CVE-2025-38444 raid10: cleanup memleak at raid10_make_request

In the Linux kernel, the following vulnerability has been resolved: raid10: cleanup memleak at raid10makerequest If raid10readrequest or raid10writerequest registers a new request and the REQNOWAIT flag is set, the code does not free the malloc from the mempool. unreferenced object...

CVE-2025-38427

In the Linux kernel, the following vulnerability has been resolved: video: screeninfo: Relocate framebuffers behind PCI bridges Apply PCI host-bridge window offsets to screeninfo framebuffers. Fixes invalid access to I/O memory. Resources behind a PCI host bridge can be relocated by a certain...

CVE-2025-38416 NFC: nci: uart: Set tty->disc_data only in success path

In the Linux kernel, the following vulnerability has been resolved: NFC: nci: uart: Set tty-discdata only in success path Setting tty-discdata before opening the NCI device means we need to clean it up on error paths. This also opens some short window if device starts sending data, even before...

CVE-2025-38415

CVE-2025-38415 is a Linux kernel vulnerability affecting Squashfs where sb_min_blocksize(sb, SQUASHFS_DEVBLK_SIZE) can return 0, causing msblk->devblksize to be 0 and leading to an out-of-bounds shift (64) in msblk->devblksize_log2. The issue stems from not handling a 0 return from sb_min_b...

CVE-2025-38302

Technical details about CVE-2025-38302 are not publicly provided in the connected documents. The Linux kernel fix is described at a high level; no vendor/product/version mappings or exploit details are included here. Monitor for updates from vendors/security advisories.

CVE-2025-38277 mtd: nand: ecc-mxic: Fix use of uninitialized variable ret

In the Linux kernel, the following vulnerability has been resolved: mtd: nand: ecc-mxic: Fix use of uninitialized variable ret If ctx-steps is zero, the loop processing ECC steps is skipped, and the variable ret remains uninitialized. It is later checked and returned, which leads to undefined...

CVE-2025-38209 nvme-tcp: remove tag set when second admin queue config fails

In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: remove tag set when second admin queue config fails Commit 104d0e2f6222 "nvme-fabrics: reset admin connection for secure concatenation" modified nvmetcpsetupctrl to call nvmetcpconfigureadminqueue twice. The first call...

CVE-2025-38136

In the Linux kernel, the following vulnerability has been resolved: usb: renesasusbhs: Reorder clock handling and power management in probe Reorder the initialization sequence in usbhsprobe to enable runtime PM before accessing registers, preventing potential crashes due to uninitialized clocks...

CVE-2025-38137 PCI/pwrctrl: Cancel outstanding rescan work when unregistering

In the Linux kernel, the following vulnerability has been resolved: PCI/pwrctrl: Cancel outstanding rescan work when unregistering It's possible to trigger use-after-free here by: a forcing rescanworkfunc to take a long time and b utilizing a pwrctrl driver that may be unloaded for some reason...

CVE-2025-38106 io_uring: fix use-after-free of sq->thread in __io_uring_show_fdinfo()

In the Linux kernel, the following vulnerability has been resolved: iouring: fix use-after-free of sq-thread in iouringshowfdinfo syzbot reports: BUG: KASAN: slab-use-after-free in getrusage+0x1109/0x1a60 Read of size 8 at addr ffff88810de2d2c8 by task a.out/304 CPU: 0 UID: 0 PID: 304 Comm: a.out...

CVE-2025-38092 ksmbd: use list_first_entry_or_null for opinfo_get_list()

In the Linux kernel, the following vulnerability has been resolved: ksmbd: use listfirstentryornull for opinfogetlist The listfirstentry macro never returns NULL. If the list is empty then it returns an invalid pointer. Use listfirstentryornull to check if the list is empty...

CVE-2025-38084 mm/hugetlb: unshare page tables during VMA split, not before

In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: unshare page tables during VMA split, not before Currently, splitvma triggers hugetlb page table unsharing through vmops-maysplit. This happens before the VMA lock and rmap locks are taken - which is too early, it...

CVE-2022-49977

In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix NULL pointer dereference in isftracetrampoline when ftrace is dead ftracestartup does not remove ops from ftraceopslist when ftracestartupenable fails: registerftracefunction ftracestartup registerftracefunction...

CVE-2022-50068

In the Linux kernel, the following vulnerability has been resolved: drm/ttm: Fix dummy res NULL ptr deref bug Check the bo-resource value before accessing the resource memtype. v2: Fix commit description unwrapped warning 40.191227 T184 general protection fault, probably for non-canonical address...

CVE-2022-50087 firmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails

In the Linux kernel, the following vulnerability has been resolved: firmware: armscpi: Ensure scpiinfo is not assigned if the probe fails When scpi probe fails, at any point, we need to ensure that the scpiinfo is not set and will remain NULL until the probe succeeds. If it is not taken care, the...

CVE-2022-50061 pinctrl: nomadik: Fix refcount leak in nmk_pinctrl_dt_subnode_to_map

In the Linux kernel, the following vulnerability has been resolved: pinctrl: nomadik: Fix refcount leak in nmkpinctrldtsubnodetomap ofparsephandle returns a node pointer with refcount incremented, we should use ofnodeput on it when not need anymore. Add missing ofnodeput to avoid refcount leak."...

CVE-2025-38071 x86/mm: Check return value from memblock_phys_alloc_range()

In the Linux kernel, the following vulnerability has been resolved: x86/mm: Check return value from memblockphysallocrange At least with CONFIGPHYSICALSTART=0x100000, if there is 4 MiB of contiguous free memory available at this point, the kernel will crash and burn because memblockphysallocrange...

CVE-2025-38069 PCI: endpoint: pci-epf-test: Fix double free that causes kernel to oops

In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: pci-epf-test: Fix double free that causes kernel to oops Fix a kernel oops found while testing the stm32pcie Endpoint driver with handling of PERST deassertion: During EP initialization, pciepftestallocspace...

CVE-2025-38004

In the Linux kernel, the following vulnerability has been resolved: can: bcm: add locking for bcmop runtime updates The CAN broadcast manager CAN BCM can send a sequence of CAN frames via hrtimer. The content and also the length of the sequence can be changed resp reduced at runtime where the...

CVE-2025-38003

CVE-2025-38003 affects the Linux kernel: the bcm subsystem generates procfs content for bcm_op objects, and removal without proper rcu protection could expose use-after-free data. The patch adds missing rcu_read_lock() and ensures list entries are removed under RCU, addressing UAF in procfs outpu...