CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2025-38068 – crypto: lzo - Fix compression buffer overrun
https://notcve.org/view.php?id=CVE-2025-38068
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: crypto: lzo - Fix compression buffer overrun Unlike the decompression code, the compression code in LZO never checked for output overruns. It instead assumes that the caller always provides enough buffer space, disregarding the buffer length provided by the caller. Add a safe compression interface that checks for the end of buffer before each write. Use the safe interface in crypto/lzo. In the Linux kernel, the following vulnerability has b... • https://git.kernel.org/stable/c/64c70b1cf43de158282bc1675918d503e5b15cc1 •
CVSS: 6.1EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38066 – dm cache: prevent BUG_ON by blocking retries on failed device resumes
https://notcve.org/view.php?id=CVE-2025-38066
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: dm cache: prevent BUG_ON by blocking retries on failed device resumes A cache device failing to resume due to mapping errors should not be retried, as the failure leaves a partially initialized policy object. Repeating the resume operation risks triggering BUG_ON when reloading cache mappings into the incomplete policy object. Reproduce steps: 1. create a cache metadata consisting of 512 or more cache blocks, with some mappings stored in th... • https://git.kernel.org/stable/c/66a636356647a9be8885c2ce2948de126577698a •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-38064 – virtio: break and reset virtio devices on device_shutdown()
https://notcve.org/view.php?id=CVE-2025-38064
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: virtio: break and reset virtio devices on device_shutdown() Hongyu reported a hang on kexec in a VM. QEMU reported invalid memory accesses during the hang. Invalid read at addr 0x102877002, size 2, region '(null)', reason: rejected Invalid write at addr 0x102877A44, size 2, region '(null)', reason: rejected ... It was traced down to virtio-console. Kexec works fine if virtio-console is not in use. • https://git.kernel.org/stable/c/ec3d41c4db4c21164332826ea8d812f94f2f6886 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38061 – net: pktgen: fix access outside of user given buffer in pktgen_thread_write()
https://notcve.org/view.php?id=CVE-2025-38061
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: net: pktgen: fix access outside of user given buffer in pktgen_thread_write() Honour the user given buffer size for the strn_len() calls (otherwise strn_len() will access memory outside of the user given buffer). In the Linux kernel, the following vulnerability has been resolved: net: pktgen: fix access outside of user given buffer in pktgen_thread_write() Honour the user given buffer size for the strn_len() calls (otherwise strn_len() will... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38058 – __legitimize_mnt(): check for MNT_SYNC_UMOUNT should be under mount_lock
https://notcve.org/view.php?id=CVE-2025-38058
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: __legitimize_mnt(): check for MNT_SYNC_UMOUNT should be under mount_lock ... or we risk stealing final mntput from sync umount - raising mnt_count after umount(2) has verified that victim is not busy, but before it has set MNT_SYNC_UMOUNT; in that case __legitimize_mnt() doesn't see that it's safe to quietly undo mnt_count increment and leaves dropping the reference to caller, where it'll be a full-blown mntput(). Check under mount_lock is ... • https://git.kernel.org/stable/c/48a066e72d970a3e225a9c18690d570c736fc455 •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2025-38051 – smb: client: Fix use-after-free in cifs_fill_dirent
https://notcve.org/view.php?id=CVE-2025-38051
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: smb: client: Fix use-after-free in cifs_fill_dirent There is a race condition in the readdir concurrency process, which may access the rsp buffer after it has been released, triggering the following KASAN warning. ================================================================== BUG: KASAN: slab-use-after-free in cifs_fill_dirent+0xb03/0xb60 [cifs] Read of size 4 at addr ffff8880099b819c by task a.out/342975 CPU: 2 UID: 0 PID: 342975 Comm:... • https://git.kernel.org/stable/c/a364bc0b37f14ffd66c1f982af42990a9d77fa43 •
CVSS: 7.3EPSS: 0%CPEs: 5EXPL: 0CVE-2025-38040 – serial: mctrl_gpio: split disable_ms into sync and no_sync APIs
https://notcve.org/view.php?id=CVE-2025-38040
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: serial: mctrl_gpio: split disable_ms into sync and no_sync APIs The following splat has been observed on a SAMA5D27 platform using atmel_serial: BUG: sleeping function called from invalid context at kernel/irq/manage.c:738 in_atomic(): 1, irqs_disabled(): 128, non_block: 0, pid: 27, name: kworker/u5:0 preempt_count: 1, expected: 0 INFO: lockdep is turned off. irq event stamp: 0 hardirqs last enabled at (0): [<00000000>] 0x0 hardirqs last di... • https://git.kernel.org/stable/c/ce59e48fdbad2aa6609ceb87e1306ec69e577e05 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38037 – vxlan: Annotate FDB data races
https://notcve.org/view.php?id=CVE-2025-38037
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: vxlan: Annotate FDB data races The 'used' and 'updated' fields in the FDB entry structure can be accessed concurrently by multiple threads, leading to reports such as [1]. Can be reproduced using [2]. Suppress these reports by annotating these accesses using READ_ONCE() / WRITE_ONCE(). [1] BUG: KCSAN: data-race in vxlan_xmit / vxlan_xmit write to 0xffff942604d263a8 of 8 bytes by task 286 on cpu 0: vxlan_xmit+0xb29/0x2380 dev_hard_start_xmit... • https://git.kernel.org/stable/c/d342894c5d2f8c7df194c793ec4059656e09ca31 •
CVSS: 6.4EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38004 – can: bcm: add locking for bcm_op runtime updates
https://notcve.org/view.php?id=CVE-2025-38004
08 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: can: bcm: add locking for bcm_op runtime updates The CAN broadcast manager (CAN BCM) can send a sequence of CAN frames via hrtimer. The content and also the length of the sequence can be changed resp reduced at runtime where the 'currframe' counter is then set to zero. Although this appeared to be a safe operation the updates of 'currframe' can be triggered from user space and hrtimer context in bcm_can_tx(). Anderson Nascimento created a p... • https://git.kernel.org/stable/c/ffd980f976e7fd666c2e61bf8ab35107efd11828 •
CVSS: 3.3EPSS: 0%CPEs: 8EXPL: 0CVE-2025-37998 – openvswitch: Fix unsafe attribute parsing in output_userspace()
https://notcve.org/view.php?id=CVE-2025-37998
29 May 2025 — In the Linux kernel, the following vulnerability has been resolved: openvswitch: Fix unsafe attribute parsing in output_userspace() This patch replaces the manual Netlink attribute iteration in output_userspace() with nla_for_each_nested(), which ensures that only well-formed attributes are processed. In the Linux kernel, the following vulnerability has been resolved: openvswitch: Fix unsafe attribute parsing in output_userspace() This patch replaces the manual Netlink attribute iteration in output_userspac... • https://git.kernel.org/stable/c/ccb1352e76cff0524e7ccb2074826a092dd13016 •