CVSS: -EPSS: %CPEs: 4EXPL: 0CVE-2025-37887 – pds_core: handle unsupported PDS_CORE_CMD_FW_CONTROL result
https://notcve.org/view.php?id=CVE-2025-37887
09 May 2025 — In the Linux kernel, the following vulnerability has been resolved: pds_core: handle unsupported PDS_CORE_CMD_FW_CONTROL result If the FW doesn't support the PDS_CORE_CMD_FW_CONTROL command the driver might at the least print garbage and at the worst crash when the user runs the "devlink dev info" devlink command. This happens because the stack variable fw_list is not 0 initialized which results in fw_list.num_fw_slots being a garbage value from the stack. Then the driver tries to access fw_list.fw_names[i]... • https://git.kernel.org/stable/c/45d76f492938cdc27ddadc16e1e75103f4cfbf56 •
CVSS: -EPSS: %CPEs: 4EXPL: 0CVE-2025-37886 – pds_core: make wait_context part of q_info
https://notcve.org/view.php?id=CVE-2025-37886
09 May 2025 — In the Linux kernel, the following vulnerability has been resolved: pds_core: make wait_context part of q_info Make the wait_context a full part of the q_info struct rather than a stack variable that goes away after pdsc_adminq_post() is done so that the context is still available after the wait loop has given up. There was a case where a slow development firmware caused the adminq request to time out, but then later the FW finally finished the request and sent the interrupt. The handler tried to complete_a... • https://git.kernel.org/stable/c/01ba61b55b2041a39c54aefb3153c770dd59a0ef •
CVSS: -EPSS: %CPEs: 7EXPL: 0CVE-2025-37885 – KVM: x86: Reset IRTE to host control if *new* route isn't postable
https://notcve.org/view.php?id=CVE-2025-37885
09 May 2025 — In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Reset IRTE to host control if *new* route isn't postable Restore an IRTE back to host control (remapped or posted MSI mode) if the *new* GSI route prevents posting the IRQ directly to a vCPU, regardless of the GSI routing type. Updating the IRTE if and only if the new GSI is an MSI results in KVM leaving an IRTE posting to a vCPU. The dangling IRTE can result in interrupts being incorrectly delivered to the guest, and in the worst... • https://git.kernel.org/stable/c/efc644048ecde54f016011fe10110addd0de348f •
CVSS: -EPSS: %CPEs: 5EXPL: 0CVE-2025-37884 – bpf: Fix deadlock between rcu_tasks_trace and event_mutex.
https://notcve.org/view.php?id=CVE-2025-37884
09 May 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: Fix deadlock between rcu_tasks_trace and event_mutex. Fix the following deadlock: CPU A _free_event() perf_kprobe_destroy() mutex_lock(&event_mutex) perf_trace_event_unreg() synchronize_rcu_tasks_trace() There are several paths where _free_event() grabs event_mutex and calls sync_rcu_tasks_trace. Above is one such case. CPU B bpf_prog_test_run_syscall() rcu_read_lock_trace() bpf_prog_run_pin_on_cpu() bpf_prog_load() bpf_tracing_func_pr... • https://git.kernel.org/stable/c/255cbc9db7067a83713fd2f4b31034ddd266549a •
CVSS: -EPSS: %CPEs: 6EXPL: 0CVE-2025-37883 – s390/sclp: Add check for get_zeroed_page()
https://notcve.org/view.php?id=CVE-2025-37883
09 May 2025 — In the Linux kernel, the following vulnerability has been resolved: s390/sclp: Add check for get_zeroed_page() Add check for the return value of get_zeroed_page() in sclp_console_init() to prevent null pointer dereference. Furthermore, to solve the memory leak caused by the loop allocation, add a free helper to do the free job. • https://git.kernel.org/stable/c/e1e00dc45648125ef7cb87ebc3b581ac224e7b39 •
CVSS: -EPSS: %CPEs: 3EXPL: 0CVE-2025-37882 – usb: xhci: Fix isochronous Ring Underrun/Overrun event handling
https://notcve.org/view.php?id=CVE-2025-37882
09 May 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Fix isochronous Ring Underrun/Overrun event handling The TRB pointer of these events points at enqueue at the time of error occurrence on xHCI 1.1+ HCs or it's NULL on older ones. By the time we are handling the event, a new TD may be queued at this ring position. I can trigger this race by rising interrupt moderation to increase IRQ handling delay. Similar delay may occur naturally due to system load. If this ever happens after ... • https://git.kernel.org/stable/c/16a7a8e6c47fea5c847beb696c8c21a7a44c1915 •
CVSS: -EPSS: %CPEs: 8EXPL: 0CVE-2025-37881 – usb: gadget: aspeed: Add NULL pointer check in ast_vhub_init_dev()
https://notcve.org/view.php?id=CVE-2025-37881
09 May 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: gadget: aspeed: Add NULL pointer check in ast_vhub_init_dev() The variable d->name, returned by devm_kasprintf(), could be NULL. A pointer check is added to prevent potential NULL pointer dereference. This is similar to the fix in commit 3027e7b15b02 ("ice: Fix some null pointer dereference issues in ice_ptp.c"). This issue is found by our static analysis tool • https://git.kernel.org/stable/c/a777ccfb9ba8d43f745e41b69ba39d4a506a081e •
CVSS: -EPSS: %CPEs: 3EXPL: 0CVE-2025-37880 – um: work around sched_yield not yielding in time-travel mode
https://notcve.org/view.php?id=CVE-2025-37880
09 May 2025 — In the Linux kernel, the following vulnerability has been resolved: um: work around sched_yield not yielding in time-travel mode sched_yield by a userspace may not actually cause scheduling in time-travel mode as no time has passed. In the case seen it appears to be a badly implemented userspace spinlock in ASAN. Unfortunately, with time-travel it causes an extreme slowdown or even deadlock depending on the kernel configuration (CONFIG_UML_MAX_USERSPACE_ITERATIONS). Work around it by accounting time to the ... • https://git.kernel.org/stable/c/da780c4a075ba2deb05ae29f0af4a990578c7901 •
CVSS: -EPSS: %CPEs: 5EXPL: 0CVE-2025-37879 – 9p/net: fix improper handling of bogus negative read/write replies
https://notcve.org/view.php?id=CVE-2025-37879
09 May 2025 — In the Linux kernel, the following vulnerability has been resolved: 9p/net: fix improper handling of bogus negative read/write replies In p9_client_write() and p9_client_read_once(), if the server incorrectly replies with success but a negative write/read count then we would consider written (negative) <= rsize (positive) because both variables were signed. Make variables unsigned to avoid this problem. The reproducer linked below now fails with the following error instead of a null pointer deref: 9pnet: bo... • https://git.kernel.org/stable/c/468ff4a7c61fb811c596a7c44b6a5455e40fd12b •
CVSS: -EPSS: %CPEs: 4EXPL: 0CVE-2025-37878 – perf/core: Fix WARN_ON(!ctx) in __free_event() for partial init
https://notcve.org/view.php?id=CVE-2025-37878
09 May 2025 — In the Linux kernel, the following vulnerability has been resolved: perf/core: Fix WARN_ON(!ctx) in __free_event() for partial init Move the get_ctx(child_ctx) call and the child_event->ctx assignment to occur immediately after the child event is allocated. Ensure that child_event->ctx is non-NULL before any subsequent error path within inherit_event calls free_event(), satisfying the assumptions of the cleanup code. Details: There's no clear Fixes tag, because this bug is a side-effect of multiple interact... • https://git.kernel.org/stable/c/1fe9b92eede32574dbe05b5bdb6ad666b350bed0 •