Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2025-AVI-0721
Vulnerability from certfr_avis - Published: 2025-08-22 - Updated: 2025-08-22
De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Ubuntu 20.04 ESM",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 24.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 18.04 ESM",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 22.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-21861",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21861"
},
{
"name": "CVE-2024-58088",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58088"
},
{
"name": "CVE-2025-38043",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38043"
},
{
"name": "CVE-2025-21783",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21783"
},
{
"name": "CVE-2025-21786",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21786"
},
{
"name": "CVE-2025-38002",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38002"
},
{
"name": "CVE-2025-21847",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21847"
},
{
"name": "CVE-2025-21853",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21853"
},
{
"name": "CVE-2025-21871",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21871"
},
{
"name": "CVE-2025-21823",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21823"
},
{
"name": "CVE-2025-21763",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21763"
},
{
"name": "CVE-2025-37965",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37965"
},
{
"name": "CVE-2025-21796",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21796"
},
{
"name": "CVE-2024-49950",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49950"
},
{
"name": "CVE-2025-21768",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21768"
},
{
"name": "CVE-2025-21864",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21864"
},
{
"name": "CVE-2025-37961",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37961"
},
{
"name": "CVE-2025-38061",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38061"
},
{
"name": "CVE-2025-21839",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21839"
},
{
"name": "CVE-2025-38023",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38023"
},
{
"name": "CVE-2025-21779",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21779"
},
{
"name": "CVE-2025-38004",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38004"
},
{
"name": "CVE-2025-38016",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38016"
},
{
"name": "CVE-2025-21712",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21712"
},
{
"name": "CVE-2025-21746",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21746"
},
{
"name": "CVE-2025-38066",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38066"
},
{
"name": "CVE-2025-21836",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21836"
},
{
"name": "CVE-2025-21781",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21781"
},
{
"name": "CVE-2025-38022",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38022"
},
{
"name": "CVE-2025-38068",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38068"
},
{
"name": "CVE-2025-21772",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21772"
},
{
"name": "CVE-2025-37971",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37971"
},
{
"name": "CVE-2025-21868",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21868"
},
{
"name": "CVE-2025-38056",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38056"
},
{
"name": "CVE-2025-38027",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38027"
},
{
"name": "CVE-2025-21792",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21792"
},
{
"name": "CVE-2025-37993",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37993"
},
{
"name": "CVE-2025-37955",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37955"
},
{
"name": "CVE-2025-38015",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38015"
},
{
"name": "CVE-2025-37958",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37958"
},
{
"name": "CVE-2025-21855",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21855"
},
{
"name": "CVE-2025-38065",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38065"
},
{
"name": "CVE-2025-38031",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38031"
},
{
"name": "CVE-2025-37950",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37950"
},
{
"name": "CVE-2025-21767",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21767"
},
{
"name": "CVE-2025-38008",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38008"
},
{
"name": "CVE-2025-38011",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38011"
},
{
"name": "CVE-2025-21764",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21764"
},
{
"name": "CVE-2024-58093",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58093"
},
{
"name": "CVE-2025-38025",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38025"
},
{
"name": "CVE-2025-38034",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38034"
},
{
"name": "CVE-2025-38095",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38095"
},
{
"name": "CVE-2025-21838",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21838"
},
{
"name": "CVE-2025-21867",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21867"
},
{
"name": "CVE-2025-21704",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21704"
},
{
"name": "CVE-2025-21766",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21766"
},
{
"name": "CVE-2025-38024",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38024"
},
{
"name": "CVE-2024-57834",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57834"
},
{
"name": "CVE-2025-38078",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38078"
},
{
"name": "CVE-2025-21791",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21791"
},
{
"name": "CVE-2024-52559",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52559"
},
{
"name": "CVE-2025-38077",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38077"
},
{
"name": "CVE-2025-38005",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38005"
},
{
"name": "CVE-2025-21795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21795"
},
{
"name": "CVE-2025-21758",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21758"
},
{
"name": "CVE-2025-21780",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21780"
},
{
"name": "CVE-2025-37969",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37969"
},
{
"name": "CVE-2025-21787",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21787"
},
{
"name": "CVE-2025-21776",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21776"
},
{
"name": "CVE-2025-21706",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21706"
},
{
"name": "CVE-2025-38014",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38014"
},
{
"name": "CVE-2025-38003",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38003"
},
{
"name": "CVE-2025-38007",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38007"
},
{
"name": "CVE-2025-21760",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21760"
},
{
"name": "CVE-2025-38079",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38079"
},
{
"name": "CVE-2025-37964",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37964"
},
{
"name": "CVE-2025-21785",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21785"
},
{
"name": "CVE-2024-58086",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58086"
},
{
"name": "CVE-2025-37999",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37999"
},
{
"name": "CVE-2025-38018",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38018"
},
{
"name": "CVE-2025-21857",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21857"
},
{
"name": "CVE-2025-37797",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37797"
},
{
"name": "CVE-2025-21848",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21848"
},
{
"name": "CVE-2025-37952",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37952"
},
{
"name": "CVE-2025-38012",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38012"
},
{
"name": "CVE-2025-38019",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38019"
},
{
"name": "CVE-2025-21866",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21866"
},
{
"name": "CVE-2025-38037",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38037"
},
{
"name": "CVE-2025-37962",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37962"
},
{
"name": "CVE-2025-21862",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21862"
},
{
"name": "CVE-2025-37972",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37972"
},
{
"name": "CVE-2025-38010",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38010"
},
{
"name": "CVE-2024-57977",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57977"
},
{
"name": "CVE-2025-37970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37970"
},
{
"name": "CVE-2025-38013",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38013"
},
{
"name": "CVE-2025-37956",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37956"
},
{
"name": "CVE-2025-38094",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38094"
},
{
"name": "CVE-2025-38072",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38072"
},
{
"name": "CVE-2025-37967",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37967"
},
{
"name": "CVE-2025-38075",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38075"
},
{
"name": "CVE-2025-37949",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37949"
},
{
"name": "CVE-2025-37957",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37957"
},
{
"name": "CVE-2025-38058",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38058"
},
{
"name": "CVE-2025-21762",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21762"
},
{
"name": "CVE-2025-38083",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38083"
},
{
"name": "CVE-2025-21869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21869"
},
{
"name": "CVE-2024-54458",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54458"
},
{
"name": "CVE-2025-37951",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37951"
},
{
"name": "CVE-2025-37947",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37947"
},
{
"name": "CVE-2025-21859",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21859"
},
{
"name": "CVE-2025-21761",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21761"
},
{
"name": "CVE-2025-37992",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37992"
},
{
"name": "CVE-2025-21844",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21844"
},
{
"name": "CVE-2025-21784",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21784"
},
{
"name": "CVE-2024-58020",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58020"
},
{
"name": "CVE-2025-37973",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37973"
},
{
"name": "CVE-2025-37996",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37996"
},
{
"name": "CVE-2025-21775",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21775"
},
{
"name": "CVE-2025-21846",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21846"
},
{
"name": "CVE-2025-37998",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37998"
},
{
"name": "CVE-2025-37968",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37968"
},
{
"name": "CVE-2025-38006",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38006"
},
{
"name": "CVE-2025-38048",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38048"
},
{
"name": "CVE-2025-21765",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21765"
},
{
"name": "CVE-2025-21782",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21782"
},
{
"name": "CVE-2025-38009",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38009"
},
{
"name": "CVE-2025-21870",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21870"
},
{
"name": "CVE-2024-54456",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54456"
},
{
"name": "CVE-2024-38541",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38541"
},
{
"name": "CVE-2025-37994",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37994"
},
{
"name": "CVE-2025-21773",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21773"
},
{
"name": "CVE-2025-21858",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21858"
},
{
"name": "CVE-2025-37995",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37995"
},
{
"name": "CVE-2025-21821",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21821"
},
{
"name": "CVE-2025-38052",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38052"
},
{
"name": "CVE-2025-38035",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38035"
},
{
"name": "CVE-2025-37963",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37963"
},
{
"name": "CVE-2024-50073",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50073"
},
{
"name": "CVE-2025-37948",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37948"
},
{
"name": "CVE-2025-21863",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21863"
},
{
"name": "CVE-2025-21856",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21856"
},
{
"name": "CVE-2025-37960",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37960"
},
{
"name": "CVE-2025-38051",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38051"
},
{
"name": "CVE-2025-37954",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37954"
},
{
"name": "CVE-2025-38044",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38044"
},
{
"name": "CVE-2025-37959",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37959"
},
{
"name": "CVE-2025-21793",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21793"
},
{
"name": "CVE-2025-21854",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21854"
},
{
"name": "CVE-2023-52757",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52757"
},
{
"name": "CVE-2025-21759",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21759"
},
{
"name": "CVE-2023-52975",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52975"
},
{
"name": "CVE-2025-37966",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37966"
},
{
"name": "CVE-2025-38028",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38028"
},
{
"name": "CVE-2025-21790",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21790"
},
{
"name": "CVE-2025-38020",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38020"
},
{
"name": "CVE-2025-21835",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21835"
},
{
"name": "CVE-2025-38021",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38021"
}
],
"initial_release_date": "2025-08-22T00:00:00",
"last_revision_date": "2025-08-22T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0721",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-08-22T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux d\u0027Ubuntu. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux d\u0027Ubuntu",
"vendor_advisories": [
{
"published_at": "2025-08-20",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7704-1",
"url": "https://ubuntu.com/security/notices/USN-7704-1"
},
{
"published_at": "2025-08-19",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7703-1",
"url": "https://ubuntu.com/security/notices/USN-7703-1"
},
{
"published_at": "2025-08-21",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7704-4",
"url": "https://ubuntu.com/security/notices/USN-7704-4"
},
{
"published_at": "2025-08-20",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7704-3",
"url": "https://ubuntu.com/security/notices/USN-7704-3"
},
{
"published_at": "2025-08-21",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7701-3",
"url": "https://ubuntu.com/security/notices/USN-7701-3"
},
{
"published_at": "2025-08-20",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7682-6",
"url": "https://ubuntu.com/security/notices/USN-7682-6"
},
{
"published_at": "2025-08-20",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7703-2",
"url": "https://ubuntu.com/security/notices/USN-7703-2"
},
{
"published_at": "2025-08-21",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7703-3",
"url": "https://ubuntu.com/security/notices/USN-7703-3"
},
{
"published_at": "2025-08-19",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7701-1",
"url": "https://ubuntu.com/security/notices/USN-7701-1"
},
{
"published_at": "2025-08-19",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7704-2",
"url": "https://ubuntu.com/security/notices/USN-7704-2"
},
{
"published_at": "2025-08-20",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7699-2",
"url": "https://ubuntu.com/security/notices/USN-7699-2"
},
{
"published_at": "2025-08-20",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7701-2",
"url": "https://ubuntu.com/security/notices/USN-7701-2"
}
]
}
CVE-2025-38024 (GCVE-0-2025-38024)
Vulnerability from cvelistv5 – Published: 2025-06-18 09:28 – Updated: 2026-06-11 18:44
VLAI
EPSS
Title
RDMA/rxe: Fix slab-use-after-free Read in rxe_queue_cleanup bug
Summary
In the Linux kernel, the following vulnerability has been resolved:
RDMA/rxe: Fix slab-use-after-free Read in rxe_queue_cleanup bug
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x7d/0xa0 lib/dump_stack.c:120
print_address_description mm/kasan/report.c:378 [inline]
print_report+0xcf/0x610 mm/kasan/report.c:489
kasan_report+0xb5/0xe0 mm/kasan/report.c:602
rxe_queue_cleanup+0xd0/0xe0 drivers/infiniband/sw/rxe/rxe_queue.c:195
rxe_cq_cleanup+0x3f/0x50 drivers/infiniband/sw/rxe/rxe_cq.c:132
__rxe_cleanup+0x168/0x300 drivers/infiniband/sw/rxe/rxe_pool.c:232
rxe_create_cq+0x22e/0x3a0 drivers/infiniband/sw/rxe/rxe_verbs.c:1109
create_cq+0x658/0xb90 drivers/infiniband/core/uverbs_cmd.c:1052
ib_uverbs_create_cq+0xc7/0x120 drivers/infiniband/core/uverbs_cmd.c:1095
ib_uverbs_write+0x969/0xc90 drivers/infiniband/core/uverbs_main.c:679
vfs_write fs/read_write.c:677 [inline]
vfs_write+0x26a/0xcc0 fs/read_write.c:659
ksys_write+0x1b8/0x200 fs/read_write.c:731
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xaa/0x1b0 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
In the function rxe_create_cq, when rxe_cq_from_init fails, the function
rxe_cleanup will be called to handle the allocated resources. In fact,
some memory resources have already been freed in the function
rxe_cq_from_init. Thus, this problem will occur.
