CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2025-38566 – sunrpc: fix handling of server side tls alerts
https://notcve.org/view.php?id=CVE-2025-38566
19 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix handling of server side tls alerts Scott Mayhew discovered a security exploit in NFS over TLS in tls_alert_recv() due to its assumption it can read data from the msg iterator's kvec.. kTLS implementation splits TLS non-data record payload between the control message buffer (which includes the type such as TLS aler or TLS cipher change) and the rest of the payload (say TLS alert's level/description) which goes into the msg payloa... • https://git.kernel.org/stable/c/5e052dda121e2870dd87181783da4a95d7d2927b •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2025-38565 – perf/core: Exit early on perf_mmap() fail
https://notcve.org/view.php?id=CVE-2025-38565
19 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: perf/core: Exit early on perf_mmap() fail When perf_mmap() fails to allocate a buffer, it still invokes the event_mapped() callback of the related event. On X86 this might increase the perf_rdpmc_allowed reference counter. But nothing undoes this as perf_mmap_close() is never called in this case, which causes another reference count leak. Return early on failure to prevent that. In the Linux kernel, the following vulnerability has been reso... • https://git.kernel.org/stable/c/1e0fb9ec679c9273a641f1d6f3d25ea47baef2bb •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2025-38563 – perf/core: Prevent VMA split of buffer mappings
https://notcve.org/view.php?id=CVE-2025-38563
19 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: perf/core: Prevent VMA split of buffer mappings The perf mmap code is careful about mmap()'ing the user page with the ringbuffer and additionally the auxiliary buffer, when the event supports it. Once the first mapping is established, subsequent mapping have to use the same offset and the same size in both cases. The reference counting for the ringbuffer and the auxiliary buffer depends on this being correct. Though perf does not prevent th... • https://git.kernel.org/stable/c/45bfb2e50471abbbfd83d40d28c986078b0d24ff •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2025-38562 – ksmbd: fix null pointer dereference error in generate_encryptionkey
https://notcve.org/view.php?id=CVE-2025-38562
19 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix null pointer dereference error in generate_encryptionkey If client send two session setups with krb5 authenticate to ksmbd, null pointer dereference error in generate_encryptionkey could happen. sess->Preauth_HashValue is set to NULL if session is valid. So this patch skip generate encryption key if session is valid. • https://git.kernel.org/stable/c/96a82e19434a2522525baab59c33332658bc7653 •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2025-38561 – ksmbd: fix Preauh_HashValue race condition
https://notcve.org/view.php?id=CVE-2025-38561
19 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix Preauh_HashValue race condition If client send multiple session setup requests to ksmbd, Preauh_HashValue race condition could happen. There is no need to free sess->Preauh_HashValue at session setup phase. It can be freed together with session at connection termination phase. • https://git.kernel.org/stable/c/fbf5c0845ed15122a770bca9be1d9b60b470d3aa •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2025-38560 – x86/sev: Evict cache lines during SNP memory validation
https://notcve.org/view.php?id=CVE-2025-38560
19 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: x86/sev: Evict cache lines during SNP memory validation An SNP cache coherency vulnerability requires a cache line eviction mitigation when validating memory after a page state change to private. The specific mitigation is to touch the first and last byte of each 4K page that is being validated. There is no need to perform the mitigation when performing a page state change to shared and rescinding validation. CPUID bit Fn8000001F_EBX[31] de... • https://git.kernel.org/stable/c/1fec416c03d0a64cc21aa04ce4aa14254b017e6a •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2025-38556 – HID: core: Harden s32ton() against conversion to 0 bits
https://notcve.org/view.php?id=CVE-2025-38556
19 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: HID: core: Harden s32ton() against conversion to 0 bits Testing by the syzbot fuzzer showed that the HID core gets a shift-out-of-bounds exception when it tries to convert a 32-bit quantity to a 0-bit quantity. Ideally this should never occur, but there are buggy devices and some might have a report field with size set to zero; we shouldn't reject the report or the device just because of that. Instead, harden the s32ton() routine so that it... • https://git.kernel.org/stable/c/dde5845a529ff753364a6d1aea61180946270bfa •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2025-38555 – usb: gadget : fix use-after-free in composite_dev_cleanup()
https://notcve.org/view.php?id=CVE-2025-38555
19 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: gadget : fix use-after-free in composite_dev_cleanup() 1. In func configfs_composite_bind() -> composite_os_desc_req_prepare(): if kmalloc fails, the pointer cdev->os_desc_req will be freed but not set to NULL. Then it will return a failure to the upper-level function. 2. in func configfs_composite_bind() -> composite_dev_cleanup(): it will checks whether cdev->os_desc_req is NULL. If it is not NULL, it will attempt to use it.This will... • https://git.kernel.org/stable/c/37a3a533429ef9b3cc9f15a656c19623f0e88df7 •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2025-38553 – net/sched: Restrict conditions for adding duplicating netems to qdisc tree
https://notcve.org/view.php?id=CVE-2025-38553
19 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: net/sched: Restrict conditions for adding duplicating netems to qdisc tree netem_enqueue's duplication prevention logic breaks when a netem resides in a qdisc tree with other netems - this can lead to a soft lockup and OOM loop in netem_dequeue, as seen in [1]. Ensure that a duplicating netem cannot exist in a tree with other netems. Previous approaches suggested in discussions in chronological order: 1) Track duplication status or ttl in t... • https://git.kernel.org/stable/c/0afb51e72855971dba83b3c6b70c547c2d1161fd •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2025-38552 – mptcp: plug races between subflow fail and subflow creation
https://notcve.org/view.php?id=CVE-2025-38552
16 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: mptcp: plug races between subflow fail and subflow creation We have races similar to the one addressed by the previous patch between subflow failing and additional subflow creation. They are just harder to trigger. The solution is similar. Use a separate flag to track the condition 'socket state prevent any additional subflow creation' protected by the fallback lock. The socket fallback makes such flag true, and also receiving or sending an... • https://git.kernel.org/stable/c/478d770008b03ed9d74bdc8add2315b7fd124ecc •