CVE-2025-38647

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: sar: drop lockdep assertion in rtw89_set_sar_from_acpi The following assertion is triggered on the rtw89 driver startup. Itlooks meaningless to hold wiphy lock on the early init stage so drop theassertion. WARNING: CPU...

CVE-2025-38648

In the Linux kernel, the following vulnerability has been resolved: spi: stm32: Check for cfg availability in stm32_spi_probe The stm32_spi_probe function now includes a check to ensure that thepointer returned by of_device_get_match_data is not NULL beforeaccessing its members. This resolves a war...

CVE-2025-38649

In the Linux kernel, the following vulnerability has been resolved: arm64: dts: qcom: qcs615: fix a crash issue caused by infinite loop for Coresight An infinite loop has been created by the Coresight devices. When only asource device is enabled, the coresight_find_activated_sysfs_sink functionis r...

CVE-2025-38650

In the Linux kernel, the following vulnerability has been resolved: hfsplus: remove mutex_lock check in hfsplus_free_extents Syzbot reported an issue in hfsplus filesystem: ------------[ cut here ]------------WARNING: CPU: 0 PID: 4400 at fs/hfsplus/extents.c:346hfsplus_free_extents+0x700/0xad0Call ...

CVE-2025-38651

In the Linux kernel, the following vulnerability has been resolved: landlock: Fix warning from KUnit tests get_id_range() expects a positive value as first argument butget_random_u8() can return 0. Fix this by clamping it. Validated by running the test in a for loop for 1000 times. Note that MAX() ...

CVE-2025-38652

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid out-of-boundary access in devs.path touch /mnt/f2fs/012345678901234567890123456789012345678901234567890123 truncate -s $((10241024 1024)) /mnt/f2fs/012345678901234567890123456789012345678901234567890123 touch /mn...

CVE-2025-38653

In the Linux kernel, the following vulnerability has been resolved: proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al Check pde->proc_ops->proc_lseek directly may cause UAF in rmmod scenario.It's a gap in proc_reg_open() after commit 654b33ada4ab("proc: fix UAF...

CVE-2025-38654

In the Linux kernel, the following vulnerability has been resolved: pinctrl: canaan: k230: Fix order of DT parse and pinctrl register Move DT parse before pinctrl register. This ensures that device treeparsing is done before calling devm_pinctrl_register() to prevent usinguninitialized pin resource...

CVE-2025-38657

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: mcc: prevent shift wrapping in rtw89_core_mlsr_switch() The "link_id" value comes from the user via debugfs. If it's largerthan BITS_PER_LONG then that would result in shift wrapping andpotentially an out of bounds acc...

CVE-2025-38658

In the Linux kernel, the following vulnerability has been resolved: nvmet: pci-epf: Do not complete commands twice if nvmet_req_init() fails Have nvmet_req_init() and req->execute() complete failed commands. Description of the problem:nvmet_req_init() calls __nvmet_req_complete() internally upon...

CVE-2025-38659

In the Linux kernel, the following vulnerability has been resolved: gfs2: No more self recovery When a node withdraws and it turns out that it is the only node that hasthe filesystem mounted, gfs2 currently tries to replay the local journalto bring the filesystem back into a consistent state. Not o...

CVE-2025-38660

In the Linux kernel, the following vulnerability has been resolved: [ceph] parse_longname(): strrchr() expects NUL-terminated string ... and parse_longname() is not guaranteed that. That's the reasonwhy it uses kmemdup_nul() to build the argument for kstrtou64();the problem is, kstrtou64() is not t...

CVE-2025-38661

In the Linux kernel, the following vulnerability has been resolved: platform/x86: alienware-wmi-wmax: Fix dmi_system_id array Add missing empty member to awcc_dmi_table.

CVE-2025-38662

In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: mt8365-dai-i2s: pass correct size to mt8365_dai_set_priv Given mt8365_dai_set_priv allocate priv_size space to copy priv_data whichmeans we should pass mt8365_i2s_priv[i] or "struct mtk_afe_i2s_priv"instead of afe_p...

CVE-2025-38663

In the Linux kernel, the following vulnerability has been resolved: nilfs2: reject invalid file types when reading inodes To prevent inodes with invalid file types from tripping through the vfsand causing malfunctions or assertion failures, add a missing sanity checkwhen reading an inode from a blo...

CVE-2025-38664

In the Linux kernel, the following vulnerability has been resolved: ice: Fix a null pointer dereference in ice_copy_and_init_pkg() Add check for the return value of devm_kmemdup()to prevent potential null pointer dereference.

CVE-2025-38665

In the Linux kernel, the following vulnerability has been resolved: can: netlink: can_changelink(): fix NULL pointer deref of struct can_priv::do_set_mode Andrei Lalaev reported a NULL pointer deref when a CAN device isrestarted from Bus Off and the driver does not implement the structcan_priv::do_...

CVE-2025-38666

In the Linux kernel, the following vulnerability has been resolved: net: appletalk: Fix use-after-free in AARP proxy probe The AARP proxy‐probe routine (aarp_proxy_probe_network) sends a probe,releases the aarp_lock, sleeps, then re-acquires the lock. During thatwindow an expire timer thread (__aar...

CVE-2025-38667

In the Linux kernel, the following vulnerability has been resolved: iio: fix potential out-of-bound write The buffer is set to 20 characters. If a caller write more characters,count is truncated to the max available space in "simple_write_to_buffer".To protect from OoB access, check that the input ...

CVE-2025-38668

In the Linux kernel, the following vulnerability has been resolved: regulator: core: fix NULL dereference on unbind due to stale coupling data Failing to reset coupling_desc.n_coupled after freeing coupled_rdevs canlead to NULL pointer dereference when regulators are accessed post-unbind. This can ...

CVE-2025-38669

In the Linux kernel, the following vulnerability has been resolved: Revert "drm/gem-shmem: Use dma_buf from GEM object instance" This reverts commit 1a148af06000e545e714fe3210af3d77ff903c11. The dma_buf field in struct drm_gem_object is not stable over theobject instance's lifetime. The field becom...

CVE-2025-38670

In the Linux kernel, the following vulnerability has been resolved: arm64/entry: Mask DAIF in cpu_switch_to(), call_on_irq_stack() cpu_switch_to() and call_on_irq_stack() manipulate SP to changeto different stacks along with the Shadow Call Stack if it is enabled.Those two stack changes cannot be d...

CVE-2025-38671

In the Linux kernel, the following vulnerability has been resolved: i2c: qup: jump out of the loop in case of timeout Original logic only sets the return value but doesn't jump out of theloop if the bus is kept active by a client. This is not expected. Amalicious or buggy i2c client can hang the ke...

CVE-2025-38672

In the Linux kernel, the following vulnerability has been resolved: Revert "drm/gem-dma: Use dma_buf from GEM object instance" This reverts commit e8afa1557f4f963c9a511bd2c6074a941c308685. The dma_buf field in struct drm_gem_object is not stable over theobject instance's lifetime. The field becomes...

CVE-2025-38673

In the Linux kernel, the following vulnerability has been resolved: Revert "drm/gem-framebuffer: Use dma_buf from GEM object instance" This reverts commit cce16fcd7446dcff7480cd9d2b6417075ed81065. The dma_buf field in struct drm_gem_object is not stable over theobject instance's lifetime. The field...

CVE-2025-38675

In the Linux kernel, the following vulnerability has been resolved: xfrm: state: initialize state_ptrs earlier in xfrm_state_find In case of preemption, xfrm_state_look_at will find a differentpcpu_id and look up states for that other CPU. If we matched a statefor CPU2 in the state_cache while the ...