CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2025-38721 – netfilter: ctnetlink: fix refcount leak on table dump
https://notcve.org/view.php?id=CVE-2025-38721
04 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: netfilter: ctnetlink: fix refcount leak on table dump There is a reference count leak in ctnetlink_dump_table(): if (res < 0) { nf_conntrack_get(&ct->ct_general); // HERE cb->args[1] = (unsigned long)ct; ... While its very unlikely, its possible that ct == last. If this happens, then the refcount of ct was already incremented. This 2nd increment is never undone. This prevents the conntrack object from being released, which in turn keeps pre... • https://git.kernel.org/stable/c/d205dc40798d97d63ad348bfaf7394f445d152d4 •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2025-38716 – hfs: fix general protection fault in hfs_find_init()
https://notcve.org/view.php?id=CVE-2025-38716
04 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: hfs: fix general protection fault in hfs_find_init() The hfs_find_init() method can trigger the crash if tree pointer is NULL: [ 45.746290][ T9787] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000008: 0000 [#1] SMP KAI [ 45.747287][ T9787] KASAN: null-ptr-deref in range [0x0000000000000040-0x0000000000000047] [ 45.748716][ T9787] CPU: 2 UID: 0 PID: 9787 Comm: repro Not tainted 6.16.0-rc3 #10 PREEMPT(full) [... • https://git.kernel.org/stable/c/434a964daa14b9db083ce20404a4a2add54d037a •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2025-38715 – hfs: fix slab-out-of-bounds in hfs_bnode_read()
https://notcve.org/view.php?id=CVE-2025-38715
04 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: hfs: fix slab-out-of-bounds in hfs_bnode_read() This patch introduces is_bnode_offset_valid() method that checks the requested offset value. Also, it introduces check_and_correct_requested_length() method that checks and correct the requested length (if it is necessary). These methods are used in hfs_bnode_read(), hfs_bnode_write(), hfs_bnode_clear(), hfs_bnode_copy(), and hfs_bnode_move() with the goal to prevent the access out of allocate... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2025-38714 – hfsplus: fix slab-out-of-bounds in hfsplus_bnode_read()
https://notcve.org/view.php?id=CVE-2025-38714
04 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix slab-out-of-bounds in hfsplus_bnode_read() The hfsplus_bnode_read() method can trigger the issue: [ 174.852007][ T9784] ================================================================== [ 174.852709][ T9784] BUG: KASAN: slab-out-of-bounds in hfsplus_bnode_read+0x2f4/0x360 [ 174.853412][ T9784] Read of size 8 at addr ffff88810b5fc6c0 by task repro/9784 [ 174.854059][ T9784] [ 174.854272][ T9784] CPU: 1 UID: 0 PID: 9784 Comm: re... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2025-38713 – hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc()
https://notcve.org/view.php?id=CVE-2025-38713
04 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() The hfsplus_readdir() method is capable to crash by calling hfsplus_uni2asc(): [ 667.121659][ T9805] ================================================================== [ 667.122651][ T9805] BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0x902/0xa10 [ 667.123627][ T9805] Read of size 2 at addr ffff88802592f40c by task repro/9805 [ 667.124578][ T9805] [ 667.124876][ T9805] CPU: 3 UI... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2025-38712 – hfsplus: don't use BUG_ON() in hfsplus_create_attributes_file()
https://notcve.org/view.php?id=CVE-2025-38712
04 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: hfsplus: don't use BUG_ON() in hfsplus_create_attributes_file() When the volume header contains erroneous values that do not reflect the actual state of the filesystem, hfsplus_fill_super() assumes that the attributes file is not yet created, which later results in hitting BUG_ON() when hfsplus_create_attributes_file() is called. Replace this BUG_ON() with -EIO error with a message to suggest running fsck tool. In the Linux kernel, the foll... • https://git.kernel.org/stable/c/95e0d7dbb9b28ab0dfad7c7316066b05e1f1d4cd •
CVSS: 7.2EPSS: 0%CPEs: 5EXPL: 0CVE-2025-38710 – gfs2: Validate i_depth for exhash directories
https://notcve.org/view.php?id=CVE-2025-38710
04 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: gfs2: Validate i_depth for exhash directories A fuzzer test introduced corruption that ends up with a depth of 0 in dir_e_read(), causing an undefined shift by 32 at: index = hash >> (32 - dip->i_depth); As calculated in an open-coded way in dir_make_exhash(), the minimum depth for an exhash directory is ilog2(sdp->sd_hash_ptrs) and 0 is invalid as sdp->sd_hash_ptrs is fixed as sdp->bsize / 16 at mount time. So we can avoid the undefined be... • https://git.kernel.org/stable/c/9a0045088d888c9c539c8c626a366cb52c0fbdab •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2025-38702 – fbdev: fix potential buffer overflow in do_register_framebuffer()
https://notcve.org/view.php?id=CVE-2025-38702
04 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: fbdev: fix potential buffer overflow in do_register_framebuffer() The current implementation may lead to buffer overflow when: 1. Unregistration creates NULL gaps in registered_fb[] 2. All array slots become occupied despite num_registered_fb < FB_MAX 3. The registration loop exceeds array bounds Add boundary check to prevent registered_fb[FB_MAX] access. In the Linux kernel, the following vulnerability has been resolved: fbdev: fix potenti... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2025-38701 – ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr
https://notcve.org/view.php?id=CVE-2025-38701
04 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr A syzbot fuzzed image triggered a BUG_ON in ext4_update_inline_data() when an inode had the INLINE_DATA_FL flag set but was missing the system.data extended attribute. Since this can happen due to a maiciouly fuzzed file system, we shouldn't BUG, but rather, report it as a corrupted file system. Add similar replacements of BUG_ON with EXT4_ERROR_INODE() ii ext4_create_inline_data(... • https://git.kernel.org/stable/c/67cf5b09a46f72e048501b84996f2f77bc42e947 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2025-38700 – scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated
https://notcve.org/view.php?id=CVE-2025-38700
04 Sep 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated In case of an ib_fast_reg_mr allocation failure during iSER setup, the machine hits a panic because iscsi_conn->dd_data is initialized unconditionally, even when no memory is allocated (dd_size == 0). This leads invalid pointer dereference during connection teardown. Fix by setting iscsi_conn->dd_data only if memory is actually allocated. Panic trace: ------------ is... • https://git.kernel.org/stable/c/5d91e209fb21fb9cc765729d4c6a85a9fb6c9187 •