| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2025-38000 | sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() | | |
| CVE-2025-38001 | net_sched: hfsc: Address reentrant enqueue adding class to eltree twice | | |
| CVE-2025-38002 | io_uring/fdinfo: grab ctx->uring_lock around io_uring_show_fdinfo() | | |
| CVE-2025-38003 | can: bcm: add missing rcu read protection for procfs content | | |
| CVE-2025-38004 | can: bcm: add locking for bcm_op runtime updates | | |
| CVE-2025-38005 | dmaengine: ti: k3-udma: Add missing locking | | |
| CVE-2025-38006 | net: mctp: Don't access ifa_index when missing | | |
| CVE-2025-38007 | HID: uclogic: Add NULL check in uclogic_input_configured() | | |
| CVE-2025-38008 | mm/page_alloc: fix race condition in unaccepted memory handling | | |
| CVE-2025-38009 | wifi: mt76: disable napi on driver removal | | |
| CVE-2025-38010 | phy: tegra: xusb: Use a bitmask for UTMI pad power state tracking | | |
| CVE-2025-38011 | drm/amdgpu: csa unmap use uninterruptible lock | | |
| CVE-2025-38012 | sched_ext: bpf_iter_scx_dsq_new() should always initialize iterator | | |
| CVE-2025-38013 | wifi: mac80211: Set n_channels after allocating struct cfg80211_scan_request | | |
| CVE-2025-38014 | dmaengine: idxd: Refactor remove call with idxd_cleanup() helper | | |
| CVE-2025-38015 | dmaengine: idxd: fix memory leak in error handling path of idxd_alloc | | |
| CVE-2025-38016 | HID: bpf: abort dispatch if device destroyed | | |
| CVE-2025-38017 | fs/eventpoll: fix endless busy loop after timeout has expired | | |
| CVE-2025-38018 | net/tls: fix kernel panic when alloc_page failed | | |
| CVE-2025-38019 | mlxsw: spectrum_router: Fix use-after-free when deleting GRE net devices | | |
| CVE-2025-38020 | net/mlx5e: Disable MACsec offload for uplink representor profile | | |
| CVE-2025-38021 | drm/amd/display: Fix null check of pipe_ctx->plane_state for update_dchubp_dpp | | |
| CVE-2025-38022 | RDMA/core: Fix "KASAN: slab-use-after-free Read in ib_register_device" problem | | |
| CVE-2025-38023 | nfs: handle failure of nfs_get_lock_context in unlock path | | |
| CVE-2025-38024 | RDMA/rxe: Fix slab-use-after-free Read in rxe_queue_cleanup bug | | |
| CVE-2025-38025 | iio: adc: ad7606: check for NULL before calling sw_mode_config() | | |
| CVE-2025-38026 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2025-38027 | regulator: max20086: fix invalid memory access | | |
| CVE-2025-38028 | NFS/localio: Fix a race in nfs_local_open_fh() | | |
| CVE-2025-38029 | kasan: avoid sleepable page allocation from atomic context | | |
| CVE-2025-38030 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2025-38031 | padata: do not leak refcount in reorder_work | | |
| CVE-2025-38032 | mr: consolidate the ipmr_can_free_table() checks. | | |
| CVE-2025-38033 | x86/Kconfig: make CFI_AUTO_DEFAULT depend on !RUST or Rust >= 1.88 | | |
| CVE-2025-38034 | btrfs: correct the order of prelim_ref arguments in btrfs__prelim_ref | | |
| CVE-2025-38035 | nvmet-tcp: don't restore null sk_state_change | | |
| CVE-2025-38036 | drm/xe/vf: Perform early GT MMIO initialization to read GMDID | | |
| CVE-2025-38037 | vxlan: Annotate FDB data races | | |
| CVE-2025-38038 | cpufreq: amd-pstate: Remove unnecessary driver_lock in set_boost | | |
| CVE-2025-38039 | net/mlx5e: Avoid WARN_ON when configuring MQPRIO with HTB offload enabled | | |
| CVE-2025-38040 | serial: mctrl_gpio: split disable_ms into sync and no_sync APIs | | |
| CVE-2025-38041 | clk: sunxi-ng: h616: Reparent GPU clock during frequency changes | | |
| CVE-2025-38042 | dmaengine: ti: k3-udma-glue: Drop skip_fdq argument from k3_udma_glue_reset_rx_chn | | |
