bpf: abort dispatch if device destroyed
https://notcve.org/view.php?id=CVE-2025-38016
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: HID: bpf: abort dispatch if device destroyed The current HID bpf implementation assumes no output report/request will go through it after hid_bpf_destroy_device() has been called. This leads to a bug that unplugging certain types of HID devices causes a cleaned- up SRCU to be accessed. The bug was previously a hidden failure until a recent x86 percpu change [1] made it access not-present pages. The bug will be triggered if the conditions be... • https://git.kernel.org/stable/c/8bd0488b5ea58655ad6fdcbe0408ef49b16882b1 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2025-38015 – dmaengine: idxd: fix memory leak in error handling path of idxd_alloc
https://notcve.org/view.php?id=CVE-2025-38015
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: fix memory leak in error handling path of idxd_alloc Memory allocated for idxd is not freed if an error occurs during idxd_alloc(). To fix it, free the allocated memory in the reverse order of allocation before exiting the function in case of an error. In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: fix memory leak in error handling path of idxd_alloc Memory allocated for idxd is not fre... • https://git.kernel.org/stable/c/a8563a33a5e26064061f2fb34215c97f0e2995f4 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-38014 – dmaengine: idxd: Refactor remove call with idxd_cleanup() helper
https://notcve.org/view.php?id=CVE-2025-38014
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Refactor remove call with idxd_cleanup() helper The idxd_cleanup() helper cleans up perfmon, interrupts, internals and so on. Refactor remove call with the idxd_cleanup() helper to avoid code duplication. Note, this also fixes the missing put_device() for idxd groups, enginces and wqs. In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Refactor remove call with idxd_cleanup() helper The idx... • https://git.kernel.org/stable/c/bfe1d56091c1a404b3d4ce7e9809d745fc4453bb •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-38013 – wifi: mac80211: Set n_channels after allocating struct cfg80211_scan_request
https://notcve.org/view.php?id=CVE-2025-38013
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: Set n_channels after allocating struct cfg80211_scan_request Make sure that n_channels is set after allocating the struct cfg80211_registered_device::int_scan_req member. Seen with syzkaller: UBSAN: array-index-out-of-bounds in net/mac80211/scan.c:1208:5 index 0 is out of range for type 'struct ieee80211_channel *[] __counted_by(n_channels)' (aka 'struct ieee80211_channel *[]') This was missed in the initial conversions beca... • https://git.kernel.org/stable/c/e3eac9f32ec04112b39e01b574ac739382469bf9 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-38012 – sched_ext: bpf_iter_scx_dsq_new() should always initialize iterator
https://notcve.org/view.php?id=CVE-2025-38012
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: sched_ext: bpf_iter_scx_dsq_new() should always initialize iterator BPF programs may call next() and destroy() on BPF iterators even after new() returns an error value (e.g. bpf_for_each() macro ignores error returns from new()). bpf_iter_scx_dsq_new() could leave the iterator in an uninitialized state after an error return causing bpf_iter_scx_dsq_next() to dereference garbage data. Make bpf_iter_scx_dsq_new() always clear $kit->dsq so tha... • https://git.kernel.org/stable/c/650ba21b131ed1f8ee57826b2c6295a3be221132 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-38011 – drm/amdgpu: csa unmap use uninterruptible lock
https://notcve.org/view.php?id=CVE-2025-38011
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: csa unmap use uninterruptible lock After process exit to unmap csa and free GPU vm, if signal is accepted and then waiting to take vm lock is interrupted and return, it causes memory leaking and below warning backtrace. Change to use uninterruptible wait lock fix the issue. WARNING: CPU: 69 PID: 167800 at amd/amdgpu/amdgpu_kms.c:1525 amdgpu_driver_postclose_kms+0x294/0x2a0 [amdgpu] Call Trace:
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2025-38010 – phy: tegra: xusb: Use a bitmask for UTMI pad power state tracking
https://notcve.org/view.php?id=CVE-2025-38010
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: phy: tegra: xusb: Use a bitmask for UTMI pad power state tracking The current implementation uses bias_pad_enable as a reference count to manage the shared bias pad for all UTMI PHYs. However, during system suspension with connected USB devices, multiple power-down requests for the UTMI pad result in a mismatch in the reference count, which in turn produces warnings such as: [ 237.762967] WARNING: CPU: 10 PID: 1618 at tegra186_utmi_pad_powe... • https://git.kernel.org/stable/c/a30951d31b250bf3479c00e93646b6cc6fb42a56 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2025-38009 – wifi: mt76: disable napi on driver removal
https://notcve.org/view.php?id=CVE-2025-38009
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: disable napi on driver removal A warning on driver removal started occurring after commit 9dd05df8403b ("net: warn if NAPI instance wasn't shut down"). Disable tx napi before deleting it in mt76_dma_cleanup(). WARNING: CPU: 4 PID: 18828 at net/core/dev.c:7288 __netif_napi_del_locked+0xf0/0x100 CPU: 4 UID: 0 PID: 18828 Comm: modprobe Not tainted 6.15.0-rc4 #4 PREEMPT(lazy) Hardware name: ASUS System Product Name/PRIME X670E-PRO W... • https://git.kernel.org/stable/c/2ac515a5d74f26963362d5da9589c67ca3663338 •