CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-37792 – Bluetooth: btrtl: Prevent potential NULL dereference
https://notcve.org/view.php?id=CVE-2025-37792
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btrtl: Prevent potential NULL dereference The btrtl_initialize() function checks that rtl_load_file() either had an error or it loaded a zero length file. However, if it loaded a zero length file then the error code is not set correctly. It results in an error pointer vs NULL bug, followed by a NULL pointer dereference. This was detected by Smatch: drivers/bluetooth/btrtl.c:592 btrtl_initialize() warn: passing zero to 'ERR_PTR' I... • https://git.kernel.org/stable/c/26503ad25de8c7c93a2037f919c2e49a62cf65f1 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-37791 – ethtool: cmis_cdb: use correct rpl size in ethtool_cmis_module_poll()
https://notcve.org/view.php?id=CVE-2025-37791
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: ethtool: cmis_cdb: use correct rpl size in ethtool_cmis_module_poll() rpl is passed as a pointer to ethtool_cmis_module_poll(), so the correct size of rpl is sizeof(*rpl) which should be just 1 byte. Using the pointer size instead can cause stack corruption: Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in: ethtool_cmis_wait_for_cond+0xf4/0x100 CPU: 72 UID: 0 PID: 4440 Comm: kworker/72:2 Kdump: loaded Tainted: G OE ... • https://git.kernel.org/stable/c/a39c84d796254e6b1662ca0c46dbc313379e9291 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2025-37790 – net: mctp: Set SOCK_RCU_FREE
https://notcve.org/view.php?id=CVE-2025-37790
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: net: mctp: Set SOCK_RCU_FREE Bind lookup runs under RCU, so ensure that a socket doesn't go away in the middle of a lookup. In the Linux kernel, the following vulnerability has been resolved: net: mctp: Set SOCK_RCU_FREE Bind lookup runs under RCU, so ensure that a socket doesn't go away in the middle of a lookup. • https://git.kernel.org/stable/c/833ef3b91de692ef33b800bca6b1569c39dece74 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2025-37789 – net: openvswitch: fix nested key length validation in the set() action
https://notcve.org/view.php?id=CVE-2025-37789
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix nested key length validation in the set() action It's not safe to access nla_len(ovs_key) if the data is smaller than the netlink header. Check that the attribute is OK first. In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix nested key length validation in the set() action It's not safe to access nla_len(ovs_key) if the data is smaller than the netlink header. Check that the att... • https://git.kernel.org/stable/c/ccb1352e76cff0524e7ccb2074826a092dd13016 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2025-37788 – cxgb4: fix memory leak in cxgb4_init_ethtool_filters() error path
https://notcve.org/view.php?id=CVE-2025-37788
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: cxgb4: fix memory leak in cxgb4_init_ethtool_filters() error path In the for loop used to allocate the loc_array and bmap for each port, a memory leak is possible when the allocation for loc_array succeeds, but the allocation for bmap fails. This is because when the control flow goes to the label free_eth_finfo, only the allocations starting from (i-1)th iteration are freed. Fix that by freeing the loc_array in the bmap allocation error pat... • https://git.kernel.org/stable/c/d915c299f1da68a7dbb43895b8741c7b916c9d08 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2025-37787 – net: dsa: mv88e6xxx: avoid unregistering devlink regions which were never registered
https://notcve.org/view.php?id=CVE-2025-37787
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: net: dsa: mv88e6xxx: avoid unregistering devlink regions which were never registered Russell King reports that a system with mv88e6xxx dereferences a NULL pointer when unbinding this driver: https://lore.kernel.org/netdev/Z_lRkMlTJ1KQ0kVX@shell.armlinux.org.uk/ The crash seems to be in devlink_region_destroy(), which is not NULL tolerant but is given a NULL devlink global region pointer. At least on some chips, some devlink regions are cond... • https://git.kernel.org/stable/c/836021a2d0e0e4c90b895a35bd9c0342071855fb •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-37786 – net: dsa: free routing table on probe failure
https://notcve.org/view.php?id=CVE-2025-37786
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: net: dsa: free routing table on probe failure If complete = true in dsa_tree_setup(), it means that we are the last switch of the tree which is successfully probing, and we should be setting up all switches from our probe path. After "complete" becomes true, dsa_tree_setup_cpu_ports() or any subsequent function may fail. If that happens, the entire tree setup is in limbo: the first N-1 switches have successfully finished probing (doing noth... • https://git.kernel.org/stable/c/c5f51765a1f60b701840544faf3ca63204b8dc3c •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-37784 – net: ti: icss-iep: Fix possible NULL pointer dereference for perout request
https://notcve.org/view.php?id=CVE-2025-37784
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: net: ti: icss-iep: Fix possible NULL pointer dereference for perout request The ICSS IEP driver tracks perout and pps enable state with flags. Currently when disabling pps and perout signals during icss_iep_exit(), results in NULL pointer dereference for perout. To fix the null pointer dereference issue, the icss_iep_perout_enable_hw function can be modified to directly clear the IEP CMP registers when disabling PPS or PEROUT, without refer... • https://git.kernel.org/stable/c/d6b130fabfe197935346fe9f1e50a0947b2b1be7 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-37783 – drm/msm/dpu: Fix error pointers in dpu_plane_virtual_atomic_check
https://notcve.org/view.php?id=CVE-2025-37783
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: Fix error pointers in dpu_plane_virtual_atomic_check The function dpu_plane_virtual_atomic_check was dereferencing pointers returned by drm_atomic_get_plane_state without checking for errors. This could lead to undefined behavior if the function returns an error pointer. This commit adds checks using IS_ERR to ensure that plane_state is valid before dereferencing them. Similar to commit da29abe71e16 ("drm/amd/display: Fix error... • https://git.kernel.org/stable/c/774bcfb731765d092992136b54c34958d7c64bea •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2025-37782 – hfs/hfsplus: fix slab-out-of-bounds in hfs_bnode_read_key
https://notcve.org/view.php?id=CVE-2025-37782
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: hfs/hfsplus: fix slab-out-of-bounds in hfs_bnode_read_key Syzbot reported an issue in hfs subsystem: BUG: KASAN: slab-out-of-bounds in memcpy_from_page include/linux/highmem.h:423 [inline] BUG: KASAN: slab-out-of-bounds in hfs_bnode_read fs/hfs/bnode.c:35 [inline] BUG: KASAN: slab-out-of-bounds in hfs_bnode_read_key+0x314/0x450 fs/hfs/bnode.c:70 Write of size 94 at addr ffff8880123cd100 by task syz-executor237/5102 Call Trace: