The CVE-2025-32990 vulnerability is a heap-buffer-overflow flaw in the GnuTLS software that occurs when the certtool utility reads certain settings from a template file, allowing an attacker to write a NULL pointer out-of-bounds and cause memory corruption, potentially crashing the system.
This vulnerability is a problem because it can be exploited by an attacker to cause a denial-of-service (DoS) that crashes the system, resulting in downtime and potential data loss, which can have significant consequences for individuals and organizations relying on the affected system.
The CVE-2024-7650 vulnerability allows an attacker to inject code into the OpenText Directory Services system, enabling them to execute remote code and potentially access the system through script injection.
This vulnerability is a problem because it could give unauthorized users control over the system, allowing them to execute malicious code, access sensitive data, or disrupt the system's functionality, which could lead to security breaches and data compromises.
This vulnerability allows an attacker to inject malicious content into GitLab, potentially enabling them to perform actions on behalf of other users under certain conditions.
This vulnerability is a problem because it could allow attackers to impersonate users, gain unauthorized access to sensitive information, and perform malicious actions, which could lead to security breaches and data compromises.
This vulnerability allows authenticated maintainers in GitLab EE to bypass restrictions on inviting users to groups by sending specially crafted API requests, potentially granting unauthorized access to sensitive information or projects.
This vulnerability is a problem because it undermines access controls and could lead to unauthorized users gaining access to confidential data, projects, or systems, potentially resulting in data breaches, intellectual property theft, or other malicious activities.
The CVE-2025-5023 vulnerability allows an attacker to access and manipulate a Mitsubishi Electric Corporation photovoltaic system monitor, specifically the "EcoGuideTAB" PV-DR004J and PV-DR004JA models, by using hardcoded user credentials, potentially leading to information disclosure, data tampering, or a Denial-of-Service (DoS) condition.
This vulnerability is a problem because it enables unauthorized access to sensitive information, such as energy generation and usage data, and allows attackers to disrupt the system's functionality, which can lead to financial losses and compromised system reliability.
The Mitsubishi Electric Corporation photovoltaic system monitor "EcoGuideTAB" has a Weak Password Requirements vulnerability, allowing an attacker within Wi-Fi range to guess the password from the SSID of the device, specifically between the measurement unit and display unit.
This vulnerability is a problem because it allows unauthorized access to the photovoltaic system monitor, potentially compromising the security and integrity of the system, especially since the affected products are still present in some environments despite being discontinued in 2015.
This vulnerability allows authenticated users with invitation privileges in GitLab EE to bypass restrictions on inviting users to groups, by exploiting a flaw in the group invitation functionality.
This vulnerability is a problem because it enables users to invite others to groups without proper authorization, potentially leading to unauthorized access to sensitive information and compromising the security of the GitLab environment.
This vulnerability allows authenticated project owners in GitLab EE to bypass restrictions on forking projects at the group level by manipulating API requests, potentially giving them unauthorized access to sensitive project information.
This vulnerability is a problem because it undermines access controls and could lead to unauthorized duplication and distribution of sensitive project data, potentially compromising intellectual property, confidential information, or security.
The CVE-2025-38348 vulnerability is a buffer-overflow issue in the Linux kernel's p54 wifi driver, where a malicious USB device can pretend to be an Intersil p54 wifi interface and send an eeprom_readback message with a large length value, causing the driver to copy data beyond the end of the intended buffer.
This vulnerability is a problem because it can lead to a crash or panic due to a buffer overrun, potentially allowing an attacker to disrupt the system or execute arbitrary code. Although the vulnerability requires a specific firmware to be uploaded, which is not present on most distributions by default, it can still be exploited by a determined attacker.
The CVE-2025-38347 is a vulnerability in the Linux kernel's f2fs file system that occurs when the inode number (ino) and extended attribute node ID (xnid) are the same, causing a deadlock during the creation of a new node (mknod) in a corrupted directory.
This vulnerability is a problem because it can lead to a system hang or freeze, causing the task to become unresponsive and potentially leading to a denial-of-service (DoS) condition, as the system becomes unable to perform other tasks due to the deadlock.
The CVE-2025-38346 vulnerability is a use-after-free (UAF) bug in the Linux kernel's ftrace module. It occurs when a module triggers ftrace to disable and then is removed, leaving behind a reference to the module's memory, which can be accessed later through kallsyms, causing a crash or potentially allowing an attacker to execute arbitrary code.
This vulnerability is a problem because it can lead to a denial-of-service (DoS) condition, causing the system to crash or become unstable. Additionally, in some cases, it may be possible for an attacker to exploit this vulnerability to execute arbitrary code, potentially leading to a privilege escalation or other malicious activities.
The CVE-2025-38345 is a vulnerability in the Linux kernel that causes an ACPI (Advanced Configuration and Power Interface) operand cache leak. This occurs when the kernel terminates an ACPI function due to an error, resulting in a memory leak that can potentially expose sensitive information.
This vulnerability is a problem because it can be exploited by malicious users to gain access to sensitive information, such as memory locations of kernel functions, which can be used to bypass kernel Address Space Layout Randomization (ASLR) security measures. This can lead to a potential security threat, especially in older kernel versions (<= 4.9) where the memory locations are exposed in stack dumps.
The CVE-2025-38344 is a vulnerability in the Linux kernel's ACPI (Advanced Configuration and Power Interface) parsing functionality, specifically in the ACPICA (ACPI Component Architecture) component. It causes a memory leak when the ACPI interpreter fails to start, resulting in the "Acpi-Parse" and "Acpi-parse_ext" caches not being properly destroyed.
