CVE-2025-38232

In the Linux kernel, the following vulnerability has been resolved: NFSD: fix race between nfsd registration and exports_proc As of now nfsd calls create_proc_exports_entry() at start of init_nfsdand cleanup by remove_proc_entry() at last of exit_nfsd. Which causes kernel OOPs if there is race betw...

CVE-2025-38261

In the Linux kernel, the following vulnerability has been resolved: riscv: save the SR_SUM status over switches When threads/tasks are switched we need to ensure the old execution'sSR_SUM state is saved and the new thread has the old SR_SUM staterestored. The issue was seen under heavy load especia...

CVE-2025-38469

In the Linux kernel, the following vulnerability has been resolved: KVM: x86/xen: Fix cleanup logic in emulation of Xen schedop poll hypercalls kvm_xen_schedop_poll does a kmalloc_array() when a VM polls the hostfor more than one event channel potr (nr_ports > 1). After the kmalloc_array(), the ...

CVE-2025-38491

In the Linux kernel, the following vulnerability has been resolved: mptcp: make fallback action and fallback decision atomic Syzkaller reported the following splat: WARNING: CPU: 1 PID: 7704 at net/mptcp/protocol.h:1223 __mptcp_do_fallback net/mptcp/protocol.h:1223 [inline]WARNING: CPU: 1 PID: 7704...

CVE-2016-3907

An information disclosure vulnerability in Qualcomm components including the GPU driver, power driver, SMSM Point-to-Point driver, and sound driver in Android before 2016-11-05 could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderat...

CVE-2022-50004

In the Linux kernel, the following vulnerability has been resolved: xfrm: policy: fix metadata dst->dev xmit null pointer dereference When we try to transmit an skb with metadata_dst attached (i.e. dst->dev== NULL) through xfrm interface we can hit a null pointer dereference[1]in xfrmi_xmit2(...

CVE-2024-57983

In the Linux kernel, the following vulnerability has been resolved: mailbox: th1520: Fix memory corruption due to incorrect array size The functions th1520_mbox_suspend_noirq and th1520_mbox_resume_noirq areintended to save and restore the interrupt mask registers in the MBOXICU0. However, the arra...

CVE-2025-38036

In the Linux kernel, the following vulnerability has been resolved: drm/xe/vf: Perform early GT MMIO initialization to read GMDID VFs need to communicate with the GuC to obtain the GMDID valueand existing GuC functions used for that assume that the GT hasit's MMIO members already setup. However, du...

CVE-2025-38092

In the Linux kernel, the following vulnerability has been resolved: ksmbd: use list_first_entry_or_null for opinfo_get_list() The list_first_entry() macro never returns NULL. If the list isempty then it returns an invalid pointer. Use list_first_entry_or_null()to check if the list is empty.

CVE-2025-38253

In the Linux kernel, the following vulnerability has been resolved: HID: wacom: fix crash in wacom_aes_battery_handler() Commit fd2a9b29dc9c ("HID: wacom: Remove AES power_supply after extendedinactivity") introduced wacom_aes_battery_handler() which is scheduledas a delayed work (aes_battery_work)...

CVE-2025-38269

In the Linux kernel, the following vulnerability has been resolved: btrfs: exit after state insertion failure at btrfs_convert_extent_bit() If insert_state() state failed it returns an error pointer and we callextent_io_tree_panic() which will trigger a BUG() call. However ifCONFIG_BUG is disabled,...

CVE-2025-38284

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: pci: configure manual DAC mode via PCI config API only To support 36-bit DMA, configure chip proprietary bit via PCI config APIor chip DBI interface. However, the PCI device mmap isn't set yet andthe DBI is also inacce...

CVE-2025-38295

In the Linux kernel, the following vulnerability has been resolved: perf/amlogic: Replace smp_processor_id() with raw_smp_processor_id() in meson_ddr_pmu_create() The Amlogic DDR PMU driver meson_ddr_pmu_create() function incorrectly usessmp_processor_id(), which assumes disabled preemption. This l...

CVE-2025-38321

In the Linux kernel, the following vulnerability has been resolved: smb: Log an error when close_all_cached_dirs fails Under low-memory conditions, close_all_cached_dirs() can't move thedentries to a separate list to dput() them once the locks are dropped.This will result in a "Dentry still in use"...

CVE-2025-38333

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to bail out in get_new_segment() ------------[ cut here ]------------WARNING: CPU: 3 PID: 579 at fs/f2fs/segment.c:2832 new_curseg+0x5e8/0x6dcpc : new_curseg+0x5e8/0x6dcCall trace:new_curseg+0x5e8/0x6dcf2fs_allocate_data_...

CVE-2025-38347

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on ino and xnid syzbot reported a f2fs bug as below: INFO: task syz-executor140:5308 blocked for more than 143 seconds.Not tainted 6.14.0-rc7-syzkaller-00069-g81e4f8d68c66 #0"echo 0 > /proc/sys/kerne...

