CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38348 – wifi: p54: prevent buffer-overflow in p54_rx_eeprom_readback()
https://notcve.org/view.php?id=CVE-2025-38348
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: p54: prevent buffer-overflow in p54_rx_eeprom_readback() Robert Morris reported: |If a malicious USB device pretends to be an Intersil p54 wifi |interface and generates an eeprom_readback message with a large |eeprom->v1.len, p54_rx_eeprom_readback() will copy data from the |message beyond the end of priv->eeprom. | |static void p54_rx_eeprom_readback(struct p54_common *priv, | struct sk_buff *skb) |{ | struct p54_hdr *hdr = (struct p... • https://git.kernel.org/stable/c/7cb770729ba895f73253dfcd46c3fcba45d896f9 •
CVSS: 6.6EPSS: 0%CPEs: 4EXPL: 0CVE-2025-38347 – f2fs: fix to do sanity check on ino and xnid
https://notcve.org/view.php?id=CVE-2025-38347
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on ino and xnid syzbot reported a f2fs bug as below: INFO: task syz-executor140:5308 blocked for more than 143 seconds. Not tainted 6.14.0-rc7-syzkaller-00069-g81e4f8d68c66 #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz-executor140 state:D stack:24016 pid:5308 tgid:5308 ppid:5306 task_flags:0x400140 flags:0x00000006 Call Trace:
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38346 – ftrace: Fix UAF when lookup kallsym after ftrace disabled
https://notcve.org/view.php?id=CVE-2025-38346
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix UAF when lookup kallsym after ftrace disabled The following issue happens with a buggy module: BUG: unable to handle page fault for address: ffffffffc05d0218 PGD 1bd66f067 P4D 1bd66f067 PUD 1bd671067 PMD 101808067 PTE 0 Oops: Oops: 0000 [#1] SMP KASAN PTI Tainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS RIP: 0010:sized_strscpy+0x81/0x2f0 RSP: 0018:ffff88812d76fa08 EFLAGS: 0... • https://git.kernel.org/stable/c/aba4b5c22cbac296f4081a0476d0c55828f135b4 •
CVSS: 6.6EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38345 – ACPICA: fix acpi operand cache leak in dswstate.c
https://notcve.org/view.php?id=CVE-2025-38345
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: ACPICA: fix acpi operand cache leak in dswstate.c ACPICA commit 987a3b5cf7175916e2a4b6ea5b8e70f830dfe732 I found an ACPI cache leak in ACPI early termination and boot continuing case. When early termination occurs due to malicious ACPI table, Linux kernel terminates ACPI function and continues to boot process. While kernel terminates ACPI function, kmem_cache_destroy() reports Acpi-Operand cache leak. Boot log of ACPI operand cache leak is ... • https://git.kernel.org/stable/c/4fa430a8bca708c7776f6b9d001257f48b19a5b7 •
CVSS: 6.2EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38344 – ACPICA: fix acpi parse and parseext cache leaks
https://notcve.org/view.php?id=CVE-2025-38344
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: ACPICA: fix acpi parse and parseext cache leaks ACPICA commit 8829e70e1360c81e7a5a901b5d4f48330e021ea5 I'm Seunghun Han, and I work for National Security Research Institute of South Korea. I have been doing a research on ACPI and found an ACPI cache leak in ACPI early abort cases. Boot log of ACPI cache leak is as follows: [ 0.352414] ACPI: Added _OSI(Module Device) [ 0.353182] ACPI: Added _OSI(Processor Device) [ 0.353182] ACPI: Added _OSI... • https://git.kernel.org/stable/c/1e0e629e88b1f7751ce69bf70cda6d1598d45271 •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2025-38343 – wifi: mt76: mt7996: drop fragments with multicast or broadcast RA
https://notcve.org/view.php?id=CVE-2025-38343
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7996: drop fragments with multicast or broadcast RA IEEE 802.11 fragmentation can only be applied to unicast frames. Therefore, drop fragments with multicast or broadcast RA. This patch addresses vulnerabilities such as CVE-2020-26145. In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7996: drop fragments with multicast or broadcast RA IEEE 802.11 fragmentation can only be applied to unicast fra... • https://git.kernel.org/stable/c/24900688ee47071aa6a61e78473999b5b80f0423 •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2025-38342 – software node: Correct a OOB check in software_node_get_reference_args()
https://notcve.org/view.php?id=CVE-2025-38342
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: software node: Correct a OOB check in software_node_get_reference_args() software_node_get_reference_args() wants to get @index-th element, so the property value requires at least '(index + 1) * sizeof(*ref)' bytes but that can not be guaranteed by current OOB check, and may cause OOB for malformed property. Fix by using as OOB check '((index + 1) * sizeof(*ref) > prop->length)'. In the Linux kernel, the following vulnerability has been res... • https://git.kernel.org/stable/c/142acd739eb6f08c148a96ae8309256f1422ff4b •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2025-38340 – firmware: cs_dsp: Fix OOB memory read access in KUnit test
https://notcve.org/view.php?id=CVE-2025-38340
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: firmware: cs_dsp: Fix OOB memory read access in KUnit test KASAN reported out of bounds access - cs_dsp_mock_bin_add_name_or_info(), because the source string length was rounded up to the allocation size. In the Linux kernel, the following vulnerability has been resolved: firmware: cs_dsp: Fix OOB memory read access in KUnit test KASAN reported out of bounds access - cs_dsp_mock_bin_add_name_or_info(), because the source string length was r... • https://git.kernel.org/stable/c/8f4cc454a0bb45b800bc7817c09c8f72e31901f3 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38337 – jbd2: fix data-race and null-ptr-deref in jbd2_journal_dirty_metadata()
https://notcve.org/view.php?id=CVE-2025-38337
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: jbd2: fix data-race and null-ptr-deref in jbd2_journal_dirty_metadata() Since handle->h_transaction may be a NULL pointer, so we should change it to call is_handle_aborted(handle) first before dereferencing it. And the following data-race was reported in my fuzzer: ================================================================== BUG: KCSAN: data-race in jbd2_journal_dirty_metadata / jbd2_journal_dirty_metadata write to 0xffff888011024104 ... • https://git.kernel.org/stable/c/6e06ae88edae77379bef7c0cb7d3c2dd88676867 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38336 – ata: pata_via: Force PIO for ATAPI devices on VT6415/VT6330
https://notcve.org/view.php?id=CVE-2025-38336
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: ata: pata_via: Force PIO for ATAPI devices on VT6415/VT6330 The controller has a hardware bug that can hard hang the system when doing ATAPI DMAs without any trace of what happened. Depending on the device attached, it can also prevent the system from booting. In this case, the system hangs when reading the ATIP from optical media with cdrecord -vvv -atip on an _NEC DVD_RW ND-4571A 1-01 and an Optiarc DVD RW AD-7200A 1.06 attached to an ASR... • https://git.kernel.org/stable/c/67d66a5e4583fd3bcf13d6f747e571df13cbad51 •