This vulnerability is a problem because it can lead to a denial-of-service (DoS) condition, where the system runs out of memory, causing it to become unresponsive or crash. Additionally, the memory leak can potentially be exploited by an attacker to gain access to sensitive information or execute malicious code.
This vulnerability in the Linux kernel affects the mt76 wifi driver, specifically the mt7996 module, where it improperly handles IEEE 802.11 fragmentation for multicast or broadcast frames, which can only be applied to unicast frames.
This vulnerability is a problem because it could potentially be exploited to cause issues with the reliability and security of wireless communications, similar to the previously identified vulnerability CVE-2020-26145, by allowing unauthorized or malicious access to network frames.
The CVE-2025-38342 vulnerability is a flaw in the Linux kernel's software node functionality, specifically in the `software_node_get_reference_args()` function, which can lead to an out-of-bounds (OOB) access when handling malformed property values.
This vulnerability is a problem because it can cause the system to access memory outside the intended boundaries, potentially leading to crashes, data corruption, or even allowing attackers to execute arbitrary code, which can compromise the security and stability of the system.
The CVE-2025-38341 vulnerability is a double free error in the Linux kernel's fbnic driver, which occurs when the system fails to map a firmware message to DMA (Direct Memory Access). This happens because the caller of the affected function retains ownership of the message even when an error occurs.
This vulnerability is a problem because a double free error can lead to memory corruption, potentially allowing an attacker to execute arbitrary code or cause the system to crash. This could compromise the security and stability of the system.
The CVE-2025-38340 is a vulnerability in the Linux kernel that allows for an out-of-bounds memory read access in the cs_dsp module, specifically in the KUnit test. This occurs because the length of a source string is rounded up to the allocation size, causing an incorrect memory access.
This vulnerability is a problem because it can potentially allow attackers to access sensitive information or cause the system to crash, leading to a denial-of-service. Additionally, out-of-bounds memory accesses can sometimes be exploited to execute arbitrary code, although the severity of this specific vulnerability is not specified.
The CVE-2025-38339 is a vulnerability in the Linux kernel that affects the calculation of JIT code size for BPF trampolines on powerpc architectures, potentially leading to a mismatch between the allocated buffer size and the actual size needed for JIT compilation.
This vulnerability is a problem because it can cause a buffer overflow warning when the actual JIT compile size exceeds the initially allocated size, potentially leading to instability or security issues in the system.
The CVE-2025-38338 vulnerability is a double-unlock bug in the Linux kernel's NFS (Network File System) implementation, specifically in the `nfs_return_empty_folio()` function. This bug occurs when a file is being read while it's being truncated by another NFS client, causing the kernel to deadlock due to incorrect locking and unlocking of the folio.
This vulnerability is a problem because it can cause the system to freeze or become unresponsive, leading to a denial-of-service (DoS) condition. When the bug is triggered, processes may become stuck indefinitely, waiting for a lock to be released that never will be, resulting in system instability and potential data loss.
The CVE-2025-38337 is a vulnerability in the Linux kernel that occurs due to a data-race and null-ptr-deref in the jbd2_journal_dirty_metadata() function, which can cause the kernel to crash or behave unpredictably when handling metadata operations.
This vulnerability is a problem because it can lead to system instability, crashes, or potentially allow an attacker to exploit the vulnerability to gain unauthorized access or control over the system, by taking advantage of the missing data-race annotation for jh->b_modified.
The CVE-2025-38336 is a vulnerability in the Linux kernel that affects the ATA controller, specifically the pata_via driver, which can cause a system to hard hang when performing ATAPI DMAs (Direct Memory Access) on certain devices, such as optical media drives.
This vulnerability is a problem because it can cause a system to become unresponsive and unable to boot, resulting in data loss and system downtime. The issue is hardware-related and can occur when using certain devices, making it difficult to predict and prevent.
The CVE-2025-38335 is a vulnerability in the Linux kernel that occurs when the PREEMPT_RT feature is enabled, causing a "sleep while atomic" error in the gpio-keys driver. This happens because the gpio_keys_irq_timer() callback function runs in hard interrupt context, but it calls the input_event() function, which takes a spin lock that is not allowed in that context.
This vulnerability is a problem because it can cause the system to crash or become unstable when the gpio-keys driver is used with PREEMPT_RT enabled. The error occurs because the spin lock is converted to a rt_spin_lock(), which is not compatible with the hard interrupt context, leading to a sleeping function being called from an invalid context.
The CVE-2025-38334 vulnerability in the Linux kernel occurs when the kernel attempts to reclaim SGX (Software Guard Extensions) pages that are known to be poisoned, which can cause the kernel to panic and shut down. This happens because the existing SGX code does not properly handle machine checks and will try to reclaim pages that are poisoned, leading to unwanted behavior.
This vulnerability is a problem because it can cause the kernel to panic and shut down, resulting in system instability and potential data loss. Additionally, if a poisoned page is reclaimed and added to another enclave, it can lead to further security issues.
The CVE-2025-38333 is a vulnerability in the Linux kernel's f2fs file system that occurs when the `get_new_segment()` function fails to handle inconsistent status between `free_segmap` and `free_secmap`, potentially leading to errors and data corruption.
This vulnerability is a problem because it can cause the file system to become unstable, leading to data loss or corruption, and potentially allowing an attacker to exploit the vulnerability to gain unauthorized access or disrupt system operations.
