CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2025-38224 – can: kvaser_pciefd: refine error prone echo_skb_max handling logic
https://notcve.org/view.php?id=CVE-2025-38224
04 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: can: kvaser_pciefd: refine error prone echo_skb_max handling logic echo_skb_max should define the supported upper limit of echo_skb[] allocated inside the netdevice's priv. The corresponding size value provided by this driver to alloc_candev() is KVASER_PCIEFD_CAN_TX_MAX_COUNT which is 17. But later echo_skb_max is rounded up to the nearest power of two (for the max case, that would be 32) and the tx/ack indices calculated further during tx... • https://git.kernel.org/stable/c/352fbde14177d608a54120b6ff559ce5b3cf6238 •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2025-38223 – ceph: avoid kernel BUG for encrypted inode with unaligned file size
https://notcve.org/view.php?id=CVE-2025-38223
04 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: ceph: avoid kernel BUG for encrypted inode with unaligned file size The generic/397 test hits a BUG_ON for the case of encrypted inode with unaligned file size (for example, 33K or 1K): [ 877.737811] run fstests generic/397 at 2025-01-03 12:34:40 [ 877.875761] libceph: mon0 (2)127.0.0.1:40674 session established [ 877.876130] libceph: client4614 fsid 19b90bca-f1ae-47a6-93dd-0b03ee637949 [ 877.991965] libceph: mon0 (2)127.0.0.1:40674 session... • https://git.kernel.org/stable/c/ee4cdf7ba857a894ad1650d6ab77669cbbfa329e •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38222 – ext4: inline: fix len overflow in ext4_prepare_inline_data
https://notcve.org/view.php?id=CVE-2025-38222
04 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: inline: fix len overflow in ext4_prepare_inline_data When running the following code on an ext4 filesystem with inline_data feature enabled, it will lead to the bug below. fd = open("file1", O_RDWR | O_CREAT | O_TRUNC, 0666); ftruncate(fd, 30); pwrite(fd, "a", 1, (1UL << 40) + 5UL); That happens because write_begin will succeed as when ext4_generic_write_inline_data calls ext4_prepare_inline_data, pos + len will be truncated, leading ... • https://git.kernel.org/stable/c/f19d5870cbf72d4cb2a8e1f749dff97af99b071e •
CVSS: 5.6EPSS: 0%CPEs: 2EXPL: 0CVE-2025-38221 – ext4: fix out of bounds punch offset
https://notcve.org/view.php?id=CVE-2025-38221
04 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: fix out of bounds punch offset Punching a hole with a start offset that exceeds max_end is not permitted and will result in a negative length in the truncate_inode_partial_folio() function while truncating the page cache, potentially leading to undesirable consequences. A simple reproducer: truncate -s 9895604649994 /mnt/foo xfs_io -c "pwrite 8796093022208 4096" /mnt/foo xfs_io -c "fpunch 8796093022213 25769803777" /mnt/foo kernel BUG... • https://git.kernel.org/stable/c/982bf37da09d078570650b691d9084f43805a5de •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-38220 – ext4: only dirty folios when data journaling regular files
https://notcve.org/view.php?id=CVE-2025-38220
04 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: only dirty folios when data journaling regular files fstest generic/388 occasionally reproduces a crash that looks as follows: BUG: kernel NULL pointer dereference, address: 0000000000000000 ... Call Trace:
CVSS: 5.0EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38219 – f2fs: prevent kernel warning due to negative i_nlink from corrupted image
https://notcve.org/view.php?id=CVE-2025-38219
04 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: f2fs: prevent kernel warning due to negative i_nlink from corrupted image WARNING: CPU: 1 PID: 9426 at fs/inode.c:417 drop_nlink+0xac/0xd0 home/cc/linux/fs/inode.c:417 Modules linked in: CPU: 1 UID: 0 PID: 9426 Comm: syz-executor568 Not tainted 6.14.0-12627-g94d471a4f428 #2 PREEMPT(full) Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014 RIP: 0010:drop_nlink+0xac/0xd0 home/cc/linux/fs/inode.c:417 Code: ... • https://git.kernel.org/stable/c/d9a55869d8237e677ddaa18b0f58586364cfbc1c •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2025-38218 – f2fs: fix to do sanity check on sit_bitmap_size
https://notcve.org/view.php?id=CVE-2025-38218
04 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on sit_bitmap_size w/ below testcase, resize will generate a corrupted image which contains inconsistent metadata, so when mounting such image, it will trigger kernel panic: touch img truncate -s $((512*1024*1024*1024)) img mkfs.f2fs -f img $((256*1024*1024)) resize.f2fs -s -i img -t $((1024*1024*1024)) mount img /mnt/f2fs ------------[ cut here ]------------ kernel BUG at fs/f2fs/segment.h:863! Oops: invalid op... • https://git.kernel.org/stable/c/82f51bff393e4c12cf4de553120ca831cfa4ef19 •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2025-38217 – hwmon: (ftsteutates) Fix TOCTOU race in fts_read()
https://notcve.org/view.php?id=CVE-2025-38217
04 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: hwmon: (ftsteutates) Fix TOCTOU race in fts_read() In the fts_read() function, when handling hwmon_pwm_auto_channels_temp, the code accesses the shared variable data->fan_source[channel] twice without holding any locks. It is first checked against FTS_FAN_SOURCE_INVALID, and if the check passes, it is read again when used as an argument to the BIT() macro. This creates a Time-of-Check to Time-of-Use (TOCTOU) race condition. Another thread e... • https://git.kernel.org/stable/c/1c5759d8ce054961b454af69568a41e7e3210ee1 •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2025-38216 – iommu/vt-d: Restore context entry setup order for aliased devices
https://notcve.org/view.php?id=CVE-2025-38216
04 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Restore context entry setup order for aliased devices Commit 2031c469f816 ("iommu/vt-d: Add support for static identity domain") changed the context entry setup during domain attachment from a set-and-check policy to a clear-and-reset approach. This inadvertently introduced a regression affecting PCI aliased devices behind PCIe-to-PCI bridges. Specifically, keyboard and touchpad stopped working on several Apple Macbooks with bel... • https://git.kernel.org/stable/c/2031c469f8161abe74189cb74f50da224f340b71 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-38215 – fbdev: Fix do_register_framebuffer to prevent null-ptr-deref in fb_videomode_to_var
https://notcve.org/view.php?id=CVE-2025-38215
04 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: fbdev: Fix do_register_framebuffer to prevent null-ptr-deref in fb_videomode_to_var If fb_add_videomode() in do_register_framebuffer() fails to allocate memory for fb_videomode, it will later lead to a null-ptr dereference in fb_videomode_to_var(), as the fb_info is registered while not having the mode in modelist that is expected to be there, i.e. the one that is described in fb_info->var. ==================================================... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •