CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2025-37765 – drm/nouveau: prime: fix ttm_bo_delayed_delete oops
https://notcve.org/view.php?id=CVE-2025-37765
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: prime: fix ttm_bo_delayed_delete oops Fix an oops in ttm_bo_delayed_delete which results from dererencing a dangling pointer: Oops: general protection fault, probably for non-canonical address 0x6b6b6b6b6b6b6b7b: 0000 [#1] PREEMPT SMP CPU: 4 UID: 0 PID: 1082 Comm: kworker/u65:2 Not tainted 6.14.0-rc4-00267-g505460b44513-dirty #216 Hardware name: LENOVO 82N6/LNVNB161216, BIOS GKCN65WW 01/16/2024 Workqueue: ttm ttm_bo_dela... • https://git.kernel.org/stable/c/22b33e8ed0e38b8ddcf082e35580f2e67a3a0262 •
CVSS: 5.6EPSS: 0%CPEs: 3EXPL: 0CVE-2025-37764 – drm/imagination: fix firmware memory leaks
https://notcve.org/view.php?id=CVE-2025-37764
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/imagination: fix firmware memory leaks Free the memory used to hold the results of firmware image processing when the module is unloaded. ... :Jf.H. • https://git.kernel.org/stable/c/cc1aeedb98ad347c06ff59e991b2f94dfb4c565d •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2025-37763 – drm/imagination: take paired job reference
https://notcve.org/view.php?id=CVE-2025-37763
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/imagination: take paired job reference For paired jobs, have the fragment job take a reference on the geometry job, so that the geometry job cannot be freed until the fragment job has finished with it. ... Fixes a use after free bug detected by KASAN: [ 124.256386] BUG: KASAN: slab-use-after-free in pvr_queue_prepare_job+0x108/0x868 [powervr] [ 124.264893] Read of size 1 at addr ffff0000084cb960 by task kworker/u16:4/63 In the
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-37762 – drm/virtio: Fix missed dmabuf unpinning in error path of prepare_fb()
https://notcve.org/view.php?id=CVE-2025-37762
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/virtio: Fix missed dmabuf unpinning in error path of prepare_fb() Correct error handling in prepare_fb() to fix leaking resources when error happens. In the Linux kernel, the following vulnerability has been resolved: drm/virtio: Fix missed dmabuf unpinning in error path of prepare_fb() Correct error handling in prepare_fb() to fix leaking resources when error happens. • https://git.kernel.org/stable/c/4a696a2ee646ea6f24c28b3624175a7b35482c52 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-37761 – drm/xe: Fix an out-of-bounds shift when invalidating TLB
https://notcve.org/view.php?id=CVE-2025-37761
01 May 2025 — /include/linux/log2.h:57:13 [ 39.202673] shift exponent 64 is too large for 64-bit type 'long unsigned int' [ 39.202688] CPU: 8 UID: 0 PID: 3129 Comm: xe_exec_system_ Tainted: G U 6.14.0+ #10 [ 39.202690] Tainted: [U]=USER [ 39.202690] Hardware name: ASUS System Product Name/PRIME B560M-A AC, BIOS 2001 02/01/2023 [ 39.202691] Call Trace: [ 39.202692]
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2025-37760 – mm/vma: add give_up_on_oom option on modify/merge, use in uffd release
https://notcve.org/view.php?id=CVE-2025-37760
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: mm/vma: add give_up_on_oom option on modify/merge, use in uffd release Currently, if a VMA merge fails due to an OOM condition arising on commit merge or a failure to duplicate anon_vma's, we report this so the caller can handle it. In the Linux kernel, the following vulnerability has been resolved: mm/vma: add give_up_on_oom option on modify/merge, use in uffd release Currently, if a VMA merge fails due to an OOM condition ar... • https://git.kernel.org/stable/c/79636d2981b066acd945117387a9533f56411f6f •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-37759 – ublk: fix handling recovery & reissue in ublk_abort_queue()
https://notcve.org/view.php?id=CVE-2025-37759
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: ublk: fix handling recovery & reissue in ublk_abort_queue() Commit 8284066946e6 ("ublk: grab request reference when the request is handled by userspace") doesn't grab request reference in case of recovery reissue. In the Linux kernel, the following vulnerability has been resolved: ublk: fix handling recovery & reissue in ublk_abort_queue() Commit 8284066946e6 ("ublk: grab request reference when the request is handled by usersp... • https://git.kernel.org/stable/c/8284066946e6d9cc979566ce698fe24e7ca0b31e •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2025-37758 – ata: pata_pxa: Fix potential NULL pointer dereference in pxa_ata_probe()
https://notcve.org/view.php?id=CVE-2025-37758
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: ata: pata_pxa: Fix potential NULL pointer dereference in pxa_ata_probe() devm_ioremap() returns NULL on error. ... In the Linux kernel, the following vulnerability has been resolved: ata: pata_pxa: Fix potential NULL pointer dereference in pxa_ata_probe() devm_ioremap() returns NULL on error. ... Several security issues were discovered in the Linux kernel. • https://git.kernel.org/stable/c/2dc6c6f15da97cb3e810963c80e981f19d42cd7d •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2025-37757 – tipc: fix memory leak in tipc_link_xmit
https://notcve.org/view.php?id=CVE-2025-37757
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: tipc: fix memory leak in tipc_link_xmit In case the backlog transmit queue for system-importance messages is overloaded, tipc_link_xmit() returns -ENOBUFS but the skb list is not purged. In the Linux kernel, the following vulnerability has been resolved: tipc: fix memory leak in tipc_link_xmit In case the backlog transmit queue for system-importance messages is overloaded, tipc_link_xmit() returns -ENOBUFS but the skb list is ... • https://git.kernel.org/stable/c/365ad353c2564bba8835290061308ba825166b3a •
CVSS: 5.3EPSS: 0%CPEs: 8EXPL: 0CVE-2025-37756 – net: tls: explicitly disallow disconnect
https://notcve.org/view.php?id=CVE-2025-37756
01 May 2025 — The immediate problem syzbot run into is the warning in the strp, but that's just the easiest bug to trigger: WARNING: CPU: 0 PID: 5834 at net/tls/tls_strp.c:486 tls_strp_msg_load+0x72e/0xa80 net/tls/tls_strp.c:486 RIP: 0010:tls_strp_msg_load+0x72e/0xa80 net/tls/tls_strp.c:486 Call Trace: