CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2025-38376 – usb: chipidea: udc: disconnect/reconnect from host when do suspend/resume
https://notcve.org/view.php?id=CVE-2025-38376
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: chipidea: udc: disconnect/reconnect from host when do suspend/resume Shawn and John reported a hang issue during system suspend as below: - USB gadget is enabled as Ethernet - There is data transfer over USB Ethernet (scp a big file between host and device) - Device is going in/out suspend (echo mem > /sys/power/state) The root cause is the USB device controller is suspended but the USB bus is still active which caused the USB host con... • https://git.kernel.org/stable/c/235ffc17d0146d806f6ad8c094c24ff4878f2edb •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2025-38375 – virtio-net: ensure the received length does not exceed allocated size
https://notcve.org/view.php?id=CVE-2025-38375
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: virtio-net: ensure the received length does not exceed allocated size In xdp_linearize_page, when reading the following buffers from the ring, we forget to check the received length with the true allocate size. This can lead to an out-of-bound read. This commit adds that missing check. • https://git.kernel.org/stable/c/4941d472bf95b4345d6e38906fcf354e74afa311 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-38374 – optee: ffa: fix sleep in atomic context
https://notcve.org/view.php?id=CVE-2025-38374
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: optee: ffa: fix sleep in atomic context The OP-TEE driver registers the function notif_callback() for FF-A notifications. However, this function is called in an atomic context leading to errors like this when processing asynchronous notifications: | BUG: sleeping function called from invalid context at kernel/locking/mutex.c:258 | in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 9, name: kworker/0:0 | preempt_count: 1, expected: 0 | R... • https://git.kernel.org/stable/c/d0476a59de064205f4aaa8f7c6d6f32bc28a44d4 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-38373 – IB/mlx5: Fix potential deadlock in MR deregistration
https://notcve.org/view.php?id=CVE-2025-38373
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: IB/mlx5: Fix potential deadlock in MR deregistration The issue arises when kzalloc() is invoked while holding umem_mutex or any other lock acquired under umem_mutex. This is problematic because kzalloc() can trigger fs_reclaim_aqcuire(), which may, in turn, invoke mmu_notifier_invalidate_range_start(). This function can lead to mlx5_ib_invalidate_range(), which attempts to acquire umem_mutex again, resulting in a deadlock. The problematic f... • https://git.kernel.org/stable/c/b13d32786acabf70a7b04ed24b7468fc3c82977c •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2025-38372 – RDMA/mlx5: Fix unsafe xarray access in implicit ODP handling
https://notcve.org/view.php?id=CVE-2025-38372
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix unsafe xarray access in implicit ODP handling __xa_store() and __xa_erase() were used without holding the proper lock, which led to a lockdep warning due to unsafe RCU usage. This patch replaces them with xa_store() and xa_erase(), which perform the necessary locking internally. ============================= WARNING: suspicious RCPU usage 6.14.0-rc7_for_upstream_debug_2025_03_18_15_01 #1 Not tainted --------------------------... • https://git.kernel.org/stable/c/7cc8f681f6d4ae4478ae0f60485fc768f2b450da •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38371 – drm/v3d: Disable interrupts before resetting the GPU
https://notcve.org/view.php?id=CVE-2025-38371
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Disable interrupts before resetting the GPU Currently, an interrupt can be triggered during a GPU reset, which can lead to GPU hangs and NULL pointer dereference in an interrupt context as shown in the following trace: [ 314.035040] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000c0 [ 314.043822] Mem abort info: [ 314.046606] ESR = 0x0000000096000005 [ 314.050347] EC = 0x25: DABT (current EL), IL =... • https://git.kernel.org/stable/c/57692c94dcbe99a1e0444409a3da13fb3443562c •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2025-38369 – dmaengine: idxd: Check availability of workqueue allocated by idxd wq driver before using
https://notcve.org/view.php?id=CVE-2025-38369
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Check availability of workqueue allocated by idxd wq driver before using Running IDXD workloads in a container with the /dev directory mounted can trigger a call trace or even a kernel panic when the parent process of the container is terminated. This issue occurs because, under certain configurations, Docker does not properly propagate the mount replica back to the original mount point. In this case, when the user driver d... • https://git.kernel.org/stable/c/e0051a3daa8b2cb318b03b2f9317c3e40855847a •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2025-38368 – misc: tps6594-pfsm: Add NULL pointer check in tps6594_pfsm_probe()
https://notcve.org/view.php?id=CVE-2025-38368
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: misc: tps6594-pfsm: Add NULL pointer check in tps6594_pfsm_probe() The returned value, pfsm->miscdev.name, from devm_kasprintf() could be NULL. A pointer check is added to prevent potential NULL pointer dereference. This is similar to the fix in commit 3027e7b15b02 ("ice: Fix some null pointer dereference issues in ice_ptp.c"). This issue is found by our static analysis tool. • https://git.kernel.org/stable/c/a8d1b4f219e8833130927f19d1c8bfbf49215ce4 •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2025-38367 – LoongArch: KVM: Avoid overflow with array index
https://notcve.org/view.php?id=CVE-2025-38367
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Avoid overflow with array index The variable index is modified and reused as array index when modify register EIOINTC_ENABLE. There will be array index overflow problem. In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Avoid... • https://git.kernel.org/stable/c/3956a52bc05bd811082a3c9d2b423ee957e6fefc •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2025-38366 – LoongArch: KVM: Check validity of "num_cpu" from user space
https://notcve.org/view.php?id=CVE-2025-38366
25 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Check validity of "num_cpu" from user space The maximum supported cpu number is EIOINTC_ROUTE_MAX_VCPUS about irqchip EIOINTC, here add validation about cpu number to avoid array pointer overflow. In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Check... • https://git.kernel.org/stable/c/1ad7efa552fd5cf4e8c49fea863c5c6a5dcf9f00 •