CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-37799 – vmxnet3: Fix malformed packet sizing in vmxnet3_process_xdp
https://notcve.org/view.php?id=CVE-2025-37799
03 May 2025 — In the Linux kernel, the following vulnerability has been resolved: vmxnet3: Fix malformed packet sizing in vmxnet3_process_xdp vmxnet3 driver's XDP handling is buggy for packet sizes using ring0 (that is, packet sizes between 128 - 3k bytes). We noticed MTU-related connectivity issues with Cilium's service load- balancing in case of vmxnet3 as NIC underneath. A simple curl to a HTTP backend service where the XDP LB was doing IPIP encap led to overly large packet sizes but only for *some* of the packets (e.... • https://git.kernel.org/stable/c/c4312c4d244aa58e811ff0297e013124d115e793 •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-53130 – block: fix wrong mode for blkdev_put() from disk_scan_partitions()
https://notcve.org/view.php?id=CVE-2023-53130
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: block: fix wrong mode for blkdev_put() from disk_scan_partitions() If disk_scan_partitions() is called with 'FMODE_EXCL', blkdev_get_by_dev() will be called without 'FMODE_EXCL', however, follow blkdev_put() is still called with 'FMODE_EXCL', which will cause 'bd_holders' counter to leak. Fix the problem by using the right mode for blkdev_put(). In the Linux kernel, the following vulnerability has been resolved: block: fix wrong mode for bl... • https://git.kernel.org/stable/c/428913bce1e67ccb4dae317fd0332545bf8c9233 •
CVSS: 5.6EPSS: 0%CPEs: 1EXPL: 0CVE-2023-53129 – ext4: Fix deadlock during directory rename
https://notcve.org/view.php?id=CVE-2023-53129
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: Fix deadlock during directory rename As lockdep properly warns, we should not be locking i_rwsem while having transactions started as the proper lock ordering used by all directory handling operations is i_rwsem -> transaction start. Fix the lock ordering by moving the locking of the directory earlier in ext4_rename(). In the Linux kernel, the following vulnerability has been resolved: ext4: Fix deadlock during directory rename As loc... • https://git.kernel.org/stable/c/3c92792da8506a295afb6d032b4476e46f979725 •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-53122 – RISC-V: fix taking the text_mutex twice during sifive errata patching
https://notcve.org/view.php?id=CVE-2023-53122
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: RISC-V: fix taking the text_mutex twice during sifive errata patching Chris pointed out that some bonehead, *cough* me *cough*, added two mutex_locks() to the SiFive errata patching. The second was meant to have been a mutex_unlock(). This results in errors such as Unable to handle kernel NULL pointer dereference at virtual address 0000000000000030 Oops [#1] Modules linked in: CPU: 0 PID: 0 Comm: swapper Not tainted 6.2.0-rc1-starlight-0007... • https://git.kernel.org/stable/c/bf89b7ee52af5a5944fa3539e86089f72475055b •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-53104 – net: usb: smsc75xx: Move packet length check to prevent kernel panic in skb_pull
https://notcve.org/view.php?id=CVE-2023-53104
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: net: usb: smsc75xx: Move packet length check to prevent kernel panic in skb_pull Packet length check needs to be located after size and align_count calculation to prevent kernel panic in skb_pull() in case rx_cmd_a & RX_CMD_A_RED evaluates to true. In the Linux kernel, the following vulnerability has been resolved: net: usb: smsc75xx: Move packet length check to prevent kernel panic in skb_pull Packet length check needs to be located after ... • https://git.kernel.org/stable/c/43ffe6caccc7a1bb9d7442fbab521efbf6c1378c •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2025-37798 – codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog()
https://notcve.org/view.php?id=CVE-2025-37798
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog() After making all ->qlen_notify() callbacks idempotent, now it is safe to remove the check of qlen!=0 from both fq_codel_dequeue() and codel_qdisc_dequeue(). In the Linux kernel, the following vulnerability has been resolved: codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog() After making all ->qlen_notify() callbacks idempotent, now it is safe to remove the c... • https://git.kernel.org/stable/c/76e3cc126bb223013a6b9a0e2a51238d1ef2e409 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2025-37797 – net_sched: hfsc: Fix a UAF vulnerability in class handling
https://notcve.org/view.php?id=CVE-2025-37797
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Fix a UAF vulnerability in class handling This patch fixes a Use-After-Free vulnerability in the HFSC qdisc class handling. The issue occurs due to a time-of-check/time-of-use condition in hfsc_change_class() when working with certain child qdiscs like netem or codel. The vulnerability works as follows: 1. hfsc_change_class() checks if a class has packets (q.qlen != 0) 2. It then calls qdisc_peek_len(), which for certain qd... • https://git.kernel.org/stable/c/21f4d5cc25ec0e6e8eb8420dd2c399e6d2fc7d14 •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-49897 – fscrypt: fix keyring memory leak on mount failure
https://notcve.org/view.php?id=CVE-2022-49897
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: fscrypt: fix keyring memory leak on mount failure Commit d7e7b9af104c ("fscrypt: stop using keyrings subsystem for fscrypt_master_key") moved the keyring destruction from __put_super() to generic_shutdown_super() so that the filesystem's block device(s) are still available. Unfortunately, this causes a memory leak in the case where a mount is attempted with the test_dummy_encryption mount option, but the mount fails after the option has alr... • https://git.kernel.org/stable/c/ccd30a476f8e864732de220bd50e6f372f5ebcab •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-49856 – net: tun: call napi_schedule_prep() to ensure we own a napi
https://notcve.org/view.php?id=CVE-2022-49856
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: net: tun: call napi_schedule_prep() to ensure we own a napi A recent patch exposed another issue in napi_get_frags() caught by syzbot [1] Before feeding packets to GRO, and calling napi_complete() we must first grab NAPI_STATE_SCHED. [1] WARNING: CPU: 0 PID: 3612 at net/core/dev.c:6076 napi_complete_done+0x45b/0x880 net/core/dev.c:6076 Modules linked in: CPU: 0 PID: 3612 Comm: syz-executor408 Not tainted 6.1.0-rc3-syzkaller-00175-g1118b2049... • https://git.kernel.org/stable/c/07d120aa33cc9d9115753d159f64d20c94458781 •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-49843 – drm/amdkfd: Migrate in CPU page fault use current mm
https://notcve.org/view.php?id=CVE-2022-49843
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Migrate in CPU page fault use current mm migrate_vma_setup shows below warning because we don't hold another process mm mmap_lock. We should use current vmf->vma->vm_mm instead, the caller already hold current mmap lock inside CPU page fault handler. WARNING: CPU: 10 PID: 3054 at include/linux/mmap_lock.h:155 find_vma Call Trace: walk_page_range+0x76/0x150 migrate_vma_setup+0x18a/0x640 svm_migrate_vram_to_ram+0x245/0xa10 [amdgpu... • https://git.kernel.org/stable/c/3a876060892ba52dd67d197c78b955e62657d906 •