| CVE-2025-38043 | firmware: arm_ffa: Set dma_mask for ffa devices | | |
| CVE-2025-38044 | media: cx231xx: set device_caps for 417 | | |
| CVE-2025-38045 | wifi: iwlwifi: fix debug actions order | | |
| CVE-2025-38046 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2025-38047 | x86/fred: Fix system hang during S4 resume with FRED enabled | | |
| CVE-2025-38048 | virtio_ring: Fix data race by tagging event_triggered as racy for KCSAN | | |
| CVE-2025-38049 | x86/resctrl: Fix allocation of cleanest CLOSID on platforms with no monitors | S | |
| CVE-2025-38050 | mm/hugetlb: fix kernel NULL pointer dereference when replacing free hugetlb folios | | |
| CVE-2025-38051 | smb: client: Fix use-after-free in cifs_fill_dirent | | |
| CVE-2025-38052 | net/tipc: fix slab-use-after-free Read in tipc_aead_encrypt_done | | |
| CVE-2025-38053 | idpf: fix null-ptr-deref in idpf_features_check | | |
| CVE-2025-38054 | ptp: ocp: Limit signal/freq counts in summary output functions | | |
| CVE-2025-38055 | perf/x86/intel: Fix segfault with PEBS-via-PT with sample_freq | | |
| CVE-2025-38056 | ASoC: SOF: Intel: hda: Fix UAF when reloading module | | |
| CVE-2025-38057 | espintcp: fix skb leaks | | |
| CVE-2025-38058 | __legitimize_mnt(): check for MNT_SYNC_UMOUNT should be under mount_lock | | |
| CVE-2025-38059 | btrfs: avoid NULL pointer dereference if no valid csum tree | | |
| CVE-2025-38060 | bpf: copy_verifier_state() should copy 'loop_entry' field | | |
| CVE-2025-38061 | net: pktgen: fix access outside of user given buffer in pktgen_thread_write() | | |
| CVE-2025-38062 | genirq/msi: Store the IOMMU IOVA directly in msi_desc instead of iommu_cookie | | |
| CVE-2025-38063 | dm: fix unconditional IO throttle caused by REQ_PREFLUSH | | |
| CVE-2025-38064 | virtio: break and reset virtio devices on device_shutdown() | | |
| CVE-2025-38065 | orangefs: Do not truncate file size | | |
| CVE-2025-38066 | dm cache: prevent BUG_ON by blocking retries on failed device resumes | | |
| CVE-2025-38067 | rseq: Fix segfault on registration when rseq_cs is non-zero | | |
| CVE-2025-38068 | crypto: lzo - Fix compression buffer overrun | | |
| CVE-2025-38069 | PCI: endpoint: pci-epf-test: Fix double free that causes kernel to oops | | |
| CVE-2025-38070 | ASoC: sma1307: Add NULL check in sma1307_setting_loaded() | | |
| CVE-2025-38071 | x86/mm: Check return value from memblock_phys_alloc_range() | | |
| CVE-2025-38072 | libnvdimm/labels: Fix divide error in nd_label_data_init() | | |
| CVE-2025-38073 | block: fix race between set_blocksize and read paths | | |
| CVE-2025-38074 | vhost-scsi: protect vq->log_used with vq->mutex | | |
| CVE-2025-38075 | scsi: target: iscsi: Fix timeout on deleted connection | | |
| CVE-2025-38076 | alloc_tag: allocate percpu counters for module tags dynamically | | |
| CVE-2025-38077 | platform/x86: dell-wmi-sysman: Avoid buffer overflow in current_password_store() | | |
| CVE-2025-38078 | ALSA: pcm: Fix race of buffer access at PCM OSS layer | | |
| CVE-2025-38079 | crypto: algif_hash - fix double free in hash_accept | | |
| CVE-2025-38080 | drm/amd/display: Increase block_sequence array size | | |
| CVE-2025-38081 | spi-rockchip: Fix register out of bounds access | | |
| CVE-2025-38082 | gpio: virtuser: fix potential out-of-bound write | | |
| CVE-2025-38083 | net_sched: prio: fix a race in prio_tune() | | |
| CVE-2025-38084 | mm/hugetlb: unshare page tables during VMA split, not before | | |
| CVE-2025-38085 | mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race | | |
| CVE-2025-38086 | net: ch9200: fix uninitialised access during mii_nway_restart | | |
| CVE-2025-38087 | net/sched: fix use-after-free in taprio_dev_notifier | | |
