Security

CVE ID : CVE-2025-38544

Published : Aug. 16, 2025, 12:15 p.m. | 13 hours, 54 minutes ago

Description : In the Linux kernel, the following vulnerability has been resolved:

rxrpc: Fix bug due to prealloc collision

When userspace is using AF_RXRPC to provide a server, it has to preallocate
incoming calls and assign to them call IDs that will be used to thread
related recvmsg() and sendmsg() together. The preallocated call IDs will
automatically be attached to calls as they come in until the pool is empty.

To the kernel, the call IDs are just arbitrary numbers, but userspace can
use the call ID to hold a pointer to prepared structs. In any case, the
user isn’t permitted to create two calls with the same call ID (call IDs
become available again when the call ends) and EBADSLT should result from
sendmsg() if an attempt is made to preallocate a call with an in-use call
ID.

However, the cleanup in the error handling will trigger both assertions in
rxrpc_cleanup_call() because the call isn’t marked complete and isn’t
marked as having been released.

Fix this by setting the call state in rxrpc_service_prealloc_one() and then
marking it as being released before calling the cleanup function.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-38543

Published : Aug. 16, 2025, 12:15 p.m. | 13 hours, 54 minutes ago

Description : In the Linux kernel, the following vulnerability has been resolved:

drm/tegra: nvdec: Fix dma_alloc_coherent error check

Check for NULL return value with dma_alloc_coherent, in line with
Robin’s fix for vic.c in ‘drm/tegra: vic: Fix DMA API misuse’.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-38545

Published : Aug. 16, 2025, 12:15 p.m. | 13 hours, 54 minutes ago

Description : In the Linux kernel, the following vulnerability has been resolved:

net: ethernet: ti: am65-cpsw-nuss: Fix skb size by accounting for skb_shared_info

While transitioning from netdev_alloc_ip_align() to build_skb(), memory
for the “skb_shared_info” member of an “skb” was not allocated. Fix this
by allocating “PAGE_SIZE” as the skb length, accounting for the packet
length, headroom and tailroom, thereby including the required memory space
for skb_shared_info.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-38546

Published : Aug. 16, 2025, 12:15 p.m. | 13 hours, 54 minutes ago

Description : In the Linux kernel, the following vulnerability has been resolved:

atm: clip: Fix memory leak of struct clip_vcc.

ioctl(ATMARP_MKIP) allocates struct clip_vcc and set it to
vcc->user_back.

The code assumes that vcc_destroy_socket() passes NULL skb
to vcc->push() when the socket is close()d, and then clip_push()
frees clip_vcc.

However, ioctl(ATMARPD_CTRL) sets NULL to vcc->push() in
atm_init_atmarp(), resulting in memory leak.

Let’s serialise two ioctl() by lock_sock() and check vcc->push()
in atm_init_atmarp() to prevent memleak.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-38547

Published : Aug. 16, 2025, 12:15 p.m. | 13 hours, 54 minutes ago

Description : In the Linux kernel, the following vulnerability has been resolved:

iio: adc: axp20x_adc: Add missing sentinel to AXP717 ADC channel maps

The AXP717 ADC channel maps is missing a sentinel entry at the end. This
causes a KASAN warning.

Add the missing sentinel entry.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-38548

Published : Aug. 16, 2025, 12:15 p.m. | 13 hours, 54 minutes ago

Description : In the Linux kernel, the following vulnerability has been resolved:

hwmon: (corsair-cpro) Validate the size of the received input buffer

Add buffer_recv_size to store the size of the received bytes.
Validate buffer_recv_size in send_usb_cmd().

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-38542

Published : Aug. 16, 2025, 12:15 p.m. | 13 hours, 54 minutes ago

Description : In the Linux kernel, the following vulnerability has been resolved:

net: appletalk: Fix device refcount leak in atrtr_create()

When updating an existing route entry in atrtr_create(), the old device
reference was not being released before assigning the new device,
leading to a device refcount leak. Fix this by calling dev_put() to
release the old device reference before holding the new one.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-8105

Published : Aug. 16, 2025, 12:15 p.m. | 13 hours, 54 minutes ago

Description : The The Soledad theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.6.7. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-38549

Published : Aug. 16, 2025, 12:15 p.m. | 13 hours, 54 minutes ago

Description : In the Linux kernel, the following vulnerability has been resolved:

efivarfs: Fix memory leak of efivarfs_fs_info in fs_context error paths

When processing mount options, efivarfs allocates efivarfs_fs_info (sfi)
early in fs_context initialization. However, sfi is associated with the
superblock and typically freed when the superblock is destroyed. If the
fs_context is released (final put) before fill_super is called—such as
on error paths or during reconfiguration—the sfi structure would leak,
as ownership never transfers to the superblock.