The solution is to let rxe_cleanup do all the work.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
10 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
8700e3e7c4857d28ebaa824509934556da0b3e76 , < 7c7c80c32e00665234e373ab03fe82f5c5c2c230
(git)
Affected: 8700e3e7c4857d28ebaa824509934556da0b3e76 , < 3a3b73e135e3bd18423d0baa72571319c7feb759 (git) Affected: 8700e3e7c4857d28ebaa824509934556da0b3e76 , < f8f470e3a757425a8f98fb9a5991e3cf62fc7134 (git) Affected: 8700e3e7c4857d28ebaa824509934556da0b3e76 , < 52daccfc3fa68ee1902d52124921453d7a335591 (git) Affected: 8700e3e7c4857d28ebaa824509934556da0b3e76 , < ee4c5a2a38596d548566560c0c022ab797e6f71a (git) Affected: 8700e3e7c4857d28ebaa824509934556da0b3e76 , < 336edd6b0f5b7fbffc3e065285610624f59e88df (git) Affected: 8700e3e7c4857d28ebaa824509934556da0b3e76 , < 16c45ced0b3839d3eee72a86bb172bef6cf58980 (git) Affected: 8700e3e7c4857d28ebaa824509934556da0b3e76 , < f81b33582f9339d2dc17c69b92040d3650bb4bae (git) |
|
| Linux | Linux |
Affected:
4.8
Unaffected: 0 , < 4.8 (semver) Unaffected: 5.4.294 , ≤ 5.4.* (semver) Unaffected: 5.10.238 , ≤ 5.10.* (semver) Unaffected: 5.15.184 , ≤ 5.15.* (semver) Unaffected: 6.1.140 , ≤ 6.1.* (semver) Unaffected: 6.6.92 , ≤ 6.6.* (semver) Unaffected: 6.12.30 , ≤ 6.12.* (semver) Unaffected: 6.14.8 , ≤ 6.14.* (semver) Unaffected: 6.15 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:58:23.438Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-38024",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-10T20:41:58.182479Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-11T18:44:18.118Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/sw/rxe/rxe_cq.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "7c7c80c32e00665234e373ab03fe82f5c5c2c230",
"status": "affected",
"version": "8700e3e7c4857d28ebaa824509934556da0b3e76",
"versionType": "git"
},
{
"lessThan": "3a3b73e135e3bd18423d0baa72571319c7feb759",
"status": "affected",
"version": "8700e3e7c4857d28ebaa824509934556da0b3e76",
"versionType": "git"
},
{
"lessThan": "f8f470e3a757425a8f98fb9a5991e3cf62fc7134",
"status": "affected",
"version": "8700e3e7c4857d28ebaa824509934556da0b3e76",
"versionType": "git"
},
{
"lessThan": "52daccfc3fa68ee1902d52124921453d7a335591",
"status": "affected",
"version": "8700e3e7c4857d28ebaa824509934556da0b3e76",
"versionType": "git"
},
{
"lessThan": "ee4c5a2a38596d548566560c0c022ab797e6f71a",
"status": "affected",
"version": "8700e3e7c4857d28ebaa824509934556da0b3e76",
"versionType": "git"
},
{
"lessThan": "336edd6b0f5b7fbffc3e065285610624f59e88df",
"status": "affected",
"version": "8700e3e7c4857d28ebaa824509934556da0b3e76",
"versionType": "git"
},
{
"lessThan": "16c45ced0b3839d3eee72a86bb172bef6cf58980",
"status": "affected",
"version": "8700e3e7c4857d28ebaa824509934556da0b3e76",
"versionType": "git"
},
{
"lessThan": "f81b33582f9339d2dc17c69b92040d3650bb4bae",
"status": "affected",
"version": "8700e3e7c4857d28ebaa824509934556da0b3e76",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/sw/rxe/rxe_cq.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.8"
},
{
"lessThan": "4.8",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.294",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.238",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.184",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.140",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.92",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.30",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"version": "6.14.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.15",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.294",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.238",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.184",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.140",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.92",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.30",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.14.8",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.15",
"versionStartIncluding": "4.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/rxe: Fix slab-use-after-free Read in rxe_queue_cleanup bug\n\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x7d/0xa0 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0xcf/0x610 mm/kasan/report.c:489\n kasan_report+0xb5/0xe0 mm/kasan/report.c:602\n rxe_queue_cleanup+0xd0/0xe0 drivers/infiniband/sw/rxe/rxe_queue.c:195\n rxe_cq_cleanup+0x3f/0x50 drivers/infiniband/sw/rxe/rxe_cq.c:132\n __rxe_cleanup+0x168/0x300 drivers/infiniband/sw/rxe/rxe_pool.c:232\n rxe_create_cq+0x22e/0x3a0 drivers/infiniband/sw/rxe/rxe_verbs.c:1109\n create_cq+0x658/0xb90 drivers/infiniband/core/uverbs_cmd.c:1052\n ib_uverbs_create_cq+0xc7/0x120 drivers/infiniband/core/uverbs_cmd.c:1095\n ib_uverbs_write+0x969/0xc90 drivers/infiniband/core/uverbs_main.c:679\n vfs_write fs/read_write.c:677 [inline]\n vfs_write+0x26a/0xcc0 fs/read_write.c:659\n ksys_write+0x1b8/0x200 fs/read_write.c:731\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xaa/0x1b0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nIn the function rxe_create_cq, when rxe_cq_from_init fails, the function\nrxe_cleanup will be called to handle the allocated resources. In fact,\nsome memory resources have already been freed in the function\nrxe_cq_from_init. Thus, this problem will occur.\n\nThe solution is to let rxe_cleanup do all the work."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T21:19:50.378Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/7c7c80c32e00665234e373ab03fe82f5c5c2c230"
},
{
"url": "https://git.kernel.org/stable/c/3a3b73e135e3bd18423d0baa72571319c7feb759"
},
{
"url": "https://git.kernel.org/stable/c/f8f470e3a757425a8f98fb9a5991e3cf62fc7134"
},
{
"url": "https://git.kernel.org/stable/c/52daccfc3fa68ee1902d52124921453d7a335591"
},
{
"url": "https://git.kernel.org/stable/c/ee4c5a2a38596d548566560c0c022ab797e6f71a"
},
{
"url": "https://git.kernel.org/stable/c/336edd6b0f5b7fbffc3e065285610624f59e88df"
},
{
"url": "https://git.kernel.org/stable/c/16c45ced0b3839d3eee72a86bb172bef6cf58980"
},
{
"url": "https://git.kernel.org/stable/c/f81b33582f9339d2dc17c69b92040d3650bb4bae"
}
],
"title": "RDMA/rxe: Fix slab-use-after-free Read in rxe_queue_cleanup bug",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-38024",
"datePublished": "2025-06-18T09:28:30.669Z",
"dateReserved": "2025-04-16T04:51:23.978Z",
"dateUpdated": "2026-06-11T18:44:18.118Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-38025 (GCVE-0-2025-38025)
Vulnerability from cvelistv5 – Published: 2025-06-18 09:28 – Updated: 2026-05-11 21:19
VLAI
EPSS
Title
iio: adc: ad7606: check for NULL before calling sw_mode_config()
Summary
In the Linux kernel, the following vulnerability has been resolved:
iio: adc: ad7606: check for NULL before calling sw_mode_config()
Check that the sw_mode_config function pointer is not NULL before
calling it. Not all buses define this callback, which resulted in a NULL
pointer dereference.
Severity
No CVSS data available.
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
e571c1902116a376c96e59639820662d7d6a13da , < c28ad63aa55eaadad2b1793b90bfbe7296cc03ba
(git)
Affected: e571c1902116a376c96e59639820662d7d6a13da , < 5257d80e22bf27009d6742e4c174f42cfe54e425 (git) |
|
| Linux | Linux |
Affected:
6.13
Unaffected: 0 , < 6.13 (semver) Unaffected: 6.14.8 , ≤ 6.14.* (semver) Unaffected: 6.15 , ≤ * (original_commit_for_fix) |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/iio/adc/ad7606.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "c28ad63aa55eaadad2b1793b90bfbe7296cc03ba",
"status": "affected",
"version": "e571c1902116a376c96e59639820662d7d6a13da",
"versionType": "git"
},
{
"lessThan": "5257d80e22bf27009d6742e4c174f42cfe54e425",
"status": "affected",
"version": "e571c1902116a376c96e59639820662d7d6a13da",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/iio/adc/ad7606.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.13"
},
{
"lessThan": "6.13",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"version": "6.14.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.15",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.14.8",
"versionStartIncluding": "6.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.15",
"versionStartIncluding": "6.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: adc: ad7606: check for NULL before calling sw_mode_config()\n\nCheck that the sw_mode_config function pointer is not NULL before\ncalling it. Not all buses define this callback, which resulted in a NULL\npointer dereference."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T21:19:51.667Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/c28ad63aa55eaadad2b1793b90bfbe7296cc03ba"
},
{
"url": "https://git.kernel.org/stable/c/5257d80e22bf27009d6742e4c174f42cfe54e425"
}
],
"title": "iio: adc: ad7606: check for NULL before calling sw_mode_config()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-38025",
"datePublished": "2025-06-18T09:28:31.302Z",
"dateReserved": "2025-04-16T04:51:23.978Z",
"dateUpdated": "2026-05-11T21:19:51.667Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-38027 (GCVE-0-2025-38027)
Vulnerability from cvelistv5 – Published: 2025-06-18 09:28 – Updated: 2026-05-11 21:19
VLAI
EPSS
Title
regulator: max20086: fix invalid memory access
Summary
In the Linux kernel, the following vulnerability has been resolved:
regulator: max20086: fix invalid memory access
max20086_parse_regulators_dt() calls of_regulator_match() using an
array of struct of_regulator_match allocated on the stack for the
matches argument.
of_regulator_match() calls devm_of_regulator_put_matches(), which calls
devres_alloc() to allocate a struct devm_of_regulator_matches which will
be de-allocated using devm_of_regulator_put_matches().
struct devm_of_regulator_matches is populated with the stack allocated
matches array.
