CVE-2025-38428
- EPSS 0.18%
- Veröffentlicht 25.07.2025 15:15:27
- Zuletzt bearbeitet 23.12.2025 18:28:26
In the Linux kernel, the following vulnerability has been resolved: Input: ims-pcu - check record size in ims_pcu_flash_firmware() The "len" variable comes from the firmware and we generally do trust firmware, but it's always better to double check...
CVE-2025-38429
- EPSS 0.16%
- Veröffentlicht 25.07.2025 15:15:27
- Zuletzt bearbeitet 19.11.2025 18:59:56
In the Linux kernel, the following vulnerability has been resolved: bus: mhi: ep: Update read pointer only after buffer is written Inside mhi_ep_ring_add_element, the read pointer (rd_offset) is updated before the buffer is written, potentially cau...
CVE-2025-38430
- EPSS 0.17%
- Veröffentlicht 25.07.2025 15:15:27
- Zuletzt bearbeitet 12.05.2026 13:16:49
In the Linux kernel, the following vulnerability has been resolved: nfsd: nfsd4_spo_must_allow() must check this is a v4 compound request If the request being processed is not a v4 compound request, then examining the cstate can have undefined resu...
CVE-2025-38420
- EPSS 0.17%
- Veröffentlicht 25.07.2025 15:15:26
- Zuletzt bearbeitet 23.12.2025 18:42:01
In the Linux kernel, the following vulnerability has been resolved: wifi: carl9170: do not ping device which has failed to load firmware Syzkaller reports [1, 2] crashes caused by an attempts to ping the device which has failed to load firmware. Si...
CVE-2025-38415
- EPSS 0.18%
- Veröffentlicht 25.07.2025 14:15:33
- Zuletzt bearbeitet 23.12.2025 18:45:31
In the Linux kernel, the following vulnerability has been resolved: Squashfs: check return result of sb_min_blocksize Syzkaller reports an "UBSAN: shift-out-of-bounds in squashfs_bio_read" bug. Syzkaller forks multiple processes which after mounti...
CVE-2025-38416
- EPSS 0.18%
- Veröffentlicht 25.07.2025 14:15:33
- Zuletzt bearbeitet 23.12.2025 18:45:10
In the Linux kernel, the following vulnerability has been resolved: NFC: nci: uart: Set tty->disc_data only in success path Setting tty->disc_data before opening the NCI device means we need to clean it up on error paths. This also opens some shor...
CVE-2025-38418
- EPSS 0.16%
- Veröffentlicht 25.07.2025 14:15:33
- Zuletzt bearbeitet 23.12.2025 18:42:58
In the Linux kernel, the following vulnerability has been resolved: remoteproc: core: Release rproc->clean_table after rproc_attach() fails When rproc->state = RPROC_DETACHED is attached to remote processor through rproc_attach(), if rproc_handle_r...
CVE-2025-38419
- EPSS 0.16%
- Veröffentlicht 25.07.2025 14:15:33
- Zuletzt bearbeitet 23.12.2025 18:42:25
In the Linux kernel, the following vulnerability has been resolved: remoteproc: core: Cleanup acquired resources when rproc_handle_resources() fails in rproc_attach() When rproc->state = RPROC_DETACHED and rproc_attach() is used to attach to the re...
CVE-2025-38406
- EPSS 0.17%
- Veröffentlicht 25.07.2025 14:15:32
- Zuletzt bearbeitet 23.12.2025 19:45:18
In the Linux kernel, the following vulnerability has been resolved: wifi: ath6kl: remove WARN on bad firmware input If the firmware gives bad input, that's nothing to do with the driver's stack at this point etc., so the WARN_ON() doesn't add any v...
CVE-2025-38408
- EPSS 0.16%
- Veröffentlicht 25.07.2025 14:15:32
- Zuletzt bearbeitet 17.03.2026 13:42:15
In the Linux kernel, the following vulnerability has been resolved: genirq/irq_sim: Initialize work context pointers properly Initialize `ops` member's pointers properly by using kzalloc() instead of kmalloc() when allocating the simulation work co...