| CVE-2025-38088 | powerpc/powernv/memtrace: Fix out of bounds issue in memtrace mmap | | |
| CVE-2025-38089 | sunrpc: handle SVC_GARBAGE during svc auth processing as auth error | | |
| CVE-2025-38090 | drivers/rapidio/rio_cm.c: prevent possible heap overwrite | | |
| CVE-2025-38091 | drm/amd/display: check stream id dml21 wrapper to get plane_id | | |
| CVE-2025-38092 | ksmbd: use list_first_entry_or_null for opinfo_get_list() | | |
| CVE-2025-38093 | arm64: dts: qcom: x1e80100: Add GPU cooling | | |
| CVE-2025-38094 | net: cadence: macb: Fix a possible deadlock in macb_halt_tx. | | |
| CVE-2025-38095 | dma-buf: insert memory barrier before updating num_fences | | |
| CVE-2025-38096 | wifi: iwlwifi: don't warn when if there is a FW error | | |
| CVE-2025-38097 | espintcp: remove encap socket caching to avoid reference leak | | |
| CVE-2025-38098 | drm/amd/display: Don't treat wb connector as physical in create_validate_stream_for_sink | | |
| CVE-2025-38099 | Bluetooth: Disable SCO support if READ_VOICE_SETTING is unsupported/broken | | |
| CVE-2025-38100 | x86/iopl: Cure TIF_IO_BITMAP inconsistencies | | |
| CVE-2025-38101 | ring-buffer: Fix buffer locking in ring_buffer_subbuf_order_set() | | |
| CVE-2025-38102 | VMCI: fix race between vmci_host_setup_notify and vmci_ctx_unset_notify | | |
| CVE-2025-38103 | HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse() | | |
| CVE-2025-38104 | drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to avoid Priority Inversion in SRIOV | | |
| CVE-2025-38105 | ALSA: usb-audio: Kill timer properly at removal | | |
| CVE-2025-38106 | io_uring: fix use-after-free of sq->thread in __io_uring_show_fdinfo() | | |
| CVE-2025-38107 | net_sched: ets: fix a race in ets_qdisc_change() | | |
| CVE-2025-38108 | net_sched: red: fix a race in __red_change() | | |
| CVE-2025-38109 | net/mlx5: Fix ECVF vports unload on shutdown flow | | |
| CVE-2025-38110 | net/mdiobus: Fix potential out-of-bounds clause 45 read/write access | | |
| CVE-2025-38111 | net/mdiobus: Fix potential out-of-bounds read/write access | | |
| CVE-2025-38112 | net: Fix TOCTOU issue in sk_is_readable() | | |
| CVE-2025-38113 | ACPI: CPPC: Fix NULL pointer dereference when nosmp is used | | |
| CVE-2025-38114 | e1000: Move cancel_work_sync to avoid deadlock | | |
| CVE-2025-38115 | net_sched: sch_sfq: fix a potential crash on gso_skb handling | | |
| CVE-2025-38116 | wifi: ath12k: fix uaf in ath12k_core_init() | | |
| CVE-2025-38117 | Bluetooth: MGMT: Protect mgmt_pending list with its own lock | | |
| CVE-2025-38118 | Bluetooth: MGMT: Fix UAF on mgmt_remove_adv_monitor_complete | | |
| CVE-2025-38119 | scsi: core: ufs: Fix a hang in the error handler | | |
| CVE-2025-38120 | netfilter: nf_set_pipapo_avx2: fix initial map fill | | |
| CVE-2025-38121 | wifi: iwlwifi: mld: avoid panic on init failure | | |
| CVE-2025-38122 | gve: add missing NULL check for gve_alloc_pending_packet() in TX DQO | | |
| CVE-2025-38123 | net: wwan: t7xx: Fix napi rx poll issue | | |
| CVE-2025-38124 | net: fix udp gso skb_segment after pull from frag_list | | |
| CVE-2025-38125 | net: stmmac: make sure that ptp_rate is not 0 before configuring EST | | |
| CVE-2025-38126 | net: stmmac: make sure that ptp_rate is not 0 before configuring timestamping | | |
| CVE-2025-38127 | ice: fix Tx scheduler error handling in XDP callback | | |
| CVE-2025-38128 | Bluetooth: MGMT: reject malformed HCI_CMD_SYNC commands | | |
| CVE-2025-38129 | page_pool: Fix use-after-free in page_pool_recycle_in_ring | | |
| CVE-2025-38130 | drm/connector: only call HDMI audio helper plugged cb if non-null | | |
