CVSS: 6.9EPSS: %CPEs: 6EXPL: 0CVE-2025-37991 – parisc: Fix double SIGFPE crash
https://notcve.org/view.php?id=CVE-2025-37991
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: parisc: Fix double SIGFPE crash Camm noticed that on parisc a SIGFPE exception will crash an application with a second SIGFPE in the signal handler. Dave analyzed it, and it happens because glibc uses a double-word floating-point store to atomically update function descriptors. As a result of lazy binding, we hit a floating-point store in fpe_func almost immediately. When the T bit is set, an assist exception trap occurs when when the co-pr... • https://git.kernel.org/stable/c/ec4584495868bd465fe60a3f771915c0e7ce7951 •
CVSS: 5.0EPSS: %CPEs: 6EXPL: 0CVE-2025-37990 – wifi: brcm80211: fmac: Add error handling for brcmf_usb_dl_writeimage()
https://notcve.org/view.php?id=CVE-2025-37990
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: brcm80211: fmac: Add error handling for brcmf_usb_dl_writeimage() The function brcmf_usb_dl_writeimage() calls the function brcmf_usb_dl_cmd() but dose not check its return value. The 'state.state' and the 'state.bytes' are uninitialized if the function brcmf_usb_dl_cmd() fails. It is dangerous to use uninitialized variables in the conditions. Add error handling for brcmf_usb_dl_cmd() to jump to error handling path if the brcmf_usb_dl... • https://git.kernel.org/stable/c/71bb244ba2fd5390eefe4ee9054abdb3f8b05922 •
CVSS: 5.5EPSS: %CPEs: 8EXPL: 0CVE-2025-37989 – net: phy: leds: fix memory leak
https://notcve.org/view.php?id=CVE-2025-37989
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: net: phy: leds: fix memory leak A network restart test on a router led to an out-of-memory condition, which was traced to a memory leak in the PHY LED trigger code. The root cause is misuse of the devm API. The registration function (phy_led_triggers_register) is called from phy_attach_direct, not phy_probe, and the unregister function (phy_led_triggers_unregister) is called from phy_detach, not phy_remove. This means the register and unreg... • https://git.kernel.org/stable/c/2e0bc452f4721520502575362a9cd3c1248d2337 •
CVSS: 5.5EPSS: %CPEs: 4EXPL: 0CVE-2025-37988 – fix a couple of races in MNT_TREE_BENEATH handling by do_move_mount()
https://notcve.org/view.php?id=CVE-2025-37988
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: fix a couple of races in MNT_TREE_BENEATH handling by do_move_mount() Normally do_lock_mount(path, _) is locking a mountpoint pinned by *path and at the time when matching unlock_mount() unlocks that location it is still pinned by the same thing. Unfortunately, for 'beneath' case it's no longer that simple - the object being locked is not the one *path points to. It's the mountpoint of path->mnt. The thing is, without sufficient locking ->m... • https://git.kernel.org/stable/c/6ac392815628f317fcfdca1a39df00b9cc4ebc8b •
CVSS: 10.0EPSS: %CPEs: 3EXPL: 0CVE-2025-37987 – pds_core: Prevent possible adminq overflow/stuck condition
https://notcve.org/view.php?id=CVE-2025-37987
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: pds_core: Prevent possible adminq overflow/stuck condition The pds_core's adminq is protected by the adminq_lock, which prevents more than 1 command to be posted onto it at any one time. This makes it so the client drivers cannot simultaneously post adminq commands. However, the completions happen in a different context, which means multiple adminq commands can be posted sequentially and all waiting on completion. On the FW side, the backin... • https://git.kernel.org/stable/c/45d76f492938cdc27ddadc16e1e75103f4cfbf56 •
CVSS: 5.5EPSS: %CPEs: 6EXPL: 0CVE-2025-37985 – USB: wdm: close race between wdm_open and wdm_wwan_port_stop
https://notcve.org/view.php?id=CVE-2025-37985
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: USB: wdm: close race between wdm_open and wdm_wwan_port_stop Clearing WDM_WWAN_IN_USE must be the last action or we can open a chardev whose URBs are still poisoned In the Linux kernel, the following vulnerability has been resolved: USB: wdm: close race between... • https://git.kernel.org/stable/c/cac6fb015f719104e60b1c68c15ca5b734f57b9c •
CVSS: 7.1EPSS: %CPEs: 2EXPL: 0CVE-2025-37984 – crypto: ecdsa - Harden against integer overflows in DIV_ROUND_UP()
https://notcve.org/view.php?id=CVE-2025-37984
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: crypto: ecdsa - Harden against integer overflows in DIV_ROUND_UP() Herbert notes that DIV_ROUND_UP() may overflow unnecessarily if an ecdsa implementation's ->key_size() callback returns an unusually large value. Herbert instead suggests (for a division by 8): X / 8 + !!(X & 7) Based on this formula, introduce a generic DIV_ROUND_UP_POW2() macro and use it in lieu of DIV_ROUND_UP() for ->key_size() return values. Additionally, use the macro... • https://git.kernel.org/stable/c/921b8167f10708e38080f84e195cdc68a7a561f1 •
CVSS: 7.1EPSS: %CPEs: 8EXPL: 0CVE-2025-37983 – qibfs: fix _another_ leak
https://notcve.org/view.php?id=CVE-2025-37983
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: qibfs: fix _another_ leak failure to allocate inode => leaked dentry... this one had been there since the initial merge; to be fair, if we are that far OOM, the odds of failing at that particular allocation are low... In the Linux kernel, the following vulnerability has been resolved: qibfs: fix _another_ leak ... • https://git.kernel.org/stable/c/5e280cce3a29b7fe7b828c6ccd5aa5ba87ceb6b6 •
CVSS: 5.5EPSS: %CPEs: 8EXPL: 0CVE-2025-37982 – wifi: wl1251: fix memory leak in wl1251_tx_work
https://notcve.org/view.php?id=CVE-2025-37982
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: wl1251: fix memory leak in wl1251_tx_work The skb dequeued from tx_queue is lost when wl1251_ps_elp_wakeup fails with a -ETIMEDOUT error. Fix that by queueing the skb back to tx_queue. In the Linux kernel, the following vulnerability has been resolved: wifi: wl1251: fix memory leak in wl1251_tx_work The skb dequeued from tx_queue is lost when wl1251_ps_elp_wakeup fails with a -ETIMEDOUT error. Fix that by queueing the skb back to tx_q... • https://git.kernel.org/stable/c/c5483b71936333ba9474f57d0f3a7a7abf9b87a0 •
CVSS: 5.5EPSS: %CPEs: 4EXPL: 0CVE-2025-37980 – block: fix resource leak in blk_register_queue() error path
https://notcve.org/view.php?id=CVE-2025-37980
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: block: fix resource leak in blk_register_queue() error path When registering a queue fails after blk_mq_sysfs_register() is successful but the function later encounters an error, we need to clean up the blk_mq_sysfs resources. Add the missing blk_mq_sysfs_unregister() call in the error path to properly clean up these resources and prevent a memory leak. In the Linux kernel, the following vulnerability has been resolved: block: fix resource ... • https://git.kernel.org/stable/c/320ae51feed5c2f13664aa05a76bec198967e04d •