5.5
CVE-2025-38610 - powercap: dtpm_cpu: Fix NULL pointer dereference in get_pd_power_uw()
In the Linux kernel, the following vulnerability has been resolved: powercap: dtpm_cpu: Fix NULL pointer dereference in get_pd_power_uw() The get_pd_power_uw() function can crash with a NULL pointer dereference when em_cpu_get() returns NULL. This occurs when a CPU becomes impossible during runtiβ¦
5.5
CVE-2025-38609 - PM / devfreq: Check governor before using governor->name
In the Linux kernel, the following vulnerability has been resolved: PM / devfreq: Check governor before using governor->name Commit 96ffcdf239de ("PM / devfreq: Remove redundant governor_name from struct devfreq") removes governor_name and uses governor->name to replace it. But devfreq->governor β¦
5.5
CVE-2025-38608 - bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls
In the Linux kernel, the following vulnerability has been resolved: bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls When sending plaintext data, we initially calculated the corresponding ciphertext length. However, if we later reduced the plaintext data length via socket poliβ¦
5.5
CVE-2025-38605 - wifi: ath12k: Pass ab pointer directly to ath12k_dp_tx_get_encap_type()
In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Pass ab pointer directly to ath12k_dp_tx_get_encap_type() In ath12k_dp_tx_get_encap_type(), the arvif parameter is only used to retrieve the ab pointer. In vdev delete sequence the arvif->ar could become NULL and thβ¦
5.5
CVE-2025-38602 - iwlwifi: Add missing check for alloc_ordered_workqueue
In the Linux kernel, the following vulnerability has been resolved: iwlwifi: Add missing check for alloc_ordered_workqueue Add check for the return value of alloc_ordered_workqueue since it may return NULL pointer.
7.8
CVE-2025-38596 - drm/panthor: Fix UAF in panthor_gem_create_with_handle() debugfs code
In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Fix UAF in panthor_gem_create_with_handle() debugfs code The object is potentially already gone after the drm_gem_object_put(). In general the object should be fully constructed before calling drm_gem_handle_create()β¦
5.5
CVE-2025-38588 - ipv6: prevent infinite loop in rt6_nlmsg_size()
In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent infinite loop in rt6_nlmsg_size() While testing prior patch, I was able to trigger an infinite loop in rt6_nlmsg_size() in the following place: list_for_each_entry_rcu(sibling, &f6i->fib6_siblings, fib6_siblingsβ¦
5.5
CVE-2025-38587 - ipv6: fix possible infinite loop in fib6_info_uses_dev()
In the Linux kernel, the following vulnerability has been resolved: ipv6: fix possible infinite loop in fib6_info_uses_dev() fib6_info_uses_dev() seems to rely on RCU without an explicit protection. Like the prior fix in rt6_nlmsg_size(), we need to make sure fib6_del_route() or fib6_add_rt2nodeβ¦
5.5
CVE-2025-38586 - bpf, arm64: Fix fp initialization for exception boundary
In the Linux kernel, the following vulnerability has been resolved: bpf, arm64: Fix fp initialization for exception boundary In the ARM64 BPF JIT when prog->aux->exception_boundary is set for a BPF program, find_used_callee_regs() is not called because for a program acting as exception boundary, β¦
7.8
CVE-2025-38580 - ext4: fix inode use after free in ext4_end_io_rsv_work()
In the Linux kernel, the following vulnerability has been resolved: ext4: fix inode use after free in ext4_end_io_rsv_work() In ext4_io_end_defer_completion(), check if io_end->list_vec is empty to avoid adding an io_end that requires no conversion to the i_rsv_conversion_list, which in turn prevβ¦