| CVE-2025-38131 | coresight: prevent deactivate active config while enabling the config | | |
| CVE-2025-38132 | coresight: holding cscfg_csdev_lock while removing cscfg from csdev | | |
| CVE-2025-38133 | iio: adc: ad4851: fix ad4858 chan pointer handling | | |
| CVE-2025-38134 | usb: acpi: Prevent null pointer dereference in usb_acpi_add_usb4_devlink() | | |
| CVE-2025-38135 | serial: Fix potential null-ptr-deref in mlb_usio_probe() | | |
| CVE-2025-38136 | usb: renesas_usbhs: Reorder clock handling and power management in probe | | |
| CVE-2025-38137 | PCI/pwrctrl: Cancel outstanding rescan work when unregistering | | |
| CVE-2025-38138 | dmaengine: ti: Add NULL check in udma_probe() | | |
| CVE-2025-38139 | netfs: Fix oops in write-retry from mis-resetting the subreq iterator | | |
| CVE-2025-38140 | dm: limit swapping tables for devices with zone write plugs | | |
| CVE-2025-38141 | dm: fix dm_blk_report_zones | | |
| CVE-2025-38142 | hwmon: (asus-ec-sensors) check sensor index in read_string() | | |
| CVE-2025-38143 | backlight: pm8941: Add NULL check in wled_configure() | | |
| CVE-2025-38144 | watchdog: lenovo_se30_wdt: Fix possible devm_ioremap() NULL pointer dereference in lenovo_se30_wdt_probe() | | |
| CVE-2025-38145 | soc: aspeed: Add NULL check in aspeed_lpc_enable_snoop() | | |
| CVE-2025-38146 | net: openvswitch: Fix the dead loop of MPLS parse | | |
| CVE-2025-38147 | calipso: Don't call calipso functions for AF_INET sk. | | |
| CVE-2025-38148 | net: phy: mscc: Fix memory leak when using one step timestamping | | |
| CVE-2025-38149 | net: phy: clear phydev->devlink when the link is deleted | | |
| CVE-2025-38150 | af_packet: move notifier's packet_dev_mc out of rcu critical section | | |
| CVE-2025-38151 | RDMA/cma: Fix hang when cma_netevent_callback fails to queue_work | | |
| CVE-2025-38152 | remoteproc: core: Clear table_sz when rproc_shutdown | S | |
| CVE-2025-38153 | net: usb: aqc111: fix error handling of usbnet read calls | | |
| CVE-2025-38154 | bpf, sockmap: Avoid using sk_socket after free when sending | | |
| CVE-2025-38155 | wifi: mt76: mt7915: Fix null-ptr-deref in mt7915_mmio_wed_init() | | |
| CVE-2025-38156 | wifi: mt76: mt7996: Fix null-ptr-deref in mt7996_mmio_wed_init() | | |
| CVE-2025-38157 | wifi: ath9k_htc: Abort software beacon handling if disabled | | |
| CVE-2025-38158 | hisi_acc_vfio_pci: fix XQE dma address error | | |
| CVE-2025-38159 | wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds | | |
| CVE-2025-38160 | clk: bcm: rpi: Add NULL check in raspberrypi_clk_register() | | |
| CVE-2025-38161 | RDMA/mlx5: Fix error flow upon firmware failure for RQ destruction | | |
| CVE-2025-38162 | netfilter: nft_set_pipapo: prevent overflow in lookup table allocation | | |
| CVE-2025-38163 | f2fs: fix to do sanity check on sbi->total_valid_block_count | | |
| CVE-2025-38164 | f2fs: zone: fix to avoid inconsistence in between SIT and SSA | | |
| CVE-2025-38165 | bpf, sockmap: Fix panic when calling skb_linearize | | |
| CVE-2025-38166 | bpf: fix ktls panic with sockmap | | |
| CVE-2025-38167 | fs/ntfs3: handle hdr_first_de() return value | | |
| CVE-2025-38168 | perf: arm-ni: Unregister PMUs on probe failure | | |
| CVE-2025-38169 | arm64/fpsimd: Avoid clobbering kernel FPSIMD state with SMSTOP | | |
| CVE-2025-38170 | arm64/fpsimd: Discard stale CPU state when handling SME traps | | |
| CVE-2025-38171 | power: supply: max77705: Fix workqueue error handling in probe | | |
| CVE-2025-38172 | erofs: avoid using multiple devices with different type | | |
| CVE-2025-38173 | crypto: marvell/cesa - Handle zero-length skcipher requests | | |
| CVE-2025-38174 | thunderbolt: Do not double dequeue a configuration request | | |
