CVSS: -EPSS: %CPEs: 8EXPL: 0CVE-2025-38173 – crypto: marvell/cesa - Handle zero-length skcipher requests
https://notcve.org/view.php?id=CVE-2025-38173
03 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: crypto: marvell/cesa - Handle zero-length skcipher requests Do not access random memory for zero-length skcipher requests. Just return 0. • https://git.kernel.org/stable/c/f63601fd616ab370774fa00ea10bcaaa9e48e84c •
CVSS: -EPSS: %CPEs: 3EXPL: 0CVE-2025-38172 – erofs: avoid using multiple devices with different type
https://notcve.org/view.php?id=CVE-2025-38172
03 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: erofs: avoid using multiple devices with different type For multiple devices, both primary and extra devices should be the same type. `erofs_init_device` has already guaranteed that if the primary is a file-backed device, extra devices should also be regular files. However, if the primary is a block device while the extra device is a file-backed device, `erofs_init_device` will get an ENOTBLK, which is not treated as an error in `erofs_fc_g... • https://git.kernel.org/stable/c/fb176750266a3d7f42ebdcf28e8ba40350b27847 •
CVSS: -EPSS: %CPEs: 5EXPL: 0CVE-2025-38170 – arm64/fpsimd: Discard stale CPU state when handling SME traps
https://notcve.org/view.php?id=CVE-2025-38170
03 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: arm64/fpsimd: Discard stale CPU state when handling SME traps The logic for handling SME traps manipulates saved FPSIMD/SVE/SME state incorrectly, and a race with preemption can result in a task having TIF_SME set and TIF_FOREIGN_FPSTATE clear even though the live CPU state is stale (e.g. with SME traps enabled). This can result in warnings from do_sme_acc() where SME traps are not expected while TIF_SME is set: | /* With TIF_SME userspace ... • https://git.kernel.org/stable/c/8bd7f91c03d886f41d35f6108078d20be5a4a1bd •
CVSS: -EPSS: %CPEs: 5EXPL: 0CVE-2025-38169 – arm64/fpsimd: Avoid clobbering kernel FPSIMD state with SMSTOP
https://notcve.org/view.php?id=CVE-2025-38169
03 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: arm64/fpsimd: Avoid clobbering kernel FPSIMD state with SMSTOP On system with SME, a thread's kernel FPSIMD state may be erroneously clobbered during a context switch immediately after that state is restored. Systems without SME are unaffected. If the CPU happens to be in streaming SVE mode before a context switch to a thread with kernel FPSIMD state, fpsimd_thread_switch() will restore the kernel FPSIMD state using fpsimd_load_kernel_state... • https://git.kernel.org/stable/c/e92bee9f861b466c676f0200be3e46af7bc4ac6b •
CVSS: -EPSS: %CPEs: 3EXPL: 0CVE-2025-38168 – perf: arm-ni: Unregister PMUs on probe failure
https://notcve.org/view.php?id=CVE-2025-38168
03 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: perf: arm-ni: Unregister PMUs on probe failure When a resource allocation fails in one clock domain of an NI device, we need to properly roll back all previously registered perf PMUs in other clock domains of the same device. Otherwise, it can lead to kernel panics. Calling arm_ni_init+0x0/0xff8 [arm_ni] @ 2374 arm-ni ARMHCB70:00: Failed to request PMU region 0x1f3c13000 arm-ni ARMHCB70:00: probe with driver arm-ni failed with error -16 lis... • https://git.kernel.org/stable/c/4d5a7680f2b4d0c2955e1d9f9a594b050d637436 •
CVSS: -EPSS: %CPEs: 6EXPL: 0CVE-2025-38167 – fs/ntfs3: handle hdr_first_de() return value
https://notcve.org/view.php?id=CVE-2025-38167
03 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: handle hdr_first_de() return value The hdr_first_de() function returns a pointer to a struct NTFS_DE. This pointer may be NULL. To handle the NULL error effectively, it is important to implement an error handler. This will help manage potential errors consistently. Additionally, error handling for the return value already exists at other points where this function is called. • https://git.kernel.org/stable/c/82cae269cfa953032fbb8980a7d554d60fb00b17 •
CVSS: -EPSS: %CPEs: 5EXPL: 0CVE-2025-38166 – bpf: fix ktls panic with sockmap
https://notcve.org/view.php?id=CVE-2025-38166
03 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: fix ktls panic with sockmap [ 2172.936997] ------------[ cut here ]------------ [ 2172.936999] kernel BUG at lib/iov_iter.c:629! ...... [ 2172.944996] PKRU: 55555554 [ 2172.945155] Call Trace: [ 2172.945299] <TASK> [ 2172.945428] ? die+0x36/0x90 [ 2172.945601] ? do_trap+0xdd/0x100 [ 2172.945795] ? iov_iter_revert+0x178/0x180 [ 2172.946031] ? • https://git.kernel.org/stable/c/d3b18ad31f93d0b6bae105c679018a1ba7daa9ca •
CVSS: -EPSS: %CPEs: 6EXPL: 0CVE-2025-38165 – bpf, sockmap: Fix panic when calling skb_linearize
https://notcve.org/view.php?id=CVE-2025-38165
03 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix panic when calling skb_linearize The panic can be reproduced by executing the command: ./bench sockmap -c 2 -p 1 -a --rx-verdict-ingress --rx-strp 100000 Then a kernel panic was captured: ''' [ 657.460555] kernel BUG at net/core/skbuff.c:2178! [ 657.462680] Tainted: [W]=WARN [ 657.463287] Workqueue: events sk_psock_backlog ... [ 657.469610]
CVSS: -EPSS: %CPEs: 4EXPL: 0CVE-2025-38164 – f2fs: zone: fix to avoid inconsistence in between SIT and SSA
https://notcve.org/view.php?id=CVE-2025-38164
03 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: f2fs: zone: fix to avoid inconsistence in between SIT and SSA w/ below testcase, it will cause inconsistence in between SIT and SSA. create_null_blk 512 2 1024 1024 mkfs.f2fs -m /dev/nullb0 mount /dev/nullb0 /mnt/f2fs/ touch /mnt/f2fs/file f2fs_io pinfile set /mnt/f2fs/file fallocate -l 4GiB /mnt/f2fs/file F2FS-fs (nullb0): Inconsistent segment (0) type [1, 0] in SSA and SIT CPU: 5 UID: 0 PID: 2398 Comm: fallocate Tainted: G O 6.13.0-rc1 #8... • https://git.kernel.org/stable/c/9703d69d9d153bb230711d0d577454552aeb13d4 •
CVSS: -EPSS: %CPEs: 8EXPL: 0CVE-2025-38163 – f2fs: fix to do sanity check on sbi->total_valid_block_count
https://notcve.org/view.php?id=CVE-2025-38163
03 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on sbi->total_valid_block_count syzbot reported a f2fs bug as below: ------------[ cut here ]------------ kernel BUG at fs/f2fs/f2fs.h:2521! RIP: 0010:dec_valid_block_count+0x3b2/0x3c0 fs/f2fs/f2fs.h:2521 Call Trace: f2fs_truncate_data_blocks_range+0xc8c/0x11a0 fs/f2fs/file.c:695 truncate_dnode+0x417/0x740 fs/f2fs/node.c:973 truncate_nodes+0x3ec/0xf50 fs/f2fs/node.c:1014 f2fs_truncate_inode_blocks+0x8e3/0x1370 f... • https://git.kernel.org/stable/c/39a53e0ce0df01b3cf4bb898c7ae2fd2189647d5 •