The CVE-2025-38332 is a vulnerability in the Linux kernel that occurs in the lpfc (Emulex LightPulse Fibre Channel) driver, where the use of strlcat() with FORTIFY support incorrectly triggers a panic due to a perceived buffer overflow, even though the correct buffer size is provided. The issue is resolved by replacing the problematic code with memcpy() to ensure the buffer is properly NULL-terminated.
This vulnerability is a problem because it can cause the system to panic unnecessarily, potentially leading to system crashes or instability. Although the severity is listed as N/A, any unexpected system behavior can be disruptive and may have unintended consequences.
The CVE-2025-38331 vulnerability is related to the Linux kernel's handling of TCP frames in the Cortina Ethernet driver. Without a specific quirk, the driver becomes unstable and crashes when the TOE (TCP offload engine) feature is not fully utilized, causing the hardware to lock up.
This vulnerability is a problem because it can lead to hardware instability and crashes, resulting in system downtime and potential data loss. The issue is caused by the driver's inability to properly handle non-segmented TCP frames, which can occur when the TOE feature is not fully active.
The CVE-2025-38330 is a vulnerability in the Linux kernel that causes an out-of-bounds memory read access in the cs_dsp KUnit test, specifically in the ctl cache. This occurs when the code incorrectly overrides the length value used for register allocations, leading to test code failures.
This vulnerability is a problem because it can potentially cause the system to crash or produce unexpected behavior, which can lead to system instability and security risks. The out-of-bounds memory access can also potentially expose sensitive information or allow unauthorized access to system resources.
The CVE-2025-38329 vulnerability is an out-of-bounds memory read access issue in the Linux kernel, specifically in the cs_dsp firmware component. This occurs when the source string length is rounded up to the allocation size, causing the program to access memory outside the designated boundaries.
This vulnerability is a problem because it can lead to unauthorized access to sensitive data, potentially causing data leaks or corruption. It can also lead to system crashes or instability, as the program may attempt to read or write to memory locations that are not intended for use.
The CVE-2025-38328 vulnerability is an invalid pointer dereference issue in the Linux kernel's jffs2 file system. It occurs when the `jffs2_prealloc_raw_node_refs()` function fails to allocate node references, but the subsequent code assumes that the allocation was successful, leading to a null pointer dereference.
This vulnerability is a problem because it can cause the Linux kernel to crash or become unstable, potentially leading to a denial-of-service (DoS) condition. An attacker could exploit this vulnerability to disrupt the operation of a Linux-based system, especially those that rely on the jffs2 file system.
The CVE-2025-38327 vulnerability is a flaw in the Linux kernel's function graph tracer. When the `funcgraph-args` option is set without the function graph tracer being enabled, it incorrectly enables the tracer and unregisters itself even if it was never registered. This can cause the tracer to register multiple times, leading to warnings and potential system instability.
This vulnerability is a problem because it can cause system instability and warnings when the function graph tracer is enabled. The incorrect registration and unregistration of the tracer can lead to unpredictable behavior, potentially causing issues with system performance and reliability.
The CVE-2025-38326 vulnerability is a bug in the Linux kernel that occurs when an aoe (ATA over Ethernet) device is shut down, causing its request queue to not be properly cleaned up, leading to a hang.
This vulnerability is a problem because it can cause the system to freeze indefinitely, waiting for pending block requests to complete, resulting in a denial-of-service condition where the system becomes unresponsive.
The CVE-2025-38325 is a vulnerability in the Linux kernel that occurs when the `free_transport` function for TCP connections is called from `smbdirect`, leading to a kernel crash.
This vulnerability is a problem because it can cause the Linux kernel to crash, resulting in a denial-of-service (DoS) condition, which can lead to system instability and potential data loss.
The CVE-2025-38324 is a vulnerability in the Linux kernel that occurs when the `mpls_route_input_rcu()` function is called from `mpls_getroute()`, which can lead to suspicious RCU (Read-Copy Update) usage and potentially cause system instability or crashes.
This vulnerability is a problem because it can cause the system to become unstable or crash, leading to downtime and potential data loss. The suspicious RCU usage can also lead to security issues if exploited by an attacker.
The CVE-2025-38323 is a vulnerability in the Linux kernel that occurs when the `lecd_attach` function in the `net/atm/lec.c` file fails to properly clean up resources, resulting in a dangling pointer in the `dev_lec` array. This happens because the function does not properly protect access to the `dev_lecp` array, allowing multiple threads to access and modify it simultaneously.
This vulnerability is a problem because it can cause a use-after-free error, where the kernel attempts to access memory that has already been freed. This can lead to unpredictable behavior, including crashes, data corruption, and potentially even code execution. An attacker could exploit this vulnerability to gain elevated privileges or disrupt the operation of the system.
The CVE-2025-38322 vulnerability is a bug in the Linux kernel that causes a crash when the `icl_update_topdown_event()` function is invoked on certain CPUs (E-core CPUs 16-23) that do not support the perf metrics feature. This crash occurs due to a regression introduced by a previous commit, which mistakenly replaced the `is_topdown_count()` call with `is_topdown_event()` to check if the topdown functions should be invoked.
This vulnerability is a problem because it can cause a hard-lockup crash on affected systems, leading to system instability and potential data loss. The crash can occur when the `perf_fuzzer` tool is used, and it may also be triggered by other scenarios that invoke the `icl_update_topdown_event()` function on unsupported CPUs.
The CVE-2025-38321 vulnerability occurs in the Linux kernel when the system is under low-memory conditions, causing an error in the SMB (Server Message Block) protocol. Specifically, the `close_all_cached_dirs` function fails to properly close and release directory entries, resulting in a "Dentry still in use" error.