| CVE-2025-38175 | binder: fix yet another UAF in binder_devices | | |
| CVE-2025-38176 | binder: fix use-after-free in binderfs_evict_inode() | | |
| CVE-2025-38177 | sch_hfsc: make hfsc_qlen_notify() idempotent | | |
| CVE-2025-38178 | EDAC/igen6: Fix NULL pointer dereference | | |
| CVE-2025-38179 | smb: client: fix max_sge overflow in smb_extract_folioq_to_rdma() | | |
| CVE-2025-38180 | net: atm: fix /proc/net/atm/lec handling | | |
| CVE-2025-38181 | calipso: Fix null-ptr-deref in calipso_req_{set,del}attr(). | | |
| CVE-2025-38182 | ublk: santizize the arguments from userspace when adding a device | | |
| CVE-2025-38183 | net: lan743x: fix potential out-of-bounds write in lan743x_ptp_io_event_clock_get() | | |
| CVE-2025-38184 | tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer | | |
| CVE-2025-38185 | atm: atmtcp: Free invalid length skb in atmtcp_c_send(). | | |
| CVE-2025-38186 | bnxt_en: Fix double invocation of bnxt_ulp_stop()/bnxt_ulp_start() | | |
| CVE-2025-38187 | drm/nouveau: fix a use-after-free in r535_gsp_rpc_push() | | |
| CVE-2025-38188 | drm/msm/a7xx: Call CP_RESET_CONTEXT_STATE | | |
| CVE-2025-38189 | drm/v3d: Avoid NULL pointer dereference in `v3d_job_update_stats()` | | |
| CVE-2025-38190 | atm: Revert atm_account_tx() if copy_from_iter_full() fails. | | |
| CVE-2025-38191 | ksmbd: fix null pointer dereference in destroy_previous_session | | |
| CVE-2025-38192 | net: clear the dst when changing skb protocol | | |
| CVE-2025-38193 | net_sched: sch_sfq: reject invalid perturb period | | |
| CVE-2025-38194 | jffs2: check that raw node were preallocated before writing summary | | |
| CVE-2025-38195 | LoongArch: Fix panic caused by NULL-PMD in huge_pte_offset() | | |
| CVE-2025-38196 | io_uring/rsrc: validate buffer count with offset for cloning | | |
| CVE-2025-38197 | platform/x86: dell_rbu: Fix list usage | | |
| CVE-2025-38198 | fbcon: Make sure modelist not set on unregistered console | | |
| CVE-2025-38199 | wifi: ath12k: Fix memory leak due to multiple rx_stats allocation | | |
| CVE-2025-38200 | i40e: fix MMIO write access to an invalid page in i40e_clear_hw | | |
| CVE-2025-38201 | netfilter: nft_set_pipapo: clamp maximum map bucket size to INT_MAX | | |
| CVE-2025-38202 | bpf: Check rcu_read_lock_trace_held() in bpf_map_lookup_percpu_elem() | | |
| CVE-2025-38203 | jfs: Fix null-ptr-deref in jfs_ioc_trim | | |
| CVE-2025-38204 | jfs: fix array-index-out-of-bounds read in add_missing_indices | | |
| CVE-2025-38205 | drm/amd/display: Avoid divide by zero by initializing dummy pitch to 1 | | |
| CVE-2025-38206 | exfat: fix double free in delayed_free | | |
| CVE-2025-38207 | mm: fix uprobe pte be overwritten when expanding vma | | |
| CVE-2025-38208 | smb: client: add NULL check in automount_fullpath | | |
| CVE-2025-38209 | nvme-tcp: remove tag set when second admin queue config fails | | |
| CVE-2025-38210 | configfs-tsm-report: Fix NULL dereference of tsm_ops | | |
| CVE-2025-38211 | RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction | | |
| CVE-2025-38212 | ipc: fix to protect IPCS lookups using RCU | | |
| CVE-2025-38213 | vgacon: Add check for vc_origin address range in vgacon_scroll() | | |
| CVE-2025-38214 | fbdev: Fix fb_set_var to prevent null-ptr-deref in fb_videomode_to_var | | |
| CVE-2025-38215 | fbdev: Fix do_register_framebuffer to prevent null-ptr-deref in fb_videomode_to_var | | |
| CVE-2025-38216 | iommu/vt-d: Restore context entry setup order for aliased devices | | |
| CVE-2025-38217 | hwmon: (ftsteutates) Fix TOCTOU race in fts_read() | | |
| CVE-2025-38218 | f2fs: fix to do sanity check on sit_bitmap_size | | |
