CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2025-38278 – octeontx2-pf: QOS: Refactor TC_HTB_LEAF_DEL_LAST callback
https://notcve.org/view.php?id=CVE-2025-38278
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: QOS: Refactor TC_HTB_LEAF_DEL_LAST callback This patch addresses below issues, 1. Active traffic on the leaf node must be stopped before its send queue is reassigned to the parent. This patch resolves the issue by marking the node as 'Inner'. 2. During a system reboot, the interface receives TC_HTB_LEAF_DEL and TC_HTB_LEAF_DEL_LAST callbacks to delete its HTB queues. In the case of TC_HTB_LEAF_DEL_LAST, although the same send ... • https://git.kernel.org/stable/c/5e6808b4c68d7882971514ab3279926eb07c8b2d •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2025-38277 – mtd: nand: ecc-mxic: Fix use of uninitialized variable ret
https://notcve.org/view.php?id=CVE-2025-38277
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: mtd: nand: ecc-mxic: Fix use of uninitialized variable ret If ctx->steps is zero, the loop processing ECC steps is skipped, and the variable ret remains uninitialized. It is later checked and returned, which leads to undefined behavior and may cause unpredictable results in user space or kernel crashes. This scenario can be triggered in edge cases such as misconfigured geometry, ECC engine misuse, or if ctx->steps is not validated after ini... • https://git.kernel.org/stable/c/48e6633a9fa2400b53a964358753769f291a7eb0 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-38276 – fs/dax: Fix "don't skip locked entries when scanning entries"
https://notcve.org/view.php?id=CVE-2025-38276
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: fs/dax: Fix "don't skip locked entries when scanning entries" Commit 6be3e21d25ca ("fs/dax: don't skip locked entries when scanning entries") introduced a new function, wait_entry_unlocked_exclusive(), which waits for the current entry to become unlocked without advancing the XArray iterator state. Waiting for the entry to become unlocked requires dropping the XArray lock. This requires calling xas_pause() prior to dropping the lock which l... • https://git.kernel.org/stable/c/6be3e21d25ca2dbb7ca4f3f7db808a3e1a944bd1 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2025-38275 – phy: qcom-qmp-usb: Fix an NULL vs IS_ERR() bug
https://notcve.org/view.php?id=CVE-2025-38275
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: phy: qcom-qmp-usb: Fix an NULL vs IS_ERR() bug The qmp_usb_iomap() helper function currently returns the raw result of devm_ioremap() for non-exclusive mappings. Since devm_ioremap() may return a NULL pointer and the caller only checks error pointers with IS_ERR(), NULL could bypass the check and lead to an invalid dereference. Fix the issue by checking if devm_ioremap() returns NULL. When it does, qmp_usb_iomap() now returns an error point... • https://git.kernel.org/stable/c/a5d6b1ac56cbd6b5850a3a54e35f1cb71e8e8cdd •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-38274 – fpga: fix potential null pointer deref in fpga_mgr_test_img_load_sgt()
https://notcve.org/view.php?id=CVE-2025-38274
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: fpga: fix potential null pointer deref in fpga_mgr_test_img_load_sgt() fpga_mgr_test_img_load_sgt() allocates memory for sgt using kunit_kzalloc() however it does not check if the allocation failed. It then passes sgt to sg_alloc_table(), which passes it to __sg_alloc_table(). This function calls memset() on sgt in an attempt to zero it out. If the allocation fails then sgt will be NULL and the memset will trigger a NULL pointer dereference... • https://git.kernel.org/stable/c/ccbc1c302115d8125d6a96296ba52702c6de0ade •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38273 – net: tipc: fix refcount warning in tipc_aead_encrypt
https://notcve.org/view.php?id=CVE-2025-38273
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: net: tipc: fix refcount warning in tipc_aead_encrypt syzbot reported a refcount warning [1] caused by calling get_net() on a network namespace that is being destroyed (refcount=0). This happens when a TIPC discovery timer fires during network namespace cleanup. The recently added get_net() call in commit e279024617134 ("net/tipc: fix slab-use-after-free Read in tipc_aead_encrypt_done") attempts to hold a reference to the network namespace. ... • https://git.kernel.org/stable/c/d42ed4de6aba232d946d20653a70f79158a6535b •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-38272 – net: dsa: b53: do not enable EEE on bcm63xx
https://notcve.org/view.php?id=CVE-2025-38272
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: net: dsa: b53: do not enable EEE on bcm63xx BCM63xx internal switches do not support EEE, but provide multiple RGMII ports where external PHYs may be connected. If one of these PHYs are EEE capable, we may try to enable EEE for the MACs, which then hangs the system on access of the (non-existent) EEE registers. Fix this by checking if the switch actually supports EEE before attempting to configure it. In the Linux kernel, the following vuln... • https://git.kernel.org/stable/c/22256b0afb12333571ad11799fa68fd27e4f4e80 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-38271 – net: prevent a NULL deref in rtnl_create_link()
https://notcve.org/view.php?id=CVE-2025-38271
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: net: prevent a NULL deref in rtnl_create_link() At the time rtnl_create_link() is running, dev->netdev_ops is NULL, we must not use netdev_lock_ops() or risk a NULL deref if CONFIG_NET_SHAPER is defined. Use netif_set_group() instead of dev_set_group(). RIP: 0010:netdev_need_ops_lock include/net/netdev_lock.h:33 [inline] RIP: 0010:netdev_lock_ops include/net/netdev_lock.h:41 [inline] RIP: 0010:dev_set_group+0xc0/0x230 net/core/dev_api.c:82 ... • https://git.kernel.org/stable/c/7e4d784f5810bba76c4593791028e13cce4af547 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-38270 – net: drv: netdevsim: don't napi_complete() from netpoll
https://notcve.org/view.php?id=CVE-2025-38270
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: net: drv: netdevsim: don't napi_complete() from netpoll netdevsim supports netpoll. Make sure we don't call napi_complete() from it, since it may not be scheduled. Breno reports hitting a warning in napi_complete_done(): WARNING: CPU: 14 PID: 104 at net/core/dev.c:6592 napi_complete_done+0x2cc/0x560 __napi_poll+0x2d8/0x3a0 handle_softirqs+0x1fe/0x710 This is presumably after netpoll stole the SCHED bit prematurely. In the Linux kernel, the ... • https://git.kernel.org/stable/c/3762ec05a9fbda16aaaa2568df679ab8ad13f38d •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-38269 – btrfs: exit after state insertion failure at btrfs_convert_extent_bit()
https://notcve.org/view.php?id=CVE-2025-38269
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: exit after state insertion failure at btrfs_convert_extent_bit() If insert_state() state failed it returns an error pointer and we call extent_io_tree_panic() which will trigger a BUG() call. However if CONFIG_BUG is disabled, which is an uncommon and exotic scenario, then we fallthrough and call cache_state() which will dereference the error pointer, resulting in an invalid memory access. So jump to the 'out' label after calling ext... • https://git.kernel.org/stable/c/58c50f45e1821a04d61b62514f9bd34afe67c622 •