CVSS: 6.4EPSS: 0%CPEs: 6EXPL: 0CVE-2025-37992 – net_sched: Flush gso_skb list too during ->change()
https://notcve.org/view.php?id=CVE-2025-37992
26 May 2025 — In the Linux kernel, the following vulnerability has been resolved: net_sched: Flush gso_skb list too during ->change() Previously, when reducing a qdisc's limit via the ->change() operation, only the main skb queue was trimmed, potentially leaving packets in the gso_skb list. This could result in NULL pointer dereference when we only check sch->limit against sch->q.qlen. This patch introduces a new helper, qdisc_dequeue_internal(), which ensures both the gso_skb list and the main queue are properly flushed... • https://git.kernel.org/stable/c/76e3cc126bb223013a6b9a0e2a51238d1ef2e409 •
CVSS: 6.9EPSS: 0%CPEs: 6EXPL: 0CVE-2025-37991 – parisc: Fix double SIGFPE crash
https://notcve.org/view.php?id=CVE-2025-37991
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: parisc: Fix double SIGFPE crash Camm noticed that on parisc a SIGFPE exception will crash an application with a second SIGFPE in the signal handler. Dave analyzed it, and it happens because glibc uses a double-word floating-point store to atomically update function descriptors. As a result of lazy binding, we hit a floating-point store in fpe_func almost immediately. When the T bit is set, an assist exception trap occurs when when the co-pr... • https://git.kernel.org/stable/c/ec4584495868bd465fe60a3f771915c0e7ce7951 •
CVSS: 5.0EPSS: 0%CPEs: 6EXPL: 0CVE-2025-37990 – wifi: brcm80211: fmac: Add error handling for brcmf_usb_dl_writeimage()
https://notcve.org/view.php?id=CVE-2025-37990
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: brcm80211: fmac: Add error handling for brcmf_usb_dl_writeimage() The function brcmf_usb_dl_writeimage() calls the function brcmf_usb_dl_cmd() but dose not check its return value. The 'state.state' and the 'state.bytes' are uninitialized if the function brcmf_usb_dl_cmd() fails. It is dangerous to use uninitialized variables in the conditions. Add error handling for brcmf_usb_dl_cmd() to jump to error handling path if the brcmf_usb_dl... • https://git.kernel.org/stable/c/71bb244ba2fd5390eefe4ee9054abdb3f8b05922 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-37989 – net: phy: leds: fix memory leak
https://notcve.org/view.php?id=CVE-2025-37989
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: net: phy: leds: fix memory leak A network restart test on a router led to an out-of-memory condition, which was traced to a memory leak in the PHY LED trigger code. The root cause is misuse of the devm API. The registration function (phy_led_triggers_register) is called from phy_attach_direct, not phy_probe, and the unregister function (phy_led_triggers_unregister) is called from phy_detach, not phy_remove. This means the register and unreg... • https://git.kernel.org/stable/c/2e0bc452f4721520502575362a9cd3c1248d2337 •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2025-37984 – crypto: ecdsa - Harden against integer overflows in DIV_ROUND_UP()
https://notcve.org/view.php?id=CVE-2025-37984
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: crypto: ecdsa - Harden against integer overflows in DIV_ROUND_UP() Herbert notes that DIV_ROUND_UP() may overflow unnecessarily if an ecdsa implementation's ->key_size() callback returns an unusually large value. Herbert instead suggests (for a division by 8): X / 8 + !!(X & 7) Based on this formula, introduce a generic DIV_ROUND_UP_POW2() macro and use it in lieu of DIV_ROUND_UP() for ->key_size() return values. Additionally, use the macro... • https://git.kernel.org/stable/c/921b8167f10708e38080f84e195cdc68a7a561f1 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2025-37983 – qibfs: fix _another_ leak
https://notcve.org/view.php?id=CVE-2025-37983
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: qibfs: fix _another_ leak failure to allocate inode => leaked dentry... this one had been there since the initial merge; to be fair, if we are that far OOM, the odds of failing at that particular allocation are low... In the Linux kernel, the following vulnerability has been resolved: qibfs: fix _another_ leak failure to allocate inode => leaked dentry... this one had been there since the initial merge; to be fair, if we are that far OOM, t... • https://git.kernel.org/stable/c/5e280cce3a29b7fe7b828c6ccd5aa5ba87ceb6b6 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-37982 – wifi: wl1251: fix memory leak in wl1251_tx_work
https://notcve.org/view.php?id=CVE-2025-37982
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: wl1251: fix memory leak in wl1251_tx_work The skb dequeued from tx_queue is lost when wl1251_ps_elp_wakeup fails with a -ETIMEDOUT error. Fix that by queueing the skb back to tx_queue. In the Linux kernel, the following vulnerability has been resolved: wifi: wl1251: fix memory leak in wl1251_tx_work The skb dequeued from tx_queue is lost when wl1251_ps_elp_wakeup fails with a -ETIMEDOUT error. Fix that by queueing the skb back to tx_q... • https://git.kernel.org/stable/c/c5483b71936333ba9474f57d0f3a7a7abf9b87a0 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-37980 – block: fix resource leak in blk_register_queue() error path
https://notcve.org/view.php?id=CVE-2025-37980
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: block: fix resource leak in blk_register_queue() error path When registering a queue fails after blk_mq_sysfs_register() is successful but the function later encounters an error, we need to clean up the blk_mq_sysfs resources. Add the missing blk_mq_sysfs_unregister() call in the error path to properly clean up these resources and prevent a memory leak. In the Linux kernel, the following vulnerability has been resolved: block: fix resource ... • https://git.kernel.org/stable/c/320ae51feed5c2f13664aa05a76bec198967e04d •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2025-37970 – iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_fifo
https://notcve.org/view.php?id=CVE-2025-37970
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_fifo Prevent st_lsm6dsx_read_fifo from falling in an infinite loop in case pattern_len is equal to zero and the device FIFO is not empty. In the Linux kernel, the following vulnerability has been resolved: iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_fifo Prevent st_lsm6dsx_read_fifo from falling in an infinite loop in case pattern_len is equal to zero and the devi... • https://git.kernel.org/stable/c/290a6ce11d938be52634b3ce1bbc6b78be4d23c1 •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2025-37968 – iio: light: opt3001: fix deadlock due to concurrent flag access
https://notcve.org/view.php?id=CVE-2025-37968
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: iio: light: opt3001: fix deadlock due to concurrent flag access The threaded IRQ function in this driver is reading the flag twice: once to lock a mutex and once to unlock it. Even though the code setting the flag is designed to prevent it, there are subtle cases where the flag could be true at the mutex_lock stage and false at the mutex_unlock stage. This results in the mutex not being unlocked, resulting in a deadlock. Fix it by making th... • https://git.kernel.org/stable/c/94a9b7b1809f56cfaa080e70ec49b6979563a237 •