5.5
CVE-2025-38450 - wifi: mt76: mt7925: prevent NULL pointer dereference in mt7925_sta_set_decap_offload()
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7925: prevent NULL pointer dereference in mt7925_sta_set_decap_offload() Add a NULL check for msta->vif before accessing its members to prevent a kernel panic in AP mode deployment. This also fix the issue reported β¦
5.5
CVE-2025-38430 - nfsd: nfsd4_spo_must_allow() must check this is a v4 compound request
In the Linux kernel, the following vulnerability has been resolved: nfsd: nfsd4_spo_must_allow() must check this is a v4 compound request If the request being processed is not a v4 compound request, then examining the cstate can have undefined results. This patch adds a check that the rpc procedβ¦
5.5
CVE-2025-38417 - ice: fix eswitch code memory leak in reset scenario
In the Linux kernel, the following vulnerability has been resolved: ice: fix eswitch code memory leak in reset scenario Add simple eswitch mode checker in attaching VF procedure and allocate required port representor memory structures only in switchdev mode. The reset flows triggers VF (if presenβ¦
5.5
CVE-2025-38399 - scsi: target: Fix NULL pointer dereference in core_scsi3_decode_spec_i_port()
In the Linux kernel, the following vulnerability has been resolved: scsi: target: Fix NULL pointer dereference in core_scsi3_decode_spec_i_port() The function core_scsi3_decode_spec_i_port(), in its error code path, unconditionally calls core_scsi3_lunacl_undepend_item() passing the dest_se_deve β¦
5.5
CVE-2025-38392 - idpf: convert control queue mutex to a spinlock
In the Linux kernel, the following vulnerability has been resolved: idpf: convert control queue mutex to a spinlock With VIRTCHNL2_CAP_MACFILTER enabled, the following warning is generated on module load: [ 324.701677] BUG: sleeping function called from invalid context at kernel/locking/mutex.cβ¦
5.5
CVE-2025-38387 - RDMA/mlx5: Initialize obj_event->obj_sub_list before xa_insert
In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Initialize obj_event->obj_sub_list before xa_insert The obj_event may be loaded immediately after inserted, then if the list_head is not initialized then we may get a poisonous pointer. This fixes the crash below: mβ¦
5.5
CVE-2025-38384 - mtd: spinand: fix memory leak of ECC engine conf
In the Linux kernel, the following vulnerability has been resolved: mtd: spinand: fix memory leak of ECC engine conf Memory allocated for the ECC engine conf is not released during spinand cleanup. Below kmemleak trace is seen for this memory leak: unreferenced object 0xffffff80064f00e0 (size 8)β¦
5.5
CVE-2025-38372 - RDMA/mlx5: Fix unsafe xarray access in implicit ODP handling
In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix unsafe xarray access in implicit ODP handling __xa_store() and __xa_erase() were used without holding the proper lock, which led to a lockdep warning due to unsafe RCU usage. This patch replaces them with xa_storeβ¦
5.5
CVE-2025-38463 - tcp: Correct signedness in skb remaining space calculation
In the Linux kernel, the following vulnerability has been resolved: tcp: Correct signedness in skb remaining space calculation Syzkaller reported a bug [1] where sk->sk_forward_alloc can overflow. When we send data, if an skb exists at the tail of the write queue, the kernel will attempt to appeβ¦
8.8
CVE-2025-46198 -
Cross Site Scripting vulnerability in grav v.1.7.48, v.1.7.47 and v.1.7.46 allows an attacker to execute arbitrary code via the onerror attribute of the img element