CVSS: 9.1EPSS: 0%CPEs: 4EXPL: 0CVE-2024-58240 – tls: separate no-async decryption request handling from async
https://notcve.org/view.php?id=CVE-2024-58240
28 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: tls: separate no-async decryption request handling from async If we're not doing async, the handling is much simpler. There's no reference counting, we just need to wait for the completion to wake us up and return its result. We should preferably also use a separate crypto_wait. I'm not seeing a UAF as I did in the past, I think aec7961916f3 ("tls: fix race between async notify and socket close") took care of it. This will make the next fix... • https://git.kernel.org/stable/c/48905146d11dbf1ddbb2967319016a83976953f5 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38668 – regulator: core: fix NULL dereference on unbind due to stale coupling data
https://notcve.org/view.php?id=CVE-2025-38668
22 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: regulator: core: fix NULL dereference on unbind due to stale coupling data Failing to reset coupling_desc.n_coupled after freeing coupled_rdevs can lead to NULL pointer dereference when regulators are accessed post-unbind. This can happen during runtime PM or other regulator operations that rely on coupling metadata. For example, on ridesx4, unbinding the 'reg-dummy' platform device triggers a panic in regulator_lock_recursive() due to stal... • https://git.kernel.org/stable/c/7574892e259bbb16262ebfb4b65a2054a5e03a49 •
CVSS: 5.6EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38666 – net: appletalk: Fix use-after-free in AARP proxy probe
https://notcve.org/view.php?id=CVE-2025-38666
22 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: net: appletalk: Fix use-after-free in AARP proxy probe The AARP proxy‐probe routine (aarp_proxy_probe_network) sends a probe, releases the aarp_lock, sleeps, then re-acquires the lock. During that window an expire timer thread (__aarp_expire_timer) can remove and kfree() the same entry, leading to a use-after-free. race condition: cpu 0 | cpu 1 atalk_sendmsg() | atif_proxy_probe_device() aarp_send_ddp() | aarp_proxy_probe_network() mod_time... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-38665 – can: netlink: can_changelink(): fix NULL pointer deref of struct can_priv::do_set_mode
https://notcve.org/view.php?id=CVE-2025-38665
22 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: can: netlink: can_changelink(): fix NULL pointer deref of struct can_priv::do_set_mode Andrei Lalaev reported a NULL pointer deref when a CAN device is restarted from Bus Off and the driver does not implement the struct can_priv::do_set_mode callback. There are 2 code path that call struct can_priv::do_set_mode: - directly by a manual restart from the user space, via can_changelink() - delayed automatic restart after bus off (deactivated by... • https://git.kernel.org/stable/c/39549eef3587f1c1e8c65c88a2400d10fd30ea17 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38663 – nilfs2: reject invalid file types when reading inodes
https://notcve.org/view.php?id=CVE-2025-38663
22 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: nilfs2: reject invalid file types when reading inodes To prevent inodes with invalid file types from tripping through the vfs and causing malfunctions or assertion failures, add a missing sanity check when reading an inode from a block device. If the file type is not valid, treat it as a filesystem error. In the Linux kernel, the following vulnerability has been resolved: nilfs2: reject invalid file types when reading inodes To prevent inod... • https://git.kernel.org/stable/c/05fe58fdc10df9ebea04c0eaed57adc47af5c184 •
CVSS: 5.6EPSS: 0%CPEs: 6EXPL: 0CVE-2025-38644 – wifi: mac80211: reject TDLS operations when station is not associated
https://notcve.org/view.php?id=CVE-2025-38644
22 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: reject TDLS operations when station is not associated syzbot triggered a WARN in ieee80211_tdls_oper() by sending NL80211_TDLS_ENABLE_LINK immediately after NL80211_CMD_CONNECT, before association completed and without prior TDLS setup. This left internal state like sdata->u.mgd.tdls_peer uninitialized, leading to a WARN_ON() in code paths that assumed it was valid. Reject the operation early if not in station mode or not as... • https://git.kernel.org/stable/c/81dd2b8822410e56048b927be779d95a2b6dc186 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2025-38639 – netfilter: xt_nfacct: don't assume acct name is null-terminated
https://notcve.org/view.php?id=CVE-2025-38639
22 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: netfilter: xt_nfacct: don't assume acct name is null-terminated BUG: KASAN: slab-out-of-bounds in .. lib/vsprintf.c:721 Read of size 1 at addr ffff88801eac95c8 by task syz-executor183/5851 [..] string+0x231/0x2b0 lib/vsprintf.c:721 vsnprintf+0x739/0xf00 lib/vsprintf.c:2874 [..] nfacct_mt_checkentry+0xd2/0xe0 net/netfilter/xt_nfacct.c:41 xt_check_match+0x3d1/0xab0 net/netfilter/x_tables.c:523 nfnl_acct_find_get() handles non-null input, but ... • https://git.kernel.org/stable/c/ceb98d03eac5704820f2ac1f370c9ff385e3a9f5 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2025-38630 – fbdev: imxfb: Check fb_add_videomode to prevent null-ptr-deref
https://notcve.org/view.php?id=CVE-2025-38630
22 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: fbdev: imxfb: Check fb_add_videomode to prevent null-ptr-deref fb_add_videomode() can fail with -ENOMEM when its internal kmalloc() cannot allocate a struct fb_modelist. If that happens, the modelist stays empty but the driver continues to register. Add a check for its return value to prevent poteintial null-ptr-deref, which is similar to the commit 17186f1f90d3 ("fbdev: Fix do_register_framebuffer to prevent null-ptr-deref in fb_videomode_... • https://git.kernel.org/stable/c/1b6c79361ba5ce30b40f0f7d6fc2421dc5fcbe0c •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38624 – PCI: pnv_php: Clean up allocated IRQs on unplug
https://notcve.org/view.php?id=CVE-2025-38624
22 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: PCI: pnv_php: Clean up allocated IRQs on unplug When the root of a nested PCIe bridge configuration is unplugged, the pnv_php driver leaked the allocated IRQ resources for the child bridges' hotplug event notifications, resulting in a panic. Fix this by walking all child buses and deallocating all its IRQ resources before calling pci_hp_remove_devices(). Also modify the lifetime of the workqueue at struct pnv_php_slot::wq so that it is only... • https://git.kernel.org/stable/c/8c1ad4af160691e157d688ad9619ced2df556aac •
CVSS: 6.6EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38623 – PCI: pnv_php: Fix surprise plug detection and recovery
https://notcve.org/view.php?id=CVE-2025-38623
22 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: PCI: pnv_php: Fix surprise plug detection and recovery The existing PowerNV hotplug code did not handle surprise plug events correctly, leading to a complete failure of the hotplug system after device removal and a required reboot to detect new devices. This comes down to two issues: 1) When a device is surprise removed, often the bridge upstream port will cause a PE freeze on the PHB. If this freeze is not cleared, the MSI interrupts from ... • https://git.kernel.org/stable/c/6e7b5f922901585b8f11e0d6cda12bda5c59fc8a •