CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-37828 – scsi: ufs: mcq: Add NULL check in ufshcd_mcq_abort()
https://notcve.org/view.php?id=CVE-2025-37828
08 May 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: mcq: Add NULL check in ufshcd_mcq_abort() A race can occur between the MCQ completion path and the abort handler: once a request completes, __blk_mq_free_request() sets rq->mq_hctx to NULL, meaning the subsequent ufshcd_mcq_req_to_hwq() call in ufshcd_mcq_abort() can return a NULL pointer. In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: mcq: Add NULL check in ufshcd_mcq_abort() A race ... • https://git.kernel.org/stable/c/f1304d4420777f82a1d844c606db3d9eca841765 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-37827 – btrfs: zoned: return EIO on RAID1 block group write pointer mismatch
https://notcve.org/view.php?id=CVE-2025-37827
08 May 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: zoned: return EIO on RAID1 block group write pointer mismatch There was a bug report about a NULL pointer dereference in __btrfs_add_free_space_zoned() that ultimately happens because a conversion from the default metadata profile DUP to a RAID1 profile on two disks. ... But in __btrfs_ ---truncated--- In the Linux kernel, the following vulnerability has been resolved: btrfs: zoned: return EIO on RAID1 block group write... • https://git.kernel.org/stable/c/b1934cd6069538db2255dc94ba573771ecf3b560 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-37826 – scsi: ufs: core: Add NULL check in ufshcd_mcq_compl_pending_transfer()
https://notcve.org/view.php?id=CVE-2025-37826
08 May 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Add NULL check in ufshcd_mcq_compl_pending_transfer() Add a NULL check for the returned hwq pointer by ufshcd_mcq_req_to_hwq(). In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Add NULL check in ufshcd_mcq_compl_pending_transfer() Add a NULL check for the returned hwq pointer by ufshcd_mcq_req_to_hwq(). ... • https://git.kernel.org/stable/c/ab248643d3d68b30f95ee9c238a5a20a06891204 •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2025-37825 – nvmet: fix out-of-bounds access in nvmet_enable_port
https://notcve.org/view.php?id=CVE-2025-37825
08 May 2025 — In the Linux kernel, the following vulnerability has been resolved: nvmet: fix out-of-bounds access in nvmet_enable_port When trying to enable a port that has no transport configured yet, nvmet_enable_port() uses NVMF_TRTYPE_MAX (255) to query the transports array, causing an out-of-bounds access: [ 106.058694] BUG: KASAN: global-out-of-bounds in nvmet_enable_port+0x42/0x1da [ 106.058719] Read of size 8 at addr ffffffff89dafa58 by task ln/632 [...] [ 106.076026] nvmet: transport type 255 not supporte... • https://git.kernel.org/stable/c/200adac75888182c09027e9b7852507dabd87034 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2025-37824 – tipc: fix NULL pointer dereference in tipc_mon_reinit_self()
https://notcve.org/view.php?id=CVE-2025-37824
08 May 2025 — In the Linux kernel, the following vulnerability has been resolved: tipc: fix NULL pointer dereference in tipc_mon_reinit_self() syzbot reported: tipc: Node number set to 1055423674 Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] SMP KASAN NOPTI KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] CPU: 3 UID: 0 PID: 6017 Comm: kworker/3:5 Not tainted 6.15.0-rc1-syzkaller-00246-g900241a5cc15 #0 PREEMPT(full) Hardware name: QEMU Standar... • https://git.kernel.org/stable/c/28845c28f842e9e55e75b2c116bff714bb039055 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-37823 – net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too
https://notcve.org/view.php?id=CVE-2025-37823
08 May 2025 — In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too Similarly to the previous patch, we need to safe guard hfsc_dequeue() too. In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too Similarly to the previous patch, we need to safe guard hfsc_dequeue() too. ... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-37822 – riscv: uprobes: Add missing fence.i after building the XOL buffer
https://notcve.org/view.php?id=CVE-2025-37822
08 May 2025 — In the Linux kernel, the following vulnerability has been resolved: riscv: uprobes: Add missing fence.i after building the XOL buffer The XOL (execute out-of-line) buffer is used to single-step the replaced instruction(s) for uprobes. In the Linux kernel, the following vulnerability has been resolved: riscv: uprobes: Add missing fence.i after building the XOL buffer The XOL (execute out-of-line) buffer is used to single-step the replaced instruction(s) for uprobes. ... • https://git.kernel.org/stable/c/74784081aac8a0f3636965fc230e2d3b7cc123c6 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-37821 – sched/eevdf: Fix se->slice being set to U64_MAX and resulting crash
https://notcve.org/view.php?id=CVE-2025-37821
08 May 2025 — In the Linux kernel, the following vulnerability has been resolved: sched/eevdf: Fix se->slice being set to U64_MAX and resulting crash There is a code path in dequeue_entities() that can set the slice of a sched_entity to U64_MAX, which sometimes results in a crash. In the Linux kernel, the following vulnerability has been resolved: sched/eevdf: Fix se->slice being set to U64_MAX and resulting crash There is a code path in dequeue_entities() that can set the slice of a sched_entity to U64_MAX... • https://git.kernel.org/stable/c/aef6987d89544d63a47753cf3741cabff0b5574c •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-37820 – xen-netfront: handle NULL returned by xdp_convert_buff_to_frame()
https://notcve.org/view.php?id=CVE-2025-37820
08 May 2025 — In the Linux kernel, the following vulnerability has been resolved: xen-netfront: handle NULL returned by xdp_convert_buff_to_frame() The function xdp_convert_buff_to_frame() may return NULL if it fails to correctly convert the XDP buffer into an XDP frame due to memory constraints, internal errors, or invalid data. In the Linux kernel, the following vulnerability has been resolved: xen-netfront: handle NULL returned by xdp_convert_buff_to_frame() The function xdp_convert_buff_to_frame() may r... • https://git.kernel.org/stable/c/6c5aa6fc4defc2a0977a2c59e4710d50fa1e834c •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2025-37819 – irqchip/gic-v2m: Prevent use after free of gicv2m_get_fwnode()
https://notcve.org/view.php?id=CVE-2025-37819
08 May 2025 — In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v2m: Prevent use after free of gicv2m_get_fwnode() With ACPI in place, gicv2m_get_fwnode() is registered with the pci subsystem as pci_msi_get_fwnode_cb(), which may get invoked at runtime during a PCI host bridge probe. In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v2m: Prevent use after free of gicv2m_get_fwnode() With ACPI in place, gicv2m_get_fwnode() is registered with the pci... • https://git.kernel.org/stable/c/0644b3daca28dcb320373ae20069c269c9386304 •