CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38513 – wifi: zd1211rw: Fix potential NULL pointer dereference in zd_mac_tx_to_dev()
https://notcve.org/view.php?id=CVE-2025-38513
16 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: zd1211rw: Fix potential NULL pointer dereference in zd_mac_tx_to_dev() There is a potential NULL pointer dereference in zd_mac_tx_to_dev(). For example, the following is possible: T0 T1 zd_mac_tx_to_dev() /* len == skb_queue_len(q) */ while (len > ZD_MAC_MAX_ACK_WAITERS) { filter_ack() spin_lock_irqsave(&q->lock, flags); /* position == skb_queue_len(q) */ for (i=1; i
CVSS: 5.7EPSS: 0%CPEs: 5EXPL: 0CVE-2025-38512 – wifi: prevent A-MSDU attacks in mesh networks
https://notcve.org/view.php?id=CVE-2025-38512
16 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: prevent A-MSDU attacks in mesh networks This patch is a mitigation to prevent the A-MSDU spoofing vulnerability for mesh networks. The initial update to the IEEE 802.11 standard, in response to the FragAttacks, missed this case (CVE-2025-27558). It can be considered a variant of CVE-2020-24588 but for mesh networks. This patch tries to detect if a standard MSDU was turned into an A-MSDU by an adversary. This is done by parsing a recei... • https://git.kernel.org/stable/c/e2c8a3c0388aef6bfc4aabfba07bc7dff16eea80 •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2025-38511 – drm/xe/pf: Clear all LMTT pages on alloc
https://notcve.org/view.php?id=CVE-2025-38511
16 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/xe/pf: Clear all LMTT pages on alloc Our LMEM buffer objects are not cleared by default on alloc and during VF provisioning we only setup LMTT PTEs for the actually provisioned LMEM range. But beyond that valid range we might leave some stale data that could either point to some other VFs allocations or even to the PF pages. Explicitly clear all new LMTT page to avoid the risk that a malicious VF would try to exploit that gap. While aro... • https://git.kernel.org/stable/c/b1d20405821812ad70d95eefe58cadc6d50b0917 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-38510 – kasan: remove kasan_find_vm_area() to prevent possible deadlock
https://notcve.org/view.php?id=CVE-2025-38510
16 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: kasan: remove kasan_find_vm_area() to prevent possible deadlock find_vm_area() couldn't be called in atomic_context. If find_vm_area() is called to reports vm area information, kasan can trigger deadlock like: CPU0 CPU1 vmalloc(); alloc_vmap_area(); spin_lock(&vn->busy.lock) spin_lock_bh(&some_lock);
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-38507 – HID: nintendo: avoid bluetooth suspend/resume stalls
https://notcve.org/view.php?id=CVE-2025-38507
16 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: HID: nintendo: avoid bluetooth suspend/resume stalls Ensure we don't stall or panic the kernel when using bluetooth-connected controllers. This was reported as an issue on android devices using kernel 6.6 due to the resume hook which had been added for usb joycons. First, set a new state value to JOYCON_CTLR_STATE_SUSPENDED in a newly-added nintendo_hid_suspend. This makes sure we will not stall out the kernel waiting for input reports duri... • https://git.kernel.org/stable/c/2af16c1f846bd60240745bbd3afa13d5f040c61a •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-38506 – KVM: Allow CPU to reschedule while setting per-page memory attributes
https://notcve.org/view.php?id=CVE-2025-38506
16 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: KVM: Allow CPU to reschedule while setting per-page memory attributes When running an SEV-SNP guest with a sufficiently large amount of memory (1TB+), the host can experience CPU soft lockups when running an operation in kvm_vm_set_mem_attributes() to set memory attributes on the whole range of guest memory. watchdog: BUG: soft lockup - CPU#8 stuck for 26s! [qemu-kvm:6372] CPU: 8 UID: 0 PID: 6372 Comm: qemu-kvm Kdump: loaded Not tainted 6.1... • https://git.kernel.org/stable/c/5a475554db1e476a14216e742ea2bdb77362d5d5 •
CVSS: 5.0EPSS: 0%CPEs: 5EXPL: 0CVE-2025-38503 – btrfs: fix assertion when building free space tree
https://notcve.org/view.php?id=CVE-2025-38503
16 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: fix assertion when building free space tree When building the free space tree with the block group tree feature enabled, we can hit an assertion failure like this: BTRFS info (device loop0 state M): rebuilding free space tree assertion failed: ret == 0, in fs/btrfs/free-space-tree.c:1102 ------------[ cut here ]------------ kernel BUG at fs/btrfs/free-space-tree.c:1102! Internal error: Oops - BUG: 00000000f2000800 [#1] SMP Modules li... • https://git.kernel.org/stable/c/7c77df23324f60bcff0ea44392e2c82e9486640c •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2025-38502 – bpf: Fix oob access in cgroup local storage
https://notcve.org/view.php?id=CVE-2025-38502
16 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: Fix oob access in cgroup local storage Lonial reported that an out-of-bounds access in cgroup local storage can be crafted via tail calls. Given two programs each utilizing a cgroup local storage with a different value size, and one program doing a tail call into the other. The verifier will validate each of the indivial programs just fine. However, in the runtime context the bpf_cg_run_ctx holds an bpf_prog_array_item which contains t... • https://git.kernel.org/stable/c/7d9c3427894fe70d1347b4820476bf37736d2ff0 •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2025-38501 – ksmbd: limit repeated connections from clients with the same IP
https://notcve.org/view.php?id=CVE-2025-38501
16 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: limit repeated connections from clients with the same IP Repeated connections from clients with the same IP address may exhaust the max connections and prevent other normal client connections. This patch limit repeated connections from clients with the same IP. In the Linux kernel, the following vulnerability has been resolved: ksmbd: limit repeated connections from clients with the same IP Repeated connections from clients with the ... • https://git.kernel.org/stable/c/0626e6641f6b467447c81dd7678a69c66f7746cf •
CVSS: 8.4EPSS: 0%CPEs: 5EXPL: 0CVE-2025-38500 – xfrm: interface: fix use-after-free after changing collect_md xfrm interface
https://notcve.org/view.php?id=CVE-2025-38500
12 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: xfrm: interface: fix use-after-free after changing collect_md xfrm interface collect_md property on xfrm interfaces can only be set on device creation, thus xfrmi_changelink() should fail when called on such interfaces. The check to enforce this was done only in the case where the xi was returned from xfrmi_locate() which doesn't look for the collect_md interface, and thus the validation was never reached. Calling changelink would thus erro... • https://git.kernel.org/stable/c/abc340b38ba25cd6c7aa2c0bd9150d30738c82d0 •