CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2025-38426 – drm/amdgpu: Add basic validation for RAS header
https://notcve.org/view.php?id=CVE-2025-38426
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Add basic validation for RAS header If RAS header read from EEPROM is corrupted, it could result in trying to allocate huge memory for reading the records. Add some validation to header fields. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amdgpu: Se ha añadido validación básica para el encabezado RAS. Si el encabezado RAS leído desde la EEPROM está dañado, podría intentar asignar una gran cantidad de me... • https://git.kernel.org/stable/c/64f55e629237e4752db18df4d6969a69e3f4835a •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2025-38425 – i2c: tegra: check msg length in SMBUS block read
https://notcve.org/view.php?id=CVE-2025-38425
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: i2c: tegra: check msg length in SMBUS block read For SMBUS block read, do not continue to read if the message length passed from the device is '0' or greater than the maximum allowed bytes. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: i2c: tegra: verificar la longitud del mensaje en la lectura del bloque SMBUS Para la lectura del bloque SMBUS, no continúe leyendo si la longitud del mensaje pasado desde el dispositivo e... • https://git.kernel.org/stable/c/c39d1a9ae4ad66afcecab124d7789722bfe909fa •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38424 – perf: Fix sample vs do_exit()
https://notcve.org/view.php?id=CVE-2025-38424
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: perf: Fix sample vs do_exit() Baisheng Gao reported an ARM64 crash, which Mark decoded as being a synchronous external abort -- most likely due to trying to access MMIO in bad ways. The crash further shows perf trying to do a user stack sample while in exit_mmap()'s tlb_finish_mmu() -- i.e. while tearing down the address space it is trying to access. It turns out that we stop perf after we tear down the userspace mm; a receipie for disaster... • https://git.kernel.org/stable/c/c5ebcedb566ef17bda7b02686e0d658a7bb42ee7 •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2025-38423 – ASoC: codecs: wcd9375: Fix double free of regulator supplies
https://notcve.org/view.php?id=CVE-2025-38423
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: wcd9375: Fix double free of regulator supplies Driver gets regulator supplies in probe path with devm_regulator_bulk_get(), so should not call regulator_bulk_free() in error and remove paths to avoid double free. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ASoC: codecs: wcd9375: Se corrige la doble liberación de los suministros del regulador. El controlador obtiene los suministros del regulador en la rut... • https://git.kernel.org/stable/c/216d04139a6d0ecaea9432178225b29d367da886 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2025-38422 – net: lan743x: Modify the EEPROM and OTP size for PCI1xxxx devices
https://notcve.org/view.php?id=CVE-2025-38422
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: net: lan743x: Modify the EEPROM and OTP size for PCI1xxxx devices Maximum OTP and EEPROM size for hearthstone PCI1xxxx devices are 8 Kb and 64 Kb respectively. Adjust max size definitions and return correct EEPROM length based on device. Also prevent out-of-bound read/write. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net:lan743x: Modificar el tamaño de la EEPROM y el OTP para dispositivos PCI1xxxx. El tamaño máximo d... • https://git.kernel.org/stable/c/695846047aa9b4bb387473a9fd227a51ae7de5e9 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2025-38421 – platform/x86/amd: pmf: Use device managed allocations
https://notcve.org/view.php?id=CVE-2025-38421
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: platform/x86/amd: pmf: Use device managed allocations If setting up smart PC fails for any reason then this can lead to a double free when unloading amd-pmf. This is because dev->buf was freed but never set to NULL and is again freed in amd_pmf_remove(). To avoid subtle allocation bugs in failures leading to a double free change all allocations into device managed allocations. En el kernel de Linux, se ha resuelto la siguiente vulnerabilida... • https://git.kernel.org/stable/c/5b1122fc4995f308b21d7cfc64ef9880ac834d20 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38420 – wifi: carl9170: do not ping device which has failed to load firmware
https://notcve.org/view.php?id=CVE-2025-38420
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: carl9170: do not ping device which has failed to load firmware Syzkaller reports [1, 2] crashes caused by an attempts to ping the device which has failed to load firmware. Since such a device doesn't pass 'ieee80211_register_hw()', an internal workqueue managed by 'ieee80211_queue_work()' is not yet created and an attempt to queue work on it causes null-ptr-deref. [1] https://syzkaller.appspot.com/bug?extid=9a4aec827829942045ff [2] ht... • https://git.kernel.org/stable/c/e4a668c59080f862af3ecc28b359533027cbe434 •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2025-38419 – remoteproc: core: Cleanup acquired resources when rproc_handle_resources() fails in rproc_attach()
https://notcve.org/view.php?id=CVE-2025-38419
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: remoteproc: core: Cleanup acquired resources when rproc_handle_resources() fails in rproc_attach() When rproc->state = RPROC_DETACHED and rproc_attach() is used to attach to the remote processor, if rproc_handle_resources() returns a failure, the resources allocated by imx_rproc_prepare() should be released, otherwise the following memory leak will occur. Since almost the same thing is done in imx_rproc_prepare() and rproc_resource_cleanup(... • https://git.kernel.org/stable/c/10a3d4079eaea06472f1981152e2840e7232ffa9 •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2025-38418 – remoteproc: core: Release rproc->clean_table after rproc_attach() fails
https://notcve.org/view.php?id=CVE-2025-38418
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: remoteproc: core: Release rproc->clean_table after rproc_attach() fails When rproc->state = RPROC_DETACHED is attached to remote processor through rproc_attach(), if rproc_handle_resources() returns failure, then the clean table should be released, otherwise the following memory leak will occur. unreferenced object 0xffff000086a99800 (size 1024): comm "kworker/u12:3", pid 59, jiffies 4294893670 (age 121.140s) hex dump (first 32 bytes): 00 0... • https://git.kernel.org/stable/c/9dc9507f1880fb6225e3e058cb5219b152cbf198 •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2025-38417 – ice: fix eswitch code memory leak in reset scenario
https://notcve.org/view.php?id=CVE-2025-38417
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: ice: fix eswitch code memory leak in reset scenario Add simple eswitch mode checker in attaching VF procedure and allocate required port representor memory structures only in switchdev mode. The reset flows triggers VF (if present) detach/attach procedure. It might involve VF port representor(s) re-creation if the device is configured is switchdev mode (not legacy one). The memory was blindly allocated in current implementation, regardless ... • https://git.kernel.org/stable/c/415db8399d06a45ebd7b7d26b951f831a4b01801 •