CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2025-38384 – mtd: spinand: fix memory leak of ECC engine conf
https://notcve.org/view.php?id=CVE-2025-38384
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: mtd: spinand: fix memory leak of ECC engine conf Memory allocated for the ECC engine conf is not released during spinand cleanup. Below kmemleak trace is seen for this memory leak: unreferenced object 0xffffff80064f00e0 (size 8): comm "swapper/0", pid 1, jiffies 4294937458 hex dump (first 8 bytes): 00 00 00 00 00 00 00 00 ........ backtrace (crc 0): kmemleak_alloc+0x30/0x40 __kmalloc_cache_noprof+0x208/0x3c0 spinand_ondie_ecc_init_ctx+0x114... • https://git.kernel.org/stable/c/68d3417305ee100dcad90fd6e5846b22497aa394 •
CVSS: 6.3EPSS: 0%CPEs: 3EXPL: 0CVE-2025-38383 – mm/vmalloc: fix data race in show_numa_info()
https://notcve.org/view.php?id=CVE-2025-38383
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: mm/vmalloc: fix data race in show_numa_info() The following data-race was found in show_numa_info(): ================================================================== BUG: KCSAN: data-race in vmalloc_info_show / vmalloc_info_show read to 0xffff88800971fe30 of 4 bytes by task 8289 on cpu 0: show_numa_info mm/vmalloc.c:4936 [inline] vmalloc_info_show+0x5a8/0x7e0 mm/vmalloc.c:5016 seq_read_iter+0x373/0xb40 fs/seq_file.c:230 proc_reg_read_iter... • https://git.kernel.org/stable/c/8e1d743f2c2671aa54f6f91a2b33823f92512870 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2025-38382 – btrfs: fix iteration of extrefs during log replay
https://notcve.org/view.php?id=CVE-2025-38382
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: fix iteration of extrefs during log replay At __inode_add_ref() when processing extrefs, if we jump into the next label we have an undefined value of victim_name.len, since we haven't initialized it before we did the goto. This results in an invalid memory access in the next iteration of the loop since victim_name.len was not initialized to the length of the name of the current extref. Fix this by initializing victim_name.len with th... • https://git.kernel.org/stable/c/1cf474cd474bc5d3ef63086ffd009a87a5b7bb2e •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-38381 – Input: cs40l50-vibra - fix potential NULL dereference in cs40l50_upload_owt()
https://notcve.org/view.php?id=CVE-2025-38381
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: Input: cs40l50-vibra - fix potential NULL dereference in cs40l50_upload_owt() The cs40l50_upload_owt() function allocates memory via kmalloc() without checking for allocation failure, which could lead to a NULL pointer dereference. Return -ENOMEM in case allocation fails. In the Linux kernel, the following vulnerability has been resolved: Input: cs40l50-vibra - fix... • https://git.kernel.org/stable/c/c38fe1bb5d21c2ce0857965ee06174ee587d6b42 •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2025-38380 – i2c/designware: Fix an initialization issue
https://notcve.org/view.php?id=CVE-2025-38380
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: i2c/designware: Fix an initialization issue The i2c_dw_xfer_init() function requires msgs and msg_write_idx from the dev context to be initialized. amd_i2c_dw_xfer_quirk() inits msgs and msgs_num, but not msg_write_idx. This could allow an out of bounds access (of msgs). Initialize msg_write_idx before calling i2c_dw_xfer_init(). • https://git.kernel.org/stable/c/17631e8ca2d3421090e54b39d9a1402091019ba1 •
CVSS: 5.9EPSS: 0%CPEs: 3EXPL: 0CVE-2025-38379 – smb: client: fix warning when reconnecting channel
https://notcve.org/view.php?id=CVE-2025-38379
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: smb: client: fix warning when reconnecting channel When reconnecting a channel in smb2_reconnect_server(), a dummy tcon is passed down to smb2_reconnect() with ->query_interface uninitialized, so we can't call queue_delayed_work() on it. Fix the following warning by ensuring that we're queueing the delayed worker from correct tcon. WARNING: CPU: 4 PID: 1126 at kernel/workqueue.c:2498 __queue_delayed_work+0x1d2/0x200 Modules linked in: cifs ... • https://git.kernel.org/stable/c/202d7e838967dda02855cd925db7fd8c52c56af7 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38377 – rose: fix dangling neighbour pointers in rose_rt_device_down()
https://notcve.org/view.php?id=CVE-2025-38377
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: rose: fix dangling neighbour pointers in rose_rt_device_down() There are two bugs in rose_rt_device_down() that can cause use-after-free: 1. The loop bound `t->count` is modified within the loop, which can cause the loop to terminate early and miss some entries. 2. When removing an entry from the neighbour array, the subsequent entries are moved up to fill the gap, but the loop index `i` is still incremented, causing the next entry to be sk... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2025-38376 – usb: chipidea: udc: disconnect/reconnect from host when do suspend/resume
https://notcve.org/view.php?id=CVE-2025-38376
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: chipidea: udc: disconnect/reconnect from host when do suspend/resume Shawn and John reported a hang issue during system suspend as below: - USB gadget is enabled as Ethernet - There is data transfer over USB Ethernet (scp a big file between host and device) - Device is going in/out suspend (echo mem > /sys/power/state) The root cause is the USB device controller is suspended but the USB bus is still active which caused the USB host con... • https://git.kernel.org/stable/c/235ffc17d0146d806f6ad8c094c24ff4878f2edb •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2025-38375 – virtio-net: ensure the received length does not exceed allocated size
https://notcve.org/view.php?id=CVE-2025-38375
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: virtio-net: ensure the received length does not exceed allocated size In xdp_linearize_page, when reading the following buffers from the ring, we forget to check the received length with the true allocate size. This can lead to an out-of-bound read. This commit adds that missing check. • https://git.kernel.org/stable/c/4941d472bf95b4345d6e38906fcf354e74afa311 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-38374 – optee: ffa: fix sleep in atomic context
https://notcve.org/view.php?id=CVE-2025-38374
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: optee: ffa: fix sleep in atomic context The OP-TEE driver registers the function notif_callback() for FF-A notifications. However, this function is called in an atomic context leading to errors like this when processing asynchronous notifications: | BUG: sleeping function called from invalid context at kernel/locking/mutex.c:258 | in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 9, name: kworker/0:0 | preempt_count: 1, expected: 0 | R... • https://git.kernel.org/stable/c/d0476a59de064205f4aaa8f7c6d6f32bc28a44d4 •