If the device fails to probe, devm_of_regulator_put_matches() will be
called and will try to call of_node_put() on that stack pointer,
generating the following dmesg entries:
max20086 6-0028: Failed to read DEVICE_ID reg: -121
kobject: '\xc0$\xa5\x03' (000000002cebcb7a): is not initialized, yet
kobject_put() is being called.
Followed by a stack trace matching the call flow described above.
Switch to allocating the matches array using devm_kcalloc() to
avoid accessing the stack pointer long after it's out of scope.
This also has the advantage of allowing multiple max20086 to probe
without overriding the data stored inside the global of_regulator_match.
Severity
No CVSS data available.
Assigner
References
6 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
bfff546aae50ae68ed395bf0e0848188d27b0ba3 , < 6ba30f7aa2c550b2ac04f16b81a19a8c045b8660
(git)
Affected: bfff546aae50ae68ed395bf0e0848188d27b0ba3 , < 7bddac8603d4e396872c2fbf4403ec08e7b1d7c8 (git) Affected: bfff546aae50ae68ed395bf0e0848188d27b0ba3 , < d2a9a92bb4cc7568cff68241b0051dc7268bdc68 (git) Affected: bfff546aae50ae68ed395bf0e0848188d27b0ba3 , < 5578ab04bd7732f470fc614bbc0a924900399fb8 (git) Affected: bfff546aae50ae68ed395bf0e0848188d27b0ba3 , < 6b0cd72757c69bc2d45da42b41023e288d02e772 (git) |
|
| Linux | Linux |
Affected:
5.17
Unaffected: 0 , < 5.17 (semver) Unaffected: 6.1.140 , ≤ 6.1.* (semver) Unaffected: 6.6.92 , ≤ 6.6.* (semver) Unaffected: 6.12.30 , ≤ 6.12.* (semver) Unaffected: 6.14.8 , ≤ 6.14.* (semver) Unaffected: 6.15 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:58:24.832Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/regulator/max20086-regulator.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "6ba30f7aa2c550b2ac04f16b81a19a8c045b8660",
"status": "affected",
"version": "bfff546aae50ae68ed395bf0e0848188d27b0ba3",
"versionType": "git"
},
{
"lessThan": "7bddac8603d4e396872c2fbf4403ec08e7b1d7c8",
"status": "affected",
"version": "bfff546aae50ae68ed395bf0e0848188d27b0ba3",
"versionType": "git"
},
{
"lessThan": "d2a9a92bb4cc7568cff68241b0051dc7268bdc68",
"status": "affected",
"version": "bfff546aae50ae68ed395bf0e0848188d27b0ba3",
"versionType": "git"
},
{
"lessThan": "5578ab04bd7732f470fc614bbc0a924900399fb8",
"status": "affected",
"version": "bfff546aae50ae68ed395bf0e0848188d27b0ba3",
"versionType": "git"
},
{
"lessThan": "6b0cd72757c69bc2d45da42b41023e288d02e772",
"status": "affected",
"version": "bfff546aae50ae68ed395bf0e0848188d27b0ba3",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/regulator/max20086-regulator.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.17"
},
{
"lessThan": "5.17",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.140",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.92",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.30",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"version": "6.14.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.15",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.140",
"versionStartIncluding": "5.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.92",
"versionStartIncluding": "5.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.30",
"versionStartIncluding": "5.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.14.8",
"versionStartIncluding": "5.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.15",
"versionStartIncluding": "5.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nregulator: max20086: fix invalid memory access\n\nmax20086_parse_regulators_dt() calls of_regulator_match() using an\narray of struct of_regulator_match allocated on the stack for the\nmatches argument.\n\nof_regulator_match() calls devm_of_regulator_put_matches(), which calls\ndevres_alloc() to allocate a struct devm_of_regulator_matches which will\nbe de-allocated using devm_of_regulator_put_matches().\n\nstruct devm_of_regulator_matches is populated with the stack allocated\nmatches array.\n\nIf the device fails to probe, devm_of_regulator_put_matches() will be\ncalled and will try to call of_node_put() on that stack pointer,\ngenerating the following dmesg entries:\n\nmax20086 6-0028: Failed to read DEVICE_ID reg: -121\nkobject: \u0027\\xc0$\\xa5\\x03\u0027 (000000002cebcb7a): is not initialized, yet\nkobject_put() is being called.\n\nFollowed by a stack trace matching the call flow described above.\n\nSwitch to allocating the matches array using devm_kcalloc() to\navoid accessing the stack pointer long after it\u0027s out of scope.\n\nThis also has the advantage of allowing multiple max20086 to probe\nwithout overriding the data stored inside the global of_regulator_match."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T21:19:52.816Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/6ba30f7aa2c550b2ac04f16b81a19a8c045b8660"
},
{
"url": "https://git.kernel.org/stable/c/7bddac8603d4e396872c2fbf4403ec08e7b1d7c8"
},
{
"url": "https://git.kernel.org/stable/c/d2a9a92bb4cc7568cff68241b0051dc7268bdc68"
},
{
"url": "https://git.kernel.org/stable/c/5578ab04bd7732f470fc614bbc0a924900399fb8"
},
{
"url": "https://git.kernel.org/stable/c/6b0cd72757c69bc2d45da42b41023e288d02e772"
}
],
"title": "regulator: max20086: fix invalid memory access",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-38027",
"datePublished": "2025-06-18T09:28:32.546Z",
"dateReserved": "2025-04-16T04:51:23.978Z",
"dateUpdated": "2026-05-11T21:19:52.816Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-38028 (GCVE-0-2025-38028)
Vulnerability from cvelistv5 – Published: 2025-06-18 09:28 – Updated: 2026-05-11 21:19
VLAI
EPSS
Title
NFS/localio: Fix a race in nfs_local_open_fh()
Summary
In the Linux kernel, the following vulnerability has been resolved:
NFS/localio: Fix a race in nfs_local_open_fh()
Once the clp->cl_uuid.lock has been dropped, another CPU could come in
and free the struct nfsd_file that was just added. To prevent that from
happening, take the RCU read lock before dropping the spin lock.
Severity
No CVSS data available.
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
86e00412254a717ffd5d38dc5ec0ee1cce6281b3 , < 185a2f2ddabdcf999823f61de67f86376883920d
(git)
Affected: 86e00412254a717ffd5d38dc5ec0ee1cce6281b3 , < fa7ab64f1e2fdc8f2603aab8e0dd20de89cb10d9 (git) |
|
| Linux | Linux |
Affected:
6.14
Unaffected: 0 , < 6.14 (semver) Unaffected: 6.14.8 , ≤ 6.14.* (semver) Unaffected: 6.15 , ≤ * (original_commit_for_fix) |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/nfs/localio.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "185a2f2ddabdcf999823f61de67f86376883920d",
"status": "affected",
"version": "86e00412254a717ffd5d38dc5ec0ee1cce6281b3",
"versionType": "git"
},
{
"lessThan": "fa7ab64f1e2fdc8f2603aab8e0dd20de89cb10d9",
"status": "affected",
"version": "86e00412254a717ffd5d38dc5ec0ee1cce6281b3",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/nfs/localio.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.14"
},
{
"lessThan": "6.14",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"version": "6.14.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.15",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.14.8",
"versionStartIncluding": "6.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.15",
"versionStartIncluding": "6.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFS/localio: Fix a race in nfs_local_open_fh()\n\nOnce the clp-\u003ecl_uuid.lock has been dropped, another CPU could come in\nand free the struct nfsd_file that was just added. To prevent that from\nhappening, take the RCU read lock before dropping the spin lock."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T21:19:53.958Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/185a2f2ddabdcf999823f61de67f86376883920d"
},
{
"url": "https://git.kernel.org/stable/c/fa7ab64f1e2fdc8f2603aab8e0dd20de89cb10d9"
}
],
"title": "NFS/localio: Fix a race in nfs_local_open_fh()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-38028",
"datePublished": "2025-06-18T09:28:33.184Z",
"dateReserved": "2025-04-16T04:51:23.978Z",
"dateUpdated": "2026-05-11T21:19:53.958Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-38031 (GCVE-0-2025-38031)
Vulnerability from cvelistv5 – Published: 2025-06-18 09:33 – Updated: 2026-05-23 15:58
VLAI
EPSS
Title
padata: do not leak refcount in reorder_work
Summary
In the Linux kernel, the following vulnerability has been resolved:
padata: do not leak refcount in reorder_work
A recent patch that addressed a UAF introduced a reference count leak:
the parallel_data refcount is incremented unconditionally, regardless
of the return value of queue_work(). If the work item is already queued,
the incremented refcount is never decremented.
Fix this by checking the return value of queue_work() and decrementing
the refcount when necessary.
Resolves:
Unreferenced object 0xffff9d9f421e3d80 (size 192):
comm "cryptomgr_probe", pid 157, jiffies 4294694003
hex dump (first 32 bytes):
80 8b cf 41 9f 9d ff ff b8 97 e0 89 ff ff ff ff ...A............
d0 97 e0 89 ff ff ff ff 19 00 00 00 1f 88 23 00 ..............#.
backtrace (crc 838fb36):
__kmalloc_cache_noprof+0x284/0x320
padata_alloc_pd+0x20/0x1e0
padata_alloc_shell+0x3b/0xa0
0xffffffffc040a54d
cryptomgr_probe+0x43/0xc0
kthread+0xf6/0x1f0
ret_from_fork+0x2f/0x50
ret_from_fork_asm+0x1a/0x30
Severity
No CVSS data available.
