CVSS: -EPSS: %CPEs: 6EXPL: 0CVE-2025-38553 – net/sched: Restrict conditions for adding duplicating netems to qdisc tree
https://notcve.org/view.php?id=CVE-2025-38553
19 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: net/sched: Restrict conditions for adding duplicating netems to qdisc tree netem_enqueue's duplication prevention logic breaks when a netem resides in a qdisc tree with other netems - this can lead to a soft lockup and OOM loop in netem_dequeue, as seen in [1]. Ensure that a duplicating netem cannot exist in a tree with other netems. Previous approaches suggested in discussions in chronological order: 1) Track duplication status or ttl in t... • https://git.kernel.org/stable/c/0afb51e72855971dba83b3c6b70c547c2d1161fd •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38546 – atm: clip: Fix memory leak of struct clip_vcc.
https://notcve.org/view.php?id=CVE-2025-38546
16 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: atm: clip: Fix memory leak of struct clip_vcc. ioctl(ATMARP_MKIP) allocates struct clip_vcc and set it to vcc->user_back. The code assumes that vcc_destroy_socket() passes NULL skb to vcc->push() when the socket is close()d, and then clip_push() frees clip_vcc. However, ioctl(ATMARPD_CTRL) sets NULL to vcc->push() in atm_init_atmarp(), resulting in memory leak. Let's serialise two ioctl() by lock_sock() and check vcc->push() in atm_init_atm... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 6.6EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38542 – net: appletalk: Fix device refcount leak in atrtr_create()
https://notcve.org/view.php?id=CVE-2025-38542
16 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: net: appletalk: Fix device refcount leak in atrtr_create() When updating an existing route entry in atrtr_create(), the old device reference was not being released before assigning the new device, leading to a device refcount leak. Fix this by calling dev_put() to release the old device reference before holding the new one. In the Linux kernel, the following vulnerability has been resolved: net: appletalk: Fix device refcount leak in atrtr_... • https://git.kernel.org/stable/c/c7f905f0f6d49ed8c1aa4566c31f0383a0ba0c9d •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38540 – HID: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras
https://notcve.org/view.php?id=CVE-2025-38540
16 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: HID: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras The Chicony Electronics HP 5MP Cameras (USB ID 04F2:B824 & 04F2:B82C) report a HID sensor interface that is not actually implemented. Attempting to access this non-functional sensor via iio_info causes system hangs as runtime PM tries to wake up an unresponsive sensor. Add these 2 devices to the HID ignore list since the sensor interface is non-functional by design and should n... • https://git.kernel.org/stable/c/35f1a5360ac68d9629abbb3930a0a07901cba296 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-38531 – iio: common: st_sensors: Fix use of uninitialize device structs
https://notcve.org/view.php?id=CVE-2025-38531
16 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: iio: common: st_sensors: Fix use of uninitialize device structs Throughout the various probe functions &indio_dev->dev is used before it is initialized. This caused a kernel panic in st_sensors_power_enable() when the call to devm_regulator_bulk_get_enable() fails and then calls dev_err_probe() with the uninitialized device. This seems to only cause a panic with dev_err_probe(), dev_err(), dev_warn() and dev_info() don't seem to cause a pan... • https://git.kernel.org/stable/c/610615c9668037e3eca11132063b93b2d945af13 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38514 – rxrpc: Fix oops due to non-existence of prealloc backlog struct
https://notcve.org/view.php?id=CVE-2025-38514
16 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix oops due to non-existence of prealloc backlog struct If an AF_RXRPC service socket is opened and bound, but calls are preallocated, then rxrpc_alloc_incoming_call() will oops because the rxrpc_backlog struct doesn't get allocated until the first preallocation is made. Fix this by returning NULL from rxrpc_alloc_incoming_call() if there is no backlog struct. This will cause the incoming call to be aborted. In the Linux kernel, the... • https://git.kernel.org/stable/c/bf0ca6a1bc4fb904b598137c6718785a107e3adf •
CVSS: 5.7EPSS: 0%CPEs: 5EXPL: 0CVE-2025-38512 – wifi: prevent A-MSDU attacks in mesh networks
https://notcve.org/view.php?id=CVE-2025-38512
16 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: prevent A-MSDU attacks in mesh networks This patch is a mitigation to prevent the A-MSDU spoofing vulnerability for mesh networks. The initial update to the IEEE 802.11 standard, in response to the FragAttacks, missed this case (CVE-2025-27558). It can be considered a variant of CVE-2020-24588 but for mesh networks. This patch tries to detect if a standard MSDU was turned into an A-MSDU by an adversary. This is done by parsing a recei... • https://git.kernel.org/stable/c/e2c8a3c0388aef6bfc4aabfba07bc7dff16eea80 •
CVSS: 5.0EPSS: 0%CPEs: 5EXPL: 0CVE-2025-38503 – btrfs: fix assertion when building free space tree
https://notcve.org/view.php?id=CVE-2025-38503
16 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: fix assertion when building free space tree When building the free space tree with the block group tree feature enabled, we can hit an assertion failure like this: BTRFS info (device loop0 state M): rebuilding free space tree assertion failed: ret == 0, in fs/btrfs/free-space-tree.c:1102 ------------[ cut here ]------------ kernel BUG at fs/btrfs/free-space-tree.c:1102! Internal error: Oops - BUG: 00000000f2000800 [#1] SMP Modules li... • https://git.kernel.org/stable/c/7c77df23324f60bcff0ea44392e2c82e9486640c •
CVSS: 5.7EPSS: 0%CPEs: 2EXPL: 0CVE-2024-58238 – Bluetooth: btnxpuart: Resolve TX timeout error in power save stress test
https://notcve.org/view.php?id=CVE-2024-58238
09 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btnxpuart: Resolve TX timeout error in power save stress test This fixes the tx timeout issue seen while running a stress test on btnxpuart for couple of hours, such that the interval between two HCI commands coincide with the power save timeout value of 2 seconds. Test procedure using bash script:
CVSS: 5.6EPSS: 0%CPEs: 1EXPL: 0CVE-2022-50233 – Bluetooth: eir: Fix using strlen with hdev->{dev_name,short_name}
https://notcve.org/view.php?id=CVE-2022-50233
09 Aug 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: eir: Fix using strlen with hdev->{dev_name,short_name} Both dev_name and short_name are not guaranteed to be NULL terminated so this instead use strnlen and then attempt to determine if the resulting string needs to be truncated or not. In the Linux kernel, the following vulnerability has been resolved: Bluetooth: eir: Fix using strlen with hdev->{dev_name,short_name} Both dev_name and short_name are not guaranteed to be NULL ter... • https://git.kernel.org/stable/c/dd7b8cdde098cf9f7c8de409b5b7bbb98f97be80 •