
CVE-2025-37796 – wifi: at76c50x: fix use after free access in at76_disconnect
https://notcve.org/view.php?id=CVE-2025-37796
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: at76c50x: fix use after free access in at76_disconnect The memory pointed to by priv is freed at the end of at76_delete_device function (using ieee80211_free_hw). In the Linux kernel, the following vulnerability has been resolved: wifi: at76c50x: fix use after free access in at76_disconnect The memory pointed to by priv is freed at the end of at76_delete_device function (using ieee80211_free_hw). ... • https://git.kernel.org/stable/c/29e20aa6c6aff35c81d4da2e2cd516dadb569061 •

CVE-2025-37794 – wifi: mac80211: Purge vif txq in ieee80211_do_stop()
https://notcve.org/view.php?id=CVE-2025-37794
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: Purge vif txq in ieee80211_do_stop() After ieee80211_do_stop() SKB from vif's txq could still be processed. In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: Purge vif txq in ieee80211_do_stop() After ieee80211_do_stop() SKB from vif's txq could still be processed. • https://git.kernel.org/stable/c/ba8c3d6f16a1f9305c23ac1d2fd3992508c5ac03 •

CVE-2025-37793 – ASoC: Intel: avs: Fix null-ptr-deref in avs_component_probe()
https://notcve.org/view.php?id=CVE-2025-37793
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: avs: Fix null-ptr-deref in avs_component_probe() devm_kasprintf() returns NULL when memory allocation fails. ... In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: avs: Fix null-ptr-deref in avs_component_probe() devm_kasprintf() returns NULL when memory allocation fails. ... Several security issues were discovered in the Linux kernel. • https://git.kernel.org/stable/c/739c031110da9ba966b0189fa25a2a1c0d42263c •

CVE-2025-37792 – Bluetooth: btrtl: Prevent potential NULL dereference
https://notcve.org/view.php?id=CVE-2025-37792
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btrtl: Prevent potential NULL dereference The btrtl_initialize() function checks that rtl_load_file() either had an error or it loaded a zero length file. ... This was detected by Smatch: drivers/bluetooth/btrtl.c:592 btrtl_initialize() warn: passing zero to 'ERR_PTR' In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btrtl: Prevent potential NULL dereference The btrtl_initialize() functi... • https://git.kernel.org/stable/c/26503ad25de8c7c93a2037f919c2e49a62cf65f1 •

CVE-2025-37791 – ethtool: cmis_cdb: use correct rpl size in ethtool_cmis_module_poll()
https://notcve.org/view.php?id=CVE-2025-37791
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: ethtool: cmis_cdb: use correct rpl size in ethtool_cmis_module_poll() rpl is passed as a pointer to ethtool_cmis_module_poll(), so the correct size of rpl is sizeof(*rpl) which should be just 1 byte. ... __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1a/0x30 In the Linux kernel, the following vulnerability has been resolved: ethtool: cmis_cdb: use correct rpl size in ethtool_cmis_module_poll() rpl is passed as a pointer t... • https://git.kernel.org/stable/c/a39c84d796254e6b1662ca0c46dbc313379e9291 •

CVE-2025-37790 – net: mctp: Set SOCK_RCU_FREE
https://notcve.org/view.php?id=CVE-2025-37790
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: net: mctp: Set SOCK_RCU_FREE Bind lookup runs under RCU, so ensure that a socket doesn't go away in the middle of a lookup. In the Linux kernel, the following vulnerability has been resolved: net: mctp: Set SOCK_RCU_FREE Bind lookup runs under RCU, so ensure that a socket doesn't go away in the middle of a lookup. • https://git.kernel.org/stable/c/833ef3b91de692ef33b800bca6b1569c39dece74 •

CVE-2025-37789 – net: openvswitch: fix nested key length validation in the set() action
https://notcve.org/view.php?id=CVE-2025-37789
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix nested key length validation in the set() action It's not safe to access nla_len(ovs_key) if the data is smaller than the netlink header. ... In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix nested key length validation in the set() action It's not safe to access nla_len(ovs_key) if the data is smaller than the netlink header. • https://git.kernel.org/stable/c/ccb1352e76cff0524e7ccb2074826a092dd13016 •

CVE-2025-37788 – cxgb4: fix memory leak in cxgb4_init_ethtool_filters() error path
https://notcve.org/view.php?id=CVE-2025-37788
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: cxgb4: fix memory leak in cxgb4_init_ethtool_filters() error path In the for loop used to allocate the loc_array and bmap for each port, a memory leak is possible when the allocation for loc_array succeeds, but the allocation for bmap fails. In the Linux kernel, the following vulnerability has been resolved: cxgb4: fix memory leak in cxgb4_init_ethtool_filters() error path In the for loop used to allocate the loc_array and bma... • https://git.kernel.org/stable/c/d915c299f1da68a7dbb43895b8741c7b916c9d08 •

CVE-2025-37787 – net: dsa: mv88e6xxx: avoid unregistering devlink regions which were never registered
https://notcve.org/view.php?id=CVE-2025-37787
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: net: dsa: mv88e6xxx: avoid unregistering devlink regions which were never registered Russell King reports that a system with mv88e6xxx dereferences a NULL pointer when unbinding this driver: https://lore.kernel.org/netdev/Z_lRkMlTJ1KQ0kVX@shell.armlinux.org.uk/ The crash seems to be in devlink_region_destroy(), which is not NULL tolerant but is given a NULL devlink global region pointer. In the Linux kernel, the following vuln... • https://git.kernel.org/stable/c/836021a2d0e0e4c90b895a35bd9c0342071855fb •

CVE-2025-37786 – net: dsa: free routing table on probe failure
https://notcve.org/view.php?id=CVE-2025-37786
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: net: dsa: free routing table on probe failure If complete = true in dsa_tree_setup(), it means that we are the last switch of the tree which is successfully probing, and we should be setting up all switches from our probe path. In the Linux kernel, the following vulnerability has been resolved: net: dsa: free routing table on probe failure If complete = true in dsa_tree_setup(), it means that we are the last switch of the tree... • https://git.kernel.org/stable/c/c5f51765a1f60b701840544faf3ca63204b8dc3c •