Implement the .free callback in efivarfs_context_ops to ensure any
allocated sfi is properly freed if the fs_context is torn down before
fill_super, preventing this memory leak.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-8143

Published : Aug. 16, 2025, 12:15 p.m. | 13 hours, 54 minutes ago

Description : The Soledad theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘pcsml_smartlists_h’ parameter in all versions up to, and including, 8.6.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-8142

Published : Aug. 16, 2025, 12:15 p.m. | 13 hours, 54 minutes ago

Description : The Soledad theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 8.6.7 via the ‘header_layout’ parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary .php files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where .php file types can be uploaded and included.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-38550

Published : Aug. 16, 2025, 12:15 p.m. | 13 hours, 54 minutes ago

Description : In the Linux kernel, the following vulnerability has been resolved:

ipv6: mcast: Delay put pmc->idev in mld_del_delrec()

pmc->idev is still used in ip6_mc_clear_src(), so as mld_clear_delrec()
does, the reference should be put after ip6_mc_clear_src() return.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-38551

Published : Aug. 16, 2025, 12:15 p.m. | 13 hours, 54 minutes ago

Description : In the Linux kernel, the following vulnerability has been resolved:

virtio-net: fix recursived rtnl_lock() during probe()

The deadlock appears in a stack trace like:

virtnet_probe()
rtnl_lock()
virtio_config_changed_work()
netdev_notify_peers()
rtnl_lock()

It happens if the VMM sends a VIRTIO_NET_S_ANNOUNCE request while the
virtio-net driver is still probing.

The config_work in probe() will get scheduled until virtnet_open() enables
the config change notification via virtio_config_driver_enable().

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-38552

Published : Aug. 16, 2025, 12:15 p.m. | 13 hours, 54 minutes ago

Description : In the Linux kernel, the following vulnerability has been resolved:

mptcp: plug races between subflow fail and subflow creation

We have races similar to the one addressed by the previous patch between
subflow failing and additional subflow creation. They are just harder to
trigger.

The solution is similar. Use a separate flag to track the condition
‘socket state prevent any additional subflow creation’ protected by the
fallback lock.

The socket fallback makes such flag true, and also receiving or sending
an MP_FAIL option.

The field ‘allow_infinite_fallback’ is now always touched under the
relevant lock, we can drop the ONCE annotation on write.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-8878

Published : Aug. 16, 2025, 12:15 p.m. | 13 hours, 54 minutes ago

Description : The The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 4.16.4. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.

Severity: 6.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2023-32246

Published : Aug. 16, 2025, 2:15 p.m. | 11 hours, 54 minutes ago

Description : In the Linux kernel, the following vulnerability has been resolved:

ksmbd: call rcu_barrier() in ksmbd_server_exit()

racy issue is triggered the bug by racing between closing a connection
and rmmod. In ksmbd, rcu_barrier() is not called at module unload time,
so nothing prevents ksmbd from getting unloaded while it still has RCU
callbacks pending. It leads to trigger unintended execution of kernel
code locally and use to defeat protections such as Kernel Lockdown

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2023-3867

Published : Aug. 16, 2025, 2:15 p.m. | 11 hours, 54 minutes ago

Description : In the Linux kernel, the following vulnerability has been resolved:

ksmbd: fix out of bounds read in smb2_sess_setup

ksmbd does not consider the case of that smb2 session setup is
in compound request. If this is the second payload of the compound,
OOB read issue occurs while processing the first payload in
the smb2_sess_setup().

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2023-3865

Published : Aug. 16, 2025, 2:15 p.m. | 11 hours, 54 minutes ago

Description : In the Linux kernel, the following vulnerability has been resolved:

ksmbd: fix out-of-bound read in smb2_write

ksmbd_smb2_check_message doesn’t validate hdr->NextCommand. If
->NextCommand is bigger than Offset + Length of smb2 write, It will
allow oversized smb2 write length. It will cause OOB read in smb2_write.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2023-3866

Published : Aug. 16, 2025, 2:15 p.m. | 11 hours, 54 minutes ago

Description : In the Linux kernel, the following vulnerability has been resolved:

ksmbd: validate session id and tree id in the compound request

This patch validate session id and tree id in compound request.
If first operation in the compound is SMB2 ECHO request, ksmbd bypass
session and tree validation. So work->sess and work->tcon could be NULL.
If secound request in the compound access work->sess or tcon, It cause
NULL pointer dereferecing error.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2023-4130

Published : Aug. 16, 2025, 2:15 p.m. | 11 hours, 54 minutes ago

Description : In the Linux kernel, the following vulnerability has been resolved:

ksmbd: fix wrong next length validation of ea buffer in smb2_set_ea()

There are multiple smb2_ea_info buffers in FILE_FULL_EA_INFORMATION request
from client. ksmbd find next smb2_ea_info using ->NextEntryOffset of
current smb2_ea_info. ksmbd need to validate buffer length Before
accessing the next ea. ksmbd should check buffer length using buf_len,
not next variable. next is the start offset of current ea that got from
previous ea.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…