Assigner
References
9 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
f4f1b1169fc3694f9bc3e28c6c68dbbf4cc744c0 , < b9ad8e50e8589607e68e6c4cefa7f72bf35a2cb1
(git)
Affected: 4c6209efea2208597dbd3e52dc87a0d1a8f2dbe1 , < 1a426abdf1c86882c9203dd8182f3b8274b89938 (git) Affected: 7000507bb0d2ceb545c0a690e0c707c897d102c2 , < cceb15864e1612ebfbc10ec4e4dcd19a10c0056c (git) Affected: 6f45ef616775b0ce7889b0f6077fc8d681ab30bc , < 584a729615fa92f4de45480efb7e569d14be1516 (git) Affected: 8ca38d0ca8c3d30dd18d311f1a7ec5cb56972cac , < 5300e487487d7a2e3e1e6e9d8f03ed9452e4019e (git) Affected: dd7d37ccf6b11f3d95e797ebe4e9e886d0332600 , < 1c65ae4988714716101555fe2b9830e33136d6fb (git) Affected: dd7d37ccf6b11f3d95e797ebe4e9e886d0332600 , < d6ebcde6d4ecf34f8495fb30516645db3aea8993 (git) Affected: a54091c24220a4cd847d5b4f36d678edacddbaf0 (git) Affected: 5.10.235 , < 5.10.238 (semver) Affected: 5.15.179 , < 5.15.185 (semver) Affected: 6.1.129 , < 6.1.141 (semver) Affected: 6.6.76 , < 6.6.93 (semver) Affected: 6.12.13 , < 6.12.31 (semver) Affected: 6.13.2 , < 6.14 (semver) |
|
| Linux | Linux |
Affected:
6.14
Unaffected: 0 , < 6.14 (semver) Unaffected: 5.10.238 , ≤ 5.10.* (semver) Unaffected: 5.15.185 , ≤ 5.15.* (semver) Unaffected: 6.1.141 , ≤ 6.1.* (semver) Unaffected: 6.6.93 , ≤ 6.6.* (semver) Unaffected: 6.12.31 , ≤ 6.12.* (semver) Unaffected: 6.14.9 , ≤ 6.14.* (semver) Unaffected: 6.15 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T17:33:10.591Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"kernel/padata.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b9ad8e50e8589607e68e6c4cefa7f72bf35a2cb1",
"status": "affected",
"version": "f4f1b1169fc3694f9bc3e28c6c68dbbf4cc744c0",
"versionType": "git"
},
{
"lessThan": "1a426abdf1c86882c9203dd8182f3b8274b89938",
"status": "affected",
"version": "4c6209efea2208597dbd3e52dc87a0d1a8f2dbe1",
"versionType": "git"
},
{
"lessThan": "cceb15864e1612ebfbc10ec4e4dcd19a10c0056c",
"status": "affected",
"version": "7000507bb0d2ceb545c0a690e0c707c897d102c2",
"versionType": "git"
},
{
"lessThan": "584a729615fa92f4de45480efb7e569d14be1516",
"status": "affected",
"version": "6f45ef616775b0ce7889b0f6077fc8d681ab30bc",
"versionType": "git"
},
{
"lessThan": "5300e487487d7a2e3e1e6e9d8f03ed9452e4019e",
"status": "affected",
"version": "8ca38d0ca8c3d30dd18d311f1a7ec5cb56972cac",
"versionType": "git"
},
{
"lessThan": "1c65ae4988714716101555fe2b9830e33136d6fb",
"status": "affected",
"version": "dd7d37ccf6b11f3d95e797ebe4e9e886d0332600",
"versionType": "git"
},
{
"lessThan": "d6ebcde6d4ecf34f8495fb30516645db3aea8993",
"status": "affected",
"version": "dd7d37ccf6b11f3d95e797ebe4e9e886d0332600",
"versionType": "git"
},
{
"status": "affected",
"version": "a54091c24220a4cd847d5b4f36d678edacddbaf0",
"versionType": "git"
},
{
"lessThan": "5.10.238",
"status": "affected",
"version": "5.10.235",
"versionType": "semver"
},
{
"lessThan": "5.15.185",
"status": "affected",
"version": "5.15.179",
"versionType": "semver"
},
{
"lessThan": "6.1.141",
"status": "affected",
"version": "6.1.129",
"versionType": "semver"
},
{
"lessThan": "6.6.93",
"status": "affected",
"version": "6.6.76",
"versionType": "semver"
},
{
"lessThan": "6.12.31",
"status": "affected",
"version": "6.12.13",
"versionType": "semver"
},
{
"lessThan": "6.14",
"status": "affected",
"version": "6.13.2",
"versionType": "semver"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"kernel/padata.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.14"
},
{
"lessThan": "6.14",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.238",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.185",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.141",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.93",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.31",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"version": "6.14.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.15",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.238",
"versionStartIncluding": "5.10.235",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.185",
"versionStartIncluding": "5.15.179",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.141",
"versionStartIncluding": "6.1.129",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.93",
"versionStartIncluding": "6.6.76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.31",
"versionStartIncluding": "6.12.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.14.9",
"versionStartIncluding": "6.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.15",
"versionStartIncluding": "6.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.13.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\npadata: do not leak refcount in reorder_work\n\nA recent patch that addressed a UAF introduced a reference count leak:\nthe parallel_data refcount is incremented unconditionally, regardless\nof the return value of queue_work(). If the work item is already queued,\nthe incremented refcount is never decremented.\n\nFix this by checking the return value of queue_work() and decrementing\nthe refcount when necessary.\n\nResolves:\n\nUnreferenced object 0xffff9d9f421e3d80 (size 192):\n comm \"cryptomgr_probe\", pid 157, jiffies 4294694003\n hex dump (first 32 bytes):\n 80 8b cf 41 9f 9d ff ff b8 97 e0 89 ff ff ff ff ...A............\n d0 97 e0 89 ff ff ff ff 19 00 00 00 1f 88 23 00 ..............#.\n backtrace (crc 838fb36):\n __kmalloc_cache_noprof+0x284/0x320\n padata_alloc_pd+0x20/0x1e0\n padata_alloc_shell+0x3b/0xa0\n 0xffffffffc040a54d\n cryptomgr_probe+0x43/0xc0\n kthread+0xf6/0x1f0\n ret_from_fork+0x2f/0x50\n ret_from_fork_asm+0x1a/0x30"
}
],
"providerMetadata": {
"dateUpdated": "2026-05-23T15:58:51.926Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b9ad8e50e8589607e68e6c4cefa7f72bf35a2cb1"
},
{
"url": "https://git.kernel.org/stable/c/1a426abdf1c86882c9203dd8182f3b8274b89938"
},
{
"url": "https://git.kernel.org/stable/c/cceb15864e1612ebfbc10ec4e4dcd19a10c0056c"
},
{
"url": "https://git.kernel.org/stable/c/584a729615fa92f4de45480efb7e569d14be1516"
},
{
"url": "https://git.kernel.org/stable/c/5300e487487d7a2e3e1e6e9d8f03ed9452e4019e"
},
{
"url": "https://git.kernel.org/stable/c/1c65ae4988714716101555fe2b9830e33136d6fb"
},
{
"url": "https://git.kernel.org/stable/c/d6ebcde6d4ecf34f8495fb30516645db3aea8993"
}
],
"title": "padata: do not leak refcount in reorder_work",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-38031",
"datePublished": "2025-06-18T09:33:18.882Z",
"dateReserved": "2025-04-16T04:51:23.978Z",
"dateUpdated": "2026-05-23T15:58:51.926Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-38034 (GCVE-0-2025-38034)
Vulnerability from cvelistv5 – Published: 2025-06-18 09:33 – Updated: 2026-05-11 21:19
VLAI
EPSS
Title
btrfs: correct the order of prelim_ref arguments in btrfs__prelim_ref
Summary
In the Linux kernel, the following vulnerability has been resolved:
btrfs: correct the order of prelim_ref arguments in btrfs__prelim_ref
btrfs_prelim_ref() calls the old and new reference variables in the
incorrect order. This causes a NULL pointer dereference because oldref
is passed as NULL to trace_btrfs_prelim_ref_insert().
Note, trace_btrfs_prelim_ref_insert() is being called with newref as
oldref (and oldref as NULL) on purpose in order to print out
the values of newref.
To reproduce:
echo 1 > /sys/kernel/debug/tracing/events/btrfs/btrfs_prelim_ref_insert/enable
Perform some writeback operations.
Backtrace:
BUG: kernel NULL pointer dereference, address: 0000000000000018
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 115949067 P4D 115949067 PUD 11594a067 PMD 0
Oops: Oops: 0000 [#1] SMP NOPTI
CPU: 1 UID: 0 PID: 1188 Comm: fsstress Not tainted 6.15.0-rc2-tester+ #47 PREEMPT(voluntary) 7ca2cef72d5e9c600f0c7718adb6462de8149622
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.3-2-gc13ff2cd-prebuilt.qemu.org 04/01/2014
RIP: 0010:trace_event_raw_event_btrfs__prelim_ref+0x72/0x130
Code: e8 43 81 9f ff 48 85 c0 74 78 4d 85 e4 0f 84 8f 00 00 00 49 8b 94 24 c0 06 00 00 48 8b 0a 48 89 48 08 48 8b 52 08 48 89 50 10 <49> 8b 55 18 48 89 50 18 49 8b 55 20 48 89 50 20 41 0f b6 55 28 88
RSP: 0018:ffffce44820077a0 EFLAGS: 00010286
RAX: ffff8c6b403f9014 RBX: ffff8c6b55825730 RCX: 304994edf9cf506b
RDX: d8b11eb7f0fdb699 RSI: ffff8c6b403f9010 RDI: ffff8c6b403f9010
RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000010
R10: 00000000ffffffff R11: 0000000000000000 R12: ffff8c6b4e8fb000
R13: 0000000000000000 R14: ffffce44820077a8 R15: ffff8c6b4abd1540
FS: 00007f4dc6813740(0000) GS:ffff8c6c1d378000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000018 CR3: 000000010eb42000 CR4: 0000000000750ef0
PKRU: 55555554
Call Trace:
<TASK>
prelim_ref_insert+0x1c1/0x270
find_parent_nodes+0x12a6/0x1ee0
? __entry_text_end+0x101f06/0x101f09
? srso_alias_return_thunk+0x5/0xfbef5
? srso_alias_return_thunk+0x5/0xfbef5
? srso_alias_return_thunk+0x5/0xfbef5
? srso_alias_return_thunk+0x5/0xfbef5
btrfs_is_data_extent_shared+0x167/0x640
? fiemap_process_hole+0xd0/0x2c0
extent_fiemap+0xa5c/0xbc0
? __entry_text_end+0x101f05/0x101f09
btrfs_fiemap+0x7e/0xd0
do_vfs_ioctl+0x425/0x9d0
__x64_sys_ioctl+0x75/0xc0
Severity
No CVSS data available.
