CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-37820 – xen-netfront: handle NULL returned by xdp_convert_buff_to_frame()
https://notcve.org/view.php?id=CVE-2025-37820
08 May 2025 — In the Linux kernel, the following vulnerability has been resolved: xen-netfront: handle NULL returned by xdp_convert_buff_to_frame() The function xdp_convert_buff_to_frame() may return NULL if it fails to correctly convert the XDP buffer into an XDP frame due to memory constraints, internal errors, or invalid data. Failing to check for NULL may lead to a NULL pointer dereference if the result is used later in processing, potentially causing crashes, data corruption, or undefined behavior. On XDP redirect f... • https://git.kernel.org/stable/c/6c5aa6fc4defc2a0977a2c59e4710d50fa1e834c •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2025-37819 – irqchip/gic-v2m: Prevent use after free of gicv2m_get_fwnode()
https://notcve.org/view.php?id=CVE-2025-37819
08 May 2025 — In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v2m: Prevent use after free of gicv2m_get_fwnode() With ACPI in place, gicv2m_get_fwnode() is registered with the pci subsystem as pci_msi_get_fwnode_cb(), which may get invoked at runtime during a PCI host bridge probe. But, the call back is wrongly marked as __init, causing it to be freed, while being registered with the PCI subsystem and could trigger: Unable to handle kernel paging request at virtual address ffff8000816c0400... • https://git.kernel.org/stable/c/0644b3daca28dcb320373ae20069c269c9386304 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2025-37817 – mcb: fix a double free bug in chameleon_parse_gdd()
https://notcve.org/view.php?id=CVE-2025-37817
08 May 2025 — In the Linux kernel, the following vulnerability has been resolved: mcb: fix a double free bug in chameleon_parse_gdd() In chameleon_parse_gdd(), if mcb_device_register() fails, 'mdev' would be released in mcb_device_register() via put_device(). Thus, goto 'err' label and free 'mdev' again causes a double free. Just return if mcb_device_register() fails. In the Linux kernel, the following vulnerability has been resolved: mcb: fix a double free bug in chameleon_parse_gdd() In chameleon_parse_gdd(), if mcb_de... • https://git.kernel.org/stable/c/3764e82e5150d87b205c10cd78a9c9ab86fbfa51 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-37812 – usb: cdns3: Fix deadlock when using NCM gadget
https://notcve.org/view.php?id=CVE-2025-37812
08 May 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: Fix deadlock when using NCM gadget The cdns3 driver has the same NCM deadlock as fixed in cdnsp by commit 58f2fcb3a845 ("usb: cdnsp: Fix deadlock issue during using NCM gadget"). Under PREEMPT_RT the deadlock can be readily triggered by heavy network traffic, for example using "iperf --bidir" over NCM ethernet link. The deadlock occurs because the threaded interrupt handler gets preempted by a softirq, but both are protected by ... • https://git.kernel.org/stable/c/7733f6c32e36ff9d7adadf40001039bf219b1cbe •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2025-37810 – usb: dwc3: gadget: check that event count does not exceed event buffer length
https://notcve.org/view.php?id=CVE-2025-37810
08 May 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: gadget: check that event count does not exceed event buffer length The event count is read from register DWC3_GEVNTCOUNT. There is a check for the count being zero, but not for exceeding the event buffer length. Check that event count does not exceed event buffer length, avoiding an out-of-bounds access when memcpy'ing the event. Crash log: Unable to handle kernel paging request at virtual address ffffffc0129be000 pc : __memcpy+0... • https://git.kernel.org/stable/c/72246da40f3719af3bfd104a2365b32537c27d83 •
CVSS: 5.6EPSS: 0%CPEs: 8EXPL: 0CVE-2025-37808 – crypto: null - Use spin lock instead of mutex
https://notcve.org/view.php?id=CVE-2025-37808
08 May 2025 — In the Linux kernel, the following vulnerability has been resolved: crypto: null - Use spin lock instead of mutex As the null algorithm may be freed in softirq context through af_alg, use spin locks instead of mutexes to protect the default null algorithm. In the Linux kernel, the following vulnerability has been resolved: crypto: null - Use spin lock instead of mutex As the null algorithm may be freed in softirq context through af_alg, use spin locks instead of mutexes to protect the default null algorithm... • https://git.kernel.org/stable/c/f7a5a5c8e1ec16a4b2041398abe95de0e14572ef •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-37807 – bpf: Fix kmemleak warning for percpu hashmap
https://notcve.org/view.php?id=CVE-2025-37807
08 May 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: Fix kmemleak warning for percpu hashmap Vlad Poenaru reported the following kmemleak issue: unreferenced object 0x606fd7c44ac8 (size 32): backtrace (crc 0): pcpu_alloc_noprof+0x730/0xeb0 bpf_map_alloc_percpu+0x69/0xc0 prealloc_init+0x9d/0x1b0 htab_map_alloc+0x363/0x510 map_create+0x215/0x3a0 __sys_bpf+0x16b/0x3e0 __x64_sys_bpf+0x18/0x20 do_syscall_64+0x7b/0x150 entry_SYSCALL_64_after_hwframe+0x4b/0x53 Further investigation shows the re... • https://git.kernel.org/stable/c/7758e308aeda1038aba1944f7302d34161b3effe •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-37806 – fs/ntfs3: Keep write operations atomic
https://notcve.org/view.php?id=CVE-2025-37806
08 May 2025 — In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Keep write operations atomic syzbot reported a NULL pointer dereference in __generic_file_write_iter. [1] Before the write operation is completed, the user executes ioctl[2] to clear the compress flag of the file, which causes the is_compressed() judgment to return 0, further causing the program to enter the wrong process and call the wrong ops ntfs_aops_cmpr, which triggers the null pointer dereference of write_begin. Use inode l... • https://git.kernel.org/stable/c/4534a70b7056fd4b9a1c6db5a4ce3c98546b291e •
CVSS: 5.6EPSS: 0%CPEs: 6EXPL: 0CVE-2025-37805 – sound/virtio: Fix cancel_sync warnings on uninitialized work_structs
https://notcve.org/view.php?id=CVE-2025-37805
08 May 2025 — In the Linux kernel, the following vulnerability has been resolved: sound/virtio: Fix cancel_sync warnings on uninitialized work_structs Betty reported hitting the following warning: [ 8.709131][ T221] WARNING: CPU: 2 PID: 221 at kernel/workqueue.c:4182 ... [ 8.713282][ T221] Call trace: [ 8.713365][ T221] __flush_work+0x8d0/0x914 [ 8.713468][ T221] __cancel_work_sync+0xac/0xfc [ 8.713570][ T221] cancel_work_sync+0x24/0x34 [ 8.713667][ T221] virtsnd_remove+0xa8/0xf8 [virtio_snd ab15f34d0dd772f6d11327e08a81d... • https://git.kernel.org/stable/c/29b96bf50ba958eb5f097cdc3fbd4c1acf9547a2 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2025-37803 – udmabuf: fix a buf size overflow issue during udmabuf creation
https://notcve.org/view.php?id=CVE-2025-37803
08 May 2025 — In the Linux kernel, the following vulnerability has been resolved: udmabuf: fix a buf size overflow issue during udmabuf creation by casting size_limit_mb to u64 when calculate pglimit. • https://git.kernel.org/stable/c/fbb0de795078190a9834b3409e4b009cfb18a6d4 •