5.5
CVE-2025-38169 - arm64/fpsimd: Avoid clobbering kernel FPSIMD state with SMSTOP
In the Linux kernel, the following vulnerability has been resolved: arm64/fpsimd: Avoid clobbering kernel FPSIMD state with SMSTOP On system with SME, a thread's kernel FPSIMD state may be erroneously clobbered during a context switch immediately after that state is restored. Systems without SME β¦
4.7
CVE-2025-38112 - net: Fix TOCTOU issue in sk_is_readable()
In the Linux kernel, the following vulnerability has been resolved: net: Fix TOCTOU issue in sk_is_readable() sk->sk_prot->sock_is_readable is a valid function pointer when sk resides in a sockmap. After the last sk_psock_put() (which usually happens when socket is removed from sockmap), sk->sk_pβ¦
5.5
CVE-2025-38099 - Bluetooth: Disable SCO support if READ_VOICE_SETTING is unsupported/broken
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Disable SCO support if READ_VOICE_SETTING is unsupported/broken A SCO connection without the proper voice_setting can cause the controller to lock up.
7.8
CVE-2025-38133 - iio: adc: ad4851: fix ad4858 chan pointer handling
In the Linux kernel, the following vulnerability has been resolved: iio: adc: ad4851: fix ad4858 chan pointer handling The pointer returned from ad4851_parse_channels_common() is incremented internally as each channel is populated. In ad4858_parse_channels(), the same pointer was further incremenβ¦
7.1
CVE-2025-38153 - net: usb: aqc111: fix error handling of usbnet read calls
In the Linux kernel, the following vulnerability has been resolved: net: usb: aqc111: fix error handling of usbnet read calls Syzkaller, courtesy of syzbot, identified an error (see report [1]) in aqc111 driver, caused by incomplete sanitation of usb read calls' results. This problem is quite simβ¦
5.5
CVE-2025-38156 - wifi: mt76: mt7996: Fix null-ptr-deref in mt7996_mmio_wed_init()
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7996: Fix null-ptr-deref in mt7996_mmio_wed_init() devm_ioremap() returns NULL on error. Currently, mt7996_mmio_wed_init() does not check for this case, which results in a NULL pointer dereference. Prevent null poiβ¦
7.8
CVE-2025-38101 - ring-buffer: Fix buffer locking in ring_buffer_subbuf_order_set()
In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Fix buffer locking in ring_buffer_subbuf_order_set() Enlarge the critical section in ring_buffer_subbuf_order_set() to ensure that error handling takes place with per-buffer mutex held, thus preventing list corruptioβ¦
7.8
CVE-2025-38146 - net: openvswitch: Fix the dead loop of MPLS parse
In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: Fix the dead loop of MPLS parse The unexpected MPLS packet may not end with the bottom label stack. When there are many stacks, The label count value has wrapped around. A dead loop occurs, soft lockup/CPU stuckβ¦
7.0
CVE-2025-38102 - VMCI: fix race between vmci_host_setup_notify and vmci_ctx_unset_notify
In the Linux kernel, the following vulnerability has been resolved: VMCI: fix race between vmci_host_setup_notify and vmci_ctx_unset_notify During our test, it is found that a warning can be trigger in try_grab_folio as follow: ------------[ cut here ]------------ WARNING: CPU: 0 PID: 1678 aβ¦
5.5
CVE-2025-38124 - net: fix udp gso skb_segment after pull from frag_list
In the Linux kernel, the following vulnerability has been resolved: net: fix udp gso skb_segment after pull from frag_list Commit a1e40ac5b5e9 ("net: gso: fix udp gso fraglist segmentation after pull from frag_list") detected invalid geometry in frag_list skbs and redirects them from skb_segment_β¦