CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-37994 – usb: typec: ucsi: displayport: Fix NULL pointer access
https://notcve.org/view.php?id=CVE-2025-37994
29 May 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: displayport: Fix NULL pointer access This patch ensures that the UCSI driver waits for all pending tasks in the ucsi_displayport_work workqueue to finish executing before proceeding with the partner removal. In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: displayport: Fix NULL pointer access This patch ensures that the UCSI driver waits for all pending tasks in the ucsi_displayport_wor... • https://git.kernel.org/stable/c/af8622f6a585d8d82b11cd7987e082861fd0edd3 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-37993 – can: m_can: m_can_class_allocate_dev(): initialize spin lock on device probe
https://notcve.org/view.php?id=CVE-2025-37993
29 May 2025 — In the Linux kernel, the following vulnerability has been resolved: can: m_can: m_can_class_allocate_dev(): initialize spin lock on device probe The spin lock tx_handling_spinlock in struct m_can_classdev is not being initialized. This leads the following spinlock bad magic complaint from the kernel, eg. when trying to send CAN frames with cansend from can-utils: | BUG: spinlock bad magic on CPU#0, cansend/95 | lock: 0xff60000002ec1010, .magic: 00000000, .owner:
CVSS: 6.4EPSS: 0%CPEs: 7EXPL: 0CVE-2025-37992 – net_sched: Flush gso_skb list too during ->change()
https://notcve.org/view.php?id=CVE-2025-37992
26 May 2025 — In the Linux kernel, the following vulnerability has been resolved: net_sched: Flush gso_skb list too during ->change() Previously, when reducing a qdisc's limit via the ->change() operation, only the main skb queue was trimmed, potentially leaving packets in the gso_skb list. This could result in NULL pointer dereference when we only check sch->limit against sch->q.qlen. This patch introduces a new helper, qdisc_dequeue_internal(), which ensures both the gso_skb list and the main queue are properly flushed... • https://git.kernel.org/stable/c/76e3cc126bb223013a6b9a0e2a51238d1ef2e409 •
CVSS: 6.9EPSS: 0%CPEs: 8EXPL: 0CVE-2025-37991 – parisc: Fix double SIGFPE crash
https://notcve.org/view.php?id=CVE-2025-37991
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: parisc: Fix double SIGFPE crash Camm noticed that on parisc a SIGFPE exception will crash an application with a second SIGFPE in the signal handler. Dave analyzed it, and it happens because glibc uses a double-word floating-point store to atomically update function descriptors. As a result of lazy binding, we hit a floating-point store in fpe_func almost immediately. When the T bit is set, an assist exception trap occurs when when the co-pr... • https://git.kernel.org/stable/c/2a1aff3616b3b57aa4a5f8a7762cce1e82493fe6 •
CVSS: 5.0EPSS: 0%CPEs: 8EXPL: 0CVE-2025-37990 – wifi: brcm80211: fmac: Add error handling for brcmf_usb_dl_writeimage()
https://notcve.org/view.php?id=CVE-2025-37990
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: brcm80211: fmac: Add error handling for brcmf_usb_dl_writeimage() The function brcmf_usb_dl_writeimage() calls the function brcmf_usb_dl_cmd() but dose not check its return value. The 'state.state' and the 'state.bytes' are uninitialized if the function brcmf_usb_dl_cmd() fails. It is dangerous to use uninitialized variables in the conditions. Add error handling for brcmf_usb_dl_cmd() to jump to error handling path if the brcmf_usb_dl... • https://git.kernel.org/stable/c/71bb244ba2fd5390eefe4ee9054abdb3f8b05922 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-37989 – net: phy: leds: fix memory leak
https://notcve.org/view.php?id=CVE-2025-37989
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: net: phy: leds: fix memory leak A network restart test on a router led to an out-of-memory condition, which was traced to a memory leak in the PHY LED trigger code. The root cause is misuse of the devm API. The registration function (phy_led_triggers_register) is called from phy_attach_direct, not phy_probe, and the unregister function (phy_led_triggers_unregister) is called from phy_detach, not phy_remove. This means the register and unreg... • https://git.kernel.org/stable/c/2e0bc452f4721520502575362a9cd3c1248d2337 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-37988 – fix a couple of races in MNT_TREE_BENEATH handling by do_move_mount()
https://notcve.org/view.php?id=CVE-2025-37988
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: fix a couple of races in MNT_TREE_BENEATH handling by do_move_mount() Normally do_lock_mount(path, _) is locking a mountpoint pinned by *path and at the time when matching unlock_mount() unlocks that location it is still pinned by the same thing. Unfortunately, for 'beneath' case it's no longer that simple - the object being locked is not the one *path points to. It's the mountpoint of path->mnt. The thing is, without sufficient locking ->m... • https://git.kernel.org/stable/c/6ac392815628f317fcfdca1a39df00b9cc4ebc8b •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2025-37987 – pds_core: Prevent possible adminq overflow/stuck condition
https://notcve.org/view.php?id=CVE-2025-37987
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: pds_core: Prevent possible adminq overflow/stuck condition The pds_core's adminq is protected by the adminq_lock, which prevents more than 1 command to be posted onto it at any one time. This makes it so the client drivers cannot simultaneously post adminq commands. However, the completions happen in a different context, which means multiple adminq commands can be posted sequentially and all waiting on completion. On the FW side, the backin... • https://git.kernel.org/stable/c/45d76f492938cdc27ddadc16e1e75103f4cfbf56 •
CVSS: 5.6EPSS: 0%CPEs: 3EXPL: 0CVE-2025-37986 – usb: typec: class: Invalidate USB device pointers on partner unregistration
https://notcve.org/view.php?id=CVE-2025-37986
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: typec: class: Invalidate USB device pointers on partner unregistration To avoid using invalid USB device pointers after a Type-C partner disconnects, this patch clears the pointers upon partner unregistration. This ensures a clean state for future connections. In the Linux kernel, the following vulnerability has been resolved: usb: typec: class: Invalidate USB device pointers on partner unregistration To avoid using invalid USB device ... • https://git.kernel.org/stable/c/59de2a56d127890cc610f3896d5fc31887c54ac2 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2025-37985 – USB: wdm: close race between wdm_open and wdm_wwan_port_stop
https://notcve.org/view.php?id=CVE-2025-37985
20 May 2025 — In the Linux kernel, the following vulnerability has been resolved: USB: wdm: close race between wdm_open and wdm_wwan_port_stop Clearing WDM_WWAN_IN_USE must be the last action or we can open a chardev whose URBs are still poisoned In the Linux kernel, the following vulnerability has been resolved: USB: wdm: close race between wdm_open and wdm_wwan_port_stop Clearing WDM_WWAN_IN_USE must be the last action or we can open a chardev whose URBs are still poisoned • https://git.kernel.org/stable/c/cac6fb015f719104e60b1c68c15ca5b734f57b9c •