This vulnerability is a problem because it can lead to system instability, errors, and potential crashes when the system is under heavy load or low-memory conditions. The error can also cause issues with file sharing and access over the network, making it difficult for users to access shared resources.
The CVE-2025-38320 is a vulnerability in the Linux kernel that causes a stack-out-of-bounds read in the `regs_get_kernel_stack_nth()` function, which is used for debugging and tracing purposes. This occurs when the kernel attempts to access a memory address on the stack that is outside the allowed boundaries.
This vulnerability is a problem because it can potentially allow an attacker to access sensitive information or cause the system to crash. Although the vulnerability is related to a false positive report by the KASAN (Kernel Address Sanitizer) tool, it still indicates a flaw in the kernel's memory access controls. If exploited, this vulnerability could lead to information disclosure or denial-of-service attacks.
The CVE-2025-38319 vulnerability is a NULL pointer dereference issue in the Linux kernel, specifically in the drm/amd/pp module. It occurs when the functions atomctrl_initialize_mc_reg_table() and atomctrl_initialize_mc_reg_table_v2_2() fail to check the return value of smu_atom_get_data_table(), which can return NULL if it fails to retrieve vram_info, and this NULL value is later dereferenced.
This vulnerability is a problem because it can cause the system to crash or become unstable when the NULL pointer is dereferenced, potentially leading to a denial-of-service (DoS) condition. This can be particularly problematic in systems that rely on the Linux kernel for critical operations.
The CVE-2025-38318 is a vulnerability in the Linux kernel that occurs because the arm_ni_probe() function is missing a call to platform_set_drvdata(), which is necessary to set the driver data for the platform. As a result, when the platform_get_drvdata() function is called during removal, it returns NULL.
This vulnerability is a problem because it can cause issues when trying to remove the platform driver, potentially leading to crashes, errors, or unstable system behavior, due to the inability to retrieve the necessary driver data.
This vulnerability is a buffer overflow in the Linux kernel's ath12k wifi driver, specifically in the debugfs feature, which occurs when a user attempts to write more than 32 bytes of data, resulting in memory corruption.
This vulnerability is a problem because it can lead to memory corruption, which can cause system instability or potentially allow an attacker with root access to execute arbitrary code, compromising the security of the system.
The CVE-2025-38316 is a vulnerability in the Linux kernel that occurs in the mt7996 wifi driver, where a function called mt7996_set_monitor() attempts to access a NULL pointer before checking if it is valid, potentially causing a crash.
This vulnerability is a problem because it can lead to a denial-of-service (DoS) condition, where the system becomes unresponsive or crashes, potentially allowing an attacker to disrupt the normal functioning of the system.
This vulnerability in the Linux kernel allows for a stack buffer overflow to occur when the EFI variable size exceeds the expected size of a specific Bluetooth structure, due to improper size checking.
This vulnerability is a problem because it can potentially allow attackers to execute arbitrary code or cause a system crash by manipulating the size of the EFI variable, leading to a denial-of-service or possibly even code execution with elevated privileges.
The CVE-2025-38314 vulnerability is a flaw in the Linux kernel's virtio-pci component, where the result size returned for admin command completion is 8 bytes larger than the actual result data size, causing the transfer of extra data and potential buffer size mismatch.
This vulnerability is a problem because it can lead to the inclusion of extra data in the state transferred to the destination and cause failures when reading beyond the allocated buffer size, potentially resulting in system crashes or data corruption.
The CVE-2025-38313 vulnerability is a double-free error in the Linux kernel, specifically in the fsl-mc bus component, where the mc_dev variable is freed twice, potentially causing system instability or crashes.
This vulnerability is a problem because it can lead to unexpected system behavior, crashes, or potentially allow an attacker to execute arbitrary code, compromising the security and reliability of the system.
The CVE-2025-38312 vulnerability is a division by zero error in the Linux kernel's fbdev core, specifically in the fb_cvt_hperiod() function, which occurs when a certain condition causes the refresh rate to become zero, leading to a kernel crash.
This vulnerability is a problem because it can cause the Linux kernel to crash, resulting in a denial of service, when a specific mode is set and the refresh rate overflows, leading to a division by zero error.
The Linux kernel vulnerability, identified as CVE-2025-38311, involves the removal of a critical lock (crit lock) in the iavf driver to prevent deadlocks and improve synchronization. The crit lock was previously used to protect certain operations, but its removal is intended to simplify the locking mechanism and reduce the risk of errors.
The presence of the crit lock led to potential deadlocks and circular locking dependencies, which could cause system crashes or freezes. The removal of this lock addresses these issues and improves the overall stability and security of the Linux kernel.
The CVE-2025-38310 vulnerability is a flaw in the Linux kernel's validation of nexthop addresses in the seg6 module, which can cause the kernel to read uninitialized memory if a user-provided length is shorter than the specified length.
This vulnerability is a problem because it can lead to the kernel accessing and processing unknown or garbage data, potentially causing system instability, crashes, or allowing attackers to exploit the vulnerability for malicious purposes.
The CVE-2025-38309 is a vulnerability in the Linux kernel that occurs when the svm state is not properly initialized before calling the xe_svm_fini() function during virtual machine creation, leading to system crashes and errors.
This vulnerability is a problem because it can cause the system to crash or become unstable, resulting in potential data loss or disruption of service, especially in environments that rely heavily on virtual machines.
The CVE-2025-38308 vulnerability is a null pointer dereference issue in the Linux kernel's ASoC (Audio System on Chip) Intel avs (Audio Video Service) module, which occurs when initializing hardware without properly verifying the search result of a function called avs_dai_find_path_template().
