CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-38607 – bpf: handle jset (if a & b ...) as a jump in CFG computation
https://notcve.org/view.php?id=CVE-2025-38607
19 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: handle jset (if a & b ...) as a jump in CFG computation BPF_JSET is a conditional jump and currently verifier.c:can_jump() does not know about that. This can lead to incorrect live registers and SCC computation. E.g. in the following example: 1: r0 = 1; 2: r2 = 2; 3: if r1 & 0x7 goto +1; 4: exit; 5: r0 = r2; 6: exit; W/o this fix insn_successors(3) will return only (4), a jump to (5) would be missed and r2 won't be marked as alive at (... • https://git.kernel.org/stable/c/14c8552db64476ffc27c13dc6652fc0dac31c0ba •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-38606 – wifi: ath12k: Avoid accessing uninitialized arvif->ar during beacon miss
https://notcve.org/view.php?id=CVE-2025-38606
19 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Avoid accessing uninitialized arvif->ar during beacon miss During beacon miss handling, ath12k driver iterates over active virtual interfaces (vifs) and attempts to access the radio object (ar) via arvif->deflink->ar. However, after commit aa80f12f3bed ("wifi: ath12k: defer vdev creation for MLO"), arvif is linked to a radio only after vdev creation, typically when a channel is assigned or a scan is requested. For P2P capable ... • https://git.kernel.org/stable/c/aa80f12f3bedc2d73e4cc43554aee44c277cc938 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-38605 – wifi: ath12k: Pass ab pointer directly to ath12k_dp_tx_get_encap_type()
https://notcve.org/view.php?id=CVE-2025-38605
19 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Pass ab pointer directly to ath12k_dp_tx_get_encap_type() In ath12k_dp_tx_get_encap_type(), the arvif parameter is only used to retrieve the ab pointer. In vdev delete sequence the arvif->ar could become NULL and that would trigger kernel panic. Since the caller ath12k_dp_tx() already has a valid ab pointer, pass it directly to avoid panic and unnecessary dereferencing. PC points to "ath12k_dp_tx+0x228/0x988 [ath12k]" LR point... • https://git.kernel.org/stable/c/e93bbd65547ea8073b707c9034c3f051f8018614 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2025-38604 – wifi: rtl818x: Kill URBs before clearing tx status queue
https://notcve.org/view.php?id=CVE-2025-38604
19 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: rtl818x: Kill URBs before clearing tx status queue In rtl8187_stop() move the call of usb_kill_anchored_urbs() before clearing b_tx_status.queue. This change prevents callbacks from using already freed skb due to anchor was not killed before freeing such skb. BUG: kernel NULL pointer dereference, address: 0000000000000080 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: Oops: 0000... • https://git.kernel.org/stable/c/c1db52b9d27ee6e15a7136e67e4a21dc916cd07f •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-38603 – drm/amdgpu: fix slab-use-after-free in amdgpu_userq_mgr_fini+0x70c
https://notcve.org/view.php?id=CVE-2025-38603
19 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix slab-use-after-free in amdgpu_userq_mgr_fini+0x70c The issue was reproduced on NV10 using IGT pci_unplug test. It is expected that `amdgpu_driver_postclose_kms()` is called prior to `amdgpu_drm_release()`. However, the bug is that `amdgpu_fpriv` was freed in `amdgpu_driver_postclose_kms()`, and then later accessed in `amdgpu_drm_release()` via a call to `amdgpu_userq_mgr_fini()`. As a result, KASAN detected a use-after-free ... • https://git.kernel.org/stable/c/adba0929736a6a2d2780e8e6e4082e42e5ba025c •
CVSS: 6.6EPSS: 0%CPEs: 9EXPL: 0CVE-2025-38602 – iwlwifi: Add missing check for alloc_ordered_workqueue
https://notcve.org/view.php?id=CVE-2025-38602
19 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: iwlwifi: Add missing check for alloc_ordered_workqueue Add check for the return value of alloc_ordered_workqueue since it may return NULL pointer. In the Linux kernel, the following vulnerability has been resolved: iwlwifi: Add missing check for alloc_ordered_workqueue Add check for the return value of alloc_ordered_workqueue since it may return NULL pointer. • https://git.kernel.org/stable/c/b481de9ca074528fe8c429604e2777db8b89806a •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38601 – wifi: ath11k: clear initialized flag for deinit-ed srng lists
https://notcve.org/view.php?id=CVE-2025-38601
19 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: clear initialized flag for deinit-ed srng lists In a number of cases we see kernel panics on resume due to ath11k kernel page fault, which happens under the following circumstances: 1) First ath11k_hal_dump_srng_stats() call Last interrupt received for each group: ath11k_pci 0000:01:00.0: group_id 0 22511ms before ath11k_pci 0000:01:00.0: group_id 1 14440788ms before [..] ath11k_pci 0000:01:00.0: failed to receive control resp... • https://git.kernel.org/stable/c/5118935b1bc28d0bce9427e584e11e905e68ee9a •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2025-38600 – wifi: mt76: mt7925: fix off by one in mt7925_mcu_hw_scan()
https://notcve.org/view.php?id=CVE-2025-38600
19 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7925: fix off by one in mt7925_mcu_hw_scan() The ssid->ssids[] and sreq->ssids[] arrays have MT7925_RNR_SCAN_MAX_BSSIDS elements so this >= needs to be > to prevent an out of bounds access. In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7925: fix off by one in mt7925_mcu_hw_scan() The ssid->ssids[] and sreq->ssids[] arrays have MT7925_RNR_SCAN_MAX_BSSIDS elements so this >= needs to be > to p... • https://git.kernel.org/stable/c/8284815ca161e0fa0861cc4085f1c0141e10a34d •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2025-38599 – wifi: mt76: mt7996: Fix possible OOB access in mt7996_tx()
https://notcve.org/view.php?id=CVE-2025-38599
19 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7996: Fix possible OOB access in mt7996_tx() Fis possible Out-Of-Boundary access in mt7996_tx routine if link_id is set to IEEE80211_LINK_UNSPECIFIED In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7996: Fix possible OOB access in mt7996_tx() Fis possible Out-Of-Boundary access in mt7996_tx routine if link_id is set to IEEE80211_LINK_UNSPECIFIED • https://git.kernel.org/stable/c/3ce8acb86b6614b9f7af794f119f9627efe6b302 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-38598 – drm/amdgpu: fix use-after-free in amdgpu_userq_suspend+0x51a/0x5a0
https://notcve.org/view.php?id=CVE-2025-38598
19 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix use-after-free in amdgpu_userq_suspend+0x51a/0x5a0 [ +0.000020] BUG: KASAN: slab-use-after-free in amdgpu_userq_suspend+0x51a/0x5a0 [amdgpu] [ +0.000817] Read of size 8 at addr ffff88812eec8c58 by task amd_pci_unplug/1733 [ +0.000027] CPU: 10 UID: 0 PID: 1733 Comm: amd_pci_unplug Tainted: G W 6.14.0+ #2 [ +0.000009] Tainted: [W]=WARN [ +0.000003] Hardware name: ASUS System Product Name/ROG STRIX B550-F GAMING (WI-FI), BIOS 1... • https://git.kernel.org/stable/c/adba0929736a6a2d2780e8e6e4082e42e5ba025c •