
CVE-2025-38376 – usb: chipidea: udc: disconnect/reconnect from host when do suspend/resume
https://notcve.org/view.php?id=CVE-2025-38376
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: chipidea: udc: disconnect/reconnect from host when do suspend/resume Shawn and John reported a hang issue during system suspend as below: - USB gadget is enabled as Ethernet - There is data transfer over USB Ethernet (scp a big file between host and device) - Device is going in/out suspend (echo mem > /sys/power/state) The root cause is the USB device controller is suspended but the USB bus is still active which caused the USB host con... • https://git.kernel.org/stable/c/235ffc17d0146d806f6ad8c094c24ff4878f2edb •

CVE-2025-38375 – virtio-net: ensure the received length does not exceed allocated size
https://notcve.org/view.php?id=CVE-2025-38375
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: virtio-net: ensure the received length does not exceed allocated size In xdp_linearize_page, when reading the following buffers from the ring, we forget to check the received length with the true allocate size. This can lead to an out-of-bound read. This commit adds that missing check. • https://git.kernel.org/stable/c/4941d472bf95b4345d6e38906fcf354e74afa311 •

CVE-2025-38374 – optee: ffa: fix sleep in atomic context
https://notcve.org/view.php?id=CVE-2025-38374
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: optee: ffa: fix sleep in atomic context The OP-TEE driver registers the function notif_callback() for FF-A notifications. However, this function is called in an atomic context leading to errors like this when processing asynchronous notifications: | BUG: sleeping function called from invalid context at kernel/locking/mutex.c:258 | in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 9, name: kworker/0:0 | preempt_count: 1, expected: 0 | R... • https://git.kernel.org/stable/c/d0476a59de064205f4aaa8f7c6d6f32bc28a44d4 •

CVE-2025-38373 – IB/mlx5: Fix potential deadlock in MR deregistration
https://notcve.org/view.php?id=CVE-2025-38373
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: IB/mlx5: Fix potential deadlock in MR deregistration The issue arises when kzalloc() is invoked while holding umem_mutex or any other lock acquired under umem_mutex. This is problematic because kzalloc() can trigger fs_reclaim_aqcuire(), which may, in turn, invoke mmu_notifier_invalidate_range_start(). This function can lead to mlx5_ib_invalidate_range(), which attempts to acquire umem_mutex again, resulting in a deadlock. The problematic f... • https://git.kernel.org/stable/c/b13d32786acabf70a7b04ed24b7468fc3c82977c •

CVE-2025-38372 – RDMA/mlx5: Fix unsafe xarray access in implicit ODP handling
https://notcve.org/view.php?id=CVE-2025-38372
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix unsafe xarray access in implicit ODP handling __xa_store() and __xa_erase() were used without holding the proper lock, which led to a lockdep warning due to unsafe RCU usage. This patch replaces them with xa_store() and xa_erase(), which perform the necessary locking internally. ============================= WARNING: suspicious RCPU usage 6.14.0-rc7_for_upstream_debug_2025_03_18_15_01 #1 Not tainted --------------------------... • https://git.kernel.org/stable/c/7cc8f681f6d4ae4478ae0f60485fc768f2b450da •

CVE-2025-38371 – drm/v3d: Disable interrupts before resetting the GPU
https://notcve.org/view.php?id=CVE-2025-38371
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Disable interrupts before resetting the GPU Currently, an interrupt can be triggered during a GPU reset, which can lead to GPU hangs and NULL pointer dereference in an interrupt context as shown in the following trace: [ 314.035040] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000c0 [ 314.043822] Mem abort info: [ 314.046606] ESR = 0x0000000096000005 [ 314.050347] EC = 0x25: DABT (current EL), IL =... • https://git.kernel.org/stable/c/57692c94dcbe99a1e0444409a3da13fb3443562c •

CVE-2025-38369 – dmaengine: idxd: Check availability of workqueue allocated by idxd wq driver before using
https://notcve.org/view.php?id=CVE-2025-38369
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Check availability of workqueue allocated by idxd wq driver before using Running IDXD workloads in a container with the /dev directory mounted can trigger a call trace or even a kernel panic when the parent process of the container is terminated. This issue occurs because, under certain configurations, Docker does not properly propagate the mount replica back to the original mount point. In this case, when the user driver d... • https://git.kernel.org/stable/c/e0051a3daa8b2cb318b03b2f9317c3e40855847a •

CVE-2025-38368 – misc: tps6594-pfsm: Add NULL pointer check in tps6594_pfsm_probe()
https://notcve.org/view.php?id=CVE-2025-38368
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: misc: tps6594-pfsm: Add NULL pointer check in tps6594_pfsm_probe() The returned value, pfsm->miscdev.name, from devm_kasprintf() could be NULL. A pointer check is added to prevent potential NULL pointer dereference. This is similar to the fix in commit 3027e7b15b02 ("ice: Fix some null pointer dereference issues in ice_ptp.c"). This issue is found by our static analysis tool. • https://git.kernel.org/stable/c/a8d1b4f219e8833130927f19d1c8bfbf49215ce4 •

CVE-2025-38365 – btrfs: fix a race between renames and directory logging
https://notcve.org/view.php?id=CVE-2025-38365
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: fix a race between renames and directory logging We have a race between a rename and directory inode logging that if it happens and we crash/power fail before the rename completes, the next time the filesystem is mounted, the log replay code will end up deleting the file that was being renamed. This is best explained following a step by step analysis of an interleaving of steps that lead into this situation. Consider the initial cond... • https://git.kernel.org/stable/c/259c4b96d78dda8477a3ac21d6b3cf0eb9f75c8b •

CVE-2025-38364 – maple_tree: fix MA_STATE_PREALLOC flag in mas_preallocate()
https://notcve.org/view.php?id=CVE-2025-38364
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: maple_tree: fix MA_STATE_PREALLOC flag in mas_preallocate() Temporarily clear the preallocation flag when explicitly requesting allocations. Pre-existing allocations are already counted against the request through mas_node_count_gfp(), but the allocations will not happen if the MA_STATE_PREALLOC flag is set. This flag is meant to avoid re-allocating in bulk allocation mode, and to detect issues with preallocation calculations. The MA_STATE_... • https://git.kernel.org/stable/c/54a611b605901c7d5d05b6b8f5d04a6ceb0962aa •