Assigner
References
10 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
00142756e1f8015d2f8ce96532d156689db7e448 , < 5755b6731655e248c4f1d52a2e1b18795b4a2a3a
(git)
Affected: 00142756e1f8015d2f8ce96532d156689db7e448 , < a641154cedf9d69730f8af5d0a901fe86e6486bd (git) Affected: 00142756e1f8015d2f8ce96532d156689db7e448 , < a876703894a6dd6e8c04b0635d86e9f7a7c81b79 (git) Affected: 00142756e1f8015d2f8ce96532d156689db7e448 , < 0528bba48dce7820d2da72e1a114e1c4552367eb (git) Affected: 00142756e1f8015d2f8ce96532d156689db7e448 , < 7a97f961a568a8f72472dc804af02a0f73152c5f (git) Affected: 00142756e1f8015d2f8ce96532d156689db7e448 , < 7f7c8c03feba5f2454792fab3bb8bd45bd6883f9 (git) Affected: 00142756e1f8015d2f8ce96532d156689db7e448 , < 137bfa08c6441f324d00692d1e9d22cfd773329b (git) Affected: 00142756e1f8015d2f8ce96532d156689db7e448 , < bc7e0975093567f51be8e1bdf4aa5900a3cf0b1e (git) |
|
| Linux | Linux |
Affected:
4.14
Unaffected: 0 , < 4.14 (semver) Unaffected: 5.4.294 , ≤ 5.4.* (semver) Unaffected: 5.10.238 , ≤ 5.10.* (semver) Unaffected: 5.15.185 , ≤ 5.15.* (semver) Unaffected: 6.1.141 , ≤ 6.1.* (semver) Unaffected: 6.6.93 , ≤ 6.6.* (semver) Unaffected: 6.12.31 , ≤ 6.12.* (semver) Unaffected: 6.14.9 , ≤ 6.14.* (semver) Unaffected: 6.15 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T17:33:12.540Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"include/trace/events/btrfs.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "5755b6731655e248c4f1d52a2e1b18795b4a2a3a",
"status": "affected",
"version": "00142756e1f8015d2f8ce96532d156689db7e448",
"versionType": "git"
},
{
"lessThan": "a641154cedf9d69730f8af5d0a901fe86e6486bd",
"status": "affected",
"version": "00142756e1f8015d2f8ce96532d156689db7e448",
"versionType": "git"
},
{
"lessThan": "a876703894a6dd6e8c04b0635d86e9f7a7c81b79",
"status": "affected",
"version": "00142756e1f8015d2f8ce96532d156689db7e448",
"versionType": "git"
},
{
"lessThan": "0528bba48dce7820d2da72e1a114e1c4552367eb",
"status": "affected",
"version": "00142756e1f8015d2f8ce96532d156689db7e448",
"versionType": "git"
},
{
"lessThan": "7a97f961a568a8f72472dc804af02a0f73152c5f",
"status": "affected",
"version": "00142756e1f8015d2f8ce96532d156689db7e448",
"versionType": "git"
},
{
"lessThan": "7f7c8c03feba5f2454792fab3bb8bd45bd6883f9",
"status": "affected",
"version": "00142756e1f8015d2f8ce96532d156689db7e448",
"versionType": "git"
},
{
"lessThan": "137bfa08c6441f324d00692d1e9d22cfd773329b",
"status": "affected",
"version": "00142756e1f8015d2f8ce96532d156689db7e448",
"versionType": "git"
},
{
"lessThan": "bc7e0975093567f51be8e1bdf4aa5900a3cf0b1e",
"status": "affected",
"version": "00142756e1f8015d2f8ce96532d156689db7e448",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"include/trace/events/btrfs.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.14"
},
{
"lessThan": "4.14",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.294",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.238",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.185",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.141",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.93",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.31",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"version": "6.14.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.15",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.294",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.238",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.185",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.141",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.93",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.31",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.14.9",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.15",
"versionStartIncluding": "4.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: correct the order of prelim_ref arguments in btrfs__prelim_ref\n\nbtrfs_prelim_ref() calls the old and new reference variables in the\nincorrect order. This causes a NULL pointer dereference because oldref\nis passed as NULL to trace_btrfs_prelim_ref_insert().\n\nNote, trace_btrfs_prelim_ref_insert() is being called with newref as\noldref (and oldref as NULL) on purpose in order to print out\nthe values of newref.\n\nTo reproduce:\necho 1 \u003e /sys/kernel/debug/tracing/events/btrfs/btrfs_prelim_ref_insert/enable\n\nPerform some writeback operations.\n\nBacktrace:\nBUG: kernel NULL pointer dereference, address: 0000000000000018\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 115949067 P4D 115949067 PUD 11594a067 PMD 0\n Oops: Oops: 0000 [#1] SMP NOPTI\n CPU: 1 UID: 0 PID: 1188 Comm: fsstress Not tainted 6.15.0-rc2-tester+ #47 PREEMPT(voluntary) 7ca2cef72d5e9c600f0c7718adb6462de8149622\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.3-2-gc13ff2cd-prebuilt.qemu.org 04/01/2014\n RIP: 0010:trace_event_raw_event_btrfs__prelim_ref+0x72/0x130\n Code: e8 43 81 9f ff 48 85 c0 74 78 4d 85 e4 0f 84 8f 00 00 00 49 8b 94 24 c0 06 00 00 48 8b 0a 48 89 48 08 48 8b 52 08 48 89 50 10 \u003c49\u003e 8b 55 18 48 89 50 18 49 8b 55 20 48 89 50 20 41 0f b6 55 28 88\n RSP: 0018:ffffce44820077a0 EFLAGS: 00010286\n RAX: ffff8c6b403f9014 RBX: ffff8c6b55825730 RCX: 304994edf9cf506b\n RDX: d8b11eb7f0fdb699 RSI: ffff8c6b403f9010 RDI: ffff8c6b403f9010\n RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000010\n R10: 00000000ffffffff R11: 0000000000000000 R12: ffff8c6b4e8fb000\n R13: 0000000000000000 R14: ffffce44820077a8 R15: ffff8c6b4abd1540\n FS: 00007f4dc6813740(0000) GS:ffff8c6c1d378000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000000000018 CR3: 000000010eb42000 CR4: 0000000000750ef0\n PKRU: 55555554\n Call Trace:\n \u003cTASK\u003e\n prelim_ref_insert+0x1c1/0x270\n find_parent_nodes+0x12a6/0x1ee0\n ? __entry_text_end+0x101f06/0x101f09\n ? srso_alias_return_thunk+0x5/0xfbef5\n ? srso_alias_return_thunk+0x5/0xfbef5\n ? srso_alias_return_thunk+0x5/0xfbef5\n ? srso_alias_return_thunk+0x5/0xfbef5\n btrfs_is_data_extent_shared+0x167/0x640\n ? fiemap_process_hole+0xd0/0x2c0\n extent_fiemap+0xa5c/0xbc0\n ? __entry_text_end+0x101f05/0x101f09\n btrfs_fiemap+0x7e/0xd0\n do_vfs_ioctl+0x425/0x9d0\n __x64_sys_ioctl+0x75/0xc0"
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T21:19:59.723Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/5755b6731655e248c4f1d52a2e1b18795b4a2a3a"
},
{
"url": "https://git.kernel.org/stable/c/a641154cedf9d69730f8af5d0a901fe86e6486bd"
},
{
"url": "https://git.kernel.org/stable/c/a876703894a6dd6e8c04b0635d86e9f7a7c81b79"
},
{
"url": "https://git.kernel.org/stable/c/0528bba48dce7820d2da72e1a114e1c4552367eb"
},
{
"url": "https://git.kernel.org/stable/c/7a97f961a568a8f72472dc804af02a0f73152c5f"
},
{
"url": "https://git.kernel.org/stable/c/7f7c8c03feba5f2454792fab3bb8bd45bd6883f9"
},
{
"url": "https://git.kernel.org/stable/c/137bfa08c6441f324d00692d1e9d22cfd773329b"
},
{
"url": "https://git.kernel.org/stable/c/bc7e0975093567f51be8e1bdf4aa5900a3cf0b1e"
}
],
"title": "btrfs: correct the order of prelim_ref arguments in btrfs__prelim_ref",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-38034",
"datePublished": "2025-06-18T09:33:21.120Z",
"dateReserved": "2025-04-16T04:51:23.978Z",
"dateUpdated": "2026-05-11T21:19:59.723Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-38035 (GCVE-0-2025-38035)
Vulnerability from cvelistv5 – Published: 2025-06-18 09:33 – Updated: 2026-05-11 21:20
VLAI
EPSS
Title
nvmet-tcp: don't restore null sk_state_change
Summary
In the Linux kernel, the following vulnerability has been resolved:
nvmet-tcp: don't restore null sk_state_change
queue->state_change is set as part of nvmet_tcp_set_queue_sock(), but if
the TCP connection isn't established when nvmet_tcp_set_queue_sock() is
called then queue->state_change isn't set and sock->sk->sk_state_change
isn't replaced.
As such we don't need to restore sock->sk->sk_state_change if
queue->state_change is NULL.
This avoids NULL pointer dereferences such as this:
[ 286.462026][ C0] BUG: kernel NULL pointer dereference, address: 0000000000000000
[ 286.462814][ C0] #PF: supervisor instruction fetch in kernel mode
[ 286.463796][ C0] #PF: error_code(0x0010) - not-present page
[ 286.464392][ C0] PGD 8000000140620067 P4D 8000000140620067 PUD 114201067 PMD 0
[ 286.465086][ C0] Oops: Oops: 0010 [#1] SMP KASAN PTI
[ 286.465559][ C0] CPU: 0 UID: 0 PID: 1628 Comm: nvme Not tainted 6.15.0-rc2+ #11 PREEMPT(voluntary)
[ 286.466393][ C0] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-3.fc41 04/01/2014
[ 286.467147][ C0] RIP: 0010:0x0
[ 286.467420][ C0] Code: Unable to access opcode bytes at 0xffffffffffffffd6.
[ 286.467977][ C0] RSP: 0018:ffff8883ae008580 EFLAGS: 00010246
[ 286.468425][ C0] RAX: 0000000000000000 RBX: ffff88813fd34100 RCX: ffffffffa386cc43
[ 286.469019][ C0] RDX: 1ffff11027fa68b6 RSI: 0000000000000008 RDI: ffff88813fd34100
[ 286.469545][ C0] RBP: ffff88813fd34160 R08: 0000000000000000 R09: ffffed1027fa682c
[ 286.470072][ C0] R10: ffff88813fd34167 R11: 0000000000000000 R12: ffff88813fd344c3
[ 286.470585][ C0] R13: ffff88813fd34112 R14: ffff88813fd34aec R15: ffff888132cdd268
[ 286.471070][ C0] FS: 00007fe3c04c7d80(0000) GS:ffff88840743f000(0000) knlGS:0000000000000000
[ 286.471644][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 286.472543][ C0] CR2: ffffffffffffffd6 CR3: 000000012daca000 CR4: 00000000000006f0
[ 286.473500][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 286.474467][ C0] DR3: 0000000000000000 DR6: 00000000ffff07f0 DR7: 0000000000000400
[ 286.475453][ C0] Call Trace:
[ 286.476102][ C0] <IRQ>
[ 286.476719][ C0] tcp_fin+0x2bb/0x440
[ 286.477429][ C0] tcp_data_queue+0x190f/0x4e60
[ 286.478174][ C0] ? __build_skb_around+0x234/0x330
[ 286.478940][ C0] ? rcu_is_watching+0x11/0xb0
[ 286.479659][ C0] ? __pfx_tcp_data_queue+0x10/0x10
[ 286.480431][ C0] ? tcp_try_undo_loss+0x640/0x6c0
[ 286.481196][ C0] ? seqcount_lockdep_reader_access.constprop.0+0x82/0x90
[ 286.482046][ C0] ? kvm_clock_get_cycles+0x14/0x30
[ 286.482769][ C0] ? ktime_get+0x66/0x150
[ 286.483433][ C0] ? rcu_is_watching+0x11/0xb0
[ 286.484146][ C0] tcp_rcv_established+0x6e4/0x2050
[ 286.484857][ C0] ? rcu_is_watching+0x11/0xb0
[ 286.485523][ C0] ? ipv4_dst_check+0x160/0x2b0
[ 286.486203][ C0] ? __pfx_tcp_rcv_established+0x10/0x10
[ 286.486917][ C0] ? lock_release+0x217/0x2c0
[ 286.487595][ C0] tcp_v4_do_rcv+0x4d6/0x9b0
[ 286.488279][ C0] tcp_v4_rcv+0x2af8/0x3e30
[ 286.488904][ C0] ? raw_local_deliver+0x51b/0xad0
[ 286.489551][ C0] ? rcu_is_watching+0x11/0xb0
[ 286.490198][ C0] ? __pfx_tcp_v4_rcv+0x10/0x10
[ 286.490813][ C0] ? __pfx_raw_local_deliver+0x10/0x10
[ 286.491487][ C0] ? __pfx_nf_confirm+0x10/0x10 [nf_conntrack]
[ 286.492275][ C0] ? rcu_is_watching+0x11/0xb0
[ 286.492900][ C0] ip_protocol_deliver_rcu+0x8f/0x370
[ 286.493579][ C0] ip_local_deliver_finish+0x297/0x420
[ 286.494268][ C0] ip_local_deliver+0x168/0x430
[ 286.494867][ C0] ? __pfx_ip_local_deliver+0x10/0x10
[ 286.495498][ C0] ? __pfx_ip_local_deliver_finish+0x10/0x10
[ 286.496204][ C0] ? ip_rcv_finish_core+0x19a/0x1f20
[ 286.496806][ C0] ? lock_release+0x217/0x2c0
[ 286.497414][ C0] ip_rcv+0x455/0x6e0
[ 286.497945][ C0] ? __pfx_ip_rcv+0x10/0x10
[
---truncated---
Severity
No CVSS data available.