| CVE-2025-38219 | f2fs: prevent kernel warning due to negative i_nlink from corrupted image | | |
| CVE-2025-38220 | ext4: only dirty folios when data journaling regular files | | |
| CVE-2025-38221 | ext4: fix out of bounds punch offset | | |
| CVE-2025-38222 | ext4: inline: fix len overflow in ext4_prepare_inline_data | | |
| CVE-2025-38223 | ceph: avoid kernel BUG for encrypted inode with unaligned file size | | |
| CVE-2025-38224 | can: kvaser_pciefd: refine error prone echo_skb_max handling logic | | |
| CVE-2025-38225 | media: imx-jpeg: Cleanup after an allocation error | | |
| CVE-2025-38226 | media: vivid: Change the siize of the composing | | |
| CVE-2025-38227 | media: vidtv: Terminating the subsequent process of initialization failure | | |
| CVE-2025-38228 | media: imagination: fix a potential memory leak in e5010_probe() | | |
| CVE-2025-38229 | media: cxusb: no longer judge rbuf when the write fails | | |
| CVE-2025-38230 | jfs: validate AG parameters in dbMount() to prevent crashes | | |
| CVE-2025-38231 | nfsd: Initialize ssc before laundromat_work to prevent NULL dereference | | |
| CVE-2025-38232 | NFSD: fix race between nfsd registration and exports_proc | | |
| CVE-2025-38233 | powerpc64/ftrace: fix clobbered r15 during livepatching | | |
| CVE-2025-38234 | sched/rt: Fix race in push_rt_task | | |
| CVE-2025-38235 | HID: appletb-kbd: fix "appletb_backlight" backlight device reference counting | | |
| CVE-2025-38236 | af_unix: Don't leave consecutive consumed OOB skbs. | | |
| CVE-2025-38237 | media: platform: exynos4-is: Add hardware sync wait to fimc_is_hw_change_mode() | | |
| CVE-2025-38238 | scsi: fnic: Fix crash in fnic_wq_cmpl_handler when FDMI times out | | |
| CVE-2025-38239 | scsi: megaraid_sas: Fix invalid node index | | |
| CVE-2025-38240 | drm/mediatek: dp: drm_err => dev_err in HPD path to avoid NULL ptr | | |
| CVE-2025-38241 | mm/shmem, swap: fix softlockup with mTHP swapin | | |
| CVE-2025-38242 | mm: userfaultfd: fix race of userfaultfd_move and swap cache | | |
| CVE-2025-38243 | btrfs: fix invalid inode pointer dereferences during log replay | | |
| CVE-2025-38244 | smb: client: fix potential deadlock when reconnecting channels | | |
| CVE-2025-38245 | atm: Release atm_dev_mutex after removing procfs in atm_dev_deregister(). | | |
| CVE-2025-38246 | bnxt: properly flush XDP redirect lists | | |
| CVE-2025-38247 | userns and mnt_idmap leak in open_tree_attr(2) | | |
| CVE-2025-38248 | bridge: mcast: Fix use-after-free during router port configuration | | |
| CVE-2025-38249 | ALSA: usb-audio: Fix out-of-bounds read in snd_usb_get_audioformat_uac3() | | |
| CVE-2025-38250 | Bluetooth: hci_core: Fix use-after-free in vhci_flush() | | |
| CVE-2025-38251 | atm: clip: prevent NULL deref in clip_push() | | |
| CVE-2025-38252 | cxl/ras: Fix CPER handler device confusion | | |
| CVE-2025-38253 | HID: wacom: fix crash in wacom_aes_battery_handler() | | |
| CVE-2025-38254 | drm/amd/display: Add sanity checks for drm_edid_raw() | | |
| CVE-2025-38255 | lib/group_cpus: fix NULL pointer dereference from group_cpus_evenly() | | |
| CVE-2025-38256 | io_uring/rsrc: fix folio unpinning | | |
| CVE-2025-38257 | s390/pkey: Prevent overflow in size calculation for memdup_user() | | |
| CVE-2025-38258 | mm/damon/sysfs-schemes: free old damon_sysfs_scheme_filter->memcg_path on write | | |
| CVE-2025-38259 | ASoC: codecs: wcd9335: Fix missing free of regulator supplies | | |
| CVE-2025-38260 | btrfs: handle csum tree error with rescue=ibadroots correctly | | |
| CVE-2025-38261 | riscv: save the SR_SUM status over switches | | |
| CVE-2025-38262 | tty: serial: uartlite: register uart driver in init | | |