This vulnerability is a problem because it can potentially cause the system to crash or become unstable when the null pointer is dereferenced, leading to a denial-of-service (DoS) condition, which can disrupt the normal functioning of the system and impact user experience.
The CVE-2025-38307 vulnerability is found in the Linux kernel, specifically in the ASoC Intel avs module, where the function parse_int_array() does not properly verify the content it returns. This returned array has its length stored in the first element, and if this length is 0, any attempt to access or manipulate elements beyond the first one can lead to a null pointer dereference.
This vulnerability is a problem because it can potentially lead to a crash or instability in the system, or even allow an attacker to execute arbitrary code, thereby compromising the security and integrity of the system.
This vulnerability is a race condition in the Linux kernel, specifically in the file handle code, where a function called `has_locked_children()` is accessed without proper locking, potentially leading to a system crash.
This vulnerability is a problem because it can cause the system to crash or become unstable, leading to downtime and potential data loss, due to the lack of proper synchronization when accessing certain kernel functions.
The CVE-2025-38305 vulnerability is a recursive locking issue in the Linux kernel's PTP (Precision Time Protocol) implementation, specifically in the `ptp_vclock_in_use()` function. This function is used to check if a virtual clock is in use, but it contains a redundant check that can lead to a deadlock when trying to acquire a lock that is already held.
This vulnerability is a problem because it can cause a system deadlock, leading to a denial-of-service (DoS) condition. When a recursive lock is detected, the system may become unresponsive or crash, resulting in downtime and potential data loss.
The CVE-2025-38304 vulnerability is a NULL pointer dereference issue in the Linux kernel's Bluetooth functionality, specifically in the eir_get_service_data function, which can occur when the len parameter is optional and set to NULL, preventing the function from correctly skipping to the next entry of EIR_SERVICE_DATA.
This vulnerability is a problem because a NULL pointer dereference can cause the system to crash or potentially allow an attacker to execute arbitrary code, leading to a denial-of-service or potentially even gaining control of the system.
The CVE-2025-38303 vulnerability is a flaw in the Linux kernel's Bluetooth functionality, specifically in the eir_create_adv_data function, which can cause the system to crash when creating advertisement data for Bluetooth devices if it attempts to add certain flags without checking for available space.
This vulnerability is a problem because it can lead to system crashes, potentially causing disruptions to critical services, data loss, or other unintended consequences, especially in environments where Bluetooth connectivity is heavily relied upon.
This vulnerability in the Linux kernel occurs when the system attempts to write data to a disk using a specific function called blk_zone_wplug_bio_work, which incorrectly uses a function called submit_bio_noacct_nocheck, causing unnecessary duplicate work and potential deadlocks.
This vulnerability is a problem because it can lead to system crashes or freezes when the queue is frozen with pending write operations, resulting in data loss or corruption and disrupting system availability.
The CVE-2025-38301 is a vulnerability in the Linux kernel's nvmem driver, specifically in the zynqmp_nvmem component, which causes a null pointer exception when the device is accessed due to a mismatch in the expected context parameter.
This vulnerability is a problem because it can lead to system crashes or instability when the nvmem driver is used, potentially causing data loss or disruption to critical services, and it may also be exploited by attackers to gain unauthorized access or control over the system.
The CVE-2025-38300 is a vulnerability in the Linux kernel's crypto subsystem, specifically in the sun8i-ce-cipher driver. It occurs when the driver fails to properly handle errors during DMA (Direct Memory Access) operations, leading to attempts to free invalid or unallocated DMA memory addresses.
This vulnerability is a problem because it can cause the device driver to crash or behave unpredictably, potentially leading to system instability, data corruption, or even allowing an attacker to exploit the vulnerability to gain unauthorized access to the system.
The CVE-2025-38299 is a vulnerability in the Linux kernel that occurs when the device tree does not assign a codec to certain links (ETDM2_IN_BE and ETDM1_OUT_BE) in the Mediatek mt8195 sound card, causing a NULL pointer dereference and a kernel crash.
This vulnerability is a problem because it can cause the system to crash, leading to a denial of service. If an attacker can manipulate the device tree or exploit this vulnerability, they may be able to disrupt the system's functionality or gain unauthorized access.
The CVE-2025-38298 is a vulnerability in the Linux kernel that causes a general protection fault when the i10nm_edac module is unloaded and reloaded, leading to an out-of-bounds reference in the ADXL component array due to an incorrect count of ADXL components.
This vulnerability is a problem because it can cause system crashes and instability, potentially leading to data loss or corruption, and allowing attackers to disrupt system operation or gain unauthorized access.
The CVE-2025-38297 is a vulnerability in the Linux kernel that can cause a division-by-zero error when calculating energy efficiency costs for non-CPU devices, due to uninitialized performance data.
This vulnerability is a problem because it can lead to system crashes or unstable behavior when the affected code is executed, potentially causing disruptions to critical services or data loss.
The CVE-2025-38296 vulnerability occurs in the Linux kernel when the platform profile driver is loaded on platforms without ACPI (Advanced Configuration and Power Interface) enabled, causing the initialization of sysfs entries to fail due to the absence of the acpi_kobj.
This vulnerability is a problem because it can lead to system warnings and potential instability, as the kernel attempts to create sysfs entries without the necessary ACPI support, resulting in errors and potentially affecting system performance.