Assigner
References
10 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
872d26a391da92ed8f0c0f5cb5fef428067b7f30 , < 6265538446e2426f4bf3b57e91d7680b2047ddd9
(git)
Affected: 872d26a391da92ed8f0c0f5cb5fef428067b7f30 , < 17e58be5b49f58bf17799a504f55c2d05ab2ecdc (git) Affected: 872d26a391da92ed8f0c0f5cb5fef428067b7f30 , < fc01b547c3f8bfa6e1d23cd5a2c63c736e8c3e4e (git) Affected: 872d26a391da92ed8f0c0f5cb5fef428067b7f30 , < c240375587ddcc80e1022f52ee32b946bbc3a639 (git) Affected: 872d26a391da92ed8f0c0f5cb5fef428067b7f30 , < 3a982ada411b8c52695f1784c3f4784771f30209 (git) Affected: 872d26a391da92ed8f0c0f5cb5fef428067b7f30 , < ec462449f4cf616b0aa2ed119f5f44b5fdfcefab (git) Affected: 872d26a391da92ed8f0c0f5cb5fef428067b7f30 , < a21cb31642ffc84ca4ce55028212a96f72f54d30 (git) Affected: 872d26a391da92ed8f0c0f5cb5fef428067b7f30 , < 46d22b47df2741996af277a2838b95f130436c13 (git) |
|
| Linux | Linux |
Affected:
5.0
Unaffected: 0 , < 5.0 (semver) Unaffected: 5.4.294 , ≤ 5.4.* (semver) Unaffected: 5.10.238 , ≤ 5.10.* (semver) Unaffected: 5.15.185 , ≤ 5.15.* (semver) Unaffected: 6.1.141 , ≤ 6.1.* (semver) Unaffected: 6.6.93 , ≤ 6.6.* (semver) Unaffected: 6.12.31 , ≤ 6.12.* (semver) Unaffected: 6.14.9 , ≤ 6.14.* (semver) Unaffected: 6.15 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T17:33:14.487Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/nvme/target/tcp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "6265538446e2426f4bf3b57e91d7680b2047ddd9",
"status": "affected",
"version": "872d26a391da92ed8f0c0f5cb5fef428067b7f30",
"versionType": "git"
},
{
"lessThan": "17e58be5b49f58bf17799a504f55c2d05ab2ecdc",
"status": "affected",
"version": "872d26a391da92ed8f0c0f5cb5fef428067b7f30",
"versionType": "git"
},
{
"lessThan": "fc01b547c3f8bfa6e1d23cd5a2c63c736e8c3e4e",
"status": "affected",
"version": "872d26a391da92ed8f0c0f5cb5fef428067b7f30",
"versionType": "git"
},
{
"lessThan": "c240375587ddcc80e1022f52ee32b946bbc3a639",
"status": "affected",
"version": "872d26a391da92ed8f0c0f5cb5fef428067b7f30",
"versionType": "git"
},
{
"lessThan": "3a982ada411b8c52695f1784c3f4784771f30209",
"status": "affected",
"version": "872d26a391da92ed8f0c0f5cb5fef428067b7f30",
"versionType": "git"
},
{
"lessThan": "ec462449f4cf616b0aa2ed119f5f44b5fdfcefab",
"status": "affected",
"version": "872d26a391da92ed8f0c0f5cb5fef428067b7f30",
"versionType": "git"
},
{
"lessThan": "a21cb31642ffc84ca4ce55028212a96f72f54d30",
"status": "affected",
"version": "872d26a391da92ed8f0c0f5cb5fef428067b7f30",
"versionType": "git"
},
{
"lessThan": "46d22b47df2741996af277a2838b95f130436c13",
"status": "affected",
"version": "872d26a391da92ed8f0c0f5cb5fef428067b7f30",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/nvme/target/tcp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.0"
},
{
"lessThan": "5.0",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.294",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.238",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.185",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.141",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.93",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.31",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"version": "6.14.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.15",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.294",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.238",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.185",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.141",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.93",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.31",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.14.9",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.15",
"versionStartIncluding": "5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvmet-tcp: don\u0027t restore null sk_state_change\n\nqueue-\u003estate_change is set as part of nvmet_tcp_set_queue_sock(), but if\nthe TCP connection isn\u0027t established when nvmet_tcp_set_queue_sock() is\ncalled then queue-\u003estate_change isn\u0027t set and sock-\u003esk-\u003esk_state_change\nisn\u0027t replaced.\n\nAs such we don\u0027t need to restore sock-\u003esk-\u003esk_state_change if\nqueue-\u003estate_change is NULL.\n\nThis avoids NULL pointer dereferences such as this:\n\n[ 286.462026][ C0] BUG: kernel NULL pointer dereference, address: 0000000000000000\n[ 286.462814][ C0] #PF: supervisor instruction fetch in kernel mode\n[ 286.463796][ C0] #PF: error_code(0x0010) - not-present page\n[ 286.464392][ C0] PGD 8000000140620067 P4D 8000000140620067 PUD 114201067 PMD 0\n[ 286.465086][ C0] Oops: Oops: 0010 [#1] SMP KASAN PTI\n[ 286.465559][ C0] CPU: 0 UID: 0 PID: 1628 Comm: nvme Not tainted 6.15.0-rc2+ #11 PREEMPT(voluntary)\n[ 286.466393][ C0] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-3.fc41 04/01/2014\n[ 286.467147][ C0] RIP: 0010:0x0\n[ 286.467420][ C0] Code: Unable to access opcode bytes at 0xffffffffffffffd6.\n[ 286.467977][ C0] RSP: 0018:ffff8883ae008580 EFLAGS: 00010246\n[ 286.468425][ C0] RAX: 0000000000000000 RBX: ffff88813fd34100 RCX: ffffffffa386cc43\n[ 286.469019][ C0] RDX: 1ffff11027fa68b6 RSI: 0000000000000008 RDI: ffff88813fd34100\n[ 286.469545][ C0] RBP: ffff88813fd34160 R08: 0000000000000000 R09: ffffed1027fa682c\n[ 286.470072][ C0] R10: ffff88813fd34167 R11: 0000000000000000 R12: ffff88813fd344c3\n[ 286.470585][ C0] R13: ffff88813fd34112 R14: ffff88813fd34aec R15: ffff888132cdd268\n[ 286.471070][ C0] FS: 00007fe3c04c7d80(0000) GS:ffff88840743f000(0000) knlGS:0000000000000000\n[ 286.471644][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 286.472543][ C0] CR2: ffffffffffffffd6 CR3: 000000012daca000 CR4: 00000000000006f0\n[ 286.473500][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 286.474467][ C0] DR3: 0000000000000000 DR6: 00000000ffff07f0 DR7: 0000000000000400\n[ 286.475453][ C0] Call Trace:\n[ 286.476102][ C0] \u003cIRQ\u003e\n[ 286.476719][ C0] tcp_fin+0x2bb/0x440\n[ 286.477429][ C0] tcp_data_queue+0x190f/0x4e60\n[ 286.478174][ C0] ? __build_skb_around+0x234/0x330\n[ 286.478940][ C0] ? rcu_is_watching+0x11/0xb0\n[ 286.479659][ C0] ? __pfx_tcp_data_queue+0x10/0x10\n[ 286.480431][ C0] ? tcp_try_undo_loss+0x640/0x6c0\n[ 286.481196][ C0] ? seqcount_lockdep_reader_access.constprop.0+0x82/0x90\n[ 286.482046][ C0] ? kvm_clock_get_cycles+0x14/0x30\n[ 286.482769][ C0] ? ktime_get+0x66/0x150\n[ 286.483433][ C0] ? rcu_is_watching+0x11/0xb0\n[ 286.484146][ C0] tcp_rcv_established+0x6e4/0x2050\n[ 286.484857][ C0] ? rcu_is_watching+0x11/0xb0\n[ 286.485523][ C0] ? ipv4_dst_check+0x160/0x2b0\n[ 286.486203][ C0] ? __pfx_tcp_rcv_established+0x10/0x10\n[ 286.486917][ C0] ? lock_release+0x217/0x2c0\n[ 286.487595][ C0] tcp_v4_do_rcv+0x4d6/0x9b0\n[ 286.488279][ C0] tcp_v4_rcv+0x2af8/0x3e30\n[ 286.488904][ C0] ? raw_local_deliver+0x51b/0xad0\n[ 286.489551][ C0] ? rcu_is_watching+0x11/0xb0\n[ 286.490198][ C0] ? __pfx_tcp_v4_rcv+0x10/0x10\n[ 286.490813][ C0] ? __pfx_raw_local_deliver+0x10/0x10\n[ 286.491487][ C0] ? __pfx_nf_confirm+0x10/0x10 [nf_conntrack]\n[ 286.492275][ C0] ? rcu_is_watching+0x11/0xb0\n[ 286.492900][ C0] ip_protocol_deliver_rcu+0x8f/0x370\n[ 286.493579][ C0] ip_local_deliver_finish+0x297/0x420\n[ 286.494268][ C0] ip_local_deliver+0x168/0x430\n[ 286.494867][ C0] ? __pfx_ip_local_deliver+0x10/0x10\n[ 286.495498][ C0] ? __pfx_ip_local_deliver_finish+0x10/0x10\n[ 286.496204][ C0] ? ip_rcv_finish_core+0x19a/0x1f20\n[ 286.496806][ C0] ? lock_release+0x217/0x2c0\n[ 286.497414][ C0] ip_rcv+0x455/0x6e0\n[ 286.497945][ C0] ? __pfx_ip_rcv+0x10/0x10\n[ \n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T21:20:00.970Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/6265538446e2426f4bf3b57e91d7680b2047ddd9"
},
{
"url": "https://git.kernel.org/stable/c/17e58be5b49f58bf17799a504f55c2d05ab2ecdc"
},
{
"url": "https://git.kernel.org/stable/c/fc01b547c3f8bfa6e1d23cd5a2c63c736e8c3e4e"
},
{
"url": "https://git.kernel.org/stable/c/c240375587ddcc80e1022f52ee32b946bbc3a639"
},
{
"url": "https://git.kernel.org/stable/c/3a982ada411b8c52695f1784c3f4784771f30209"
},
{
"url": "https://git.kernel.org/stable/c/ec462449f4cf616b0aa2ed119f5f44b5fdfcefab"
},
{
"url": "https://git.kernel.org/stable/c/a21cb31642ffc84ca4ce55028212a96f72f54d30"
},
{
"url": "https://git.kernel.org/stable/c/46d22b47df2741996af277a2838b95f130436c13"
}
],
"title": "nvmet-tcp: don\u0027t restore null sk_state_change",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-38035",
"datePublished": "2025-06-18T09:33:22.244Z",
"dateReserved": "2025-04-16T04:51:23.978Z",
"dateUpdated": "2026-05-11T21:20:00.970Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-38037 (GCVE-0-2025-38037)
Vulnerability from cvelistv5 – Published: 2025-06-18 09:33 – Updated: 2026-05-11 21:20
VLAI
EPSS
Title
vxlan: Annotate FDB data races
Summary
In the Linux kernel, the following vulnerability has been resolved:
vxlan: Annotate FDB data races
The 'used' and 'updated' fields in the FDB entry structure can be
accessed concurrently by multiple threads, leading to reports such as
[1]. Can be reproduced using [2].