CVE-2025-38438

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Intel: hda: Use devm_kstrdup() to avoid memleak. sof_pdata->tplg_filename can have address allocated by kstrdup()and can be overwritten. Memory leak was detected with kmemleak: unreferenced object 0xffff88812391ff60 (...

CVE-2025-38493

In the Linux kernel, the following vulnerability has been resolved: tracing/osnoise: Fix crash in timerlat_dump_stack() We have observed kernel panics when using timerlat with stack saving,with the following dmesg output: memcpy: detected buffer overflow: 88 byte write of buffer size 0WARNING: CPU:...

CVE-2023-4130

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix wrong next length validation of ea buffer in smb2_set_ea() There are multiple smb2_ea_info buffers in FILE_FULL_EA_INFORMATION requestfrom client. ksmbd find next smb2_ea_info using ->NextEntryOffset ofcurrent smb2_ea...

CVE-2025-38125

In the Linux kernel, the following vulnerability has been resolved: net: stmmac: make sure that ptp_rate is not 0 before configuring EST If the ptp_rate recorded earlier in the driver happens to be 0, thisbogus value will propagate up to EST configuration, where it willtrigger a division by 0. Prev...

CVE-2025-38140

In the Linux kernel, the following vulnerability has been resolved: dm: limit swapping tables for devices with zone write plugs dm_revalidate_zones() only allowed new or previously unzoned devices tocall blk_revalidate_disk_zones(). If the device was already zoned,disk->nr_zones would always equ...

CVE-2025-38169

In the Linux kernel, the following vulnerability has been resolved: arm64/fpsimd: Avoid clobbering kernel FPSIMD state with SMSTOP On system with SME, a thread's kernel FPSIMD state may be erroneouslyclobbered during a context switch immediately after that state isrestored. Systems without SME are ...

CVE-2025-38359

In the Linux kernel, the following vulnerability has been resolved: s390/mm: Fix in_atomic() handling in do_secure_storage_access() Kernel user spaces accesses to not exported pages in atomic contextincorrectly try to resolve the page fault.With debug options enabled call traces like this can be se...

CVE-2025-38360

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add more checks for DSC / HUBP ONO guarantees [WHY]For non-zero DSC instances it's possible that the HUBP domain requiredto drive it for sequential ONO ASICs isn't met, potentially causingthe logic to the tile to e...

CVE-2025-38408

In the Linux kernel, the following vulnerability has been resolved: genirq/irq_sim: Initialize work context pointers properly Initialize ops member's pointers properly by using kzalloc() instead ofkmalloc() when allocating the simulation work context. Otherwise thepointers contain random content le...

CVE-2025-38440

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix race between DIM disable and net_dim() There's a race between disabling DIM and NAPI callbacks using the dimpointer on the RQ or SQ. If NAPI checks the DIM state bit and sees it still set, it assumesrq->dim or sq-...

CVE-2025-38038

In the Linux kernel, the following vulnerability has been resolved: cpufreq: amd-pstate: Remove unnecessary driver_lock in set_boost set_boost is a per-policy function call, hence a driver wide lock isunnecessary. Also this mutex_acquire can collide with the mutex_acquirefrom the mode-switch path i...

CVE-2025-38042

In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: k3-udma-glue: Drop skip_fdq argument from k3_udma_glue_reset_rx_chn The user of k3_udma_glue_reset_rx_chn() e.g. ti_am65_cpsw_nuss canrun on multiple platforms having different DMA architectures.On some platforms the...

CVE-2025-38141

In the Linux kernel, the following vulnerability has been resolved: dm: fix dm_blk_report_zones If dm_get_live_table() returned NULL, dm_put_live_table() was nevercalled. Also, it is possible that md->zone_revalidate_map will changewhile calling this function. Only read it once, so that we are a...

CVE-2025-38164

In the Linux kernel, the following vulnerability has been resolved: f2fs: zone: fix to avoid inconsistence in between SIT and SSA w/ below testcase, it will cause inconsistence in between SIT and SSA. create_null_blk 512 2 1024 1024mkfs.f2fs -m /dev/nullb0mount /dev/nullb0 /mnt/f2fs/touch /mnt/f2fs...

CVE-2025-38195

In the Linux kernel, the following vulnerability has been resolved: LoongArch: Fix panic caused by NULL-PMD in huge_pte_offset() ERROR INFO: CPU 25 Unable to handle kernel paging request at virtual address 0x0...Call Trace:[] huge_pte_offset+0x3c/0x58[] hugetlb_follow_page_mask+0x74/0x438[] __get_u...

CVE-2025-38242

In the Linux kernel, the following vulnerability has been resolved: mm: userfaultfd: fix race of userfaultfd_move and swap cache This commit fixes two kinds of races, they may have different results: Barry reported a BUG_ON in commit c50f8e6053b0, we may see the sameBUG_ON if the filemap lookup ret...

CVE-2025-38270

In the Linux kernel, the following vulnerability has been resolved: net: drv: netdevsim: don't napi_complete() from netpoll netdevsim supports netpoll. Make sure we don't call napi_complete()from it, since it may not be scheduled. Breno reports hitting awarning in napi_complete_done(): WARNING: CPU...

