CVSS: 9.1EPSS: 0%CPEs: 4EXPL: 0CVE-2024-58240 – tls: separate no-async decryption request handling from async
https://notcve.org/view.php?id=CVE-2024-58240
28 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: tls: separate no-async decryption request handling from async If we're not doing async, the handling is much simpler. There's no reference counting, we just need to wait for the completion to wake us up and return its result. We should preferably also use a separate crypto_wait. I'm not seeing a UAF as I did in the past, I think aec7961916f3 ("tls: fix race between async notify and socket close") took care of it. This will make the next fix... • https://git.kernel.org/stable/c/48905146d11dbf1ddbb2967319016a83976953f5 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38671 – i2c: qup: jump out of the loop in case of timeout
https://notcve.org/view.php?id=CVE-2025-38671
22 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: i2c: qup: jump out of the loop in case of timeout Original logic only sets the return value but doesn't jump out of the loop if the bus is kept active by a client. This is not expected. A malicious or buggy i2c client can hang the kernel in this case and should be avoided. This is observed during a long time test with a PCA953x GPIO extender. Fix it by changing the logic to not only sets the return value, but also jumps out of the loop and ... • https://git.kernel.org/stable/c/fbfab1ab065879370541caf0e514987368eb41b2 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38668 – regulator: core: fix NULL dereference on unbind due to stale coupling data
https://notcve.org/view.php?id=CVE-2025-38668
22 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: regulator: core: fix NULL dereference on unbind due to stale coupling data Failing to reset coupling_desc.n_coupled after freeing coupled_rdevs can lead to NULL pointer dereference when regulators are accessed post-unbind. This can happen during runtime PM or other regulator operations that rely on coupling metadata. For example, on ridesx4, unbinding the 'reg-dummy' platform device triggers a panic in regulator_lock_recursive() due to stal... • https://git.kernel.org/stable/c/7574892e259bbb16262ebfb4b65a2054a5e03a49 •
CVSS: 5.6EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38666 – net: appletalk: Fix use-after-free in AARP proxy probe
https://notcve.org/view.php?id=CVE-2025-38666
22 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: net: appletalk: Fix use-after-free in AARP proxy probe The AARP proxy‐probe routine (aarp_proxy_probe_network) sends a probe, releases the aarp_lock, sleeps, then re-acquires the lock. During that window an expire timer thread (__aarp_expire_timer) can remove and kfree() the same entry, leading to a use-after-free. race condition: cpu 0 | cpu 1 atalk_sendmsg() | atif_proxy_probe_device() aarp_send_ddp() | aarp_proxy_probe_network() mod_time... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-38665 – can: netlink: can_changelink(): fix NULL pointer deref of struct can_priv::do_set_mode
https://notcve.org/view.php?id=CVE-2025-38665
22 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: can: netlink: can_changelink(): fix NULL pointer deref of struct can_priv::do_set_mode Andrei Lalaev reported a NULL pointer deref when a CAN device is restarted from Bus Off and the driver does not implement the struct can_priv::do_set_mode callback. There are 2 code path that call struct can_priv::do_set_mode: - directly by a manual restart from the user space, via can_changelink() - delayed automatic restart after bus off (deactivated by... • https://git.kernel.org/stable/c/39549eef3587f1c1e8c65c88a2400d10fd30ea17 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38663 – nilfs2: reject invalid file types when reading inodes
https://notcve.org/view.php?id=CVE-2025-38663
22 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: nilfs2: reject invalid file types when reading inodes To prevent inodes with invalid file types from tripping through the vfs and causing malfunctions or assertion failures, add a missing sanity check when reading an inode from a block device. If the file type is not valid, treat it as a filesystem error. In the Linux kernel, the following vulnerability has been resolved: nilfs2: reject invalid file types when reading inodes To prevent inod... • https://git.kernel.org/stable/c/05fe58fdc10df9ebea04c0eaed57adc47af5c184 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2025-38652 – f2fs: fix to avoid out-of-boundary access in devs.path
https://notcve.org/view.php?id=CVE-2025-38652
22 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid out-of-boundary access in devs.path - touch /mnt/f2fs/012345678901234567890123456789012345678901234567890123 - truncate -s $((1024*1024*1024)) \ /mnt/f2fs/012345678901234567890123456789012345678901234567890123 - touch /mnt/f2fs/file - truncate -s $((1024*1024*1024)) /mnt/f2fs/file - mkfs.f2fs /mnt/f2fs/012345678901234567890123456789012345678901234567890123 \ -c /mnt/f2fs/file - mount /mnt/f2fs/0123456789012345678901234567... • https://git.kernel.org/stable/c/3c62be17d4f562f43fe1d03b48194399caa35aa5 •
CVSS: 5.6EPSS: 0%CPEs: 9EXPL: 0CVE-2025-38650 – hfsplus: remove mutex_lock check in hfsplus_free_extents
https://notcve.org/view.php?id=CVE-2025-38650
22 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: hfsplus: remove mutex_lock check in hfsplus_free_extents Syzbot reported an issue in hfsplus filesystem: ------------[ cut here ]------------ WARNING: CPU: 0 PID: 4400 at fs/hfsplus/extents.c:346 hfsplus_free_extents+0x700/0xad0 Call Trace:
CVSS: 5.6EPSS: 0%CPEs: 6EXPL: 0CVE-2025-38644 – wifi: mac80211: reject TDLS operations when station is not associated
https://notcve.org/view.php?id=CVE-2025-38644
22 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: reject TDLS operations when station is not associated syzbot triggered a WARN in ieee80211_tdls_oper() by sending NL80211_TDLS_ENABLE_LINK immediately after NL80211_CMD_CONNECT, before association completed and without prior TDLS setup. This left internal state like sdata->u.mgd.tdls_peer uninitialized, leading to a WARN_ON() in code paths that assumed it was valid. Reject the operation early if not in station mode or not as... • https://git.kernel.org/stable/c/81dd2b8822410e56048b927be779d95a2b6dc186 •
CVSS: 5.9EPSS: 0%CPEs: 6EXPL: 0CVE-2025-38643 – wifi: cfg80211: Add missing lock in cfg80211_check_and_end_cac()
https://notcve.org/view.php?id=CVE-2025-38643
22 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: Add missing lock in cfg80211_check_and_end_cac() Callers of wdev_chandef() must hold the wiphy mutex. But the worker cfg80211_propagate_cac_done_wk() never takes the lock. Which triggers the warning below with the mesh_peer_connected_dfs test from hostapd and not (yet) released mac80211 code changes: WARNING: CPU: 0 PID: 495 at net/wireless/chan.c:1552 wdev_chandef+0x60/0x165 Modules linked in: CPU: 0 UID: 0 PID: 495 Comm: k... • https://git.kernel.org/stable/c/26ec17a1dc5ecdd8d91aba63ead6f8b5ad5dea0d •