Suppress these reports by annotating these accesses using
READ_ONCE() / WRITE_ONCE().
[1]
BUG: KCSAN: data-race in vxlan_xmit / vxlan_xmit
write to 0xffff942604d263a8 of 8 bytes by task 286 on cpu 0:
vxlan_xmit+0xb29/0x2380
dev_hard_start_xmit+0x84/0x2f0
__dev_queue_xmit+0x45a/0x1650
packet_xmit+0x100/0x150
packet_sendmsg+0x2114/0x2ac0
__sys_sendto+0x318/0x330
__x64_sys_sendto+0x76/0x90
x64_sys_call+0x14e8/0x1c00
do_syscall_64+0x9e/0x1a0
entry_SYSCALL_64_after_hwframe+0x77/0x7f
read to 0xffff942604d263a8 of 8 bytes by task 287 on cpu 2:
vxlan_xmit+0xadf/0x2380
dev_hard_start_xmit+0x84/0x2f0
__dev_queue_xmit+0x45a/0x1650
packet_xmit+0x100/0x150
packet_sendmsg+0x2114/0x2ac0
__sys_sendto+0x318/0x330
__x64_sys_sendto+0x76/0x90
x64_sys_call+0x14e8/0x1c00
do_syscall_64+0x9e/0x1a0
entry_SYSCALL_64_after_hwframe+0x77/0x7f
value changed: 0x00000000fffbac6e -> 0x00000000fffbac6f
Reported by Kernel Concurrency Sanitizer on:
CPU: 2 UID: 0 PID: 287 Comm: mausezahn Not tainted 6.13.0-rc7-01544-gb4b270f11a02 #5
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-3.fc41 04/01/2014
[2]
#!/bin/bash
set +H
echo whitelist > /sys/kernel/debug/kcsan
echo !vxlan_xmit > /sys/kernel/debug/kcsan
ip link add name vx0 up type vxlan id 10010 dstport 4789 local 192.0.2.1
bridge fdb add 00:11:22:33:44:55 dev vx0 self static dst 198.51.100.1
taskset -c 0 mausezahn vx0 -a own -b 00:11:22:33:44:55 -c 0 -q &
taskset -c 2 mausezahn vx0 -a own -b 00:11:22:33:44:55 -c 0 -q &
Severity
No CVSS data available.
Assigner
References
10 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
d342894c5d2f8c7df194c793ec4059656e09ca31 , < 02a33b1035a307453a1da6ce0a1bf3676be287d7
(git)
Affected: d342894c5d2f8c7df194c793ec4059656e09ca31 , < 87d076987a9ba106c83412fcd113656f71af05a1 (git) Affected: d342894c5d2f8c7df194c793ec4059656e09ca31 , < e033da39fc6abbddab6c29624acef80757f273fa (git) Affected: d342894c5d2f8c7df194c793ec4059656e09ca31 , < 784b78295a3a58bf052339dd669e6e03710220d3 (git) Affected: d342894c5d2f8c7df194c793ec4059656e09ca31 , < 13cba3f837903f7184d6e9b6137d5165ffe82a8f (git) Affected: d342894c5d2f8c7df194c793ec4059656e09ca31 , < a6644aeb8ddf196dec5f8e782293c36f065df4d7 (git) Affected: d342894c5d2f8c7df194c793ec4059656e09ca31 , < 4eceb7eae6ea7c950384c34e6dbbe872c981935f (git) Affected: d342894c5d2f8c7df194c793ec4059656e09ca31 , < f6205f8215f12a96518ac9469ff76294ae7bd612 (git) |
|
| Linux | Linux |
Affected:
3.7
Unaffected: 0 , < 3.7 (semver) Unaffected: 5.4.294 , ≤ 5.4.* (semver) Unaffected: 5.10.238 , ≤ 5.10.* (semver) Unaffected: 5.15.185 , ≤ 5.15.* (semver) Unaffected: 6.1.141 , ≤ 6.1.* (semver) Unaffected: 6.6.93 , ≤ 6.6.* (semver) Unaffected: 6.12.31 , ≤ 6.12.* (semver) Unaffected: 6.14.9 , ≤ 6.14.* (semver) Unaffected: 6.15 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T17:33:16.449Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/vxlan/vxlan_core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "02a33b1035a307453a1da6ce0a1bf3676be287d7",
"status": "affected",
"version": "d342894c5d2f8c7df194c793ec4059656e09ca31",
"versionType": "git"
},
{
"lessThan": "87d076987a9ba106c83412fcd113656f71af05a1",
"status": "affected",
"version": "d342894c5d2f8c7df194c793ec4059656e09ca31",
"versionType": "git"
},
{
"lessThan": "e033da39fc6abbddab6c29624acef80757f273fa",
"status": "affected",
"version": "d342894c5d2f8c7df194c793ec4059656e09ca31",
"versionType": "git"
},
{
"lessThan": "784b78295a3a58bf052339dd669e6e03710220d3",
"status": "affected",
"version": "d342894c5d2f8c7df194c793ec4059656e09ca31",
"versionType": "git"
},
{
"lessThan": "13cba3f837903f7184d6e9b6137d5165ffe82a8f",
"status": "affected",
"version": "d342894c5d2f8c7df194c793ec4059656e09ca31",
"versionType": "git"
},
{
"lessThan": "a6644aeb8ddf196dec5f8e782293c36f065df4d7",
"status": "affected",
"version": "d342894c5d2f8c7df194c793ec4059656e09ca31",
"versionType": "git"
},
{
"lessThan": "4eceb7eae6ea7c950384c34e6dbbe872c981935f",
"status": "affected",
"version": "d342894c5d2f8c7df194c793ec4059656e09ca31",
"versionType": "git"
},
{
"lessThan": "f6205f8215f12a96518ac9469ff76294ae7bd612",
"status": "affected",
"version": "d342894c5d2f8c7df194c793ec4059656e09ca31",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/vxlan/vxlan_core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.7"
},
{
"lessThan": "3.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.294",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.238",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.185",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.141",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.93",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.31",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"version": "6.14.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.15",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.294",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.238",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.185",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.141",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.93",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.31",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.14.9",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.15",
"versionStartIncluding": "3.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvxlan: Annotate FDB data races\n\nThe \u0027used\u0027 and \u0027updated\u0027 fields in the FDB entry structure can be\naccessed concurrently by multiple threads, leading to reports such as\n[1]. Can be reproduced using [2].\n\nSuppress these reports by annotating these accesses using\nREAD_ONCE() / WRITE_ONCE().\n\n[1]\nBUG: KCSAN: data-race in vxlan_xmit / vxlan_xmit\n\nwrite to 0xffff942604d263a8 of 8 bytes by task 286 on cpu 0:\n vxlan_xmit+0xb29/0x2380\n dev_hard_start_xmit+0x84/0x2f0\n __dev_queue_xmit+0x45a/0x1650\n packet_xmit+0x100/0x150\n packet_sendmsg+0x2114/0x2ac0\n __sys_sendto+0x318/0x330\n __x64_sys_sendto+0x76/0x90\n x64_sys_call+0x14e8/0x1c00\n do_syscall_64+0x9e/0x1a0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nread to 0xffff942604d263a8 of 8 bytes by task 287 on cpu 2:\n vxlan_xmit+0xadf/0x2380\n dev_hard_start_xmit+0x84/0x2f0\n __dev_queue_xmit+0x45a/0x1650\n packet_xmit+0x100/0x150\n packet_sendmsg+0x2114/0x2ac0\n __sys_sendto+0x318/0x330\n __x64_sys_sendto+0x76/0x90\n x64_sys_call+0x14e8/0x1c00\n do_syscall_64+0x9e/0x1a0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nvalue changed: 0x00000000fffbac6e -\u003e 0x00000000fffbac6f\n\nReported by Kernel Concurrency Sanitizer on:\nCPU: 2 UID: 0 PID: 287 Comm: mausezahn Not tainted 6.13.0-rc7-01544-gb4b270f11a02 #5\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-3.fc41 04/01/2014\n\n[2]\n #!/bin/bash\n\n set +H\n echo whitelist \u003e /sys/kernel/debug/kcsan\n echo !vxlan_xmit \u003e /sys/kernel/debug/kcsan\n\n ip link add name vx0 up type vxlan id 10010 dstport 4789 local 192.0.2.1\n bridge fdb add 00:11:22:33:44:55 dev vx0 self static dst 198.51.100.1\n taskset -c 0 mausezahn vx0 -a own -b 00:11:22:33:44:55 -c 0 -q \u0026\n taskset -c 2 mausezahn vx0 -a own -b 00:11:22:33:44:55 -c 0 -q \u0026"
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T21:20:04.072Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/02a33b1035a307453a1da6ce0a1bf3676be287d7"
},
{
"url": "https://git.kernel.org/stable/c/87d076987a9ba106c83412fcd113656f71af05a1"
},
{
"url": "https://git.kernel.org/stable/c/e033da39fc6abbddab6c29624acef80757f273fa"
},
{
"url": "https://git.kernel.org/stable/c/784b78295a3a58bf052339dd669e6e03710220d3"
},
{
"url": "https://git.kernel.org/stable/c/13cba3f837903f7184d6e9b6137d5165ffe82a8f"
},
{
"url": "https://git.kernel.org/stable/c/a6644aeb8ddf196dec5f8e782293c36f065df4d7"
},
{
"url": "https://git.kernel.org/stable/c/4eceb7eae6ea7c950384c34e6dbbe872c981935f"
},
{
"url": "https://git.kernel.org/stable/c/f6205f8215f12a96518ac9469ff76294ae7bd612"
}
],
"title": "vxlan: Annotate FDB data races",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-38037",
"datePublished": "2025-06-18T09:33:23.551Z",
"dateReserved": "2025-04-16T04:51:23.978Z",
"dateUpdated": "2026-05-11T21:20:04.072Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-38043 (GCVE-0-2025-38043)
Vulnerability from cvelistv5 – Published: 2025-06-18 09:33 – Updated: 2026-05-11 21:20
VLAI
EPSS
Title
firmware: arm_ffa: Set dma_mask for ffa devices
Summary
In the Linux kernel, the following vulnerability has been resolved:
firmware: arm_ffa: Set dma_mask for ffa devices
Set dma_mask for FFA devices, otherwise DMA allocation using the device pointer
lead to following warning:
WARNING: CPU: 1 PID: 1 at kernel/dma/mapping.c:597 dma_alloc_attrs+0xe0/0x124
Severity
No CVSS data available.
