CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-39755 – staging: gpib: Fix cb7210 pcmcia Oops
https://notcve.org/view.php?id=CVE-2025-39755
18 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: staging: gpib: Fix cb7210 pcmcia Oops The pcmcia_driver struct was still only using the old .name initialization in the drv field. This led to a NULL pointer deref Oops in strcmp called from pcmcia_register_driver. Initialize the pcmcia_driver struct name field. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: staging: gpib: Fix cb7210 pcmcia Oops. La estructura pcmcia_driver seguía usando únicamente la inicialización ante... • https://git.kernel.org/stable/c/e9dc69956d4d9bf4a81d35995ce9229ff5e4cad5 •
CVSS: 7.1EPSS: 0%CPEs: 11EXPL: 0CVE-2025-39735 – jfs: fix slab-out-of-bounds read in ea_get()
https://notcve.org/view.php?id=CVE-2025-39735
18 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: jfs: fix slab-out-of-bounds read in ea_get() During the "size_check" label in ea_get(), the code checks if the extended attribute list (xattr) size matches ea_size. If not, it logs "ea_get: invalid extended attribute" and calls print_hex_dump(). Here, EALIST_SIZE(ea_buf->xattr) returns 4110417968, which exceeds INT_MAX (2,147,483,647). Then ea_size is clamped: int size = clamp_t(int, ea_size, 0, EALIST_SIZE(ea_buf->xattr)); Although clamp_t... • https://git.kernel.org/stable/c/6e39b681d1eb16f408493bf5023788b57f68998c •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-39728 – clk: samsung: Fix UBSAN panic in samsung_clk_init()
https://notcve.org/view.php?id=CVE-2025-39728
18 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: clk: samsung: Fix UBSAN panic in samsung_clk_init() With UBSAN_ARRAY_BOUNDS=y, I'm hitting the below panic due to dereferencing `ctx->clk_data.hws` before setting `ctx->clk_data.num = nr_clks`. Move that up to fix the crash. UBSAN: array index out of bounds: 00000000f2005512 [#1] PREEMPT SMP
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-39688 – nfsd: allow SC_STATUS_FREEABLE when searching via nfs4_lookup_stateid()
https://notcve.org/view.php?id=CVE-2025-39688
18 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: nfsd: allow SC_STATUS_FREEABLE when searching via nfs4_lookup_stateid() The pynfs DELEG8 test fails when run against nfsd. It acquires a delegation and then lets the lease time out. It then tries to use the deleg stateid and expects to see NFS4ERR_DELEG_REVOKED, but it gets bad NFS4ERR_BAD_STATEID instead. When a delegation is revoked, it's initially marked with SC_STATUS_REVOKED, or SC_STATUS_ADMIN_REVOKED and later, it's marked with the S... • https://git.kernel.org/stable/c/8dd91e8d31febf4d9cca3ae1bb4771d33ae7ee5a •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2025-38637 – net_sched: skbprio: Remove overly strict queue assertions
https://notcve.org/view.php?id=CVE-2025-38637
18 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: net_sched: skbprio: Remove overly strict queue assertions In the current implementation, skbprio enqueue/dequeue contains an assertion that fails under certain conditions when SKBPRIO is used as a child qdisc under TBF with specific parameters. The failure occurs because TBF sometimes peeks at packets in the child qdisc without actually dequeuing them when tokens are unavailable. This peek operation creates a discrepancy between the parent ... • https://git.kernel.org/stable/c/aea5f654e6b78a0c976f7a25950155932c77a53f •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2025-38575 – ksmbd: use aead_request_free to match aead_request_alloc
https://notcve.org/view.php?id=CVE-2025-38575
18 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: use aead_request_free to match aead_request_alloc Use aead_request_free() instead of kfree() to properly free memory allocated by aead_request_alloc(). This ensures sensitive crypto data is zeroed before being freed. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ksmbd: usar aead_request_free para coincidir con aead_request_alloc. Usar aead_request_free() en lugar de kfree() para liberar correctamente la memoria a... • https://git.kernel.org/stable/c/e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-38479 – dmaengine: fsl-edma: free irq correctly in remove path
https://notcve.org/view.php?id=CVE-2025-38479
18 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: dmaengine: fsl-edma: free irq correctly in remove path Add fsl_edma->txirq/errirq check to avoid below warning because no errirq at i.MX9 platform. Otherwise there will be kernel dump: WARNING: CPU: 0 PID: 11 at kernel/irq/devres.c:144 devm_free_irq+0x74/0x80 Modules linked in: CPU: 0 UID: 0 PID: 11 Comm: kworker/u8:0 Not tainted 6.12.0-rc7#18 Hardware name: NXP i.MX93 11X11 EVK board (DT) Workqueue: events_unbound deferred_probe_work_func ... • https://git.kernel.org/stable/c/44eb827264de4f14d8317692441e13f5e2aadbf2 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-38240 – drm/mediatek: dp: drm_err => dev_err in HPD path to avoid NULL ptr
https://notcve.org/view.php?id=CVE-2025-38240
18 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: dp: drm_err => dev_err in HPD path to avoid NULL ptr The function mtk_dp_wait_hpd_asserted() may be called before the `mtk_dp->drm_dev` pointer is assigned in mtk_dp_bridge_attach(). Specifically it can be called via this callpath: - mtk_edp_wait_hpd_asserted - [panel probe] - dp_aux_ep_probe Using "drm" level prints anywhere in this callpath causes a NULL pointer dereference. Change the error message directly in mtk_dp_wait_h... • https://git.kernel.org/stable/c/7eacba9a083be65c0f251c19380ec01147c01ebc •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2025-38152 – remoteproc: core: Clear table_sz when rproc_shutdown
https://notcve.org/view.php?id=CVE-2025-38152
18 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: remoteproc: core: Clear table_sz when rproc_shutdown There is case as below could trigger kernel dump: Use U-Boot to start remote processor(rproc) with resource table published to a fixed address by rproc. After Kernel boots up, stop the rproc, load a new firmware which doesn't have resource table ,and start rproc. When starting rproc with a firmware not have resource table, `memcpy(loaded_table, rproc->cached_table, rproc->table_sz)` will ... • https://git.kernel.org/stable/c/9dc9507f1880fb6225e3e058cb5219b152cbf198 •
CVSS: 6.3EPSS: 0%CPEs: 6EXPL: 0CVE-2025-38104 – drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to avoid Priority Inversion in SRIOV
https://notcve.org/view.php?id=CVE-2025-38104
18 Apr 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to avoid Priority Inversion in SRIOV RLCG Register Access is a way for virtual functions to safely access GPU registers in a virtualized environment., including TLB flushes and register reads. When multiple threads or VFs try to access the same registers simultaneously, it can lead to race conditions. By using the RLCG interface, the driver can serialize access to the register... • https://git.kernel.org/stable/c/e864180ee49b4d30e640fd1e1d852b86411420c9 •