The CVE-2025-38295 is a vulnerability in the Linux kernel's Amlogic DDR PMU driver, where the `meson_ddr_pmu_create()` function incorrectly uses `smp_processor_id()` instead of `raw_smp_processor_id()` to retrieve the CPU ID, leading to kernel warnings during module loading.
This vulnerability is a problem because it can cause kernel warnings and potential system instability when the `meson_ddr_pmu_create()` function is called in a preemptible context, which can lead to unpredictable behavior and potentially cause the system to crash or become unresponsive.
The CVE-2025-38294 vulnerability is a NULL access issue in the Linux kernel's ath12k wifi driver, which occurs when the `ath12k_mac_assign_vif_to_vdev()` function fails, causing the radio handle to be accessed incorrectly for debug logging.
This vulnerability is a problem because it can lead to a crash or unexpected behavior in the Linux kernel, potentially causing system instability or allowing an attacker to exploit the vulnerability for malicious purposes, such as gaining unauthorized access or disrupting system operations.
The CVE-2025-38293 is a vulnerability in the Linux kernel that causes a kernel panic when a WLAN recovery occurs during the removal of a virtual interface (VIF) in the ath11k wireless driver. This happens because the list of VIFs is not properly reinitialized during the WLAN halt process, leading to corrupted list nodes.
This vulnerability is a problem because it can cause a denial-of-service (DoS) condition, where the system becomes unresponsive and requires a reboot. This can be particularly problematic in environments where high availability and reliability are crucial. Additionally, the kernel panic can lead to data loss and corruption, making it a significant concern for systems that rely on the affected wireless driver.
The CVE-2025-38292 vulnerability is a use-after-free error in the Linux kernel's ath12k wifi driver, where the code accesses memory after it has been freed, specifically when handling received data packets.
This vulnerability is a problem because it can cause the system to crash or potentially allow an attacker to execute arbitrary code, leading to a loss of system integrity and potentially allowing unauthorized access to sensitive data.
The CVE-2025-38291 vulnerability occurs in the Linux kernel when the wifi driver (ath12k) sends WMI commands to the firmware while it is recovering from a crash, causing the commands to fail and resulting in a kernel call trace.
This vulnerability is a problem because it can lead to system instability and potential crashes when the firmware is in a recovery state, which can cause disruption to wireless network connectivity and overall system performance.
The CVE-2025-38290 vulnerability is a bug in the Linux kernel's wifi driver (ath12k) that causes node corruption in the "arvifs" list when the WLAN recovery code is executed during a vif removal, leading to a kernel panic.
This vulnerability is a problem because it can cause the system to crash (kernel panic) when a WLAN recovery occurs during a specific sequence of events, resulting in a denial-of-service (DoS) condition, which can lead to system instability and potential data loss.
This vulnerability in the Linux kernel allows for a potential use-after-free of an ndlp object in the dev_loss_tmo_callbk function, which can occur during driver unload or fatal error handling.
This vulnerability is a problem because it can cause the system to crash or potentially allow an attacker to execute arbitrary code, leading to a loss of system integrity and potentially compromising sensitive data.
The CVE-2025-38288 vulnerability is a bug in the Linux kernel's smartpqi driver that incorrectly uses the smp_processor_id() function in preemptible kernels, leading to a call trace error and potential system instability.
This vulnerability is a problem because it can cause the system to produce error messages and dump stack traces, potentially leading to system crashes, data corruption, or other unpredictable behavior, especially in environments where the smartpqi driver is heavily used.
This vulnerability occurs in the Linux kernel when the send completion handler runs after the cm_id has moved on to another message, causing an assertion failure and warning when freeing an old message due to a lock not being held as expected.
This vulnerability is a problem because it can lead to system instability or crashes when the affected code is executed, potentially causing disruptions to critical services or data loss.
The CVE-2025-38286 vulnerability is an out-of-boundary access issue in the Linux kernel's pinctrl at91 component, which occurs when the at91_gpio_probe function fails to verify the availability of a given OF alias, potentially leading to incorrect indexing of the gpio_chips array.
This vulnerability is a problem because it can cause the Linux kernel to access memory outside the boundaries of the gpio_chips array, potentially resulting in system crashes, data corruption, or other unpredictable behavior, which can compromise the stability and security of the system.
The CVE-2025-38285 is a vulnerability in the Linux kernel that causes a warning message to be triggered when a specific tracepoint, such as `trace_mmap_lock_acquire_returned`, is called in a nested manner, leading to a potential issue with the `get_bpf_raw_tp_regs` function.
This vulnerability is a problem because it can cause system instability and potentially lead to errors or crashes when certain kernel tracing functions are used. The warning message triggered by this vulnerability can also cause confusion and make it difficult to diagnose other issues.
The CVE-2025-38284 is a vulnerability in the Linux kernel that occurs when the wifi driver rtw89 attempts to configure manual DAC mode via the PCI config API without properly setting up the PCI device mmap, leading to a page fault and kernel crash.
This vulnerability is a problem because it can cause a denial-of-service (DoS) condition, where the system becomes unresponsive or crashes, potentially leading to data loss or disruption of critical services. Additionally, the vulnerability may be exploited by attackers to gain unauthorized access to the system or execute malicious code.
The CVE-2025-38283 vulnerability occurs in the Linux kernel when attempting to perform live migration of a virtual machine (VM) without a loaded VF device driver, causing the migration to access a null address value due to missing device data.
This vulnerability is a problem because it leads to access errors during the live migration recovery operation on the destination side, potentially disrupting or failing the migration process of VMs without the necessary VF device drivers installed.