Assigner
References
7 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
e781858488b918e30a6ff28e9eab6058b787e3b3 , < 97bab02f0b64ba6bcdf6a8fae561db07f509aee9
(git)
Affected: e781858488b918e30a6ff28e9eab6058b787e3b3 , < c6aa1d6bd6ccff4ecdf064d288817657ec8532f0 (git) Affected: e781858488b918e30a6ff28e9eab6058b787e3b3 , < e2de76c34a8a925efe80fccae4810427bc144ed0 (git) Affected: e781858488b918e30a6ff28e9eab6058b787e3b3 , < 3a3efeef64364c2a028cf0d03d68c831813a97fd (git) Affected: e781858488b918e30a6ff28e9eab6058b787e3b3 , < 2e62c803feec1ef5847d8fa47dd0de039abfa378 (git) Affected: e781858488b918e30a6ff28e9eab6058b787e3b3 , < cc0aac7ca17e0ea3ca84b552fc79f3e86fd07f53 (git) |
|
| Linux | Linux |
Affected:
5.14
Unaffected: 0 , < 5.14 (semver) Unaffected: 5.15.185 , ≤ 5.15.* (semver) Unaffected: 6.1.141 , ≤ 6.1.* (semver) Unaffected: 6.6.93 , ≤ 6.6.* (semver) Unaffected: 6.12.31 , ≤ 6.12.* (semver) Unaffected: 6.14.9 , ≤ 6.14.* (semver) Unaffected: 6.15 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T17:33:18.425Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/firmware/arm_ffa/bus.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "97bab02f0b64ba6bcdf6a8fae561db07f509aee9",
"status": "affected",
"version": "e781858488b918e30a6ff28e9eab6058b787e3b3",
"versionType": "git"
},
{
"lessThan": "c6aa1d6bd6ccff4ecdf064d288817657ec8532f0",
"status": "affected",
"version": "e781858488b918e30a6ff28e9eab6058b787e3b3",
"versionType": "git"
},
{
"lessThan": "e2de76c34a8a925efe80fccae4810427bc144ed0",
"status": "affected",
"version": "e781858488b918e30a6ff28e9eab6058b787e3b3",
"versionType": "git"
},
{
"lessThan": "3a3efeef64364c2a028cf0d03d68c831813a97fd",
"status": "affected",
"version": "e781858488b918e30a6ff28e9eab6058b787e3b3",
"versionType": "git"
},
{
"lessThan": "2e62c803feec1ef5847d8fa47dd0de039abfa378",
"status": "affected",
"version": "e781858488b918e30a6ff28e9eab6058b787e3b3",
"versionType": "git"
},
{
"lessThan": "cc0aac7ca17e0ea3ca84b552fc79f3e86fd07f53",
"status": "affected",
"version": "e781858488b918e30a6ff28e9eab6058b787e3b3",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/firmware/arm_ffa/bus.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.14"
},
{
"lessThan": "5.14",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.185",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.141",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.93",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.31",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"version": "6.14.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.15",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.185",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.141",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.93",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.31",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.14.9",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.15",
"versionStartIncluding": "5.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: arm_ffa: Set dma_mask for ffa devices\n\nSet dma_mask for FFA devices, otherwise DMA allocation using the device pointer\nlead to following warning:\n\nWARNING: CPU: 1 PID: 1 at kernel/dma/mapping.c:597 dma_alloc_attrs+0xe0/0x124"
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T21:20:11.132Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/97bab02f0b64ba6bcdf6a8fae561db07f509aee9"
},
{
"url": "https://git.kernel.org/stable/c/c6aa1d6bd6ccff4ecdf064d288817657ec8532f0"
},
{
"url": "https://git.kernel.org/stable/c/e2de76c34a8a925efe80fccae4810427bc144ed0"
},
{
"url": "https://git.kernel.org/stable/c/3a3efeef64364c2a028cf0d03d68c831813a97fd"
},
{
"url": "https://git.kernel.org/stable/c/2e62c803feec1ef5847d8fa47dd0de039abfa378"
},
{
"url": "https://git.kernel.org/stable/c/cc0aac7ca17e0ea3ca84b552fc79f3e86fd07f53"
}
],
"title": "firmware: arm_ffa: Set dma_mask for ffa devices",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-38043",
"datePublished": "2025-06-18T09:33:27.994Z",
"dateReserved": "2025-04-16T04:51:23.978Z",
"dateUpdated": "2026-05-11T21:20:11.132Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-38044 (GCVE-0-2025-38044)
Vulnerability from cvelistv5 – Published: 2025-06-18 09:33 – Updated: 2026-05-11 21:20
VLAI
EPSS
Title
media: cx231xx: set device_caps for 417
Summary
In the Linux kernel, the following vulnerability has been resolved:
media: cx231xx: set device_caps for 417
The video_device for the MPEG encoder did not set device_caps.
Add this, otherwise the video device can't be registered (you get a
WARN_ON instead).
Not seen before since currently 417 support is disabled, but I found
this while experimenting with it.
Severity
No CVSS data available.
Assigner
References
10 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
8c3854d03bd7b86e8f36e6d9b07b4a6bc20deccd , < 2ad41beb7df3bd63b209842d16765ec59dafe6e4
(git)
Affected: 8c3854d03bd7b86e8f36e6d9b07b4a6bc20deccd , < 0884dd3abbe80307a2d4cbdbe5e312be164f8adb (git) Affected: 8c3854d03bd7b86e8f36e6d9b07b4a6bc20deccd , < c91447e35b9bea60bda4408c48e7891d14351021 (git) Affected: 8c3854d03bd7b86e8f36e6d9b07b4a6bc20deccd , < 9d1a5be86dbe074bd8dd6bdd63a99d6bb66d5930 (git) Affected: 8c3854d03bd7b86e8f36e6d9b07b4a6bc20deccd , < 5c9eca180a4235abd56cc7f7308ca72128d93dce (git) Affected: 8c3854d03bd7b86e8f36e6d9b07b4a6bc20deccd , < 4731d5328f507ae8fd8a57abbca9119ec7a8d665 (git) Affected: 8c3854d03bd7b86e8f36e6d9b07b4a6bc20deccd , < e43fd82bb2110bf9d13d800cdc49cceddfd0ede5 (git) Affected: 8c3854d03bd7b86e8f36e6d9b07b4a6bc20deccd , < a79efc44b51432490538a55b9753a721f7d3ea42 (git) |
|
| Linux | Linux |
Affected:
5.3
Unaffected: 0 , < 5.3 (semver) Unaffected: 5.4.294 , ≤ 5.4.* (semver) Unaffected: 5.10.238 , ≤ 5.10.* (semver) Unaffected: 5.15.185 , ≤ 5.15.* (semver) Unaffected: 6.1.141 , ≤ 6.1.* (semver) Unaffected: 6.6.93 , ≤ 6.6.* (semver) Unaffected: 6.12.31 , ≤ 6.12.* (semver) Unaffected: 6.14.9 , ≤ 6.14.* (semver) Unaffected: 6.15 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T17:33:20.343Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/media/usb/cx231xx/cx231xx-417.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "2ad41beb7df3bd63b209842d16765ec59dafe6e4",
"status": "affected",
"version": "8c3854d03bd7b86e8f36e6d9b07b4a6bc20deccd",
"versionType": "git"
},
{
"lessThan": "0884dd3abbe80307a2d4cbdbe5e312be164f8adb",
"status": "affected",
"version": "8c3854d03bd7b86e8f36e6d9b07b4a6bc20deccd",
"versionType": "git"
},
{
"lessThan": "c91447e35b9bea60bda4408c48e7891d14351021",
"status": "affected",
"version": "8c3854d03bd7b86e8f36e6d9b07b4a6bc20deccd",
"versionType": "git"
},
{
"lessThan": "9d1a5be86dbe074bd8dd6bdd63a99d6bb66d5930",
"status": "affected",
"version": "8c3854d03bd7b86e8f36e6d9b07b4a6bc20deccd",
"versionType": "git"
},
{
"lessThan": "5c9eca180a4235abd56cc7f7308ca72128d93dce",
"status": "affected",
"version": "8c3854d03bd7b86e8f36e6d9b07b4a6bc20deccd",
"versionType": "git"
},
{
"lessThan": "4731d5328f507ae8fd8a57abbca9119ec7a8d665",
"status": "affected",
"version": "8c3854d03bd7b86e8f36e6d9b07b4a6bc20deccd",
"versionType": "git"
},
{
"lessThan": "e43fd82bb2110bf9d13d800cdc49cceddfd0ede5",
"status": "affected",
"version": "8c3854d03bd7b86e8f36e6d9b07b4a6bc20deccd",
"versionType": "git"
},
{
"lessThan": "a79efc44b51432490538a55b9753a721f7d3ea42",
"status": "affected",
"version": "8c3854d03bd7b86e8f36e6d9b07b4a6bc20deccd",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/media/usb/cx231xx/cx231xx-417.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.3"
},
{
"lessThan": "5.3",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.294",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.238",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.185",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.141",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.93",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.31",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"version": "6.14.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.15",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.294",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.238",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.185",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.141",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.93",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.31",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.14.9",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.15",
"versionStartIncluding": "5.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: cx231xx: set device_caps for 417\n\nThe video_device for the MPEG encoder did not set device_caps.\n\nAdd this, otherwise the video device can\u0027t be registered (you get a\nWARN_ON instead).\n\nNot seen before since currently 417 support is disabled, but I found\nthis while experimenting with it."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T21:20:12.294Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/2ad41beb7df3bd63b209842d16765ec59dafe6e4"
},
{
"url": "https://git.kernel.org/stable/c/0884dd3abbe80307a2d4cbdbe5e312be164f8adb"
},
{
"url": "https://git.kernel.org/stable/c/c91447e35b9bea60bda4408c48e7891d14351021"
},
{
"url": "https://git.kernel.org/stable/c/9d1a5be86dbe074bd8dd6bdd63a99d6bb66d5930"
},
{
"url": "https://git.kernel.org/stable/c/5c9eca180a4235abd56cc7f7308ca72128d93dce"
},
{
"url": "https://git.kernel.org/stable/c/4731d5328f507ae8fd8a57abbca9119ec7a8d665"
},
{
"url": "https://git.kernel.org/stable/c/e43fd82bb2110bf9d13d800cdc49cceddfd0ede5"
},
{
"url": "https://git.kernel.org/stable/c/a79efc44b51432490538a55b9753a721f7d3ea42"
}
],
"title": "media: cx231xx: set device_caps for 417",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-38044",
"datePublished": "2025-06-18T09:33:28.669Z",
"dateReserved": "2025-04-16T04:51:23.979Z",
"dateUpdated": "2026-05-11T21:20:12.294Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…