CVE-2025-38297

In the Linux kernel, the following vulnerability has been resolved: PM: EM: Fix potential division-by-zero error in em_compute_costs() When the device is of a non-CPU type, table[i].performance won't beinitialized in the previous em_init_performance(), resulting in divisionby zero when calculating ...

CVE-2025-38322

In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel: Fix crash in icl_update_topdown_event() The perf_fuzzer found a hard-lockup crash on a RaptorLake machine: Oops: general protection fault, maybe for address 0xffff89aeceab400: 0000CPU: 23 UID: 0 PID: 0 Comm: swapper...

CVE-2025-38368

In the Linux kernel, the following vulnerability has been resolved: misc: tps6594-pfsm: Add NULL pointer check in tps6594_pfsm_probe() The returned value, pfsm->miscdev.name, from devm_kasprintf()could be NULL.A pointer check is added to prevent potential NULL pointer dereference.This is similar...

CVE-2025-38500

In the Linux kernel, the following vulnerability has been resolved: xfrm: interface: fix use-after-free after changing collect_md xfrm interface collect_md property on xfrm interfaces can only be set on device creation,thus xfrmi_changelink() should fail when called on such interfaces. The check to...

CVE-2025-38033

In the Linux kernel, the following vulnerability has been resolved: x86/Kconfig: make CFI_AUTO_DEFAULT depend on !RUST or Rust >= 1.88 Calling core::fmt::write() from rust code while FineIBT is enabledresults in a kernel panic: [ 4614.199779] kernel BUG at arch/x86/kernel/cet.c:132![ 4614.205343...

CVE-2025-38055

In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel: Fix segfault with PEBS-via-PT with sample_freq Currently, using PEBS-via-PT with a sample frequency instead of a sampleperiod, causes a segfault. For example: BUG: kernel NULL pointer dereference, address: 000000000...

CVE-2025-38096

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: don't warn when if there is a FW error iwl_trans_reclaim is warning if it is called when the FW is not alive.But if it is called when there is a pending restart, i.e. after a FWerror, there is no need to warn, instea...

CVE-2025-38156

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7996: Fix null-ptr-deref in mt7996_mmio_wed_init() devm_ioremap() returns NULL on error. Currently, mt7996_mmio_wed_init()does not check for this case, which results in a NULL pointerdereference. Prevent null pointer ...

CVE-2025-38179

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix max_sge overflow in smb_extract_folioq_to_rdma() This fixes the following problem: [ 749.901015] [ T8673] run fstests cifs/001 at 2025-06-17 09:40:30[ 750.346409] [ T9870] ==========================================...

CVE-2025-38223

In the Linux kernel, the following vulnerability has been resolved: ceph: avoid kernel BUG for encrypted inode with unaligned file size The generic/397 test hits a BUG_ON for the case of encrypted inode withunaligned file size (for example, 33K or 1K): [ 877.737811] run fstests generic/397 at 2025-...

CVE-2025-38228

In the Linux kernel, the following vulnerability has been resolved: media: imagination: fix a potential memory leak in e5010_probe() Add video_device_release() to release the memory allocated byvideo_device_alloc() if something goes wrong.

CVE-2025-38267

In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Do not trigger WARN_ON() due to a commit_overrun When reading a memory mapped buffer the reader page is just swapped outwith the last page written in the write buffer. If the reader page is thesame as the commit buffer...

CVE-2025-38301

In the Linux kernel, the following vulnerability has been resolved: nvmem: zynqmp_nvmem: unbreak driver after cleanup Commit 29be47fcd6a0 ("nvmem: zynqmp_nvmem: zynqmp_nvmem_probe cleanup")changed the driver to expect the device pointer to be passed as the"context", but in nvmem the context paramet...

CVE-2025-38306

In the Linux kernel, the following vulnerability has been resolved: fs/fhandle.c: fix a race in call of has_locked_children() may_decode_fh() is calling has_locked_children() while holding no locks.That's an oopsable race... The rest of the callers are safe since they are holding namespace_sem anda...

CVE-2022-50042

In the Linux kernel, the following vulnerability has been resolved: net: genl: fix error path memory leak in policy dumping If construction of the array of policies fails when recordingnon-first policy we need to unwind. netlink_policy_dump_add_policy() itself also needs fixing asit currently gives...

CVE-2022-50058

In the Linux kernel, the following vulnerability has been resolved: vdpa_sim_blk: set number of address spaces and virtqueue groups Commit bda324fd037a ("vdpasim: control virtqueue support") added twonew fields (nas, ngroups) to vdpasim_dev_attr, but we forgot toinitialize them for vdpa_sim_blk. Wh...

CVE-2022-50230

In the Linux kernel, the following vulnerability has been resolved: arm64: set UXN on swapper page tables [ This issue was fixed upstream by accident in c3cee924bd85 ("arm64:head: cover entire kernel image in initial ID map") as part of alarge refactoring of the arm64 boot flow. This simple fix is ...