
CVE-2025-38348 – wifi: p54: prevent buffer-overflow in p54_rx_eeprom_readback()
https://notcve.org/view.php?id=CVE-2025-38348
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: p54: prevent buffer-overflow in p54_rx_eeprom_readback() Robert Morris reported: |If a malicious USB device pretends to be an Intersil p54 wifi |interface and generates an eeprom_readback message with a large |eeprom->v1.len, p54_rx_eeprom_readback() will copy data from the |message beyond the end of priv->eeprom. In the Linux kernel, the following vulnerability has been resolved: wifi: p54: prevent buffer-overflow in p5... • https://git.kernel.org/stable/c/7cb770729ba895f73253dfcd46c3fcba45d896f9 •

CVE-2025-38347 – f2fs: fix to do sanity check on ino and xnid
https://notcve.org/view.php?id=CVE-2025-38347
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on ino and xnid syzbot reported a f2fs bug as below: INFO: task syz-executor140:5308 blocked for more than 143 seconds. In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on ino and xnid syzbot reported a f2fs bug as below: INFO: task syz-executor140:5308 blocked for more than 143 seconds. • https://git.kernel.org/stable/c/98e4da8ca301e062d79ae168c67e56f3c3de3ce4 •

CVE-2025-38346 – ftrace: Fix UAF when lookup kallsym after ftrace disabled
https://notcve.org/view.php?id=CVE-2025-38346
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix UAF when lookup kallsym after ftrace disabled The following issue happens with a buggy module: BUG: unable to handle page fault for address: ffffffffc05d0218 PGD 1bd66f067 P4D 1bd66f067 PUD 1bd671067 PMD 101808067 PTE 0 Oops: Oops: 0000 [#1] SMP KASAN PTI Tainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS RIP: 0010:sized_strscpy+0x81/0x2f0 RSP: 0018:ffff88812d76fa08 EF... • https://git.kernel.org/stable/c/aba4b5c22cbac296f4081a0476d0c55828f135b4 •

CVE-2025-38345 – ACPICA: fix acpi operand cache leak in dswstate.c
https://notcve.org/view.php?id=CVE-2025-38345
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: ACPICA: fix acpi operand cache leak in dswstate.c ACPICA commit 987a3b5cf7175916e2a4b6ea5b8e70f830dfe732 I found an ACPI cache leak in ACPI early termination and boot continuing case. In the Linux kernel, the following vulnerability has been resolved: ACPICA: fix acpi operand cache leak in dswstate.c ACPICA commit 987a3b5cf7175916e2a4b6ea5b8e70f830dfe732 I found an ACPI cache leak in ACPI early termination and boot continuing ... • https://git.kernel.org/stable/c/4fa430a8bca708c7776f6b9d001257f48b19a5b7 •

CVE-2025-38344 – ACPICA: fix acpi parse and parseext cache leaks
https://notcve.org/view.php?id=CVE-2025-38344
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: ACPICA: fix acpi parse and parseext cache leaks ACPICA commit 8829e70e1360c81e7a5a901b5d4f48330e021ea5 I'm Seunghun Han, and I work for National Security Research Institute of South Korea. ... acpi_init+0x2af/0x3 ---truncated--- In the Linux kernel, the following vulnerability has been resolved: ACPICA: fix acpi parse and parseext cache leaks ACPICA commit 8829e70e1360c81e7a5a901b5d4f48330e021ea5 I'm Seunghun Han, and I work f... • https://git.kernel.org/stable/c/1e0e629e88b1f7751ce69bf70cda6d1598d45271 •

CVE-2025-38343 – wifi: mt76: mt7996: drop fragments with multicast or broadcast RA
https://notcve.org/view.php?id=CVE-2025-38343
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7996: drop fragments with multicast or broadcast RA IEEE 802.11 fragmentation can only be applied to unicast frames. Therefore, drop fragments with multicast or broadcast RA. ... In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7996: drop fragments with multicast or broadcast RA IEEE 802.11 fragmentation can only be applied to unicast frames. • https://git.kernel.org/stable/c/98686cd21624c75a043e96812beadddf4f6f48e5 •

CVE-2025-38342 – software node: Correct a OOB check in software_node_get_reference_args()
https://notcve.org/view.php?id=CVE-2025-38342
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: software node: Correct a OOB check in software_node_get_reference_args() software_node_get_reference_args() wants to get @index-th element, so the property value requires at least '(index + 1) * sizeof(*ref)' bytes but that can not be guaranteed by current OOB check, and may cause OOB for malformed property. In the Linux kernel, the following vulnerability has been resolved: software node: Correct a OOB check in software_node_... • https://git.kernel.org/stable/c/59abd83672f70cac4b6bf9b237506c5bc6837606 •

CVE-2025-38341 – eth: fbnic: avoid double free when failing to DMA-map FW msg
https://notcve.org/view.php?id=CVE-2025-38341
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: eth: fbnic: avoid double free when failing to DMA-map FW msg The semantics are that caller of fbnic_mbx_map_msg() retains the ownership of the message on error. ... In the Linux kernel, the following vulnerability has been resolved: eth: fbnic: avoid double free when failing to DMA-map FW msg The semantics are that caller of fbnic_mbx_map_msg() retains the ownership of the message on error. • https://git.kernel.org/stable/c/da3cde08209ec1c915195c2331c275397f34a731 •

CVE-2025-38340 – firmware: cs_dsp: Fix OOB memory read access in KUnit test
https://notcve.org/view.php?id=CVE-2025-38340
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: firmware: cs_dsp: Fix OOB memory read access in KUnit test KASAN reported out of bounds access - cs_dsp_mock_bin_add_name_or_info(), because the source string length was rounded up to the allocation size. In the Linux kernel, the following vulnerability has been resolved: firmware: cs_dsp: Fix OOB memory read access in KUnit test KASAN reported out of bounds access - cs_dsp_mock_bin_add_name_or_info(), because the source strin... • https://git.kernel.org/stable/c/7c052c6615297ff32032105130cd5f02059f7ae4 •

CVE-2025-38339 – powerpc/bpf: fix JIT code size calculation of bpf trampoline
https://notcve.org/view.php?id=CVE-2025-38339
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: powerpc/bpf: fix JIT code size calculation of bpf trampoline arch_bpf_trampoline_size() provides JIT size of the BPF trampoline before the buffer for JIT'ing it is allocated. ... In the Linux kernel, the following vulnerability has been resolved: powerpc/bpf: fix JIT code size calculation of bpf trampoline arch_bpf_trampoline_size() provides JIT size of the BPF trampoline before the buffer for JIT'ing it is allocated. • https://git.kernel.org/stable/c/d243b62b7bd3d5314382d3b54e4992226245e936 •