The CVE-2025-38282 is a vulnerability in the Linux kernel that causes a false positive warning in the kernfs_should_drain_open_files() function, which can lead to unnecessary panic_on_warn triggers. This occurs due to a overly sensitive check that catches rightful callers between specific kernel functions, resulting in a transient warning.
This vulnerability is a problem because it can cause unnecessary system crashes or warnings, leading to downtime and potential data loss. The false positives can also obscure real security issues, making it more difficult to identify and address actual vulnerabilities.
This CVE refers to a vulnerability in the Linux kernel where a function called `mt7996_thermal_init` does not properly check for a NULL pointer return value from `devm_kasprintf`, potentially leading to a kernel NULL pointer dereference error.
This vulnerability is a problem because it can cause the Linux kernel to crash or become unstable when the `mt7996_thermal_init` function is called, potentially leading to system downtime or data loss.
This vulnerability occurs in the Linux kernel when a BPF (Berkeley Packet Filter) program is created and the JIT (Just-In-Time) compilation fails due to fault injection, causing the program to be treated as valid even though it's not, and triggering a warning when the program is run.
This vulnerability is a problem because it can lead to unexpected behavior and potential crashes when BPF programs are executed, as the kernel incorrectly assumes the program is valid. This can compromise the stability and security of the system.
The CVE-2025-38279 is a vulnerability in the Linux kernel's BPF (Berkeley Packet Filter) verifier. It occurs when the verifier backtracking bookkeeping includes the stack pointer register, causing a warning and potential instability. This issue is triggered by a specific BPF program that uses conditional jumps and register operations.
This vulnerability is a problem because it can lead to a verifier backtracking bug, causing the kernel to produce a warning and potentially resulting in system instability or crashes. This bug can be exploited by an attacker to cause a denial-of-service (DoS) or potentially execute arbitrary code.
The CVE-2025-38278 vulnerability is related to a flaw in the Linux kernel's handling of Quality of Service (QOS) for the octeontx2-pf driver, specifically in the TC_HTB_LEAF_DEL_LAST callback. This vulnerability occurs when the system fails to properly stop active traffic on a leaf node before reassigning its send queue to the parent, and when the interface receives callbacks to delete its HTB queues during a system reboot.
This vulnerability is a problem because it can cause the system to attempt to update the real number of queues after device unregistration, leading to warnings and potential system instability. This can result in errors such as "New queues can't be registered after device unregistration" and may cause issues with network device management.
The CVE-2025-38277 vulnerability is a bug in the Linux kernel that occurs when a variable named "ret" is not properly initialized before being used, leading to undefined behavior and potentially causing the system to crash or produce unpredictable results.
This vulnerability is a problem because it can cause the kernel to behave erratically, leading to system crashes or instability, which can result in data loss, downtime, and other security issues, especially in cases where the system's geometry is misconfigured or the ECC engine is misused.
The CVE-2025-38276 is a vulnerability in the Linux kernel that affects the File System DAX (Direct Access) feature. It causes the kernel to skip locked entries when scanning entries, leading to potential data corruption or other issues. This happens because of a flaw in the wait_entry_unlocked_exclusive() function, which waits for an entry to become unlocked without properly updating the XArray iterator state.
This vulnerability is a problem because it can lead to unexpected behavior, data corruption, or system crashes when using File System DAX on Linux systems. The issue can be triggered when running certain tests or workloads, such as the xftest generic/068 test on an XFS filesystem with FS DAX enabled. This can result in warnings, errors, or system instability, potentially causing disruptions to critical systems or applications.
The CVE-2025-38275 vulnerability is a bug in the Linux kernel's qcom-qmp-usb phy driver, where the qmp_usb_iomap() function fails to properly handle NULL returns from devm_ioremap(), potentially leading to invalid memory dereferences.
This vulnerability is a problem because it can cause the system to crash or behave unpredictably when the qmp_usb_iomap() function attempts to access invalid memory locations, potentially allowing attackers to exploit this weakness and gain unauthorized access or control.
The CVE-2025-38274 is a vulnerability in the Linux kernel that occurs when the function `fpga_mgr_test_img_load_sgt()` allocates memory and fails to check if the allocation was successful, potentially leading to a null pointer dereference.
This vulnerability is a problem because if the memory allocation fails, the subsequent attempt to use the allocated memory will result in a null pointer dereference, which can cause the system to crash or become unstable, potentially allowing an attacker to exploit this vulnerability to disrupt system operation.
The CVE-2025-38273 is a vulnerability in the Linux kernel that occurs when the TIPC (Transparent Inter-Process Communication) discovery timer fires during network namespace cleanup, causing a refcount warning due to a use-after-free error when attempting to hold a reference to the network namespace.
This vulnerability is a problem because it can lead to a use-after-free error, which can cause the system to crash or potentially allow an attacker to execute arbitrary code, compromising the system's security and stability.
This vulnerability in the Linux kernel occurs when the system attempts to enable Energy Efficient Ethernet (EEE) on BCM63xx internal switches, which do not support EEE, causing the system to hang when trying to access non-existent EEE registers.
This vulnerability is a problem because it can cause system crashes and downtime when external PHYs that are EEE capable are connected to the BCM63xx internal switches, leading to potential data loss and disruption of critical services.
The CVE-2025-38271 is a vulnerability in the Linux kernel that causes a NULL dereference in the `rtnl_create_link()` function, which can lead to a system crash or potentially allow an attacker to execute arbitrary code. This occurs when the `dev->netdev_ops` is NULL at the time `rtnl_create_link()` is running, and the `netdev_lock_ops()` function is called, resulting in a NULL pointer dereference.