| CVE-2025-38263 | bcache: fix NULL pointer in cache_set_flush() | | |
| CVE-2025-38264 | nvme-tcp: sanitize request list handling | | |
| CVE-2025-38265 | serial: jsm: fix NPE during jsm_uart_port_init | | |
| CVE-2025-38266 | pinctrl: mediatek: eint: Fix invalid pointer dereference for v1 platforms | | |
| CVE-2025-38267 | ring-buffer: Do not trigger WARN_ON() due to a commit_overrun | | |
| CVE-2025-38268 | usb: typec: tcpm: move tcpm_queue_vdm_unlocked to asynchronous work | | |
| CVE-2025-38269 | btrfs: exit after state insertion failure at btrfs_convert_extent_bit() | | |
| CVE-2025-38270 | net: drv: netdevsim: don't napi_complete() from netpoll | | |
| CVE-2025-38271 | net: prevent a NULL deref in rtnl_create_link() | | |
| CVE-2025-38272 | net: dsa: b53: do not enable EEE on bcm63xx | | |
| CVE-2025-38273 | net: tipc: fix refcount warning in tipc_aead_encrypt | | |
| CVE-2025-38274 | fpga: fix potential null pointer deref in fpga_mgr_test_img_load_sgt() | | |
| CVE-2025-38275 | phy: qcom-qmp-usb: Fix an NULL vs IS_ERR() bug | | |
| CVE-2025-38276 | fs/dax: Fix "don't skip locked entries when scanning entries" | | |
| CVE-2025-38277 | mtd: nand: ecc-mxic: Fix use of uninitialized variable ret | | |
| CVE-2025-38278 | octeontx2-pf: QOS: Refactor TC_HTB_LEAF_DEL_LAST callback | | |
| CVE-2025-38279 | bpf: Do not include stack ptr register in precision backtracking bookkeeping | | |
| CVE-2025-38280 | bpf: Avoid __bpf_prog_ret0_warn when jit fails | | |
| CVE-2025-38281 | wifi: mt76: mt7996: Add NULL check in mt7996_thermal_init | | |
| CVE-2025-38282 | kernfs: Relax constraint in draining guard | | |
| CVE-2025-38283 | hisi_acc_vfio_pci: bugfix live migration function without VF device driver | | |
| CVE-2025-38284 | wifi: rtw89: pci: configure manual DAC mode via PCI config API only | | |
| CVE-2025-38285 | bpf: Fix WARN() in get_bpf_raw_tp_regs | | |
| CVE-2025-38286 | pinctrl: at91: Fix possible out-of-boundary access | | |
| CVE-2025-38287 | IB/cm: Drop lockdep assert and WARN when freeing old msg | | |
| CVE-2025-38288 | scsi: smartpqi: Fix smp_processor_id() call trace for preemptible kernels | | |
| CVE-2025-38289 | scsi: lpfc: Avoid potential ndlp use-after-free in dev_loss_tmo_callbk | | |
| CVE-2025-38290 | wifi: ath12k: fix node corruption in ar->arvifs list | | |
| CVE-2025-38291 | wifi: ath12k: Prevent sending WMI commands to firmware during firmware crash | | |
| CVE-2025-38292 | wifi: ath12k: fix invalid access to memory | | |
| CVE-2025-38293 | wifi: ath11k: fix node corruption in ar->arvifs list | | |
| CVE-2025-38294 | wifi: ath12k: fix NULL access in assign channel context handler | | |
| CVE-2025-38295 | perf/amlogic: Replace smp_processor_id() with raw_smp_processor_id() in meson_ddr_pmu_create() | | |
| CVE-2025-38296 | ACPI: platform_profile: Avoid initializing on non-ACPI platforms | | |
| CVE-2025-38297 | PM: EM: Fix potential division-by-zero error in em_compute_costs() | | |
| CVE-2025-38298 | EDAC/skx_common: Fix general protection fault | | |
| CVE-2025-38299 | ASoC: mediatek: mt8195: Set ETDM1/2 IN/OUT to COMP_DUMMY() | | |
| CVE-2025-38300 | crypto: sun8i-ce-cipher - fix error handling in sun8i_ce_cipher_prepare() | | |
| CVE-2025-38301 | nvmem: zynqmp_nvmem: unbreak driver after cleanup | | |
| CVE-2025-38302 | block: don't use submit_bio_noacct_nocheck in blk_zone_wplug_bio_work | | |
| CVE-2025-38303 | Bluetooth: eir: Fix possible crashes on eir_create_adv_data | | |
| CVE-2025-38304 | Bluetooth: Fix NULL pointer deference on eir_get_service_data | | |
| CVE-2025-38305 | ptp: remove ptp->n_vclocks check logic in ptp_vclock_in_use() | | |
| CVE-2025-38306 | fs/fhandle.c: fix a race in call of has_locked_children() | | |
