CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-38308 – ASoC: Intel: avs: Fix possible null-ptr-deref when initing hw
https://notcve.org/view.php?id=CVE-2025-38308
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: avs: Fix possible null-ptr-deref when initing hw Search result of avs_dai_find_path_template() shall be verified before being used. As 'template' is already known when avs_hw_constraints_init() is fired, drop the search entirely. In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: avs: Fix possible null-ptr-deref when initing hw Search result of avs_dai_find_path_template() shall be verified before ... • https://git.kernel.org/stable/c/f2f847461fb7620e299be873cdd9437ddecd2266 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-38307 – ASoC: Intel: avs: Verify content returned by parse_int_array()
https://notcve.org/view.php?id=CVE-2025-38307
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: avs: Verify content returned by parse_int_array() The first element of the returned array stores its length. If it is 0, any manipulation beyond the element at index 0 ends with null-ptr-deref. In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: avs: Verify content returned by parse_int_array() The first element of the returned array stores its length. If it is 0, any manipulation beyond the element... • https://git.kernel.org/stable/c/5a565ba23abe478f3d4c3b0c8798bcb5215b82f5 •
CVSS: 6.3EPSS: 0%CPEs: 2EXPL: 0CVE-2025-38306 – fs/fhandle.c: fix a race in call of has_locked_children()
https://notcve.org/view.php?id=CVE-2025-38306
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: fs/fhandle.c: fix a race in call of has_locked_children() may_decode_fh() is calling has_locked_children() while holding no locks. That's an oopsable race... The rest of the callers are safe since they are holding namespace_sem and are guaranteed a positive refcount on the mount in question. Rename the current has_locked_children() to __has_locked_children(), make it static and switch the fs/namespace.c users to it. Make has_locked_children... • https://git.kernel.org/stable/c/620c266f394932e5decc4b34683a75dfc59dc2f4 •
CVSS: 5.6EPSS: 0%CPEs: 6EXPL: 0CVE-2025-38305 – ptp: remove ptp->n_vclocks check logic in ptp_vclock_in_use()
https://notcve.org/view.php?id=CVE-2025-38305
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: ptp: remove ptp->n_vclocks check logic in ptp_vclock_in_use() There is no disagreement that we should check both ptp->is_virtual_clock and ptp->n_vclocks to check if the ptp virtual clock is in use. However, when we acquire ptp->n_vclocks_mux to read ptp->n_vclocks in ptp_vclock_in_use(), we observe a recursive lock in the call trace starting from n_vclocks_store(). ============================================ WARNING: possible recursive lo... • https://git.kernel.org/stable/c/73f37068d540eba5f93ba3a0019bf479d35ebd76 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-38304 – Bluetooth: Fix NULL pointer deference on eir_get_service_data
https://notcve.org/view.php?id=CVE-2025-38304
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix NULL pointer deference on eir_get_service_data The len parameter is considered optional so it can be NULL so it cannot be used for skipping to next entry of EIR_SERVICE_DATA. In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix NULL pointer deference on eir_get_service_data The len parameter is considered optional so it can be NULL so it cannot be used for skipping to next entry of EIR_SERVICE_DA... • https://git.kernel.org/stable/c/8f9ae5b3ae80f168a6224529e3787f4fb27f299a •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-38303 – Bluetooth: eir: Fix possible crashes on eir_create_adv_data
https://notcve.org/view.php?id=CVE-2025-38303
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: eir: Fix possible crashes on eir_create_adv_data eir_create_adv_data may attempt to add EIR_FLAGS and EIR_TX_POWER without checking if that would fit. In the Linux kernel, the following vulnerability has been resolved: Bluetooth: eir: Fix possible crashes on eir_create_adv_data eir_create_adv_data may attempt to add EIR_FLAGS and EIR_TX_POWER without checking if that would fit. • https://git.kernel.org/stable/c/01ce70b0a274bd76a5a311fb90d4d446d9bdfea1 •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2025-38302 – block: don't use submit_bio_noacct_nocheck in blk_zone_wplug_bio_work
https://notcve.org/view.php?id=CVE-2025-38302
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: block: don't use submit_bio_noacct_nocheck in blk_zone_wplug_bio_work Bios queued up in the zone write plug have already gone through all all preparation in the submit_bio path, including the freeze protection. Submitting them through submit_bio_noacct_nocheck duplicates the work and can can cause deadlocks when freezing a queue with pending bio write plugs. Go straight to ->submit_bio or blk_mq_submit_bio to bypass the superfluous extra fr... • https://git.kernel.org/stable/c/9b1ce7f0c6f82e241196febabddba5fab66c8f05 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-38301 – nvmem: zynqmp_nvmem: unbreak driver after cleanup
https://notcve.org/view.php?id=CVE-2025-38301
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: nvmem: zynqmp_nvmem: unbreak driver after cleanup Commit 29be47fcd6a0 ("nvmem: zynqmp_nvmem: zynqmp_nvmem_probe cleanup") changed the driver to expect the device pointer to be passed as the "context", but in nvmem the context parameter comes from nvmem_config.priv which is never set - Leading to null pointer exceptions when the device is accessed. In the Linux kernel, the following vulnerability has been resolved: nvmem: zynqmp_nvmem: unbre... • https://git.kernel.org/stable/c/29be47fcd6a06ea2e79eeeca6e69ad1e23254a69 •
CVSS: 6.6EPSS: 0%CPEs: 5EXPL: 0CVE-2025-38300 – crypto: sun8i-ce-cipher - fix error handling in sun8i_ce_cipher_prepare()
https://notcve.org/view.php?id=CVE-2025-38300
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: crypto: sun8i-ce-cipher - fix error handling in sun8i_ce_cipher_prepare() Fix two DMA cleanup issues on the error path in sun8i_ce_cipher_prepare(): 1] If dma_map_sg() fails for areq->dst, the device driver would try to free DMA memory it has not allocated in the first place. To fix this, on the "theend_sgs" error path, call dma unmap only if the corresponding dma map was successful. 2] If the dma_map_single() call for the IV fails, the dev... • https://git.kernel.org/stable/c/06f751b613296cc34b86fc83fccaf30d646eb8bc •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-38299 – ASoC: mediatek: mt8195: Set ETDM1/2 IN/OUT to COMP_DUMMY()
https://notcve.org/view.php?id=CVE-2025-38299
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: mt8195: Set ETDM1/2 IN/OUT to COMP_DUMMY() ETDM2_IN_BE and ETDM1_OUT_BE are defined as COMP_EMPTY(), in the case the codec dai_name will be null. Avoid a crash if the device tree is not assigning a codec to these links. [ 1.179936] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 [ 1.181065] Mem abort info: [ 1.181420] ESR = 0x0000000096000004 [ 1.181892] EC = 0x25: DABT (current EL), IL =... • https://git.kernel.org/stable/c/e70b8dd26711704b1ff1f1b4eb3d048ba69e29da •