CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38058 – __legitimize_mnt(): check for MNT_SYNC_UMOUNT should be under mount_lock
https://notcve.org/view.php?id=CVE-2025-38058
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: __legitimize_mnt(): check for MNT_SYNC_UMOUNT should be under mount_lock ... or we risk stealing final mntput from sync umount - raising mnt_count after umount(2) has verified that victim is not busy, but before it has set MNT_SYNC_UMOUNT; in that case __legitimize_mnt() doesn't see that it's safe to quietly undo mnt_count increment and leaves dropping the reference to caller, where it'll be a full-blown mntput(). Check under mount_lock is ... • https://git.kernel.org/stable/c/628fb00195ce21a90cf9e4e3d105cd9e58f77b40 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-38057 – espintcp: fix skb leaks
https://notcve.org/view.php?id=CVE-2025-38057
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: espintcp: fix skb leaks A few error paths are missing a kfree_skb. • https://git.kernel.org/stable/c/e27cca96cd68fa2c6814c90f9a1cfd36bb68c593 •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2025-38052 – net/tipc: fix slab-use-after-free Read in tipc_aead_encrypt_done
https://notcve.org/view.php?id=CVE-2025-38052
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: net/tipc: fix slab-use-after-free Read in tipc_aead_encrypt_done Syzbot reported a slab-use-after-free with the following call trace: ================================================================== BUG: KASAN: slab-use-after-free in tipc_aead_encrypt_done+0x4bd/0x510 net/tipc/crypto.c:840 Read of size 8 at addr ffff88807a733000 by task kworker/1:0/25 Call Trace: kasan_report+0xd9/0x110 mm/kasan/report.c:601 tipc_aead_encrypt_done+0x4bd/0... • https://git.kernel.org/stable/c/fc1b6d6de2208774efd2a20bf0daddb02d18b1e0 •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2025-38051 – smb: client: Fix use-after-free in cifs_fill_dirent
https://notcve.org/view.php?id=CVE-2025-38051
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: smb: client: Fix use-after-free in cifs_fill_dirent There is a race condition in the readdir concurrency process, which may access the rsp buffer after it has been released, triggering the following KASAN warning. ================================================================== BUG: KASAN: slab-use-after-free in cifs_fill_dirent+0xb03/0xb60 [cifs] Read of size 4 at addr ffff8880099b819c by task a.out/342975 CPU: 2 UID: 0 PID: 342975 Comm:... • https://git.kernel.org/stable/c/a364bc0b37f14ffd66c1f982af42990a9d77fa43 •
CVSS: 4.7EPSS: 0%CPEs: 6EXPL: 0CVE-2025-38048 – virtio_ring: Fix data race by tagging event_triggered as racy for KCSAN
https://notcve.org/view.php?id=CVE-2025-38048
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: virtio_ring: Fix data race by tagging event_triggered as racy for KCSAN syzbot reports a data-race when accessing the event_triggered, here is the simplified stack when the issue occurred: ================================================================== BUG: KCSAN: data-race in virtqueue_disable_cb / virtqueue_enable_cb_delayed write to 0xffff8881025bc452 of 1 bytes by task 3288 on cpu 0: virtqueue_enable_cb_delayed+0x42/0x3c0 drivers/vir... • https://git.kernel.org/stable/c/02d2d6caee3abc9335cfca35f8eb4492173ae6f2 •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2025-38047 – x86/fred: Fix system hang during S4 resume with FRED enabled
https://notcve.org/view.php?id=CVE-2025-38047
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: x86/fred: Fix system hang during S4 resume with FRED enabled Upon a wakeup from S4, the restore kernel starts and initializes the FRED MSRs as needed from its perspective. It then loads a hibernation image, including the image kernel, and attempts to load image pages directly into their original page frames used before hibernation unless those frames are currently in use. Once all pages are moved to their original locations, it jumps to a "... • https://git.kernel.org/stable/c/c42f740a07eea4807e98d2d8febc549c957a7b49 •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2025-38045 – wifi: iwlwifi: fix debug actions order
https://notcve.org/view.php?id=CVE-2025-38045
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: fix debug actions order The order of actions taken for debug was implemented incorrectly. Now we implemented the dump split and do the FW reset only in the middle of the dump (rather than the FW killing itself on error.) As a result, some of the actions taken when applying the config will now crash the device, so we need to fix the order. In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: fix d... • https://git.kernel.org/stable/c/2b790fe67ed483d86c1aeb8be6735bf792caa7e5 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38044 – media: cx231xx: set device_caps for 417
https://notcve.org/view.php?id=CVE-2025-38044
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: media: cx231xx: set device_caps for 417 The video_device for the MPEG encoder did not set device_caps. Add this, otherwise the video device can't be registered (you get a WARN_ON instead). Not seen before since currently 417 support is disabled, but I found this while experimenting with it. In the Linux kernel, the following vulnerability has been resolved: media: cx231xx: set device_caps for 417 The video_device for the MPEG encoder did no... • https://git.kernel.org/stable/c/2ad41beb7df3bd63b209842d16765ec59dafe6e4 •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2025-38043 – firmware: arm_ffa: Set dma_mask for ffa devices
https://notcve.org/view.php?id=CVE-2025-38043
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: firmware: arm_ffa: Set dma_mask for ffa devices Set dma_mask for FFA devices, otherwise DMA allocation using the device pointer lead to following warning: WARNING: CPU: 1 PID: 1 at kernel/dma/mapping.c:597 dma_alloc_attrs+0xe0/0x124 In the Linux kernel, the following vulnerability has been resolved: firmware: arm_ffa: Set dma_mask for ffa devices Set dma_mask for FFA devices, otherwise DMA allocation using the device pointer lead to followi... • https://git.kernel.org/stable/c/97bab02f0b64ba6bcdf6a8fae561db07f509aee9 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-38042 – dmaengine: ti: k3-udma-glue: Drop skip_fdq argument from k3_udma_glue_reset_rx_chn
https://notcve.org/view.php?id=CVE-2025-38042
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: k3-udma-glue: Drop skip_fdq argument from k3_udma_glue_reset_rx_chn The user of k3_udma_glue_reset_rx_chn() e.g. ti_am65_cpsw_nuss can run on multiple platforms having different DMA architectures. On some platforms there can be one FDQ for all flows in the RX channel while for others there is a separate FDQ for each flow in the RX channel. So far we have been relying on the skip_fdq argument of k3_udma_glue_reset_rx_chn(). In... • https://git.kernel.org/stable/c/d0dd9d133ef8fdc894e0be9aa27dc49ef5f813cb •