| CVE-2025-38307 | ASoC: Intel: avs: Verify content returned by parse_int_array() | | |
| CVE-2025-38308 | ASoC: Intel: avs: Fix possible null-ptr-deref when initing hw | | |
| CVE-2025-38309 | drm/xe/vm: move xe_svm_init() earlier | | |
| CVE-2025-38310 | seg6: Fix validation of nexthop addresses | | |
| CVE-2025-38311 | iavf: get rid of the crit lock | | |
| CVE-2025-38312 | fbdev: core: fbcvt: avoid division by 0 in fb_cvt_hperiod() | | |
| CVE-2025-38313 | bus: fsl-mc: fix double-free on mc_dev | | |
| CVE-2025-38314 | virtio-pci: Fix result size returned for the admin command completion | | |
| CVE-2025-38315 | Bluetooth: btintel: Check dsbr size from EFI variable | | |
| CVE-2025-38316 | wifi: mt76: mt7996: avoid NULL pointer dereference in mt7996_set_monitor() | | |
| CVE-2025-38317 | wifi: ath12k: Fix buffer overflow in debugfs | | |
| CVE-2025-38318 | perf: arm-ni: Fix missing platform_set_drvdata() | | |
| CVE-2025-38319 | drm/amd/pp: Fix potential NULL pointer dereference in atomctrl_initialize_mc_reg_table | | |
| CVE-2025-38320 | arm64/ptrace: Fix stack-out-of-bounds read in regs_get_kernel_stack_nth() | | |
| CVE-2025-38321 | smb: Log an error when close_all_cached_dirs fails | | |
| CVE-2025-38322 | perf/x86/intel: Fix crash in icl_update_topdown_event() | | |
| CVE-2025-38323 | net: atm: add lec_mutex | | |
| CVE-2025-38324 | mpls: Use rcu_dereference_rtnl() in mpls_route_input_rcu(). | | |
| CVE-2025-38325 | ksmbd: add free_transport ops in ksmbd connection | | |
| CVE-2025-38326 | aoe: clean device rq_list in aoedev_downdev() | | |
| CVE-2025-38327 | fgraph: Do not enable function_graph tracer when setting funcgraph-args | | |
| CVE-2025-38328 | jffs2: check jffs2_prealloc_raw_node_refs() result in few other places | | |
| CVE-2025-38329 | firmware: cs_dsp: Fix OOB memory read access in KUnit test (wmfw info) | | |
| CVE-2025-38330 | firmware: cs_dsp: Fix OOB memory read access in KUnit test (ctl cache) | | |
| CVE-2025-38331 | net: ethernet: cortina: Use TOE/TSO on all TCP | | |
| CVE-2025-38332 | scsi: lpfc: Use memcpy() for BIOS version | | |
| CVE-2025-38333 | f2fs: fix to bail out in get_new_segment() | | |
| CVE-2025-38334 | x86/sgx: Prevent attempts to reclaim poisoned pages | | |
| CVE-2025-38335 | Input: gpio-keys - fix a sleep while atomic with PREEMPT_RT | | |
| CVE-2025-38336 | ata: pata_via: Force PIO for ATAPI devices on VT6415/VT6330 | | |
| CVE-2025-38337 | jbd2: fix data-race and null-ptr-deref in jbd2_journal_dirty_metadata() | | |
| CVE-2025-38338 | fs/nfs/read: fix double-unlock bug in nfs_return_empty_folio() | | |
| CVE-2025-38339 | powerpc/bpf: fix JIT code size calculation of bpf trampoline | | |
| CVE-2025-38340 | firmware: cs_dsp: Fix OOB memory read access in KUnit test | | |
| CVE-2025-38341 | eth: fbnic: avoid double free when failing to DMA-map FW msg | | |
| CVE-2025-38342 | software node: Correct a OOB check in software_node_get_reference_args() | | |
| CVE-2025-38343 | wifi: mt76: mt7996: drop fragments with multicast or broadcast RA | | |
| CVE-2025-38344 | ACPICA: fix acpi parse and parseext cache leaks | | |
| CVE-2025-38345 | ACPICA: fix acpi operand cache leak in dswstate.c | | |
| CVE-2025-38346 | ftrace: Fix UAF when lookup kallsym after ftrace disabled | | |
| CVE-2025-38347 | f2fs: fix to do sanity check on ino and xnid | | |
| CVE-2025-38348 | wifi: p54: prevent buffer-overflow in p54_rx_eeprom_readback() | | |
| CVE-2025-38479 | dmaengine: fsl-edma: free irq correctly in remove path | | |
| CVE-2025-38575 | ksmbd: use aead_request_free to match aead_request_alloc | | |
| CVE-2025-38637 | net_sched: skbprio: Remove overly strict queue assertions | |