CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-38234 – sched/rt: Fix race in push_rt_task
https://notcve.org/view.php?id=CVE-2025-38234
04 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: sched/rt: Fix race in push_rt_task Overview ======== When a CPU chooses to call push_rt_task and picks a task to push to another CPU's runqueue then it will call find_lock_lowest_rq method which would take a double lock on both CPUs' runqueues. If one of the locks aren't readily available, it may lead to dropping the current runqueue lock and reacquiring both the locks at once. During this window it is possible that the task is already migr... • https://git.kernel.org/stable/c/07ecabfbca64f4f0b6071cf96e49d162fa9d138d •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-38232 – NFSD: fix race between nfsd registration and exports_proc
https://notcve.org/view.php?id=CVE-2025-38232
04 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: NFSD: fix race between nfsd registration and exports_proc As of now nfsd calls create_proc_exports_entry() at start of init_nfsd and cleanup by remove_proc_entry() at last of exit_nfsd. Which causes kernel OOPs if there is race between below 2 operations: (i) exportfs -r (ii) mount -t nfsd none /proc/fs/nfsd for 5.4 kernel ARM64: CPU 1: el1_irq+0xbc/0x180 arch_counter_get_cntvct+0x14/0x18 running_clock+0xc/0x18 preempt_count_add+0x88/0x110 ... • https://git.kernel.org/stable/c/2029ca75cdfa6a25716a5a76b751486cce7e3822 •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2025-38230 – jfs: validate AG parameters in dbMount() to prevent crashes
https://notcve.org/view.php?id=CVE-2025-38230
04 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: jfs: validate AG parameters in dbMount() to prevent crashes Validate db_agheight, db_agwidth, and db_agstart in dbMount to catch corrupted metadata early and avoid undefined behavior in dbAllocAG. Limits are derived from L2LPERCTL, LPERCTL/MAXAG, and CTLTREESIZE: - agheight: 0 to L2LPERCTL/2 (0 to 5) ensures shift (L2LPERCTL - 2*agheight) >= 0. - agwidth: 1 to min(LPERCTL/MAXAG, 2^(L2LPERCTL - 2*agheight)) ensures agperlev >= 1. - Ranges: 1... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 6.6EPSS: 0%CPEs: 7EXPL: 0CVE-2025-38229 – media: cxusb: no longer judge rbuf when the write fails
https://notcve.org/view.php?id=CVE-2025-38229
04 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: media: cxusb: no longer judge rbuf when the write fails syzbot reported a uninit-value in cxusb_i2c_xfer. [1] Only when the write operation of usb_bulk_msg() in dvb_usb_generic_rw() succeeds and rlen is greater than 0, the read operation of usb_bulk_msg() will be executed to read rlen bytes of data from the dvb device into the rbuf. In this case, although rlen is 1, the write operation failed which resulted in the dvb read operation not bei... • https://git.kernel.org/stable/c/22c6d93a73105fddd58796d7cb10f5f90ee2a338 •
CVSS: 5.0EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38219 – f2fs: prevent kernel warning due to negative i_nlink from corrupted image
https://notcve.org/view.php?id=CVE-2025-38219
04 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: f2fs: prevent kernel warning due to negative i_nlink from corrupted image WARNING: CPU: 1 PID: 9426 at fs/inode.c:417 drop_nlink+0xac/0xd0 home/cc/linux/fs/inode.c:417 Modules linked in: CPU: 1 UID: 0 PID: 9426 Comm: syz-executor568 Not tainted 6.14.0-12627-g94d471a4f428 #2 PREEMPT(full) Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014 RIP: 0010:drop_nlink+0xac/0xd0 home/cc/linux/fs/inode.c:417 Code: ... • https://git.kernel.org/stable/c/d9a55869d8237e677ddaa18b0f58586364cfbc1c •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2025-38218 – f2fs: fix to do sanity check on sit_bitmap_size
https://notcve.org/view.php?id=CVE-2025-38218
04 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on sit_bitmap_size w/ below testcase, resize will generate a corrupted image which contains inconsistent metadata, so when mounting such image, it will trigger kernel panic: touch img truncate -s $((512*1024*1024*1024)) img mkfs.f2fs -f img $((256*1024*1024)) resize.f2fs -s -i img -t $((1024*1024*1024)) mount img /mnt/f2fs ------------[ cut here ]------------ kernel BUG at fs/f2fs/segment.h:863! Oops: invalid op... • https://git.kernel.org/stable/c/82f51bff393e4c12cf4de553120ca831cfa4ef19 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-38215 – fbdev: Fix do_register_framebuffer to prevent null-ptr-deref in fb_videomode_to_var
https://notcve.org/view.php?id=CVE-2025-38215
04 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: fbdev: Fix do_register_framebuffer to prevent null-ptr-deref in fb_videomode_to_var If fb_add_videomode() in do_register_framebuffer() fails to allocate memory for fb_videomode, it will later lead to a null-ptr dereference in fb_videomode_to_var(), as the fb_info is registered while not having the mode in modelist that is expected to be there, i.e. the one that is described in fb_info->var. ==================================================... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38214 – fbdev: Fix fb_set_var to prevent null-ptr-deref in fb_videomode_to_var
https://notcve.org/view.php?id=CVE-2025-38214
04 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: fbdev: Fix fb_set_var to prevent null-ptr-deref in fb_videomode_to_var If fb_add_videomode() in fb_set_var() fails to allocate memory for fb_videomode, later it may lead to a null-ptr dereference in fb_videomode_to_var(), as the fb_info is registered while not having the mode in modelist that is expected to be there, i.e. the one that is described in fb_info->var. ================================================================ general prot... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38213 – vgacon: Add check for vc_origin address range in vgacon_scroll()
https://notcve.org/view.php?id=CVE-2025-38213
04 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: vgacon: Add check for vc_origin address range in vgacon_scroll() Our in-house Syzkaller reported the following BUG (twice), which we believed was the same issue with [1]: ================================================================== BUG: KASAN: slab-out-of-bounds in vcs_scr_readw+0xc2/0xd0 drivers/tty/vt/vt.c:4740 Read of size 2 at addr ffff88800f5bef60 by task syz.7.2620/12393 ... Call Trace:
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38212 – ipc: fix to protect IPCS lookups using RCU
https://notcve.org/view.php?id=CVE-2025-38212
04 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: ipc: fix to protect IPCS lookups using RCU syzbot reported that it discovered a use-after-free vulnerability, [0] [0]: https://lore.kernel.org/all/67af13f8.050a0220.21dd3.0038.GAE@google.com/ idr_for_each() is protected by rwsem, but this is not enough. If it is not protected by RCU read-critical region, when idr_for_each() calls radix_tree_node_free() through call_rcu() to free the radix_tree_node structure, the node will be freed immediat... • https://git.kernel.org/stable/c/b34a6b1da371ed8af1221459a18c67970f7e3d53 •