CVSS: -EPSS: %CPEs: 3EXPL: 0CVE-2025-37888 – net/mlx5: Fix null-ptr-deref in mlx5_create_{inner_,}ttc_table()
https://notcve.org/view.php?id=CVE-2025-37888
09 May 2025 — In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix null-ptr-deref in mlx5_create_{inner_,}ttc_table() Add NULL check for mlx5_get_flow_namespace() returns in mlx5_create_inner_ttc_table() and mlx5_create_ttc_table() to prevent NULL pointer dereference. • https://git.kernel.org/stable/c/137f3d50ad2a0f2e1ebe5181d6b32a5541786b99 •
CVSS: -EPSS: %CPEs: 4EXPL: 0CVE-2025-37887 – pds_core: handle unsupported PDS_CORE_CMD_FW_CONTROL result
https://notcve.org/view.php?id=CVE-2025-37887
09 May 2025 — In the Linux kernel, the following vulnerability has been resolved: pds_core: handle unsupported PDS_CORE_CMD_FW_CONTROL result If the FW doesn't support the PDS_CORE_CMD_FW_CONTROL command the driver might at the least print garbage and at the worst crash when the user runs the "devlink dev info" devlink command. • https://git.kernel.org/stable/c/45d76f492938cdc27ddadc16e1e75103f4cfbf56 •
CVSS: -EPSS: %CPEs: 4EXPL: 0CVE-2025-37886 – pds_core: make wait_context part of q_info
https://notcve.org/view.php?id=CVE-2025-37886
09 May 2025 — In the Linux kernel, the following vulnerability has been resolved: pds_core: make wait_context part of q_info Make the wait_context a full part of the q_info struct rather than a stack variable that goes away after pdsc_adminq_post() is done so that the context is still available after the wait loop has given up. • https://git.kernel.org/stable/c/01ba61b55b2041a39c54aefb3153c770dd59a0ef •
CVSS: -EPSS: %CPEs: 7EXPL: 0CVE-2025-37885 – KVM: x86: Reset IRTE to host control if *new* route isn't postable
https://notcve.org/view.php?id=CVE-2025-37885
09 May 2025 — In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Reset IRTE to host control if *new* route isn't postable Restore an IRTE back to host control (remapped or posted MSI mode) if the *new* GSI route prevents posting the IRQ directly to a vCPU, regardless of the GSI routing type. • https://git.kernel.org/stable/c/efc644048ecde54f016011fe10110addd0de348f •
CVSS: -EPSS: %CPEs: 5EXPL: 0CVE-2025-37884 – bpf: Fix deadlock between rcu_tasks_trace and event_mutex.
https://notcve.org/view.php?id=CVE-2025-37884
09 May 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: Fix deadlock between rcu_tasks_trace and event_mutex. • https://git.kernel.org/stable/c/255cbc9db7067a83713fd2f4b31034ddd266549a •
CVSS: -EPSS: %CPEs: 6EXPL: 0CVE-2025-37883 – s390/sclp: Add check for get_zeroed_page()
https://notcve.org/view.php?id=CVE-2025-37883
09 May 2025 — In the Linux kernel, the following vulnerability has been resolved: s390/sclp: Add check for get_zeroed_page() Add check for the return value of get_zeroed_page() in sclp_console_init() to prevent null pointer dereference. Furthermore, to solve the memory leak caused by the loop allocation, add a free helper to do the free job. • https://git.kernel.org/stable/c/e1e00dc45648125ef7cb87ebc3b581ac224e7b39 •
CVSS: -EPSS: %CPEs: 3EXPL: 0CVE-2025-37882 – usb: xhci: Fix isochronous Ring Underrun/Overrun event handling
https://notcve.org/view.php?id=CVE-2025-37882
09 May 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Fix isochronous Ring Underrun/Overrun event handling The TRB pointer of these events points at enqueue at the time of error occurrence on xHCI 1.1+ HCs or it's NULL on older ones. • https://git.kernel.org/stable/c/16a7a8e6c47fea5c847beb696c8c21a7a44c1915 •
CVSS: -EPSS: %CPEs: 8EXPL: 0CVE-2025-37881 – usb: gadget: aspeed: Add NULL pointer check in ast_vhub_init_dev()
https://notcve.org/view.php?id=CVE-2025-37881
09 May 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: gadget: aspeed: Add NULL pointer check in ast_vhub_init_dev() The variable d->name, returned by devm_kasprintf(), could be NULL. A pointer check is added to prevent potential NULL pointer dereference. This is similar to the fix in commit 3027e7b15b02 ("ice: Fix some null pointer dereference issues in ice_ptp.c"). • https://git.kernel.org/stable/c/a777ccfb9ba8d43f745e41b69ba39d4a506a081e •
CVSS: -EPSS: %CPEs: 3EXPL: 0CVE-2025-37880 – um: work around sched_yield not yielding in time-travel mode
https://notcve.org/view.php?id=CVE-2025-37880
09 May 2025 — In the Linux kernel, the following vulnerability has been resolved: um: work around sched_yield not yielding in time-travel mode sched_yield by a userspace may not actually cause scheduling in time-travel mode as no time has passed. • https://git.kernel.org/stable/c/da780c4a075ba2deb05ae29f0af4a990578c7901 •
CVSS: -EPSS: %CPEs: 5EXPL: 0CVE-2025-37879 – 9p/net: fix improper handling of bogus negative read/write replies
https://notcve.org/view.php?id=CVE-2025-37879
09 May 2025 — In the Linux kernel, the following vulnerability has been resolved: 9p/net: fix improper handling of bogus negative read/write replies In p9_client_write() and p9_client_read_once(), if the server incorrectly replies with success but a negative write/read count then we would consider written (negative) <= rsize (positive) because both variables were signed. • https://git.kernel.org/stable/c/468ff4a7c61fb811c596a7c44b6a5455e40fd12b •