CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2025-38397 – nvme-multipath: fix suspicious RCU usage warning
https://notcve.org/view.php?id=CVE-2025-38397
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: nvme-multipath: fix suspicious RCU usage warning When I run the NVME over TCP test in virtme-ng, I get the following "suspicious RCU usage" warning in nvme_mpath_add_sysfs_link(): ''' [ 5.024557][ T44] nvmet: Created nvm controller 1 for subsystem nqn.2025-06.org.nvmexpress.mptcp for NQN nqn.2014-08.org.nvmexpress:uuid:f7f6b5e0-ff97-4894-98ac-c85309e0bc77. [ 5.027401][ T183] nvme nvme0: creating 2 I/O queues. [ 5.029017][ T183] nvme nvme0: ... • https://git.kernel.org/stable/c/4dbd2b2ebe4cc5f101881e2c091a70ccd38db7ee •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2025-38396 – fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass
https://notcve.org/view.php?id=CVE-2025-38396
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass Export anon_inode_make_secure_inode() to allow KVM guest_memfd to create anonymous inodes with proper security context. This replaces the current pattern of calling alloc_anon_inode() followed by inode_init_security_anon() for creating security context manually. This change also fixes a security regression in secretmem where the S_PRIVATE flag was not cleared after alloc... • https://git.kernel.org/stable/c/2bfe15c5261212130f1a71f32a300bcf426443d4 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38395 – regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods
https://notcve.org/view.php?id=CVE-2025-38395
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods drvdata::gpiods is supposed to hold an array of 'gpio_desc' pointers. But the memory is allocated for only one pointer. This will lead to out-of-bounds access later in the code if 'config::ngpios' is > 1. So fix the code to allocate enough memory to hold 'config::ngpios' of GPIO descriptors. While at it, also move the check for memory allocation failure to be below the allocat... • https://git.kernel.org/stable/c/d6cd33ad71029a3f77ba1686caf55d4dea58d916 •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2025-38394 – HID: appletb-kbd: fix memory corruption of input_handler_list
https://notcve.org/view.php?id=CVE-2025-38394
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: HID: appletb-kbd: fix memory corruption of input_handler_list In appletb_kbd_probe an input handler is initialised and then registered with input core through input_register_handler(). When this happens input core will add the input handler (specifically its node) to the global input_handler_list. The input_handler_list is central to the functionality of input core and is traversed in various places in input core. An example of this is when... • https://git.kernel.org/stable/c/7d62ba8deacf94f546a0b9dd9bc86617343187a3 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38393 – NFSv4/pNFS: Fix a race to wake on NFS_LAYOUT_DRAIN
https://notcve.org/view.php?id=CVE-2025-38393
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: NFSv4/pNFS: Fix a race to wake on NFS_LAYOUT_DRAIN We found a few different systems hung up in writeback waiting on the same page lock, and one task waiting on the NFS_LAYOUT_DRAIN bit in pnfs_update_layout(), however the pnfs_layout_hdr's plh_outstanding count was zero. It seems most likely that this is another race between the waiter and waker similar to commit ed0172af5d6f ("SUNRPC: Fix a race to wake a sync task"). Fix it up by applying... • https://git.kernel.org/stable/c/8acc3e228e1c90bd410f73597a4549e0409f22d6 •
CVSS: 6.3EPSS: 0%CPEs: 3EXPL: 0CVE-2025-38392 – idpf: convert control queue mutex to a spinlock
https://notcve.org/view.php?id=CVE-2025-38392
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: idpf: convert control queue mutex to a spinlock With VIRTCHNL2_CAP_MACFILTER enabled, the following warning is generated on module load: [ 324.701677] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:578 [ 324.701684] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 1582, name: NetworkManager [ 324.701689] preempt_count: 201, expected: 0 [ 324.701693] RCU nest depth: 0, expected: 0 [ 324.701697] 2 locks hel... • https://git.kernel.org/stable/c/a251eee62133774cf35ff829041377e721ef9c8c •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38391 – usb: typec: altmodes/displayport: do not index invalid pin_assignments
https://notcve.org/view.php?id=CVE-2025-38391
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: typec: altmodes/displayport: do not index invalid pin_assignments A poorly implemented DisplayPort Alt Mode port partner can indicate that its pin assignment capabilities are greater than the maximum value, DP_PIN_ASSIGN_F. In this case, calls to pin_assignment_show will cause a BRK exception due to an out of bounds array access. Prevent for loop in pin_assignment_show from accessing invalid values in pin_assignments by adding DP_PIN_A... • https://git.kernel.org/stable/c/0e3bb7d6894d9b6e67d6382bb03a46a1dc989588 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-38390 – firmware: arm_ffa: Fix memory leak by freeing notifier callback node
https://notcve.org/view.php?id=CVE-2025-38390
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: firmware: arm_ffa: Fix memory leak by freeing notifier callback node Commit e0573444edbf ("firmware: arm_ffa: Add interfaces to request notification callbacks") adds support for notifier callbacks by allocating and inserting a callback node into a hashtable during registration of notifiers. However, during unregistration, the code only removes the node from the hashtable without freeing the associated memory, resulting in a memory leak. Res... • https://git.kernel.org/stable/c/e0573444edbf4ee7e3c191d3d08a4ccbd26628be •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38389 – drm/i915/gt: Fix timeline left held on VMA alloc error
https://notcve.org/view.php?id=CVE-2025-38389
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/i915/gt: Fix timeline left held on VMA alloc error The following error has been reported sporadically by CI when a test unbinds the i915 driver on a ring submission platform: <4> [239.330153] ------------[ cut here ]------------ <4> [239.330166] i915 0000:00:02.0: [drm] drm_WARN_ON(dev_priv->mm.shrink_count) <4> [239.330196] WARNING: CPU: 1 PID: 18570 at drivers/gpu/drm/i915/i915_gem.c:1309 i915_gem_cleanup_early+0x13e/0x150 [i915] ... ... • https://git.kernel.org/stable/c/75d0a7f31eec8ec4a53b4485905800e09dc5091f •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2025-38388 – firmware: arm_ffa: Replace mutex with rwlock to avoid sleep in atomic context
https://notcve.org/view.php?id=CVE-2025-38388
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: firmware: arm_ffa: Replace mutex with rwlock to avoid sleep in atomic context The current use of a mutex to protect the notifier hashtable accesses can lead to issues in the atomic context. It results in the below kernel warnings: | BUG: sleeping function called from invalid context at kernel/locking/mutex.c:258 | in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 9, name: kworker/0:0 | preempt_count: 1, expected: 0 | RCU nest depth: 0,... • https://git.kernel.org/stable/c/e0573444edbf4ee7e3c191d3d08a4ccbd26628be •