This vulnerability is a problem because it can cause system instability, crashes, or potentially allow an attacker to gain control of the system. If an attacker can exploit this vulnerability, they may be able to execute arbitrary code, leading to a range of malicious activities, including data theft, privilege escalation, or lateral movement within a network.
The CVE-2025-38270 is a vulnerability in the Linux kernel that occurs when the netdevsim driver, which supports netpoll, incorrectly calls the napi_complete() function from a netpoll context, potentially leading to warnings and instability.
This vulnerability is a problem because it can cause system warnings and potentially lead to crashes or freezes, especially when the netpoll feature is used. The premature removal of the SCHED bit by netpoll can result in unexpected behavior, making the system unstable and unreliable.
The CVE-2025-38269 vulnerability is a bug in the Linux kernel's btrfs file system that occurs when the system fails to properly handle an error during a state insertion operation, potentially leading to an invalid memory access.
This vulnerability is a problem because it can cause the system to crash or behave unpredictably, especially in exotic scenarios where the CONFIG_BUG feature is disabled, allowing the error to propagate and result in a memory access violation.
The CVE-2025-38268 is a vulnerability in the Linux kernel that occurs when the DisplayPort Alt Mode driver and the TCPM (Type-C Port Manager) are accessing a shared resource, causing a potential deadlock. This happens because a state check in the `tcpm_queue_vdm_unlocked` function is not protected, allowing the Alt Mode driver to attempt to grab a lock while the TCPM is holding it, leading to a deadlock.
This vulnerability is a problem because it can cause the system to freeze or become unresponsive, leading to a denial-of-service (DoS) condition. This can be particularly problematic in systems that rely on the Linux kernel and the Type-C Port Manager, such as laptops, tablets, and other mobile devices.
The CVE-2025-38267 is a vulnerability in the Linux kernel's ring-buffer that triggers a WARN_ON_ONCE() warning when a reader page is swapped out with the last page written in the write buffer, causing missed events to be reported. This occurs when an interrupt preempts an event being written to the buffer and adds enough new events to fill and wrap the buffer back to the commit.
This vulnerability is a problem because it can lead to missed events and warnings being triggered, potentially causing issues with system stability and reliability. The warning can also lead to a significant amount of debug information being logged, which can be overwhelming and make it difficult to diagnose the root cause of the issue.
The CVE-2025-38266 is a vulnerability in the Linux kernel that causes an invalid pointer dereference when the `mtk_eint_do_init()` function is called on v1 platforms, leading to a crash early in the boot process.
This vulnerability is a problem because it can cause systems to crash or become unstable, potentially leading to data loss or disruption of critical services, especially on affected platforms such as the Genio 350 EVK (MT8365).
The CVE-2025-38265 is a vulnerability in the Linux kernel that occurs when the `jsm_uart_port_init` function is called without setting a device, causing a NULL pointer dereference and leading to a kernel crash.
This vulnerability is a problem because it can cause the system to become unstable and crash, potentially leading to data loss, system downtime, and other issues, especially in environments where the affected serial device is critical to system operation.
This vulnerability allows a malicious user to create a certificate with a malformed extension that can expose sensitive data when GnuTLS verifies certificates, potentially leading to the disclosure of confidential information.
This vulnerability is a problem because it can be used to expose sensitive information from certain websites, compromising the confidentiality and security of the data being protected by the certificates.
The CVE-2025-32988 vulnerability is a double-free flaw in GnuTLS that occurs when handling Subject Alternative Name (SAN) entries with invalid or malformed type-id OIDs, leading to potential memory corruption or denial of service.
This vulnerability is a problem because it can cause the program to crash or allow an attacker to manipulate the memory, potentially leading to unauthorized access or data breaches, and it can be triggered using only public GnuTLS APIs.
The Lana Downloads Manager plugin for WordPress has a vulnerability that allows attackers with administrator-level permissions to inject malicious scripts into pages, which will execute when a user visits the infected page, due to poor input sanitization and output escaping.
This vulnerability is a problem because it enables authenticated attackers to inject arbitrary web scripts, potentially leading to unauthorized access, data theft, or other malicious activities, affecting users who access the compromised pages.
The Hostel WordPress plugin has a vulnerability that allows high-privilege users, such as admins, to inject malicious code into the website's settings, even when certain security restrictions are in place.
This vulnerability is a problem because it enables Stored Cross-Site Scripting (XSS) attacks, which can lead to unauthorized access, data theft, and other malicious activities on the affected website, potentially compromising user data and website integrity.
The Hostel WordPress plugin has a vulnerability that allows an attacker to inject malicious code into a webpage, which can then be executed by high-privilege users such as administrators, due to a lack of proper sanitization and escaping of a parameter.
This vulnerability is a problem because it can be used to trick administrators into performing unintended actions, potentially leading to unauthorized access, data theft, or other malicious activities, by exploiting the trust associated with the administrator's role.
The vulnerability in Dradis before version 4.11.0 allows the Output Console to display a job queue that may contain sensitive information about other users' jobs, potentially exposing their activities or data.
This vulnerability is a problem because it can lead to unauthorized access to sensitive information, potentially compromising user privacy and confidentiality. An attacker could exploit this to gain insights into other users' work, which could be particularly harmful in environments where data privacy is crucial.
No specific vulnerability or exploit is described, as the reason for rejection is listed as "Not used".
This CVE does not present a known security risk, as it lacks a detailed description of a vulnerability.
No information is available for this CVE as the original description was rejected and marked as "Not used".
The severity of this vulnerability is not provided, making it difficult to assess its potential impact.