CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-38234 – sched/rt: Fix race in push_rt_task
https://notcve.org/view.php?id=CVE-2025-38234
04 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: sched/rt: Fix race in push_rt_task Overview ======== When a CPU chooses to call push_rt_task and picks a task to push to another CPU's runqueue then it will call find_lock_lowest_rq method which would take a double lock on both CPUs' runqueues. If one of the locks aren't readily available, it may lead to dropping the current runqueue lock and reacquiring both the locks at once. During this window it is possible that the task is already migr... • https://git.kernel.org/stable/c/07ecabfbca64f4f0b6071cf96e49d162fa9d138d •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-38232 – NFSD: fix race between nfsd registration and exports_proc
https://notcve.org/view.php?id=CVE-2025-38232
04 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: NFSD: fix race between nfsd registration and exports_proc As of now nfsd calls create_proc_exports_entry() at start of init_nfsd and cleanup by remove_proc_entry() at last of exit_nfsd. Which causes kernel OOPs if there is race between below 2 operations: (i) exportfs -r (ii) mount -t nfsd none /proc/fs/nfsd for 5.4 kernel ARM64: CPU 1: el1_irq+0xbc/0x180 arch_counter_get_cntvct+0x14/0x18 running_clock+0xc/0x18 preempt_count_add+0x88/0x110 ... • https://git.kernel.org/stable/c/2029ca75cdfa6a25716a5a76b751486cce7e3822 •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2025-38230 – jfs: validate AG parameters in dbMount() to prevent crashes
https://notcve.org/view.php?id=CVE-2025-38230
04 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: jfs: validate AG parameters in dbMount() to prevent crashes Validate db_agheight, db_agwidth, and db_agstart in dbMount to catch corrupted metadata early and avoid undefined behavior in dbAllocAG. Limits are derived from L2LPERCTL, LPERCTL/MAXAG, and CTLTREESIZE: - agheight: 0 to L2LPERCTL/2 (0 to 5) ensures shift (L2LPERCTL - 2*agheight) >= 0. - agwidth: 1 to min(LPERCTL/MAXAG, 2^(L2LPERCTL - 2*agheight)) ensures agperlev >= 1. - Ranges: 1... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 6.6EPSS: 0%CPEs: 7EXPL: 0CVE-2025-38229 – media: cxusb: no longer judge rbuf when the write fails
https://notcve.org/view.php?id=CVE-2025-38229
04 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: media: cxusb: no longer judge rbuf when the write fails syzbot reported a uninit-value in cxusb_i2c_xfer. [1] Only when the write operation of usb_bulk_msg() in dvb_usb_generic_rw() succeeds and rlen is greater than 0, the read operation of usb_bulk_msg() will be executed to read rlen bytes of data from the dvb device into the rbuf. In this case, although rlen is 1, the write operation failed which resulted in the dvb read operation not bei... • https://git.kernel.org/stable/c/22c6d93a73105fddd58796d7cb10f5f90ee2a338 •
CVSS: 6.6EPSS: 0%CPEs: 12EXPL: 0CVE-2025-38226 – media: vivid: Change the siize of the composing
https://notcve.org/view.php?id=CVE-2025-38226
04 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: media: vivid: Change the siize of the composing syzkaller found a bug: BUG: KASAN: vmalloc-out-of-bounds in tpg_fill_plane_pattern drivers/media/common/v4l2-tpg/v4l2-tpg-core.c:2608 [inline] BUG: KASAN: vmalloc-out-of-bounds in tpg_fill_plane_buffer+0x1a9c/0x5af0 drivers/media/common/v4l2-tpg/v4l2-tpg-core.c:2705 Write of size 1440 at addr ffffc9000d0ffda0 by task vivid-000-vid-c/5304 CPU: 0 UID: 0 PID: 5304 Comm: vivid-000-vid-c Not tainte... • https://git.kernel.org/stable/c/f9d19f3a044ca651b0be52a4bf951ffe74259b9f •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38222 – ext4: inline: fix len overflow in ext4_prepare_inline_data
https://notcve.org/view.php?id=CVE-2025-38222
04 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: inline: fix len overflow in ext4_prepare_inline_data When running the following code on an ext4 filesystem with inline_data feature enabled, it will lead to the bug below. fd = open("file1", O_RDWR | O_CREAT | O_TRUNC, 0666); ftruncate(fd, 30); pwrite(fd, "a", 1, (1UL << 40) + 5UL); That happens because write_begin will succeed as when ext4_generic_write_inline_data calls ext4_prepare_inline_data, pos + len will be truncated, leading ... • https://git.kernel.org/stable/c/f19d5870cbf72d4cb2a8e1f749dff97af99b071e •
CVSS: 5.0EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38219 – f2fs: prevent kernel warning due to negative i_nlink from corrupted image
https://notcve.org/view.php?id=CVE-2025-38219
04 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: f2fs: prevent kernel warning due to negative i_nlink from corrupted image WARNING: CPU: 1 PID: 9426 at fs/inode.c:417 drop_nlink+0xac/0xd0 home/cc/linux/fs/inode.c:417 Modules linked in: CPU: 1 UID: 0 PID: 9426 Comm: syz-executor568 Not tainted 6.14.0-12627-g94d471a4f428 #2 PREEMPT(full) Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014 RIP: 0010:drop_nlink+0xac/0xd0 home/cc/linux/fs/inode.c:417 Code: ... • https://git.kernel.org/stable/c/d9a55869d8237e677ddaa18b0f58586364cfbc1c •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2025-38218 – f2fs: fix to do sanity check on sit_bitmap_size
https://notcve.org/view.php?id=CVE-2025-38218
04 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on sit_bitmap_size w/ below testcase, resize will generate a corrupted image which contains inconsistent metadata, so when mounting such image, it will trigger kernel panic: touch img truncate -s $((512*1024*1024*1024)) img mkfs.f2fs -f img $((256*1024*1024)) resize.f2fs -s -i img -t $((1024*1024*1024)) mount img /mnt/f2fs ------------[ cut here ]------------ kernel BUG at fs/f2fs/segment.h:863! Oops: invalid op... • https://git.kernel.org/stable/c/82f51bff393e4c12cf4de553120ca831cfa4ef19 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-38215 – fbdev: Fix do_register_framebuffer to prevent null-ptr-deref in fb_videomode_to_var
https://notcve.org/view.php?id=CVE-2025-38215
04 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: fbdev: Fix do_register_framebuffer to prevent null-ptr-deref in fb_videomode_to_var If fb_add_videomode() in do_register_framebuffer() fails to allocate memory for fb_videomode, it will later lead to a null-ptr dereference in fb_videomode_to_var(), as the fb_info is registered while not having the mode in modelist that is expected to be there, i.e. the one that is described in fb_info->var. ==================================================... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38214 – fbdev: Fix fb_set_var to prevent null-ptr-deref in fb_videomode_to_var
https://notcve.org/view.php?id=CVE-2025-38214
04 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: fbdev: Fix fb_set_var to prevent null-ptr-deref in fb_videomode_to_var If fb_add_videomode() in fb_set_var() fails to allocate memory for fb_videomode, later it may lead to a null-ptr dereference in fb_videomode_to_var(), as the fb_info is registered while not having the mode in modelist that is expected to be there, i.e. the one that is described in fb_info->var. ================================================================ general prot... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •